MozillaZine

[Ext] OpenDownload² 4.2.0

Announce and Discuss the Latest Theme and Extension Releases.
abell1204
 
Posts: 6
Joined: April 21st, 2010, 8:05 am

Post Posted April 21st, 2010, 6:42 pm

Granted. Now please ... I'm an outsider and you clearly are not ... can you please tell me (or guess at their mindset) and tell me how splashing the box asking me what to do .. would in any way -- to protect me against redirection to malicious code? Seriously Tuxman ... I must be as dense as a neutron star here ...

a web site has a link {a href="./file.doc"}Click me, oh trusting one!{/a}

In my idyllic world, I want to click on the link and have (in my case) Word open the document
I want to click on an href to a GIF file and have Firefox simply display that gif EXACTLY as it would if it was an inline image {img src=./file.gif"} -- etc.

How does splashing a box asking me if I want to open it with my Win32 Default or browse for some other program (or whatever) protect me from that .doc file being the most evil file in the world??

Lets suppose that someone created a file called "poetry.doc" or "fluffy_bunnies.jpg" and instead loaded that file with the single most evil WMV file ever created (Sister Act 2 - Back in the Habit)

How does ASKING me if I want Word to open it protect me?

I'm not kidding Tux ... if you have that answer you can rock my world.

Tuxman
 
Posts: 638
Joined: August 23rd, 2004, 11:53 am

Post Posted April 21st, 2010, 6:50 pm

The alternative to asking you would be opening it automagically ;) so malicious websites could auto-direct you to malicious code, let's say, infected Word files, and you won't even be prompted to click anywhere first (so you could safely think about it before opening).

abell1204
 
Posts: 6
Joined: April 21st, 2010, 8:05 am

Post Posted April 21st, 2010, 9:16 pm

Absolutely flabergasted by that line of thinking.

Forcing me to click on "use Win32 deafult program" = SAFE!
Allowing the system to know that will always be my choice = UNSAFE!

It does not, even in the most rudimentary way, insure safety in any way shape or form.

Tuxman
 
Posts: 638
Joined: August 23rd, 2004, 11:53 am

Post Posted April 21st, 2010, 9:25 pm

OK, imagine this:

You'll download a .doc file (or something) from a trusty source the first time. You choose "always open with default application".
A few days later you accidentally visit a page which automatically redirects you to an infected .doc file. You will not be noticed that something is about to download and execute.

The point is: When you have to click yourself, you know what's going on.

abell1204
 
Posts: 6
Joined: April 21st, 2010, 8:05 am

Post Posted April 24th, 2010, 10:05 am

Tuxman wrote:OK, imagine this:

You'll download a .doc file (or something) from a trusty source the first time. You choose "always open with default application".
A few days later you accidentally visit a page which automatically redirects you to an infected .doc file. You will not be noticed that something is about to download and execute.

The point is: When you have to click yourself, you know what's going on.


It's not that I don't understand that ... it's not like that concept is beyond me ...
but imagine this:

On Monday I click on a link from some trusty source to a .doc file (or something) and a box pops up and I manually traverse the dialog box and options and finally get my WORD to open the file.

A few days later I accidentally visit a page with automatically directs me to an infected .doc file. If the file extension is a.DOC then I will traverse the same dialog boxes and finally get my WORD to open the infected file.

I'm not convinced that asking me "do you want to open this .doc file with the program on your system that opens .doc files?" is a safety measure.

I understand that it does add that extra second's thought, but the price of that is spending my life in fear of every link and every document.

Your OpenDownload really does improve the process -- although it would be nice if the 'use win32' option could be the dewfult (since that's why we download it in the first place...

But my major issue is the patriarchal and condescending attitude of the Mozilloids, who have decided that if the author of the web site codes his page according to Mozilla standards, then by some internal magic, it's OK to "do this automatically" because the document is "safe"

mime-type:application/octet-stream:infectedfile.jpg -- is to be feared
mime-type:image/jpg:same_infected_file.jpg -- can be auto opened & trusted

Anyway, that's not your fault and I wasn't intended to prolong this ... I just so much resent the mindset that people know what's best for me and substitute their judgment for mine.

Tuxman
 
Posts: 638
Joined: August 23rd, 2004, 11:53 am

Post Posted April 24th, 2010, 10:16 am

"spending my life in fear of every link and every document" is what you should do on the internet anyway. :)

(As for me, I primarily use the "Save" button anyway, so a default "Open" choice would be a disadvantage for me.)

Tuxman
 
Posts: 638
Joined: August 23rd, 2004, 11:53 am

Post Posted May 5th, 2010, 4:50 pm

Maintenance update to v2.1.5. New locales, experimental (untested) compatibility with Fx3.7a5-pre.

mz-user
 
Posts: 1
Joined: June 9th, 2010, 1:34 pm

Post Posted June 9th, 2010, 1:41 pm

I use FF mostly as normal user and install some stuff from time to time via i-net. For doing that it would be nice to have a "Run as Admin" option. Could you add that to this extension?

mz-user

Tuxman
 
Posts: 638
Joined: August 23rd, 2004, 11:53 am

Post Posted June 9th, 2010, 1:58 pm

Installing some stuff from the internet that requires admin priviledges? (Quite insecure anyway.)
Does Fx support that?

_Dexter_

User avatar
 
Posts: 1436
Joined: August 30th, 2008, 6:54 pm
Location: Miami

Post Posted July 1st, 2010, 5:45 pm

FYI

https://bugzilla.mozilla.org/show_bug.cgi?id=568691 breaks OD.

Mozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:2.0b2pre) Gecko/20100701 Minefield/4.0b2pre - Build ID: 20100701114913
Intel i7 Core Quad @ 4.25Ghz | Cooler Master Hyper 212 Plus | 12GB PC3-16000 RAM | ASUS HD6970 2GB - 12.3 CATS | ASUS PA246Q IPS 24" LCD 16:10 | OCZ AGILITY-EX SSD SLC | Windows 7 SP1 x64 Ultimate

Tuxman
 
Posts: 638
Joined: August 23rd, 2004, 11:53 am

Post Posted July 2nd, 2010, 4:07 am

Thanks. Will this definitely be part of Fx4.0? I'm not home right now, so I can hardly test (and improve) OD for that.

zegames
 
Posts: 161
Joined: March 11th, 2009, 1:09 pm

Post Posted July 5th, 2010, 5:36 pm

Waiting for author update the addons or someone to share any temporary fix to Firefox 4.

cya

Tuxman
 
Posts: 638
Joined: August 23rd, 2004, 11:53 am

Post Posted July 6th, 2010, 1:36 pm

After digging through the changes for Gecko 2, I decided:

OpenDownload for Fx4 will be renamed to OpenDownload² and break compatibility to Gecko-1.9-based browsers.
Just to avoid confusion and stuff.

Update is almost done, some small stuff is still missing. Waiting for Fx4b2. :)

_Dexter_

User avatar
 
Posts: 1436
Joined: August 30th, 2008, 6:54 pm
Location: Miami

Post Posted July 10th, 2010, 11:45 am

Tuxman wrote:After digging through the changes for Gecko 2, I decided:

OpenDownload for Fx4 will be renamed to OpenDownload² and break compatibility to Gecko-1.9-based browsers.
Just to avoid confusion and stuff.

Update is almost done, some small stuff is still missing. Waiting for Fx4b2. :)


Fx4b2 is on the nightly Minefield trunks. It's amazing how much I miss your add-on. You don't know what you got until it's gone.

Can you PM me when it's ready to test?
Intel i7 Core Quad @ 4.25Ghz | Cooler Master Hyper 212 Plus | 12GB PC3-16000 RAM | ASUS HD6970 2GB - 12.3 CATS | ASUS PA246Q IPS 24" LCD 16:10 | OCZ AGILITY-EX SSD SLC | Windows 7 SP1 x64 Ultimate

Tuxman
 
Posts: 638
Joined: August 23rd, 2004, 11:53 am

Post Posted July 10th, 2010, 12:24 pm

I haven't figured out how to access the OD service with the new interface yet, so it may take a while...
(Or could anyone help, cough?)

Return to Extension/Theme Releases


Who is online

Users browsing this forum: No registered users and 1 guest