[nSLUG] Browsers and source saving (was "Re: Re: amusing convergence of old and new")

Ted Tibbetts intuited at gmail.com
Fri Apr 16 13:32:21 ADT 2010

Daniel: In order to make it possible to click on something to cause the
actual image to download, you'd have to have Squid rewrite the source code
to put the image tag inside of an anchor tag.  And then what if the original
image tag is already within an anchor, ie the image is a link to some other
page?  So you could cause it to link to the full version of the image, and
then revert to the original source code for that bit of the page, but then
you have to store the original source for those tags somewhere, maybe in
HTML comments.  Or you could add a "download image" label/icon next to the
image, but that's liable to mess up the page presentation in a confusing
way, especially, for example, on websites where images are used to create a
navigation menu.  I guess you could add CSS and HTML to have it display a
popup menu when the mouse hovers over the image, but this seems like a
pretty complicated task to be doing on the fly on random webpages.  Also I
don't think you could create popup menus with the CSS supported by Netscape.
 Also in order to have it fetch the image without having to reload the
entire page you'd have to use JavaScript.  So it's interesting and
definitely useful, but also definitely complicated.  Could be this already
exists as a perl module or some such entity.  Maybe check CPAN/PyPI/etc?

As Firefox extensions go, my understanding (not particularly complete) is
that they operate in a very separate scope from any JS within the page
itself.  This is done both to prevent page JS from interacting with
extensions and also to give the extension access to stuff (eg the local
filesystem, SQLite database tables) that page-loaded scripts can't get at.
 The common wisdom is that you have to trust the random anonymous people who
create these extensions not to do anything (un-)intentionally malicious or
vulnerable.  Mostly this amounts to reading through the comments to see if
anyone has posted anything damning.  Or reading through the source to see if
there's anything sketchy going on.  If it's a well-known, commonly used
extension, you're pretty much safe, as safe as it gets these days.

But in any case, disabling JavaScript should only disable scripts loaded
from pages, while still allowing extensions written in JS to run.  The
"written in JS" clause there is actually bogus since all Mozilla extensions
(which can be installed on Firefox, Thunderbird, Sunbird, and friends) are
written in JavaScript.  That being said, you may have to enable JavaScript
while installing the extension.  There are even extensions that enable and
disable JavaScript.  Some allow you to specify which pages should be allowed
to run scripts (NoScript is the gold standard here).

Before switching over to Chrome I spent a lot of time digging through
Firefox extensions.  Here's a quick list of the ones I found useful:

   - NoScript: Provides fine-grained access to disable all/some Javascript
   from specific pages.  Very effective and useful, but a bit annoying if you
   don't really care that much about this sort of thing.  *?
   - Firebug: The ultimate development tool.  Change HTML/CSS on a loaded
   page, debug Javascript, use the javascript command line, etc.  People are
   developing extensions to the firebug extension that let you, for example,
   interface with the Drupal CMS to debug Drupal modules.  Also useful (if
   tediously) for hiding rows of extraneous Wikipedia feature-comparison tables
   so you can actually compare the entries you're interested in.  With
   practice, jQuery or a yet-to-be-developed/found bookmarklet/extension is
   better suited to this task. *
   - HTTPFox: displays a running log of all of the HTTP accesses made by
   firefox for the current page: images, scripts, javascript, etc. You can dig
   into them to check out the server and client headers, time they were sent,
   etc.  This is mostly useful as a developer/learning tool, but has security
   applications as well. *
   - AdBlock Plus:  provides blocking of ads (duh).  Super easy to
   configure.  Doesn't catch everything, but will filter out most ads, saving
   both network and mental bandwidth.  You subscribe to one of a few
   locale-oriented ad lists, and it blocks the prescribed ads unless told
   otherwise. **-
   - FlashBlock: blocks Flash plugins in a way similar to the way that Mike
   describes Netscape as dealing with images (Use of Netscape, like some other
   aspects of my university years, is a blurry memory at best).  You get a
   glisteny black box instead of a dancing cat video, and can click on it to
   have npviewer.bin occupy your CPU and leave a big dropping in /tmp when you
   kill it after it hangs. **

*: indicates that this functionality is integrated into the Chrome Developer
Tools, which is standard, at least in the linux beta releases.
**: indicates that there's a Chrome extension to do this.
**-: indicates that there's a Chrome extension to do this, but it's not as
*?: indicates that I haven't looked for a Chrome extension to do this.

This is not to say that there is not a wealth of valuable extensions
additional to these, but just that I didn't have a regular use for others.
 For instance I only use the afore-mentioned EmbeddedEditor when doing
website development.

As textual browsers go, I've found elinks to be the best of breed.  I think
newer versions (probably in the unstable 0.12.x stream) will actually
display images if your terminal has framebuffer support.  I tried this
briefly and found that it was neat but that the images were not aligned
entirely properly.  Otherwise elinks is great: fast, lays things out
comprehensibly (though not always in an identical way to a graphical
browser), allows 256 colours, enforcing of a standard 3-colour colourscheme,
or a few spots in between.  Handles CSS and in theory javascript, though in
order to get the latter to work I think you have to perform an arcane rite
to the spider-monkey god while running the configure script.  I do wish that
it had a way to pipe the source to an external command the way that w3m
does; also the default keybindings are a bit counter-intuitive.  It uses
under 10MB of ram even with lots of tabs open (it's multitabbed and allows
multiple invocations from different terminals to share the same instance).
 I've seen firefox consume over 70 times that much; it tends to average out
at 100-200MB.


On Fri, Apr 16, 2010 at 11:43 AM, Daniel Morrison <draker at gmail.com> wrote:

> Mike: you need to chill out. :)
> Yes, I know you labeled this as a rant. But it's no excuse for not
> fact checking.
> I'm sure many firefox extensions interact with Javascript on a web
> page (flashblock, for example) and so do not work if Javascript is
> disabled. (Luckily, most flash isn't loaded anyway if javascript is
> disabled!). However I have found that javascript is not required for
> extensions per se. The great Web Developer extension still works fine
> with Javascript disabled. (I don't use many extensions, so that was
> the limit of my testing). I wouldn't be able to tell you if the
> ImgLikeOpera extension requires javascript.
> I, too, was confused by the "too old to remember Opera" comment.
> The idea that popped into my head for your image loading issue was to
> install a web proxy. Squid is the one I use; it does caching as well,
> further improving your dial-up (apparent) speed. Squid is capable of
> calling out to scripts that to perform manipulations on images. I've
> never done it myself but I read about the practical joke "upside-down
> Internet" in which for April Fool's a sysadmin implemented a script
> which flips every image upside down before serving it to clients. (My
> memory is faulty: it was revenge for stealing wifi, not april fool's.
> Script available here:
> http://www.ex-parrot.com/pete/upside-down-ternet.html)
> Based on this idea, it should be possible to replace every image with
> a local placeholder blank image of the correct size. Whether it can be
> made into a link that fetches the original image... I don't know, but
> I think the possibility deserves exploring. The big benefit would be
> that it would work for any browser.
> I understand your desire to comprehend and thus have a solid
> connection with just about everything around you in life, and it is a
> noble and often productive goal. However (as you indicate you do
> understand) it is ultimately futile. It is an impossible task. Are you
> a Linux kernel expert? What about microprocessor fabrication? Digitial
> timing in the GHz range? Soldering and multi-layer PCB manufacturing?
> Hard drive recording? What about the telephone system? Do you truly
> understand analog modem technology, but not DSL or cable? Myself, I
> have a superficial understanding of both (actually I think DSL/Cable
> is fundamentally simpler, since it never involves DAC/ADC steps).
> I'd love to be entirely independent, but it's just impossible. We are
> a social animal, and our humanity (society, culture, sanity) requires
> us to depend on others to get through life. We may not always like the
> choices others make (personally I think KDE, Gnome, Firefox, etc. are
> leading the free software charge straight towards Microsoft-land) but
> short of cutting myself off from society (and thus cutting out part of
> my humanity) there is no choice but to be forgiving and accepting.
> Heck, firefox is free. How much can I complain? (Bloody GTK2 garbage... )
> -D.
> On 16 April 2010 02:21, Mike Spencer <mspencer at tallships.ca> wrote:
> >
> > This morphed from a short comment into a rant. Hit delete here if
> > that will be  annoying.
> >
> >
> > Stephen Gregory <nslug at kernelpanic.ca> wrote:
> >
> >> On Thu, Apr 15, 2010 at 10:10:41PM -0300, Mike Spencer wrote:
> >>>
> >>>     Clicking on such an icon causes the image to be fetched and the
> >>>     page re-rendered to include the image.
> >>
> >> You want the ImgLikeOpera extension:
> >>
> >> http://imglikeopera.mozdev.org/
> >
> > Hmmm... okay, lemmesee here...
> >
> > Oh, right.  That's an XPI file.  So what's in it?  Right: javascript.
> > So much for disabling js, eh?  I'm guessing here that all "extensions"
> > to Firefox are written in js.  So if you disable js as a defensive
> > move against intrusive code, you also disable extensions?
> >
> >> I am guessing the authors of the extension are too young to remember
> >> Opera.
> >
> > Opera appears to be alive and well.  ITYM Netscape?  Yes, probably so.
> >
> > Just to defend being so cranky:
> >
> > I like to try to understand the technology I use (in the most general
> > sense) at a deeper level than "turn the key, put the pedal to the
> > floor".  But there is (obviously) too much to do that with everything.
> >
> > Everything is "stuff" so I majored in chemistry.  My own body is
> > pretty important so it was biochemistry with a lot of physiology.  The
> > car has been dominant tech for most of the last century.  So I spent a
> > few years as a mechanic back when cars were analog.  Food is an
> > essential so I can raise and butcher a pig or grow a year's supply of
> > vegetables.  When privately owned computers came along, I learned to
> > program in assembler and C.  When the web came along, I learned to
> > write HTML.  The blacksmithing is a whole rant/digression in itself.
> >
> > Other stuff too -- not to tout my accomplishments but just the
> > opposite: it's all the stuff I just skipped, that I understand poorly
> > or not at all. If I was going to RTFM and the underlying specs as
> > well, the choices had/have to be very selective.  So with the tidal
> > wave of new digital tech, I can't stand to "just do it", download the
> > software and launch it without having a clue what it's doing under the
> > hood. But life is too short (and my aging mind too feeble) to master
> > everything that comes along.
> >
> > So what's worth taking the trouble to understand?  js?  XML?  The
> > Firefox API (if there is one)?  Crypto?  rsync? Setting the clock on
> > my VCR?
> >
> > KISS except where "complicated and arcane" promises reward.
> >
> >
> > Maybe I should just shut up now and go do something useful such as
> > fabricate a steel dishpan to replace the leaky enamel one that can no
> > longer be found in the stores. All-analog tech.
> >
> > ObLinux: (But maybe I'll write a perl script to solve the cone-shape
> > -> pattern layout once and for all.)
> >
> >
> > - Mike
> >
> > --
> > Michael Spencer                  Nova Scotia, Canada       .~.
> >                                                           /V\
> > mspencer at tallships.ca                                     /( )\
> > http://home.tallships.ca/mspencer/                        ^^-^^
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20100416/174ceb05/attachment-0002.html>

More information about the nSLUG mailing list