Adblock Plus and (a little) more

Why Adblock Plus on download.com isn't being updated · 2010-01-30 01:19 by Wladimir Palant

  • Dear CNET, so you own download.com? Very easy to remember, nice for you.
  • No, I am not really interested in publishing my software there, addons.mozilla.org suits my needs much better.
  • Oh, somebody already uploaded my software and I only need to keep it updated? Ok, I guess this won’t be too much of a problem.
  • Why did you subscribe me to this newsletter? I didn’t ask for it!

Read more Comment [2]

Tags:

One way to get outdated plugins on your computer · 2010-01-28 15:45 by Wladimir Palant

Only two days ago I wrote how browser plugins are the biggest security risk today. And yesterday I experienced first-hand how one would get outdated and insecure plugins installed. I installed Lexware Steuer 2009 (for the German readers: yes, that’s the one you get at Aldi and that always gets good marks in software tests). And then Secunia PSI went berserk warning me about various security threats on my computer. Turned out, this application installed without even telling me: Java Runtime Environment 1.6.0 Update 2 (released July 2007, current version is 1.6.0 Update 18), Flash Player ActiveX 9.0.124.0 (released April 2008, current version is 10.0.42.34), MSXML 4.0 SP2 (released June 2003, current version is 4.0 SP3).

Read more Comment [9]

Tags:

The new browser security landscape · 2010-01-26 12:22 by Wladimir Palant

Brian Krebs came across one of those websites throwing a battery of exploits at users and took a close look at its administration page. It lists seven exploits, the two most successful ones being for Adobe Reader and Java, followed by two Internet Explorer exploits. At the far end of the list two Firefox exploits can be found as well. From what I understand, only one Adobe Reader vulnerability was unpatched at that time, all other vulnerabilities have been fixed already. For example, the Java exploit targets a security hole that was closed in December 2008, the exploited Firefox vulnerabilities have been closed in Firefox 1.0.5 and 1.5.0.5 respectively.

Read more Comment [14]

Tags:

More extension signing adventures · 2009-12-21 11:22 by Wladimir Palant

Things got significantly better since the last time I tried to sign Adblock Plus. Firefox 3.5.6 will now show my name instead of “Author not verified” even if the organization field of the certificate is empty (thanks, Boris). And StartCom certificates are accepted by all main applications that Adblock Plus needs to support (meaning Firefox 3.0 starting with 3.0.12, Firefox 3.5/3.6/3.7, SeaMonkey 2.0 and Thunderbird 3.0). So I started signing development builds again and even released Adblock Plus 1.1.2 as a signed XPI a little more than a week ago.

Read more Comment [19]

Tags:

Adblock Plus roadmap · 2009-12-03 11:11 by Wladimir Palant

I understand that the decision making process around Adblock Plus hasn’t been very transparent, particularly when it comes to questions like “what will go into that release” or “when is this release done”. I decided to put up a roadmap that lists the features being considered for future releases (at least the ones where the details have been worked out enough to be implemented). I’ll try to keep this list up to date and it is open for discussion of course (preferably in the forum). Releases generally happen when all features have been implemented (or moved out to future releases) and sufficiently tested in development builds (meaning at least a week of testing). This is where the tentative release date for Adblock Plus 1.1.2 comes from — with all features being done it is going to be released at the end of the testing phase if no issues come up.

Read more Comment [4]

Tags:

More collaboration for EasyList · 2009-12-01 15:06 by Wladimir Palant

EasyList has grown very big over the time, not only in terms of file size or user count but also in terms of effort required to keep it updated. Quoting Ares2, “the number of new topics per week has increased enormously in the last couple of months” which makes keeping up a problem. The result of the discussion: there is a public EasyList repository now. In addition to Ares2 we have Michael and Erunno with permission to push changes to the repository — they should start doing so soon. I hope that more people get involved, especially non-Europeans (somebody needs to justify “USA” that Adblock Plus still mentions in connection with EasyList ;-) ).

Read more Comment [3]

Tags:

Extension conflicts, 2009 edition · 2009-11-24 11:01 by Wladimir Palant

I realized something yesterday. I thought about the add-ons that caused me trouble lately by breaking Adblock Plus (and often the browser as well) — .NET Framework Assistant, Skype Extension, Ask Toolbar (a.k.a. Zone Alarm Toolbar a.k.a. Foxit Toolbar). I noticed that they all have something in common: none of these extensions is being hosted on AMO, consequently none of them had to pass AMO’s review process. So while AMO’s review process still receives its fair amount of criticism and the AMO team continues to improve — apparently, it managed to achieve an important goal. The AMO editor team enforced good coding practices successfully enough to make conflicts between extensions hosted on AMO rare, it is mostly external extensions causing the trouble now. My congratulations to the editors and to the entire AMO team!

Read more Comment [8]

Tags:

Adblock Plus source code documentation · 2009-11-20 09:29 by Wladimir Palant

Sometime before the release of Adblock Plus 1.0 I started adding JSDoc comments throughout Adblock Plus source code. The idea was that source code documentation will be generated from it automatically in future. This took a while but now it is finally there. This documentation is updated whenever new development builds are created. There are still issues of course, some parts that aren’t properly documented and others where the documentation could be improved. Also, for now the documentation only covers the code that runs in the namespace of the XPCOM module (AdblockPlus.js), the UI code isn’t present. This should change in future.

Read more Comment [1]

Tags:

Mercurial over HTTPS - ouch, SSL isn't always secure · 2009-11-18 08:43 by Wladimir Palant

I set up my Mercurial server as HTTPS only. The idea behind it was that establishing a secure communication channel outweighs the disadvantages (server load, more traffic and somewhat slower pull operations) for a small server like that. But then I had second thoughts — I am using a StartCom certificate that isn’t yet accepted everywhere, what if somebody cannot pull the repository because of that?

Read more Comment [5]

Tags:

Moving Adblock Plus source code · 2009-11-16 17:49 by Wladimir Palant

Almost four years ago, Adblock Plus started out as a project hosted on MozDev.org. It quickly outgrew this hosting and moved to its own domain, yet some parts of it remained on MozDev — including source code. That’s until now. I finally made the decision to host my source code myself, having five extensions, downloads and web content in a single repository was simply too much of a mess. After some waving with hg convert and a little manual help I am proudly presenting you hg.adblockplus.org.

Read more Comment [4]

Tags:

Cookie preferences

We use some cookies to give you the best experience on our website. Read more

Cookie preferences

We use some cookies to give you the best experience on our website. By using our site you are aware that we are using cookies and you can change this any time. Learn more

Necessary cookies

Used to remember your privacy preferences. They cannot be switched off.

Tracking cookies

We use these to analyze website traffic.