ghacks user.js #205
Comments
|
@publicarray You could submit a patch to add uniquemachine.org to https://github.com/pyllyukko/user.js#online-tests I think @Roman-Nopantski is the maintainer of the ghacks.net user.js file and his work is closely related/based on this project. I just wish we would standardize on a common base file, so that our respective changes would be easier to diff (eg. see my own changes at master...nodiscc:dbu#files_bucket, I regularly merge @pyllyukko's user.js on top of my changes. Both files can easily be compared, unlike the ghacks file which 1. has no common git history 2. is heavily commented/reorganized) |
|
Yes, we are aware of the gHacks user.js and the author (@Roman-Nopantski) regularly contributes to this project also (thanks, Pants!). @nodiscc: You are absolutely right! We should come up with a seamless way to compare between each projects. @Roman-Nopantski: Is there a reason why your project is not using Git? :) |
done 👍 @pyllyukko thanks, I was not aware, all good @Roman-Nopantski first pants and all contributors many thanks! I really like the extensive comments in the file. With regards to git it is possible to edit files without a desktop client. github.com could be your client of sorts. You won't have access to some of the advanced features but simple editing is possible using this website. Github does have a permissions system and can be setup such that multiple people can edit files directly without pull requests. l should say I'm by no means a git or github expert. Also a small note that git and github are different. git is a (command line) tool and github.com is a website that hosts repositories (code) using git. For the termenology github has a glossary: https://help.github.com/articles/github-glossary/
Thanks, Yes I'll definitely need to read through the file and make some changes 😄
I have used uBlock Origin for a long time, It's my favorite extension by far. |
|
@Roman-Nopantski If yon't want to have the responsibility maybe setting up a github organisation is the best way for multiple people to help maintain the project? |
But @Roman-Nopantski I would start with
Merging both works has great potential IMHO, thank you for maintaining them. |
|
@publicarray Uniquemachine.org focuses in particular on the GPU: |
Of course we will help you! Also, do you IRC? It's easier to communicate there regarding some details. More interactively that is. Join me at #user.js @ Freenode (see #167) (the invitation is for everyone! :). |
|
I haven't used the WYSIWYG editor myself.
Essentially, it's the stuff in the "…or create a new repository on the command line" section. With the exception of |
If you see this Click on the README link, you can change the file name or just use this link: https://github.com/ghacksuserjs/ghacks-user.js/new/master Once there is a file in the repo the "Create new file" button will appear. I guess github should do something about that... |
Not necessarily. You can still use those via
You're welcome :) And no, you're not a moron. Git can be confusing in the beginning. |
|
while I was editing the ghacks-user.js I did a very quick (human) scan of the settings that differed from the file I had used before. The notable prefs that I found in pyllyukko/user.js but not in the ghacks-user.js are: // Disable dom.mozTCPSocket.enabled (raw TCP socket support)
// https://trac.torproject.org/projects/tor/ticket/18863
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
user_pref("dom.mozTCPSocket.enabled", false);
// disable Gnome Shell Integration
user_pref("plugin.state.libgnome-shell-browser-plugin", 0);
// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Firefox_37_onwards
user_pref("devtools.debugger.force-local", true);
// https://wiki.mozilla.org/Privacy/Reviews/Necko#Principle:_Real_Choice
user_pref("network.seer.enabled", false);
// Disallow NTLMv1
// https://bugzilla.mozilla.org/show_bug.cgi?id=828183
user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false);
// it is still allowed through HTTPS. uncomment the following to disable it completely.
user_pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false);
// CSP https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
// [already enabled by default in modern FF]
// user_pref("security.csp.enable", true);
// https://bugzilla.mozilla.org/show_bug.cgi?id=855326 [personal preference]
user_pref("security.csp.experimentalEnabled", true);
// http://kb.mozillazine.org/Browser.sessionstore.postdata
// NOTE: relates to CIS 2.5.7
user_pref("browser.sessionstore.postdata", 0);
// http://kb.mozillazine.org/Browser.sessionstore.enabled
// user_pref("browser.sessionstore.enabled", false);
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 Enable IDN Show Punycode
// http://kb.mozillazine.org/Network.IDN_show_punycode
user_pref("network.IDN_show_punycode", true);not sure if it helps though. |
|
Almost done .. I got sidetracked sorry. Are you sure you want it? Including inactive prefs and excluding the ciphers: there are no legacy ones in ghacks, except those deprecated since I started the js almost 2 years ago - and this js has ciphers covered
Obviously a lot of ghacks ones are overkill/future-proofing/ass-covering, or there for info, or added to make a section complete and comprehensive. That said, I can see a lot that make sense for you to include. At the very least, it should give you something to mull over for a while, and keep you busy :) I will stick it up as a pastebin - it's still contains the relevant descriptions and links etc for those prefs remaining. It includes the compared deprecated section (which is why there is a lot of inactive prefs in that total), because one of your goals is to be backward compatible. |
|
http://pastebin.com/SLgdnPHJ .. Obviously there is some stuff in there that is not fit for your purpose - it's everything listed you haven't got. Paste self-destructs in 6 days, so grab a copy and start making issues!!! :) Hopefully anything that excites you, the references will help. Awesome .. 1 thumbs up for all that work .. thanks pyllyuko for the recognition ==
No, it is NOT closely related or based on this repo. Just to be perfectly clear, my work has been my own over the last 2 years, some items were from information provided by contributors at ghacks, but all have been researched and vetted (and tested where necessary) by myself (or Earthlng). I started it well before I ever came here. I have always acknowledged this repo in my js, and it has been good in terms of some of the ciphers and a few obscure security settings - but that is all. 95+% of it, has nothing to with here. Please do not confuse my work with this repo. In the past, I have mentioned some prefs here, but seemed to get some pushback and rubbished (from chef-koch), and because of that I stopped. |
|
@Roman-Nopantski: Thanks for the comparison. I made it available as a gist.
Maybe I'll create one monster issue (#208) with all the prefs listed in the have_fun.js and we start it from there. Referencing existing issues when possible. Creating new issues for the "big topics", etc. One thing that I was thinking, that if I would create separate branch with the have_fun.js, we could comment individual lines of code and discuss 'em there? Or not for all the prefs, but the "topics", e.g. |
|
#208 looks OK, I'll have a look at some of the prefs when I have time. I think this issue can be closed. 👍 |
I just wanted to link to a similar project that might be of interest people here. Maybe we could link back to them? Anyway I'm giving ghacks user.js a go in a new FF profile.
v0.11 article: http://www.ghacks.net/2017/02/12/ghacks-net-firefox-user-js-config-0-11-is-out/
v0.11 direct link: http://www.ghacks.net/files/user.js%20[ghacks]-0.11-dark.html
v0.11 download link: http://www.ghacks.net/download/130328/
Latest version is always at: http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings
P.S. http://www.uniquemachine.org is an interesting website. It tries to get a fingerprint on the machine not just the browser.
The text was updated successfully, but these errors were encountered: