dabruro

About me

Developer Information
Name dabruro
User since January 13, 2008
Number of add-ons developed 0 add-ons
Average rating of developer's add-ons Not yet rated

My Reviews

ShowIP

too slow in looking up city/org/etc Rated 3 out of 5 stars

+ Good design
+ Can be dragged off the add-on bar to another toolbar
+ shows the "real" site name (not just numeric IP)
- Slow, esp. in comparison to Website City + Country Info
- can't hide the site name
- can only see one other piece of info at a time on the toolbar

This review is for a previous version of the add-on (1.8.1.1-signed). 

Master Password Timeout (Updated)

works great! (note that the timeout refers to *inactivity* period) Rated 5 out of 5 stars

I wonder whether the previous/first reviewer expected the master password to time out after the specified number of seconds after it was last entered. I thought that at first, too. Instead, it only times out after the user has been idle/inactive for that period of time.

In other words the purpose is not to make you always re-enter the master password every so many seconds while using the browser. Instead it only protects you for example if you walk away for so many seconds and someone starts using your browser.

BTW, this add-on is in my collection "recommended security & privacy add-ons that are minimally-invasive" addons.mozilla.org/firefox/collections/dabruro/security

Calomel SSL Validation

useful info for experts; misleadingly alarmist for ordinary users Rated 3 out of 5 stars

I think there are far bigger threats to most users' security than whether or not a site uses the very best encryption algorithm.

The big scary icons are out of proportion to the danger, especially in comparison to other add-ons that use a much smaller red/yellow/green icon, such as WOT, LinkExtend, SiteAdvisor, etc. If they use this add-on as well as some of those others, many users would get the incorrect impression that a criminal's malware or phishing site is pretty safe to use so long as they use a high-grade encryption algorithm, whereas visiting chase.com (large bank with mid-grade encryption) puts you in grave danger. It's very harmful to mislead naive users in this way.

I myself do sometimes use this add-on because it's the only thing I've found that continues to remind me of a certificate problem even *after* I've added a security exception for given site. (BTW most users should never add such an exception, especially for a public site.) (I think Google Chrome indicates the unverifiable-site-with-exception by a slash through the "https", which is a good idea.) Hence the three stars. But even for this purpose, I can barely distinguish the resulting red icon from an reddish-orange icon which is given to some legitimately-certified sites for not using a very strong grade of encryption.

Also, I don't like the bundling of lots of other unrelated browser tweaks, regardless of whether some of them might be useful in themselves. It turns it into a "you should set all the same browser settings that I do" type of add-on, which should at least be a separate add-on, especially for the options that aren't about SSL or its closely-related security/privacy considerations.

This review is for a previous version of the add-on (0.52.1-signed). 

Undo Bookmarks Menu

Firefox should have this built-in! Rated 5 out of 5 stars

This add-on could be a lifesaver if you need to undo an accidental change you made to your bookmarks.

Barlesque

Good workaround for firefox's horribly-misconceived addon bar! Rated 5 out of 5 stars

Firefox inexplicably has an addon bar that (1) takes up the entire width of the screen even if there's almost nothing on it, (2) neither the bar nor most of its icons can be moved from the bottom of the screen, and (3) can only be shown or hidden so that none of the information on it is visible. Barlesque addresses (1) and to some extent (3) pretty well.

UI Fixer (or Mar Mod Updated) can address (2) by allowing you to drag the addon-bar-only group of icons to another toolbar. Alternatively, url-addon-bar moves the *entire* addon-bar inside the right-hand side of the address/location bar. See my collection https://addons.mozilla.org/en-US/firefox/collections/dabruro/compact/ for additional comments.

When minimized, Barlesque seems to auto-show when some of the icons or information on it change, though I don't think this is 100% consistent. Another reviewer mentioned that it auto-shows when changing tabs -- that's true although I think it *should* do that if changing tabs causes any change to what's shown on the bar.

As pointed out by hermandes, it would be very nice if Barlesque had the ability to auto-show (temporarily) when it's minimized and we hover down there in the corner, so we don't have to click to show and then click again separately to re-minimize it.

Skip Cert Error

nice -- cuts alarmist warnings down to appropriate level Rated 5 out of 5 stars

Which is worse, an http (non-secure) page or an https page that's secured only by a self-signed or unrecognized-CA-signed certificate? Neither of them proves or disproves the identity of the site, so that's not a difference.

The http site is definitely making no effort to secure the information transfer in either direction. So if anything, the self-signed https is better than plain http. Once you've decided to submit some private information to the site, would you rather use their http form or their self-signed https form? Clearly the https.. So why do we get multiple levels of dire warnings on visiting the self-signed https site and no warnings at all for the http site? (Aside from the browser warning when you first *submit *a form over plain http, which we all dismiss with "don't show this again").

The only legitimate reason to treat the self-signed https site so cautiously is so we aren't misled into thinking that the site's *identity* is validated just because it says "https". But this can be shown by a visual indication such as the add-ons "Safe" or "Calomel SSL Validation" (as well as the little notification bar put up by Skip Cert Error when first setting the exception).

This review is for a previous version of the add-on (0.3.2.1-signed). 

ipFlood

does as much as it can without going thru a real proxy Rated 4 out of 5 stars

Pretty cool idea. I think many of the reviewers didn't understand what it can and can't do. It can't change or completely hide your *real* IP address. Instead it makes it look like that's the IP of a *proxy* and that your own IP is the one being set in the headers by this add-on. I visited a number of the "what's my IP"-type sites and some reported such a proxy configuration but others apparently ignored these headers. If this add-on became very widely used then I'm sure it wouldn't "fool" much of *any* sites anymore.

I simply configure this this add-on to select from a range of thousands or hundreds of IP addresses that includes my own, which might look something like 22.222.100.2 - 22.222.200.253. These would be addresses that my ISP really uses in my local area, so it's theoretically plausible that I'm getting assigned these different IPs dynamically by my ISP! (Getting my ISP to really assign me a new dynamic IP frequently is not really so easy or I would do it).

That should solve most of the problems people have had because all of those IPs should show up as being in the same geographic area.

The add-on would be much better off-the-shelf if by default it chose a range of IP addresses based on the true IP like I describe above. Then there wouldn't be so many people who try it and it immediately starts breaking sites (and they give it a bad review).

It would be nice also if it could be set to change the IP less frequently (e.g. once per hour or day or per browser session) so it doesn't look suspicious to a site you're using that your IP keeps changing with every request while you're perhaps signed into that site or performing a multi-step transaction. Maybe that's what PayPal didn't like, but I suspect it had more to do with the IP changing to different countries and regions. I'd be suspicious too if I were PayPal and trying to prevent fraud.

I googled and didn't see as much about the CLIENT-IP header so I didn't set that one. I noticed that some sites specifically thought I was using a Proxy only when I set the VIA header (in addition to X-FORWARDED-FOR since I didn't try it without this header).

BTW, I am able to manually get my ISP to change my real IP address, but it requires logging into my home router's admin console and changing its MAC address, and then recycling the power on my cable modem so it sees a brand new MAC address and the DHCP server gives it a brand new dynamic IP. I'm certainly not going to do that every day nor probably even every week. If I were an ISP I would offer automatic IP-switching as a privacy feature, maybe even charging a dollar or two extra per month for it :-)

BTW, this add-on is in my collection "recommended security & privacy add-ons that are minimally-invasive" https://addons.mozilla.org/en-US/firefox/collections/dabruro/security/

This review is for a previous version of the add-on (1.0.1). 

gtranslate

doesn't work consistently for selections including multiple list items or paragraphs. also no full-page translation. Rated 2 out of 5 stars

Okay for a sentence or small paragraph. When I select more than one paragraph it often truncates it (or worse). And you still need to install another add-on if you want to be able to send the entire page (URL) to google translate (rather than only selected text). But then gTranslate is no longer needed because the other one can do it all. I'm trying Google Translator for Firefox (it's lightweight/minimal) and I might also try some more heavyweight/sophisticated add-ons like ImTranslator or FoxLingo.

This review is for a previous version of the add-on (0.9.1-signed). 

NoSquint

amazing! can set any combo of text zoom and full page zoom! Rated 5 out of 5 stars

If you just want to zoom the entire page *OR* zoom only the text, there are a number of add-ons such as Zoom Page ( addons.mozilla.org/firefox/addon/zoom-page/ ) (perhaps simpler and easier than NoSquint) -- they are mainly gui's to control firefox's built-in zooming capability. Which is even more necessary now that the zoom features can't even be found via the firefox app button (they're in the normally-hidden super-secret advanced-users-only legacy View menu -- wth is this, f{IE}rfox?).

Where NoSquint shines is that you can set *any combination* of full-page and text-only zoom.

For example maybe you're squinting at the icons and images but the regular text is readable (except any "text" that's actually in images). So you set full-page zoom to 125%. But you notice that the text is now unnecessarily large. You can now simply dial-down the Text-Only Zoom until the text is back down to its original size, while leaving everything else large! (Technical note: in this case you'll probably end up with a text-only zoom of 80% because 80% of 125% is a net of 100% for the text.)

To change the text-only zoom, hold down the shift key when clicking on NoSquint's + and - zoom buttons.

But even if you don't use NoSquint's addon bar item or toolbar buttons, having NoSquint installed adds the separate-text-only-zoom feature and makes this accessible via Ctrl+SHIFT+- and Ctrl+SHIFT++. This is a capability that Firefox should provide natively but doesn't. Without NoSquint, firefox has a toggle that lets it do only one kind of zooming or the other at any given time.

I haven't used the color-related features so I can't comment on those.

Room for improvement (minor):
1. Toolbar button tooltips should be more informative, suggesting the shift key for text-only operation and showing equivalent keyboard shortcuts for a given button, etc.
2. Remind users that they have to enable the addon bar to see the main NoSquint item, and customize/drag buttons onto the toolbar for +/-/reset.
3. Shift+ResetZoomButton and Shift+Ctrl+0 could reset only the Text-Only Zoom to its default (so you don't have to reset both zooms).
4. Make the add-on bar (statusbar) item movable onto a toolbar (although UI Fixer or MarMod can move these addon-bar-only items all together to a toolbar) and integrate it better with the +/-/reset buttons.
5. Zoom Page has nice all-in-one compound buttons for this -- some quite compact.
6. Indicate visually when the current zoom parameters on this site are equal to the default (gray out the ResetZoom button for starters).
7. Don't limit the range of fixed zoom choices listed in menu to 90%-150%; make this customizable like in Zoom Page and make the + and - follow this sequence of zoom levels instead of a fixed increment.
8. When using the site dialog, don't force the zoom levels to be multiples of 5% and within the 40%-300% range .

This review is for a previous version of the add-on (2.1.5.1-signed). 

Image Resizer/Scaler

very nice Rated 5 out of 5 stars

Image Resizer/Scaler works great, and yet it's so simple it has no Options. I'm not sure why the previous version (1.1.rev361) listed a different user as the author, but I'm glad it's being maintained. I'd like to see a way to make an image "break out" and not get clipped to its container so that you can only see its upper left corner. There should be a way to show the image outside of and above the other page elements in order to see the whole thing. (Also BTW it would be nice if there were an extension that could resize *all* the images on a page simultaneously.)

{Edit after developer's July 31st response below: By resizing all the imgs on page I mean without resizing the text or structure or other elements of the page. One can resize everything-but-the-text although it's a little awkward to do (see my review addons.mozilla.org/en-US/firefox/addon/nosquint/reviews/368821 of NoSquint) and this resizes the structure containing the content, as well as the images. I sometimes want to shrink just the images on a page so I can see more text per screen, but shrinking the structure often defeats this purpose by squeezing the text into a smaller area. Or I might want to enlarge all the images to make them more readable (not having to do one at a time) but without enlarging the structure which would push some of the content off the page and require more scrolling.
}

This review is for a previous version of the add-on (1.2.rev653.1-signed). 

Zoom Page

Firefox should have this built-in! (esp. since zoom isn't in the fx app button but only in hidden View menu) Rated 4 out of 5 stars

I personally prefer to use NoSquint ( addons.mozilla.org/firefox/addon/nosquint/ ) because it can set *any combination* of full-page and text-only zoom in effect at the same time. But that may be more than most users need, in which case I recommend ZoomPage because it's simpler and has a more compact all-in-one toolbar button.

It's great that the button has a (customizable) zoom menu (or Reset to default) and the ability to switch to text-only zoom, and an easy way to toggle site-specific zoom memory. I tried a couple other similar add-ons but they weren't as good.

BTW, this add-on is in my collection Compact Efficient Interface Maximizes Screen Height Available for Page Content ( addons.mozilla.org/firefox/collections/dabruro/compact/ )

Add-on would be even better if:
1. Have a zoom menu but also a single-click reset. Could divide the current button into four sub-buttons instead of the current three?
2. have a visual indication of whether the zoom level is 100% and whether it's at the default (e.g. if this is set to 90%).
3. More-informative tooltips: say whether current mode is text-only or not, current mode site-specific or not, reminders of keyboard shortcuts appropriate to that sub-button such as Ctrl+-, and more understandable "zoom everything" since "full page" sounds like full-screen to non-experts.
4. is an image-only zoom option possible? Even though this is separate from fx's normal page zoom mechanism, it is the natural complement to text-only zoom from the users's point of view (they don't care that the implementation is different).

Edit after developer reply to my point 1: thanks, I didn't realize the middle-click could be used that way. I personally still would prefer another way to do both a reset and a zoom since my thinkpad strangely has no physical middle button to use with the trackpad :-)
Thanks again for a good add-on.

This review is for a previous version of the add-on (4.3.1-signed). 

Switchy

was good, but now doing something very strange Rated 3 out of 5 stars

I especially appreciate the fact that it works with nonstandard firefox variants like Pale Moon because it doesn't assume the executable is called "firefox.exe" the way ProfileSwitcher does.

But now every time I run with my default profile (whether I run it via Switchy or not), it opens a particular banking site that I've used in the past! This is not my home page or anything like that. The only way to prevent this behavior is to disable Switchy (which wouldn't be so bad if it were restartless).

Aside from that, I wish Switchy had the same feature as ProfileSwitcher where it can optionally leave the existing profile open and *simultaneously* run a second profile in a separate window. I believe in effect this is like using the -no-remote flag which enables one to do the same manually.

I'd give it a another star if it weren't for the strange site opening behavior, and a full 5 stars if it could also open multiple profiles at once like ProfileSwitcher.

(BTW, Suggestion: provide a way to submit bug reports outside of these reviews; then people can add a review *after* you've addressed their bug report and they're more likely to give you a better rating.)

BTW, this add-on is in my collection "recommended security & privacy add-ons that are minimally-invasive" https://addons.mozilla.org/en-US/firefox/collections/dabruro/security/

This review is for a previous version of the add-on (0.4.1-signed). 

Force-TLS

useful but avg user may not need it Rated 4 out of 5 stars

Firefox already respects Strict-Transport-Security, maintaining an internal list of sites that declare that the browser should always use https to access them. This prevents someone from spoofing as this site (man in the middle) but with plain HTTP. It also has the added benefit of simply forcing encrypytion to protect your data in case you tried to visit the plain HTTP site (particularly from a public/open hotspot) -- much like the Electronic Frontier Foundation's "HTTPS-everywhere" (eff.org) add-on except that the latter uses list maintained by the EFF rather than as self-identified by each site.

The benefit of the Force TLS add-on is that it provides a nice GUI for displaying and modifying Firefox's list of STS sites -- although the usefulness of this is limited by the limited number of sites that set a Strict Transport Security header.

Also, one can easily add a site in the GUI, whereas HTTPS-Everywhere requires hand-editing arcane xml for the user to add a new site!

HTTPS-Everywhere on eff.org has the sizable aforementioned list of sites that *can* use HTTPS in place of HTTP, even if the sites don't themselves request that the browser always do so. I guess HTTPS-Everywhere can use more flexible rules, but again at the price of requiring you to write XML to define each of them. Also HTPPS-Everywhere provides a button showing any entries for the current site and the ability to disable/enable these entries (but not add a new one).

You might try using *both* of these add-ons together. Perhaps, in the future, one of these add-ons could provide the benefits of both.

However, this addon may not be needed by an avg user who doesn't want to know what's going on at this level of detail. For him/her, the HTTPS Finder addon might be a better choice, perhaps in combination with HTTPS Everywhere. HTTPS Finder tests whether the present HTTP site has an HTTPS version having the same URI, and offers to switch you to it.

This review is for a previous version of the add-on (3.0.1.1-signed). 

Launchy

Rated 4 out of 5 stars

I really like Launchy. I would *really* like it if there were a way to configure it to launch a particular external app for a link by default or by some combination of shift/ctrl/alt, rather than always having to navigate the context menu of a link.

Or at the very least there should be a a letter to select launchy within the context menu so i don't have to use my mouse.

This review is for a previous version of the add-on (4.2.0). 

iTrustPage

iTrustPage -- good concept but could be made more convenient, less extreme Rated 3 out of 5 stars

Works as advertised.

But most of us aren't willing to manually validate *every* site that we type *any* information into, even though it usually isn't anything sensitive.

Would be much more useful if there were some options to limit when iTrustPage would ask to validate the site.

For example could optionally exclude *unencrypted*/*insecure* sites/forms, since many of us are already accustomed to only entering sensitive information into secure (ssl/https) forms.

And how about optionally letting the user specify patterns to match sensitive information, e.g. 8-digit numbers (US bank acct) or specific strings/substrings. Could also prompt when entering a password in a password field.