[Ext] OpenDownload² 4.2.0

Announce and Discuss the Latest Theme and Extension Releases.
Post Reply
abell1204
Posts: 6
Joined: April 21st, 2010, 8:05 am

Re: [Ext] OpenDownload 2.1.4

Post by abell1204 »

Granted. Now please ... I'm an outsider and you clearly are not ... can you please tell me (or guess at their mindset) and tell me how splashing the box asking me what to do .. would in any way -- to protect me against redirection to malicious code? Seriously Tuxman ... I must be as dense as a neutron star here ...

a web site has a link {a href="./file.doc"}Click me, oh trusting one!{/a}

In my idyllic world, I want to click on the link and have (in my case) Word open the document
I want to click on an href to a GIF file and have Firefox simply display that gif EXACTLY as it would if it was an inline image {img src=./file.gif"} -- etc.

How does splashing a box asking me if I want to open it with my Win32 Default or browse for some other program (or whatever) protect me from that .doc file being the most evil file in the world??

Lets suppose that someone created a file called "poetry.doc" or "fluffy_bunnies.jpg" and instead loaded that file with the single most evil WMV file ever created (Sister Act 2 - Back in the Habit)

How does ASKING me if I want Word to open it protect me?

I'm not kidding Tux ... if you have that answer you can rock my world.
Tuxman
Posts: 646
Joined: August 23rd, 2004, 11:53 am
Contact:

Re: [Ext] OpenDownload 2.1.4

Post by Tuxman »

The alternative to asking you would be opening it automagically ;) so malicious websites could auto-direct you to malicious code, let's say, infected Word files, and you won't even be prompted to click anywhere first (so you could safely think about it before opening).
abell1204
Posts: 6
Joined: April 21st, 2010, 8:05 am

Re: [Ext] OpenDownload 2.1.4

Post by abell1204 »

Absolutely flabergasted by that line of thinking.

Forcing me to click on "use Win32 deafult program" = SAFE!
Allowing the system to know that will always be my choice = UNSAFE!

It does not, even in the most rudimentary way, insure safety in any way shape or form.
Tuxman
Posts: 646
Joined: August 23rd, 2004, 11:53 am
Contact:

Re: [Ext] OpenDownload 2.1.4

Post by Tuxman »

OK, imagine this:

You'll download a .doc file (or something) from a trusty source the first time. You choose "always open with default application".
A few days later you accidentally visit a page which automatically redirects you to an infected .doc file. You will not be noticed that something is about to download and execute.

The point is: When you have to click yourself, you know what's going on.
abell1204
Posts: 6
Joined: April 21st, 2010, 8:05 am

Re: [Ext] OpenDownload 2.1.4

Post by abell1204 »

Tuxman wrote:OK, imagine this:

You'll download a .doc file (or something) from a trusty source the first time. You choose "always open with default application".
A few days later you accidentally visit a page which automatically redirects you to an infected .doc file. You will not be noticed that something is about to download and execute.

The point is: When you have to click yourself, you know what's going on.


It's not that I don't understand that ... it's not like that concept is beyond me ...
but imagine this:

On Monday I click on a link from some trusty source to a .doc file (or something) and a box pops up and I manually traverse the dialog box and options and finally get my WORD to open the file.

A few days later I accidentally visit a page with automatically directs me to an infected .doc file. If the file extension is a.DOC then I will traverse the same dialog boxes and finally get my WORD to open the infected file.

I'm not convinced that asking me "do you want to open this .doc file with the program on your system that opens .doc files?" is a safety measure.

I understand that it does add that extra second's thought, but the price of that is spending my life in fear of every link and every document.

Your OpenDownload really does improve the process -- although it would be nice if the 'use win32' option could be the dewfult (since that's why we download it in the first place...

But my major issue is the patriarchal and condescending attitude of the Mozilloids, who have decided that if the author of the web site codes his page according to Mozilla standards, then by some internal magic, it's OK to "do this automatically" because the document is "safe"

mime-type:application/octet-stream:infectedfile.jpg -- is to be feared
mime-type:image/jpg:same_infected_file.jpg -- can be auto opened & trusted

Anyway, that's not your fault and I wasn't intended to prolong this ... I just so much resent the mindset that people know what's best for me and substitute their judgment for mine.
Tuxman
Posts: 646
Joined: August 23rd, 2004, 11:53 am
Contact:

Re: [Ext] OpenDownload 2.1.4

Post by Tuxman »

"spending my life in fear of every link and every document" is what you should do on the internet anyway. :)

(As for me, I primarily use the "Save" button anyway, so a default "Open" choice would be a disadvantage for me.)
Tuxman
Posts: 646
Joined: August 23rd, 2004, 11:53 am
Contact:

Re: [Ext] OpenDownload 2.1.4

Post by Tuxman »

Maintenance update to v2.1.5. New locales, experimental (untested) compatibility with Fx3.7a5-pre.
mz-user
Posts: 1
Joined: June 9th, 2010, 1:34 pm

Re: [Ext] OpenDownload 2.1.5

Post by mz-user »

I use FF mostly as normal user and install some stuff from time to time via i-net. For doing that it would be nice to have a "Run as Admin" option. Could you add that to this extension?

mz-user
Tuxman
Posts: 646
Joined: August 23rd, 2004, 11:53 am
Contact:

Re: [Ext] OpenDownload 2.1.5

Post by Tuxman »

Installing some stuff from the internet that requires admin priviledges? (Quite insecure anyway.)
Does Fx support that?
User avatar
_Dexter_
Posts: 1436
Joined: August 30th, 2008, 6:54 pm
Location: Miami

Re: [Ext] OpenDownload 2.1.5

Post by _Dexter_ »

FYI

https://bugzilla.mozilla.org/show_bug.cgi?id=568691 breaks OD.

Mozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:2.0b2pre) Gecko/20100701 Minefield/4.0b2pre - Build ID: 20100701114913
Intel i7 Core Quad @ 4.25Ghz | Cooler Master Hyper 212 Plus | 12GB PC3-16000 RAM | ASUS HD6970 2GB - 12.3 CATS | ASUS PA246Q IPS 24" LCD 16:10 | OCZ AGILITY-EX SSD SLC | Windows 7 SP1 x64 Ultimate
Tuxman
Posts: 646
Joined: August 23rd, 2004, 11:53 am
Contact:

Re: [Ext] OpenDownload 2.1.5

Post by Tuxman »

Thanks. Will this definitely be part of Fx4.0? I'm not home right now, so I can hardly test (and improve) OD for that.
zegames
Posts: 161
Joined: March 11th, 2009, 1:09 pm

Re: [Ext] OpenDownload 2.1.5

Post by zegames »

Waiting for author update the addons or someone to share any temporary fix to Firefox 4.

cya
Tuxman
Posts: 646
Joined: August 23rd, 2004, 11:53 am
Contact:

Re: [Ext] OpenDownload 2.1.5

Post by Tuxman »

After digging through the changes for Gecko 2, I decided:

OpenDownload for Fx4 will be renamed to OpenDownload² and break compatibility to Gecko-1.9-based browsers.
Just to avoid confusion and stuff.

Update is almost done, some small stuff is still missing. Waiting for Fx4b2. :)
User avatar
_Dexter_
Posts: 1436
Joined: August 30th, 2008, 6:54 pm
Location: Miami

Re: [Ext] OpenDownload 2.1.5

Post by _Dexter_ »

Tuxman wrote:After digging through the changes for Gecko 2, I decided:

OpenDownload for Fx4 will be renamed to OpenDownload² and break compatibility to Gecko-1.9-based browsers.
Just to avoid confusion and stuff.

Update is almost done, some small stuff is still missing. Waiting for Fx4b2. :)


Fx4b2 is on the nightly Minefield trunks. It's amazing how much I miss your add-on. You don't know what you got until it's gone.

Can you PM me when it's ready to test?
Intel i7 Core Quad @ 4.25Ghz | Cooler Master Hyper 212 Plus | 12GB PC3-16000 RAM | ASUS HD6970 2GB - 12.3 CATS | ASUS PA246Q IPS 24" LCD 16:10 | OCZ AGILITY-EX SSD SLC | Windows 7 SP1 x64 Ultimate
Tuxman
Posts: 646
Joined: August 23rd, 2004, 11:53 am
Contact:

Re: [Ext] OpenDownload 2.1.5

Post by Tuxman »

I haven't figured out how to access the OD service with the new interface yet, so it may take a while...
(Or could anyone help, cough?)
Post Reply