Peter

About me

Developer Information
Name Peter
User since July 25, 2009
Number of add-ons developed 0 add-ons
Average rating of developer's add-ons Not yet rated

My Reviews

Blend In

Simple fix for updating user agent in TB Rated 5 out of 5 stars

This is a follow up to my previous review/question...

Thunderbird includes a boolean pref "general.useragent.compatMode.firefox" that can be set to true to automatically insert a Firefox token into the user agent string, like this:

"Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0 Thunderbird/31.5.0 Lightning/3.3.2"

More details here:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Gecko_user_agent_string_reference

This has solved my previous problem with opening Outlook.com from within TB. So even though this is one of the few User Agent Add-ons that actually works with Thunderbird, I won't need it after all.

Again, five stars for functionality for this add-on, which actually has nothing to do with Thunderbird in particular. :@)

This review is for a previous version of the add-on (36.0.1t31.5.0.1-signed).  This user has a previous review of this add-on.

Blend In

Not removing Thunderbird string? Rated 5 out of 5 stars

Using TB regular release 31.5.0 and Firebug 2.0.8 extension (to Allow Remote Debugging), I am seeing this via Scratchpad (remote connection from FF 37.0):

var sUsrAg = navigator.userAgent;
alert(sUsrAg);

"Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.5.0"

BTW, five stars anyway as this is a needed tool and I'm sure you can point me in the right direction here...

Edited to add: I assumed that the extension would also *remove* the reference to Thunderbird but I guess that was an incorrect assumption on my part. :P

In my case I want to be able to open Outlook.com within TB without getting prompted by MS to update my browser. I'm thinking I can do that by editing extensions.tildebirlik.privacy.blend-in.applied.general.useragent.override (or even just general.useragent.override) as needed. Would be nice if your extension also had an option to do that. Most of the other User Agent modifiers I've looked at will only install into FF, not TB.

Thanks.

(review title edited appropriately...)

This review is for a previous version of the add-on (36.0.1t31.5.0.1-signed). 

Lightning

Fix for Alarm Snooze bug Rated 4 out of 5 stars

Here's the Bugzilla page where this bug is finally acknowledged and fixed:

https://bugzilla.mozilla.org/show_bug.cgi?id=701659

Unfortunately the fix will only be forthcoming in v1.1. But it's easy enough to transplant the fix into v1.0:

- Expand the "Development Channel" pane at the bottom of the Lightning Add-On page.

- Click on the "Add to Thunderbird" button and save the "lightning-1.1b1-tb+sm-windows.xpi" file to your computer.

- Locate the .xpi file and rename the extension to .zip (in the Folder Options control panel you'll need to have "Hide extensions for known file types" un-checked).

- Double-click the .zip file, browse into the "calendar-js" folder, locate the "calAlarmService.js" file, and drag it onto your Desktop.

- Locate your Thunderbird profile folder, e.g. "C:\Users\UserName\AppData\Roaming\Thunderbird\Profiles\ProfileName" (AppData is a hidden folder).

- Open the "extensions" folder in your Thunderbird profile, then open the "e2fda1a4-762b-4020-b5ad-a41df1933103" folder (for Lightning), then open the "calendar-js" folder.

- Rename "calAlarmService.js" in the calendar-js folder to "calAlarmService.js.bak".

- Drag calAlarmService.js from your Desktop into the calendar-js folder in your profile folder, then restart Thunderbird.

(--- Edited procedure to correct folder names in TB profile ---)

This absolutely solves the problem for me. Hope it works for you.

P.S. I've tried several times to just install the entire v1.1b1 .xpi from the Development Channel but my calendar entries don't appear at all with this build. In Lightning Options for this build the Time Zone pull-down menu is blank, which I think explains why my calendar items don't show up (Lightning needs to know the TZ in order to display calendar items correctly).

This review is for a previous version of the add-on (1.0). 

GrabMyBooks

Conflicts with Menu Editor Rated 4 out of 5 stars

This add-on seems to work OK when it works, but I've seen several different JavaScript modal warning dialogs since the original release. With this version (1.1) its a JavaScript warning about a null popupNode property when installed alongside Menu Editor v1.2.7.

I've sent a message to the GrabMyBooks developer via the Contact link at http://www.grabmybooks.com/ and also posted a bug report to the Menu Editor message board. Hopefully this will get fixed sometime soon.

EDITED to add: I've had an extensive e-mail discussion with the developer and he's assured me that he's looking into this problem. I've upgraded my review based on his reports, and also based on the fact that this turns out to be just a minor bug that doesn't seriously affect use of the program (as far as I can tell).

This review is for a previous version of the add-on (1.1.1-signed). 

Export All Certificates

Very useful little utility Rated 5 out of 5 stars

I installed this extension to allow a quick export of the (currently) 155 certs built-in to nssckbi.dll ("Builtin Object Tokens" in Certificate Manager). My ultimate goal is to cut the CA cord entirely and just make manual exceptions for each server as needed in order to make secure connections (sort of a "poor man's web-of-trust"). Having a copy of the built-in certs comes in handy when you've disabled nssckbi.dll entirely. :-)

One suggestion: The indexes are really only needed to prevent duplicate filenames, and it's actually more useful to instead allow the files to sort by common name (CN) or organisation (O). So, I'm suggesting that the filename format be changed to make the files sort better within the output folder, and make the names easier to interpret:

Put the index number at the end of the filename, instead of the beginning (and perhaps only include an index when there's actually a duplicate file, as Windows does). Switch the cert attributes in the filename to put organisation (O) before common name (CN); this would match the organizational layout within Certificate Manager itself. And add a separator character between the two fields to make it easier to distinguish them within the filename. I'm guessing that something like "#" would be a good choice for this (or some other character that won't likely be used within the two fields themselves).

Simos, you said: "I am considering to add the code of Export All Certificates to Gecko, so that this add-on will not be require anymore. It should take a day's work. If you have comments on this, tell me!" You definitely have my yes vote on this!Thanks for your effort on this extension.

EDITED to add: I see now that you do include a single underscore character to separate the common name and organization strings. I guess I missed this because I didn't expect to see an underscore used as a token delimiter when the tokens themselves include spaces (I'm used to seeing file names with underscores in place of spaces). Maybe switch the delimiter to a hyphen wrapped with spaces? " - "

SignatureCheck.org Certificate Thumbprint Validator

Forcing the extension to use HTTPS Rated 3 out of 5 stars

After posting my previous review (below) I decided to perform an experiment:

- Right-click on the "Add to Firefox" button on this page and select "Save Link As..."
- Save the file with the original filename "signature_check-1.1-fx.xpi"
- Open the .xpi file with 7-Zip ( www.7-zip.org )
- Browse into \chrome\content\
- Right-click "signaturecheck.js" and select Edit to open the file in Notepad
- Replace the two instances of "http://signaturecheck.org" with "http://signaturecheck.org"
- Save the file and close Notepad
- When 7-Zip asks "Do you want to update it in the archive?", click OK
- Close 7-Zip
- Open Firefox and drag the .xpi into an open window to install in the usual manner

After installing the modified .xpi in Firefox the extension seemed to work just the same as before. I also used the "HttpFox" extension to verify that the traffic between my browser and SignatureCheck.org was indeed encrypted.

Since SignatureCheck.org is already able to use HTTPS, it would be really easy for the extension developer to make this change (so easy that I give it an extra star in this particular review :-)

Until an official update is released, you can follow the procedure above to do this yourself if you're interested. (Please don't ask here how to do this here as your questions probably won't get noticed.)

This user has a previous review of this add-on.

SignatureCheck.org Certificate Thumbprint Validator

Good first effort... Rated 2 out of 5 stars

(I give this extension a 2.5 but there's no way to show that extra half star :@)

Add-ons Manager says that this extension is not compatible with Firefox 4.0.1. However, with the "Add-on Compatibility Reporter" extension installed, you can install this extension and it seems to work as expected.

Occasionally some tab windows will display a red ribbon at the top of the web page with this verbiage: "Could not connect to SignatureCheck.org. Someone may be blocking your traffic to prevent thumbprint checks. Your connection may be insecure." This only seems to happen on pages that previously had a successful thumbprint match, after switching to another tab and then back to the previous tab. It seems to be a bug with how the extension (or Firefox) is caching page data. On the other hand, this error could indicate a legitimate but intermittent problem with connecting to the SignatureCheck.org server itself - in which case it would underscore a weakness of the current architecture, which relies on only a single server to perform thumbprint checks.

IMO this extension needs a method to *selectively* choose what pages to check for thumbprints (see the Perspectives add-on for a good example of this). But there's no "Options" button for this add-on and apparently no way to set any preferences, even within about:config.

The SignatureCheck.org website has this info in their Privacy section:

### quote ###
The plugins do not collect anything on a user's web page.
Also, the URL information is always stripped before it is sent to SignatureCheck.org.
(e.g. https://mail.google.com/mail/u/0/#inbox becomes 74.125.224.22)
Therefore, the only information being sent to SignatureCheck.org is information that is already being transmitted in plaintext over the Internet.

Once a request is made to the site, none of the information regarding which IP address requested certificate information for a given site is recorded.
The only things cached are site certificates to speed up duplicate site requests.

No information about clients is ever recorded. The purpose of this site is strictly to increase privacy.
### endquote ###

Kudos to the service provider for posting this policy and attempting to assure users that the service is safe, secure, and private. However, the fact of the matter is that we should not trust this provider any more than we would trust any other unknown site or service. If this weren't the case then there would be no need for this extension.

I've opened the .xpi file and it turns out that the extension uses Javascript exclusively, and it's fairly easy to figure out what's being transmitted to the SignatureCheck.org server. Of course, there's no way to verify what's being done with that info on the other end.

It's also obvious that the extension uses HTTP to transmit data to and from the SignatureCheck.org server, in clear text of course. I see no obvious reason why it couldn't use HTTPS instead (and it seems a bit ironic that it doesn't). Yes, it's true that this same information is transmitted in the clear during the SSL negotiation process with individual websites. However, by not encrypting this information, the SignatureCheck.org server becomes another source of data for whomever chooses to listen in. And not only connection-specific data between your browser and the SignatureCheck.org server, but data for all connections to all websites by all users of the SignatureCheck.org service. Another huge cache of "aggregate data" waiting to be mined by someone...

I hope that the service provider will consider this privacy issue for Internet society as a whole and choose to update the extension to use HTTPS instead. In the meantime, since there's no way (yet) to selectively choose which website thumbprints to validate, I think I will just leave this extension installed but disabled. Hopefully Firefox will notify me sometime soon that an update is available that addresses these two fundamental issues.