Firefox and other fun on the Web
I should so be writing a paper. But I’m not.
Instead I’m checking out things like del.icio.us (henceforth known simply as “delicious”). I initially thought delicious was useless, but I have since seen the light. I can easily look up links relating to some city or Python. If I keep up with it, I can have important bookmarks wherever I go. Using Live Bookmarks in Firefox, pointed at the RSS (for a user, or for tags) I can access them easily. delicious has a clean and very functional interface, making it fast and easy to use. I am generally pleased.
I’ve spent a lot of time dicking with Firefox. Not coincidentally,
I’ve made some new bookmarks at http://del.icio.us/darkness/firefox.
I did install SpellBound. Unfortunately
you have to install the “Mozilla spelling libraries” as root; didn’t
work as my normal user. I notice it dropped some myspell files in
/usr/lib/firefox-1.0.4. I also notice I have those same files
installed with OO and Mozilla. I’m
trying out Hit-a-Hint too.
Then I got really upset about the fact that I can’t timeout the master
password. In Mozilla, you could say, “if I don’t use the master
password within N minutes, forget it.” After N minutes of no use, it
would forget the password, and ask you for it again when it next needs
it. (Inside Firefox you can see what this preferences dialog looked
like by going to the URL
chrome://pippki/content/pref-masterpass.xul.) In Firefox, this is
apparently gone. Furthermore, it seems the developers don’t much care
to have it in there: see bug
#218694 and
bug #222408.
So I dug around, learned a little Javascript (which, may I add, looks a lot cooler every time I look at it; I think I’m still scarred by my experience with the first implementations of Javascript and all the associated bugs, incompatibilities, and I suspect significant language differences), learned a bit about XPCOM, dug through Mozilla sources for a few hours, and finally discovered the incantation to at least “log out” of the personal security manager (or software security device, or whatever—lets say “forget the master password”):
Components.classes["@mozilla.org/security/pk11tokendb;1"]
.getService(Components.interfaces.nsIPK11TokenDB)
.findTokenByName("").logoutAndDropAuthenticatedResources();
When I toss this in the Javascript Console, it most certainly does forget the password. Now, can I implement password expiration totally in Javascript? This doesn’t seem real likely. First of all I’d have to find a way to know how long ago the last access of the software security device was; that is, the last time a web site password was retrieved. Then I’d have to find a way to start a new… thread? task? It would have to sit in the background, running the actual timeout.
For now, I’d settle for jamming this in a Bookmarklet. Unfortunately, Bookmarklets don’t seem to have the privileges to execute this code (unsurprisingly). If anyone knows how to get this to execute from a Bookmarklet, preferably without just removing all security protections for all sites, I’ll be happy. Otherwise, if someone wants to make a little Firefox extension that has just one toolbar button (SpellBound may be useful for an example of toolbar buttons) that forgets the password, that would be awesome too.
Generally, I’m more than a bit disappointed that the Mozilla and/or Firefox developers don’t think this feature is more useful.