Language Selection

English French German Italian Portuguese Spanish

WWW and Mozilla: Greasemonkey, "Hey Hi" (AI) Hype and Distractions

Filed under
Software
Moz/FF
  • Stuart Langridge: Remediating sites

    The way I do this is with Greasemonkey. Greasemonkey, or its Chrome-ish cousin Tampermonkey, has been around forever, and it lets you write custom scripts which it then takes care of loading for you when you visit a specified URL. Great stuff: write your thing as a Greasemonkey script to test it and then when you’re happy, send the script file to the client and you’re done.

    There is a little nuance here, though. A Greasemonkey script isn’t exactly the same as a script in the page. This is partially because of browser security restrictions, and partially because GM scripts have certain magic privileged access that scripts in the page don’t have. What this means is that the Greasemonkey script environment is quite sandboxed away; it doesn’t have direct access to stuff in the page, and stuff in the page doesn’t have direct access to it (in the early days, there were security problems where in-page script walked its way back up the object tree until it got hold of one of the magic Greasemonkey objects and then used that to do all sorts of naughty privileged things that it shouldn’t have been able to, and so it all got rigorously sandboxed away to prevent that). So, if the page loads jQuery, say, and you want to use that, then you can’t, because your script is in its own little world with a peephole to the page, and getting hold of in-page objects is awkward. Obviously, your remediation script can’t be relying on any of these magic GM privileges (because it won’t have them when it’s deployed for real), so you don’t intend to use them, but because GM doesn’t know that, it still isolates your script away. Fortunately, there’s a neat little trick to have the best of both worlds; to create the script in GM to make it easy to test and iterate, but have the script run in the context of the page so it gets the environment it expects.

  • Request for comment: how to collaboratively make trustworthy AI a reality

    A little over a year ago, I wrote the first of many posts arguing: if we want a healthy internet — and a healthy digital society — we need to make sure AI is trustworthy. AI, and the large pools of data that fuel it, are central to how computing works today. If we want apps, social networks, online stores and digital government to serve us as people — and as citizens — we need to make sure the way we build with AI has things like privacy and fairness built in from the get go.

    Since writing that post, a number of us at Mozilla — along with literally hundreds of partners and collaborators — have been exploring the questions: What do we really mean by ‘trustworthy AI’? And, what do we want to do about it?

  • How to overcome distractions (and be more productive)

    Distractions tempt us at every turn, from an ever-growing library of Netflix titles to video games (Animal Crossing is my current vice) to all of the other far more tantalizing things we could be doing instead of doing what actually needs to be done. Is there any hope to focus on the things that matter in a world that wants us to do everything all the time?

    [...]

    Pocket features prominently in my book Indistractible. I think it’s a fantastic way to use “temptation bundling.” Temptation bundling is when we take something that we like to do and we bundle it with something we don’t really like to do, so for me listening to Pocket articles (I love the text-to-speech feature) is the way that I incentivize myself to go on a walk or to do exercise. I listen to articles while I do those things and it has a few benefits. It not only gets me outside (whether it’s exercising outside or indoors), but maybe even more beneficial is the fact that I don’t have to waste time reading articles online because I have a rule that I never read articles online. I only read articles in Pocket or listen to them in Pocket. So there’s a big time win there. I’ve been using Pocket for a very, very long time and I love it.

More in Tux Machines

Audiocasts/Shows: Ubuntu Podcast, Self-Hosted, TLLTS

  • Ubuntu Podcast from the UK LoCo: S13E11 – Inside out clothes

    This week we’ve been making podcasts and porting games to Scratch. We discuss Mint breaking Chromium, possible new features in Groovy Gorilla, GNOME defeating a patent troll, ZFS on Ubuntu, microk8s coming to Windows and macOS and Lenovo shipping Ubuntu or more laptops and workstations. We also round up some of our favourite stories from the tech world.

  • One is None | Self-Hosted 20

    You're not a true self-hoster until you've lost your entire configuration at least once. Alex does a deep dive into cloud backup, plus we need your help to find the right Wifi solution for a listener.

  • The Linux Link Tech Show Episode 860

    a walk down memory lane, games, toys, hardware

GNU Projects: GNU Radio, GIMP and Guile/Guix

  • Hack-a-Sat call for participation

    I'm chairing the GNU Radio Conference CTF this year (will be held in September, website is https://www.gnuradio.org/grcon/grcon20/), and amateur radio has traditionally been a very large part of this event in every way. Your ideas for amateur radio satellite themed challenges are welcome and I look forward to working with you.

  • How to edit multiple photos at once

    GNU Image Manipulation Program (GIMP) – The biggest threat to Adobe Photoshop is this free, open-source desktop program. It has mostly everything you need to manipulate images, like cropping, color adjustment, adding effects, layers, and more. We highly recommend this software if you want to avoid Photoshop’s monthly subscription.

  • Here's the best free software to keep everybody occupied

    There once was a time when you could spend a lot of money and buy Adobe PhotoShop outright, getting a perpetual licence with your box of discs. But in 2017, Adobe changed all that and moved to a monthly subscription through its Creative Cloud service. On one hand, you get the latest and greatest software; on the other, you never really own it as you did in the past. There are plenty of image-editing apps and software programs out there if you want to do some basic photo editing. However, what if you want the power of Adobe Photoshop but don’t want to pay out for the monthly subscription? GIMPShop is the answer. The GNU Image Manipulation Program is free and includes plenty of advanced editing features, from cloning and healing tools to filters and settings such as exposure and colour. You can alter colour and shadows, work with layers, turn your images into t cartoon or touch-up portraits. Because it’s open source, people can work with the code, so there are plenty of third-party plugins that act as extra features to the program. Or, if you are so inclined, you can come up with your own. If you are already experienced with photo editing software, GIMPShop won’t have too much of a learning curve even the interface looks familiar.

  • Andy Wingo: a baseline compiler for guile

    Greets, my peeps! Today's article is on a new compiler for Guile. I made things better by making things worse! The new compiler is a "baseline compiler", in the spirit of what modern web browsers use to get things running quickly. It is a very simple compiler whose goal is speed of compilation, not speed of generated code. Honestly I didn't think Guile needed such a thing. Guile's distribution model isn't like the web, where every page you visit requires the browser to compile fresh hot mess; in Guile I thought it would be reasonable for someone to compile once and run many times. I was never happy with compile latency but I thought it was inevitable and anyway amortized over time. Turns out I was wrong on both points! The straw that broke the camel's back was Guix, which defines the graph of all installable packages in an operating system using Scheme code. Lately it has been apparent that when you update the set of available packages via a "guix pull", Guix would spend too much time compiling the Scheme modules that contain the package graph.

Security Leftovers

  • [Attackers] Target California University Leading Covid-19 Research

    UCSF confirmed it was the target of an “illegal intrusion” but declined to explain which portion of its IT network may have been compromised. Researchers at the university are among those leading American antibody testing and clinical trials for possible coronavirus treatments, including a recent study on anti-malarial drugs touted by President Donald Trump as a possible remedy, then refuted by scientists.

  • NSA flags email vulnerability
  • Improve your security with two-factor authentication [Ed: But Google is not security but a MITM with close ties to NSA]

    Two-factor authentication (or simply 2FA) is a way of authentication where a user must provide additional verification after username and password login. The form of verification can be a string of characters delivered via text message or generated with TOTP client. Two-factor authentication improves security because compromised username and password are not enough to get the account breached. This article will explain how to use TOTP clients for two-factor authentication and why TOTP is better than many other two-factor methods. As an example, I will show how to enable and set up TOTP client Google Authenticator in Google’s services. [...] Next, I will show you how to enable two-factor authentication in Google services. After that, we will install Google Authenticator and enable 2FA with Google account. In this guide, I will log in to a Google account with a desktop browser, which is very similar to how the process works for other services. Login to your Google Account and proceed in the menu to Security> Signing into Google > 2-step verification. If two-step verification is enabled on your Google account, you should already see an option for Google Authenticator on this page, and you can continue to the next part of this article (Installing Google Authenticator). Otherwise, continue this part. Google has now opened a window where is introduced two-step verification. You can read it through and then click forward.

  • Linux security: Protect your systems with fail2ban

    Security, for system administrators, is an ongoing struggle because you must secure your systems enough to protect them from unwanted attacks but not so much that user productivity is hindered. It's a difficult balance to maintain. There are always complaints of "too much" security, but when a system is compromised, the complaints range from, "There wasn't enough security" to "Why didn't you use better security controls?" The struggle is real. There are controls you can put into place that are both effective against intruder attack and yet stealthy enough to allow users to operate in a generally unfettered manner. Fail2ban is the answer to protect services from brute force and other automated attacks.

  • Security updates for Thursday

    Security updates have been issued by Debian (firefox-esr), Fedora (firefox and prboom-plus), Oracle (bind), Red Hat (firefox), and SUSE (osc).

GNU Linux-Libre 5.7

  • GNU Linux-Libre 5.7 Released - Drops Intel iGPU Security Fix Over Arrays Of Numbers

    The GNU Linux-libre 5.7-gnu kernel was released following last weekend's Linux 5.7 kernel release. But the info-gnu mailing list was slow and thus just hitting the wire today for the latest version of this sanitized version of the Linux kernel. One interesting change in GNU Linux-libre 5.7-gnu is dropping the Intel Gen7 "iGPU Leak" security mitigation over not liking the sources.

  • GNU Linux-libre 5.7-gnu
    GNU Linux-libre 5.7-gnu cleaning-up scripts, cleaned-up sources, and
    cleaning-up logs (including tarball signatures) are now available from
    our git-based release archive git://linux-libre.fsfla.org/releases.git/
    tags {scripts,sources,logs}/v5.7-gnu.
    
    Tarballs and incremental patches were still slowly getting compressed as
    I started writing this.  It took me so long to write this up that by now
    they are probably ready to be published, along with scripts and logs, at
    <https://www.fsfla.org/selibre/linux-libre/download/releases/5.7-gnu/>.
    
    We will not create or publish binary xdeltas any more: tarballs and
    patches are now created with git archive and git diff, respectively.
    So, even if you want a tarball, you don't have to wait for the
    compression to complete on our end.  Update the git repo, and run:
    
      git checkout logs/v5.7-gnu &&
      git archive --format tar --prefix=linux-5.7/ \
        sources/v5.7-gnu > linux-libre-5.7-gnu.tar &&
      gpg --verify linux-libre-5.7-gnu.tar.sign
    
    This will get you the same tarball and signature that, once compressed,
    will be published at the usual place.  Note that the --prefix= was
    maintained like that of the corresponding upstream release, so that
    anyone already used to downloading our tarballs and dealing with the
    unusual prefix doesn't have to make any changes.
    
    
    No changes were required to the cleaning up scripts since -rc7-gnu,
    already published under the new release procedure, though a little too
    late for it to be useful.
    
    The git repository is already populated with scripts, sources and logs
    for past releases since Linux-libre became a GNU project; earlier
    releases might be added at a later time.  The imported sources, scripts,
    logs and signatures are the result of long-time hard work by Jason Self,
    in the git repo https://jxself.org/git/linux-libre.git.  Nearly all of
    the branches, tags and commits in the new repo are taken directly from
    there, though I've verified all of the sources/ and scripts/ tags and
    corrected a few mismatches that AFAICT followed from errors in the SVN
    repository.  The main exception is the storage of logs and tarball
    signatures; he'd used git notes, but those didn't quite work for me, so
    I turned them into a separate tree of tags with logs and tarball
    signatures.  Alas, I failed to bring the .log signatures into it.  Will
    fix, and move the tags.
    
    
    The 5.7 upstream release removed the i1480 uwb driver, that we used to
    clean up, but added a crypto driver for the Marvell OcteonTX CPT, for
    Mediatek MT7622 WMAC, for Qualcomm IPA, for the Azoteq
    IQS620A/621/622/624/625 Multi-function device, for IDT 82P33xxx PTP
    clock, and a Modem Host Interface (MHI) bus driver, all of which
    required cleaning up.  Actually, the MHI bus one is tentative: I
    couldn't quite figure out what it is that it loads, so I've
    conservatively blocked it in the likely case it is a piece of non-Free
    Software.
    
    Some further adjustments were required on account of the introduction of
    the function firmware_request_platform to the firmware-loading
    interface, of the usual assortment of false positives all over, and blob
    adjustments in AMD GPU, Arm64 DTS files, Meson VDec, Realtek Bluetooth,
    m88ds3103 dvb frontend, Mediatek mt8173 VPU, Qualcomm Venus, Broadcom
    FMAC, Mediatek 7622 and 7663 wifi, silead x86 touchscreen; of the
    movement of the cleaned-up mscc phy driver (and new blob names in it)
    and wd719x documentation within the source tree; and of something very
    unexpected: the introduction of binary blobs as arrays of numbers in
    source code for gen7 i915 gpus.
    
    
    I unfortunately could not find correspoding sources for the new binary
    blobs introduced in such an old-fashioned way, and they're big enough
    and not regular enough that I could just assume them to be data rather
    than code, so I've removed them.  If you come across source code for
    those bits, or can explain to me how transparent and trivial they are
    once they're disassembled with existing Free tools, I'll be very glad to
    restore them.
    
    
    Other relevant changes were made to the deblob-check script:
    
    - its self-test now uses a safer $echo instead of echo to feed itself
    the test patterns, and to complain in case they fail; some of the
    patterns got mangled (unintended backslash transformations) by /bin/sh's
    echo in Trisquel 8.  That's a well-known shell portability issue that we
    had a fix for, but that somehow hadn't come up before in the context of
    the testsuite.
    
    - I moved the block of default suspicious patterns after the Linux- or
    patch-specific ones.  This enables these default patterns to be
    overridden by longer matches (e.g., cleaning up a trailing comma along
    with the new Intel presumed blobs).  In Non-Deterministic Automata-based
    regular expression engines, such as those in GNU awk and GNU sed, this
    doesn't make a difference, because the longest match is always
    preferred, but in engines that process alternatives left-to-right and
    take the first match, like Python's and Perl's, there was no way to
    override the blob sequence as needed.  Now there is.
    
    
    For up-to-the-minute news, join us on #linux-libre of irc.gnu.org
    (Freenode), or follow me (@lxoliva) on Twister <http://twister.net.co/>,
    Secure Scuttlebutt, GNU social at social.libreplanet.org, Diaspora* at
    pod.libreplanetbr.org or pump.io at identi.ca.  Check the link in the
    signature for direct links.
    
    
    Be Free! with GNU Linux-libre.
    
    
    What is GNU Linux-libre?
    ------------------------
    
      GNU Linux-libre is a Free version of the kernel Linux (see below),
      suitable for use with the GNU Operating System in 100% Free
      GNU/Linux-libre System Distributions.
      http://www.gnu.org/distros/
    
      It removes non-Free components from Linux, that are disguised as
      source code or distributed in separate files.  It also disables
      run-time requests for non-Free components, shipped separately or as
      part of Linux, and documentation pointing to them, so as to avoid
      (Free-)baiting users into the trap of non-Free Software.
      http://www.fsfla.org/anuncio/2010-11-Linux-2.6.36-libre-debait
    
      Linux-libre started within the gNewSense GNU/Linux distribution.
      It was later adopted by Jeff Moe, who coined its name, and in 2008
      it became a project maintained by FSF Latin America.  In 2012, it
      became part of the GNU Project.
    
      The GNU Linux-libre project takes a minimal-changes approach to
      cleaning up Linux, making no effort to substitute components that
      need to be removed with functionally equivalent Free ones.
      Nevertheless, we encourage and support efforts towards doing so.
      http://libreplanet.org/wiki/LinuxLibre:Devices_that_require_non-free_firmware
    
      Our mascot is Freedo, a light-blue penguin that has just come out
      of the shower.  Although we like penguins, GNU is a much greater
      contribution to the entire system, so its mascot deserves more
      promotion.  See our web page for their images.
      http://linux-libre.fsfla.org/
    
    What is Linux?
    --------------
    
      Linux is a clone of the Unix kernel [...]
    
    (snipped from Documentation/admin-guide/README.rst)