Difference between revisions of "Firefox notes"

From Noah.org
Jump to navigationJump to search
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Category:Engineering]]
 
[[Category:Engineering]]
 +
__TOC__
  
Type about:config into the address bar or get [https://addons.mozilla.org/en-US/firefox/addon/4420 Configuration Mania].
+
== about:config ==
  
<pre>
+
Type '''about:config''' into the address bar to bring up the advanced configuration page.  There is also an add-on, [https://addons.mozilla.org/en-US/firefox/addon/4420 Configuration Mania], that can make some of this easier. Unfortunately, Configuration Mania can sometimes be confusing because it uses different terminology from what you see in about:config.
about:config
+
 
</pre>
+
Note that below, setting the "nglayout.initialpaint.delay" to a low value actually slows down '''overall''' rendering, but it starts painting faster. It's a trade-off. Most of the time I don't care if the entire page gets rendered quickly. I just want to see content text or an image on the screen right away. This assumes the content I am interested in gets rendered first. On some sites it seems that all the Flash advertisements get loaded first. With a fast internet connection and a fast computer setting this to zero can't make the overall rendering that much slower... And besides, it '''feels''' faster, and the perception is why they have these silly layout tweaks in the first place.
  
 
Search for these options and modify or toggle them:
 
Search for these options and modify or toggle them:
Line 17: Line 18:
 
browser.urlbar.clickSelectsAll = True # I can't decide which way I like better...
 
browser.urlbar.clickSelectsAll = True # I can't decide which way I like better...
 
layout.spellcheckDefault = 2 # Spellcheck one-line text fields as well as standard text area fields
 
layout.spellcheckDefault = 2 # Spellcheck one-line text fields as well as standard text area fields
 +
nglayout.initialpaint.delay = 10 # Start painting ASAP with very little delay.
 +
security.dialog_enable_delay = 500
 +
 +
network.http.pipelining = True
 +
network.http.pipelining.maxrequests = 8
 +
network.http.pipelining.ssl = True
 +
network.http.max-connections = 60
 +
network.http.max-connections-per-server = 30
 +
network.prefetch-next = false # I never found this to be helpful and it sucks if you have lots of tabs open.
  
 
view_source.editor.external = True
 
view_source.editor.external = True
Line 34: Line 44:
 
</pre>
 
</pre>
  
== Firefox 3 unsigned SSL cert handling was thought up by an asshole ==
+
== Firefox 3 self-signed SSL cert handling was thought up by a dork ==
  
 
<pre>
 
<pre>
Line 40: Line 50:
 
</pre>
 
</pre>
  
The [http://blog.johnath.com/2008/08/05/ssl-question-corner/ author responds] to the mass outcry against the new Firefox 3 UI for certificate warnings. Apparently he still disagrees. The annoying thing is that he doesn't get it. Most of the people who have been complaining about this this are IT professionals and we understand the risk. We don't need a lecture on "Certificate Security for Dummies". We just want a "Expert" option somewhere in Firefox three to turn off this stupid "feature".
+
The [http://blog.johnath.com/2008/08/05/ssl-question-corner/ author responds] to the mass outcry against the new Firefox 3 UI for certificate warnings. Apparently he disagrees... with everybody. The people who have been complaining about this this are IT professionals and we understand the risk. We don't need a lecture on "Certificate Security for Dummies". We just want a "Expert" option somewhere in Firefox three to turn off this stupid "feature".
  
There is a work around to set "expert" mode using the "about:config" interface. There are a few settings that you need to set.
+
For example, take these guys:
 +
 
 +
    https://savannah.gnu.org/bugs/?group=coreutils
 +
 
 +
(yeah, it's a cacert.org cert, so not quite as terrifying as a self-signed cert)
 +
 
 +
=== Manually circumventing self-signed certificate safety ===
 +
 
 +
There is a work around to set "expert" mode using the "about:config" interface. This makes the process a tiny bit less painful. This will still require two clicks where one click would do. Luckily, someone has created a Firefox 3 Add-on that fixes even this and makes accepting a certificate exception be a one-click process. Check out [https://addons.mozilla.org/en-US/firefox/addon/6843 MitM Me]. Unfortunately, the "MitM Me" Add-on is listed as "experimental" so you have to sign-up for a Mozilla account and login before you can download it.
 +
 
 +
Even "MitM Me" is not perfect, but this time because it's a little '''too''' insecure. You do get a warning page with a button to add an exception, but the problem is that you don't have a way to inspect the certificate. That's still good enough for me in most cases because the only time I'm going to want to actually inspect the certificate is when I'm debugging one of my own sites. If I'm going to my bank's site and I get this warning then I'm already not going to login; I'm going to close the browser no matter what the certificate says.
 +
 
 +
If you don't want to install the "MitM Me" Add-on there here are the "about:config" settings that you need to set to at least turn this into a two-click process:
  
 
<pre>
 
<pre>
 
+
browser.xul.error_pages.expert_bad_cert = true
 +
browser.ssl_override_behavior = 2
 +
browser.xul.error_pages.enabled = true  # this is the default, so it is probably already set true.
 
</pre>
 
</pre>
  
 
These settings are documented here:
 
These settings are documented here:
 +
 
* [http://kb.mozillazine.org/Browser.xul.error_pages.expert_bad_cert browser.xul.error_pages.expert_bad_cert]
 
* [http://kb.mozillazine.org/Browser.xul.error_pages.expert_bad_cert browser.xul.error_pages.expert_bad_cert]
 
* [http://kb.mozillazine.org/Browser.ssl_override_behavior browser.ssl_override_behavior]
 
* [http://kb.mozillazine.org/Browser.ssl_override_behavior browser.ssl_override_behavior]
 
* [http://kb.mozillazine.org/Browser.xul.error_pages.enabled browser.xul.error_pages.enabled]
 
* [http://kb.mozillazine.org/Browser.xul.error_pages.enabled browser.xul.error_pages.enabled]
 
Someone has a Firefox 3 Add-on that fixes this. Check out [https://addons.mozilla.org/en-US/firefox/addon/10246 MitM Me].
 

Latest revision as of 16:26, 5 February 2009

about:config

Type about:config into the address bar to bring up the advanced configuration page. There is also an add-on, Configuration Mania, that can make some of this easier. Unfortunately, Configuration Mania can sometimes be confusing because it uses different terminology from what you see in about:config.

Note that below, setting the "nglayout.initialpaint.delay" to a low value actually slows down overall rendering, but it starts painting faster. It's a trade-off. Most of the time I don't care if the entire page gets rendered quickly. I just want to see content text or an image on the screen right away. This assumes the content I am interested in gets rendered first. On some sites it seems that all the Flash advertisements get loaded first. With a fast internet connection and a fast computer setting this to zero can't make the overall rendering that much slower... And besides, it feels faster, and the perception is why they have these silly layout tweaks in the first place.

Search for these options and modify or toggle them:

about:robots
security.dialog_enable_delay = 0
browser.tabs.closeButtons = 3 # put tab close button on toolbar
browser.sessionstore.max_tabs_undo = 30
browser.search.openintab = True # Searches in search bar open in new tab instead of current window 
browser.urlbar.clickSelectsAll = True # I can't decide which way I like better...
layout.spellcheckDefault = 2 # Spellcheck one-line text fields as well as standard text area fields
nglayout.initialpaint.delay = 10 # Start painting ASAP with very little delay.
security.dialog_enable_delay = 500

network.http.pipelining = True
network.http.pipelining.maxrequests = 8
network.http.pipelining.ssl = True
network.http.max-connections = 60
network.http.max-connections-per-server = 30
network.prefetch-next = false # I never found this to be helpful and it sucks if you have lots of tabs open.

view_source.editor.external = True
view_source.editor.path = /usr/bin/gvim

These options may need to be created:

content.switch.threshold = 1000000

Interesting... I need to research these more:

network.protocol-handler

Firefox 3 self-signed SSL cert handling was thought up by a dork

Error code: sec_error_untrusted_issuer

The author responds to the mass outcry against the new Firefox 3 UI for certificate warnings. Apparently he disagrees... with everybody. The people who have been complaining about this this are IT professionals and we understand the risk. We don't need a lecture on "Certificate Security for Dummies". We just want a "Expert" option somewhere in Firefox three to turn off this stupid "feature".

For example, take these guys:

   https://savannah.gnu.org/bugs/?group=coreutils

(yeah, it's a cacert.org cert, so not quite as terrifying as a self-signed cert)

Manually circumventing self-signed certificate safety

There is a work around to set "expert" mode using the "about:config" interface. This makes the process a tiny bit less painful. This will still require two clicks where one click would do. Luckily, someone has created a Firefox 3 Add-on that fixes even this and makes accepting a certificate exception be a one-click process. Check out MitM Me. Unfortunately, the "MitM Me" Add-on is listed as "experimental" so you have to sign-up for a Mozilla account and login before you can download it.

Even "MitM Me" is not perfect, but this time because it's a little too insecure. You do get a warning page with a button to add an exception, but the problem is that you don't have a way to inspect the certificate. That's still good enough for me in most cases because the only time I'm going to want to actually inspect the certificate is when I'm debugging one of my own sites. If I'm going to my bank's site and I get this warning then I'm already not going to login; I'm going to close the browser no matter what the certificate says.

If you don't want to install the "MitM Me" Add-on there here are the "about:config" settings that you need to set to at least turn this into a two-click process:

browser.xul.error_pages.expert_bad_cert = true
browser.ssl_override_behavior = 2
browser.xul.error_pages.enabled = true   # this is the default, so it is probably already set true.

These settings are documented here: