vote: change cookies from block all to allow 1st party #439
Comments
|
IDK, changing the template to clear all cookies on shutdown could piss off existing users who like to keep some cookies. Might be better to list this for a |
|
For a relaxed override, it seems reasonable. |
|
I'd take my time to decide this. It's better to see how the relaxed overrides turn out first, IMO. If that was your intention all along, I think it was still a good idea to open this issue ahead of time. |
For technical and practical reasons, that would require a rewrite of the updater in another language. I wouldn't want you guys to feel constrained by the updater's capabilities/limitations when making these decisions, though. I think it would be better to adapt the updater to whatever needs arise. It's more work, but I think it will be better in the end. If we were to make drastic changes to those things, it might even be a good opportunity to take an approach like the one @overdodactyl suggested some time ago here. Anyway, I think we still have to keep in mind current users. For example, changing the template so it defaults to relaxed would mean forcing existing users to revisit their overrides to see which of those prefs they now need to add to their overrides and such. There are many things to consider. As you said before, there are pros and cons for every solution :) |
I don't have much experience with GoLang, but I've been really pleased and impressed with the updater script someone created for my ShadowFox project with it. It has a nice simple GUI (drop down to select what profile it should be installed in, buttons to install/update or uninstall, few checkboxes with options etc). Assuming it's ok with the dev/license he put on, we would be able to re-purpose most of the code...at their core, there are a lot of similarities between what they do (i.e. install into a FF profile a file downloaded from GitHub, append some extra customization files to the end of it, and backup old versions). For users who maintain multiple profiles, it has the added bonus of only needing one installer instead of multiple. We could add a checkbox for whether or not a user wants to use a relaxed version or the hardened one, and we could try and incorporate the cleaning scripts into it as well. Just some food for thought :) |
|
@overdodactyl It's an interesting possibility. I haven't looked at the code yet, but I think I'd probably still want to rewrite it from scratch, since we would have to make significant changes to it anyway. For starters, we would want to support FF portable profiles (AFAICT that one doesn't), and I would also want it to have most of the advanced functionality of the current updater for Windows (but improved). Just thinking out loud. If we took this path we should use a separate repo exclusively for the updater, but something tells me @earthlng may not be too enthusiastic about the whole idea, since he would have to do the audits as always 😅 I think I can hear him sighing already. |
I can double check to make sure nothing has changed, but last I saw, it required a
It might be good to start from scratch, I just thought it was worth pointing out that there is a nice foundation we can work from, or at least reference, that already has several of the functionalities we would need. I'm not sure about you, but I don't have much experience with GoLang, so I thought that would be really helpful haha. If we were to use this approach, I think a separate repo is a must. Here's the one for the ShadowFox updater. Sorry, should have linked that earlier so anyone interested wouldn't have to search it out: |
|
I don't mean to push this approach down anyone's throats, so no hard feelings if you guys just want to stay on the current path! If there's interest in it though, that would be great @Thorin-Oakenpants |
|
The updater scripts automate a few simple tasks and they work perfectly fine in their current form. Single plaintext files, easy to understand, no need to compile anything, no dependencies besides what's pre-installed on most systems anyway, no need to install go or python or whatnot - just simply download 1 file and run it. |
This wouldn't change for anyone except those developing it.
One of the biggest advantages is it's cross platform, meaning it removes the complexity of testing on mac, linux, and windows, maintaining different versions, worrying about what tools users have on their system already etc. |
|
How does golang compile work? does it produce native binary code like C? |
It does. In the ShadowFox case, the travis build calls the following:
which can create a release with the 6 resulting binaries (releases page). As for the trust issue, I don't have too much to add there haha. The downsides might outweigh the positives for this repo |
Yup, that seems to be the case. Thanks for the info 👍
Absolutely. Having examples always helps :) I'm no expert either, but I've always been good at learning stuff on my own, and I'm usually a fast learner when it comes to these things. However, I have to admit that my unorthodox methodology is one of the main reasons my code looks like 💩 most of the time. I almost never venture much beyond the toying stage in any language 😆 Regardless, I have written somewhat complex stuff in C++, C# and various scripting languages, and Go was designed to be easier than those.
I'll try to make myself clear, since my first attempt failed miserably, for a change (yeah, right). I'm not even suggesting that we should do any of the things I said. As far as I know, all we are doing here is discuss possible routes that we can take from this point onward. Your logic makes perfect sense when you think from the perspective of getting better results at what we already do and from what we already have. If anyone weighs right now the cons and the pros of rewriting the scripts, there's mostly cons. What I tried to say initially is that I wouldn't want you guys to feel constrained in what you can do. Why? Because, if you can think of better ways of doing things that require altering or rewriting the scripts that we already have, I will be happy to help. By all means, feel free to think outside of the box, and do share your ideas. Don't let them die. Don't be afraid to dream big. Shake everyone's foundations. Open up; let the world meet that wonderful person behind your mask of whatever. [Insert here random self-growth quote/religious teaching/mantra/FFS WTF/:question::question::question:] That's all I'm saying. I admit that saying that makes me kind of a hypocrite, since I've had several ideas of my own, but I don't want to make you folks hate me by bouncing a barrage of crazy ideas off of you. I have my own censoring filters in place. |
thanks I appreciate it but don't worry we're not constrained at all. The updater scripts are perfectly fine as-is and your merge function is a piece of art.
lol, that's no reason to hate you. Please don't hesitate to bounce whatever crazy ideas you have off of me/us. |
* change cookies from block all to allow 1st party see #439 * and fixup readme as well
* change cookies from block all to allow 1st party see arkenfox/user.js#439 * and fixup readme as well
* change cookies from block all to allow 1st party see arkenfox/user.js#439 * and fixup readme as well
snip
The text was updated successfully, but these errors were encountered: