Adblock Plus and (a little) more
Blocking malicious sites with Adblock Plus · 2008-07-03 11:48 by Wladimir Palant
I was reading about yet another wave of attacks exploiting a Flash vulnerability. It turned out that the Flash vulnerability used was already fixed but that doesn’t really matter — Adobe seems incapable of updating users to a secure Flash version in a timely fashion. So Firefox users were at risk here as well, and the continuing waves of SQL Injection attacks inserting malicious iframes into trusted websites didn’t exactly make the situation better.
Users with add-ons much more likely to upgrade? · 2008-07-02 14:00 by Wladimir Palant
Henrik Gemal posted on current Firefox market share. Apparently, current Net Applications figures say that only 24% of all Firefox users already switched to Firefox 3. Interestingly, the percentage amongst Adblock Plus users seems much higher. The numbers on addons.mozilla.org indicate 43% Firefox 3 users. This is confirmed by the numbers from popular filter subscriptions, e.g. 43% of EasyList users (largely US-based) and more than 45% of “Cedrics Liste” users (mostly German) are already using Firefox 3.
Emulating Window.openDialog with JavaScript arguments in an XPCOM component · 2008-07-02 13:27 by Wladimir Palant
Opening a XUL dialog from JavaScript is usually easy, you use Window.openDialog method that is almost the same as Window.open but also accepts some parameters that the dialog will be able to access via Window.arguments collection. But what if your JavaScript code runs inside an XPCOM component doesn’t have a window? Still not very hard, you use nsIWindowWatcher.openWindow method then. The tricky part here is passing parameters to the dialog however. I had to resort to hacks here in the past, and other people seem to have issues with that as well, so I thought I would share the solution.
Yes, that's how you do it · 2008-06-20 18:28 by Wladimir Palant
Just read this article on The Daily WTF. Yes, that’s how you do it if you care about your readers and their impression of your site. I am not usually blocking Google Ads but I had to add a filter specifically for The Daily WTF to block Google’s image ads. I guess I can take that filter out again. Now if they would only get rid of animated ads altogether, I would disable Adblock Plus on that site.
Worst service ever · 2008-06-08 19:51 by Wladimir Palant
I came back from Ekaterinburg today, second time that I’ve been to Russia in the last 15 years. And while I have lots of impressions that I might share later — my experience with Lufthansa service caused even stronger impressions, so these come first.
Thing is, Lufthansa’s main airport is Frankfurt and I live in Cologne which is one hour distance by train. For people like me, Lufthansa offers a service called AIRail where the train from Cologne to Frankfurt is declared a Lufthansa “flight” and I can book both the train and the actual flight together.
HTTP Referer header won't help you with CSRF · 2008-05-21 15:44 by Wladimir Palant
It seems to be obvious but apparently this idea still isn’t common knowledge — HTTP Referer header is unreliable, and it is especially unsuited for any security measures. The Referer header isn’t always present because of users going to a page directly (via bookmark and similar), using an “unusual” browser (most commonly download helper applications), using filtering firewalls (privacy protection) etc. The Referer header might be incorrect because of the same filtering firewalls (some prefer to advertise rather than remove the header entirely), special browser extensions to manipulate the Referer header etc.
Moving to a new server · 2008-05-20 09:57 by Wladimir Palant
My issues with adblockplus.org didn’t get magically resolved. While Netdepot was able to reactivate the domain once the performance issues were resolved, they didn’t feel like overlooking my exorbitant traffic use (>120 GB on an account with 10 GB traffic limit) any more. At which point it is time to say goodbye to Netdepot who generously provided me with free hosting for the past seven years and always helped me patiently with my issues. For a project of this size, it is better not to rely on somebody’s good will any more.
Dear authors of ad blocking software · 2008-05-09 12:56 by Wladimir Palant
I know that there is lots of different ad blocking software out there, for browsers other than Firefox or even independent of any browser. Some of these programs can use the same filter subscriptions that Adblock Plus offers, and some even use EasyList and/or other Adblock Plus subscriptions by default. And I don’t see a problem with that — as long as they do it in a nice way. However, I do have a problem when bugs in those ad blocking solutions overload my server.
Web pages accessing chrome:// is forbidden · 2008-04-13 22:30 by Wladimir Palant
I didn’t believe that this would still be fixed in Firefox 3 but bug 292789 has landed. The timing could be better, having such a big change go in shortly before a release is certainly less than optimal — yet still, I think that we are much better off now than we were before.
Status update on adblockplus.org · 2008-04-02 15:31 by Wladimir Palant
Apparently, one of the scripts used by adblockplus.org was putting considerable load on the server (actually tiny load but it was invoked every time somebody downloaded EasyList). Unfortunately, the provider didn’t communicate that to me so that I didn’t know of any load issues until the server got overloaded yesterday and the provider disabled adblockplus.org. The problem is now fixed and the server load is acceptable again. However, I will probably still have to move to a different server — NetDepot isn’t comfortable sponsoring hosting for a project of this size.