HTTPS Everywhere workaround for Pale Moon 25+

Add-ons for Pale Moon and other applications
General discussion, compatibility, contributed extensions, themes, plugins, and more.

Moderators: FranklinDM, Lootyhoof

rea987

HTTPS Everywhere workaround for Pale Moon 25+

Unread post by rea987 » 2015-02-04, 14:51

Hi all,

Wikipedia's definition for HTTPS Everywhere:

HTTPS Everywhere is a free web browser extension for Google Chrome, Mozilla Firefox and Opera, a collaboration by The Tor Project and the Electronic Frontier Foundation. Its purpose is to automatically make websites use the more secure HTTPS connection instead of HTTP.

https://en.wikipedia.org/wiki/HTTPS_Everywhere

HTTPS Everywhere used to work fine with Pale Moon. However, since the introduction of Pale Moon 25 the extension is incompatible with Pale Moon. The last Pale Moon 25+ compatible version of HTTPS Everywhere is https-everywhere-5.0development.1; newer stable or development releases do not work properly with Pale Moon. Since the ruleset of https-everywhere-5.0development.1 becomes obsolete in time, websites and videos fail to load time to time.

The solution that I found is to transfer the ruleset of most recent stable release of the extension to https-everywhere-5.0development.1.

Instruction:

1) Download the most recent stable release (https-everywhere-latest.xpi) and https-everywhere-5.0development.1.xpi. (Right click the URL, save as)

https://www.eff.org/files/https-everywhere-latest.xpi

https://www.eff.org/files/https-everywh ... ment.1.xpi
https://drive.google.com/file/d/0B6SKgs ... FuMzhfcjQ/

2) Open downloaded .xpi files with an archive manager such as Engrampa, File Roller, 7-Zip or WinRAR.

3) Transfer rulesets.sqlite file and preferences directory from defaults folder of https-everywhere-latest to defaults folder of https-everywhere-5.0development.1; grant permission for overwrite if asked. Close archive managers.

4) Drag and drop edited https-everywhere-5.0development.1.xpi to Pale Moon. Restart your browser after the installation; done!

A question, can developers of Pale Moon legally fork HTTPS Everywhere with that method? Thanks, cheers... :-)
Attachments
Screenshot
Screenshot
Last edited by rea987 on 2015-04-03, 12:08, edited 2 times in total.

cooperb21

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by cooperb21 » 2015-02-05, 07:21

It would be nice if we could just port it to palemoon officially but we would need to ask the dev's of it.

squarefractal

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by squarefractal » 2015-02-05, 07:24

HTTPS Everywhere seems to be an extension that uses the addon-sdk, maybe building the extension with Pale Moon's version of addon-sdk can fix these issues?

New Tobin Paradigm
Banned user
Banned user
Posts: 10664
Joined: 2012-10-09, 19:37

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by New Tobin Paradigm » 2015-02-05, 08:06

It is status PENDING now and i am working on it. Though i still think it is a bad idea to use because of reasons discused on other threads that we DO NOT need to rehash here. Regardless it is on the active list and a resolution one way or another will come soon.

cooperb21

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by cooperb21 » 2015-02-05, 14:11

Matt A Tobin wrote:It is status PENDING now and i am working on it. Though i still think it is a bad idea to use because of reasons discused on other threads that we DO NOT need to rehash here. Regardless it is on the active list and a resolution one way or another will come soon.
Thanks alot :D

ghysler

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by ghysler » 2015-03-25, 15:22

Is there any update on this?

Version 5.0 stable has been released recently (https://www.eff.org/files/https-everywhere-5.0.xpi), but unfortunately it does not work on Pale Moon 25.3.1 (x64). I would really like to be able to use the updated rulesets - the rulesets of 4.0.3 are quite outdated now.

User avatar
trava90
Contributing developer
Contributing developer
Posts: 1676
Joined: 2013-05-20, 18:19
Location: Somewhere in Sector 001
Contact:

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by trava90 » 2015-03-26, 03:43

Apparently they have officially decided not to support Pale Moon. It is still on the pending list however, so it will get addressed in time.

New Tobin Paradigm
Banned user
Banned user
Posts: 10664
Joined: 2012-10-09, 19:37

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by New Tobin Paradigm » 2015-03-26, 03:52

This is not really the highest priority of things on that list. It is really not recommend you force https on everything.. Many sites don't have it enabled at all and others that have the ports open may not have a valid cert nor were they intended to be ran under total https.

I have NOT forgotten you guys but I am not going to put aside more important work for it. As it stands it will be gotten to when it is gotten to.. Unless someone comes up with a fully functional fix who is also willing to make a long term commitment to supporting it... This is not the sort of add-on that can be simply Pseudo-Static'd and forgotten about it needs a maintainer.

squarefractal

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by squarefractal » 2015-03-26, 07:36

After seeing the HTTPS everywhere git repo, I saw that they are "including" the Mozilla addon-sdk. What is it's function, and why is it included into the source directly like that? I guess that they "use" the addon-sdk, but normally you don't put your development tools into source control as well...

And is there any effect it has on the compatibility of this addon?

Supernova

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by Supernova » 2015-03-26, 08:16

Matt A Tobin wrote:This is not really the highest priority of things on that list. It is really not recommend you force https on everything.. Many sites don't have it enabled at all and others that have the ports open may not have a valid cert nor were they intended to be ran under total https.
That's just not how it works.
It's a whitelist system, which has its limits (size of the list, regular updating needed for the list...) but it means that it just won't give that kind of issue.

Tailszefox

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by Tailszefox » 2015-03-26, 09:21

Yes, despite the name, HTTPS Everywhere doesn't enforce HTTPS everywhere. Just on a few hand-picked sites which are proven to work with HTTPS and offer the same functionality with or without it. You still do get the occasional issue, of course, but you can disable any rule easily, and the ruleset is updated pretty often.

Either way, I understand it's not high on the priority list, given the commitment it requires. But it's important to understand what this extension actually is and what it isn't, to accurately judge what kind of priority it requires.
Off-topic:
Also, I'm a bit baffled by this:
jsha commented 4 days ago
Pale Moon changed the way it deals with versions in install.rdf so it doesn't matter anymore. Additionally I've decided not to support Pale Moon.

diracdeltas commented 4 days ago
I applaud that decision
Applauding the decision to not support Pale Moon? Why, exactly?

User avatar
Sajadi
Board Warrior
Board Warrior
Posts: 1153
Joined: 2013-04-19, 00:46

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by Sajadi » 2015-03-26, 15:27

Let me guess.... That diracdeltas guy has the same attitude towards Pale Moon as many other guys from Mozillazine: "Does not use the latest codebases anymore and therefor bad and outdated and insecure"

They never learn :D

New Tobin Paradigm
Banned user
Banned user
Posts: 10664
Joined: 2012-10-09, 19:37

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by New Tobin Paradigm » 2015-03-26, 15:29

It is also misinformed. We do NOT change the way install.rdf is parsed or read.

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 4730
Joined: 2011-10-03, 10:19
Location: Piney Woods of Southeast Texas, USA

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by Night Wing » 2015-03-26, 15:33

Sajadi wrote:Let me guess.... That diracdeltas guy has the same attitude towards Pale Moon as many other guys from Mozillazine: "Does not use the latest codebases anymore and therefor bad and outdated and insecure"
He's just a "know it all" who knows.......very little.........about Pale Moon.
Linux Mint 21 (Vanessa) Xfce With Linux Pale Moon
MX Linux 21.1 (Wildflower) Xfce With Linux Pale Moon

Tailszefox

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by Tailszefox » 2015-03-26, 18:19

That raises the question, though: is the feature this commit requires present in Pale Moon? If it is, yes, they are indeed wrong and that means there's no need to make the add-on incompatible with PM. If it's not, though, I'll play the devil's advocate and say they have a point. Unless the feature in question poses some kind of problem, then the burden falls in Pale Moon to have it implemented, not on the add-on's devs to work around its missing implementation.

User avatar
Sajadi
Board Warrior
Board Warrior
Posts: 1153
Joined: 2013-04-19, 00:46

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by Sajadi » 2015-03-26, 19:10

Tailszefox wrote:That raises the question, though: is the feature this commit requires present in Pale Moon? If it is, yes, they are indeed wrong and that means there's no need to make the add-on incompatible with PM. If it's not, though, I'll play the devil's advocate and say they have a point. Unless the feature in question poses some kind of problem, then the burden falls in Pale Moon to have it implemented, not on the add-on's devs to work around its missing implementation.
It is not that simple. The add-on SDK of Pale Moon and Firefox are not equal - the add-on System of Firefox has been modified for the Australis UI - that means that Pale Moon - which does not implement Australis and it's customization limitations will not be compatible if add-on developers move further and further away from the old add-on SDK and/or go at a specific point Australis only.

The real problem is that many people also add-on developers think of Pale Moon as an old, outdated browser and refuse therefor the support for it - no matter if Sec Patches and seen as useful features are backported and Pale Moon is in no way an outdated insecure browser. This, or they refuse to create a fallback solution because this creates for them further implementation work to do.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 32443
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by Moonchild » 2015-03-26, 19:37

Night Wing wrote:
Sajadi wrote:Let me guess.... That diracdeltas guy has the same attitude towards Pale Moon as many other guys from Mozillazine: "Does not use the latest codebases anymore and therefor bad and outdated and insecure"
He's just a "know it all" who knows.......very little.........about Pale Moon.
Isn't that exactly the average state of people at MozillaZine? :)
"The best revenge is to not be like the person who wronged you." -- Marcus Aurelius
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
Image

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 32443
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by Moonchild » 2015-03-26, 19:54

Tailszefox wrote:That raises the question, though: is the feature this commit requires present in Pale Moon? If it is, yes, they are indeed wrong and that means there's no need to make the add-on incompatible with PM. If it's not, though, I'll play the devil's advocate and say they have a point. Unless the feature in question poses some kind of problem, then the burden falls in Pale Moon to have it implemented, not on the add-on's devs to work around its missing implementation.
The only point they have is that they wrote the add-on to be fully compatible with Mozilla Firefox ONLY. That is of course their prerogative, if they want to only cater to Mozilla Firefox and not alternative browsers that are mostly compatible with their target application. What is wrong in the resulting "conclusion" is that the non-Firefox target application is somehow bad, broken, or outdated because it happens to not be 100% compatible. That's not the case, it is just on a divergent path which is not 100% compatible with the target application they initially wrote the extension for. Pale Moon having a different GUID is a clear indicator that it is a different application and it only supports loading and using of Firefox extensions as a compatibility bridge.

The question is, and will be more so in the future, if extension developers are willing to support an additional target application. If not, then that, too, is their choice, but it will likely result in a fork of their extension for the other target application in that case, if a volunteer dev is willing to pick up the work needed (our core developers cannot be expected to magically make all extensions compatible with us).

As stated elsewhere: for pure Jetpack (add-on SDK) extensions, this will likely mean the need for an individual release (and we do offer addons.palemoon.org freely for distribution of those alternative builds). This is because the move was made to start including the SDK in the browser distributions instead of (as was initially done) the extensions themselves, as well as the SDK being developed/adapted alongside the browser and adding/removing/renaming functions arbitratily which kind of completely removes the initial reason for the level of abstraction to be made by way of an SDK, to begin with. You may as well write a pure XUL extension in that case, if you need to change your extension every cycle anyway because the abstraction layer changes as much as the actual browser (and be a lot faster to execute as a result).
Even so, these alternate versions of jetpack add-ons would not have to be materially different, just written against our version of the SDK, instead.

Overlay and bootstrapped add-ons can usually be easily adapted to target multiple target applications from a single package and work would be minimal in that case.
"The best revenge is to not be like the person who wronged you." -- Marcus Aurelius
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
Image

Tailszefox

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by Tailszefox » 2015-03-26, 21:02

Makes sense, thanks for the answer. I keep forgetting Pale Moon is supposed to be a different application and that thus, it will have different abilities. So it's up to the extension developer to decide if they want to support it or not. That decision in itself isn't right or wrong: after all, it does require, in some cases, quite the amount of work. What is wrong, though, as you said, is disparaging Pale Moon by making it look like it's an outdated version of Firefox stuck in the past, instead of the different product it now is.

Of course, in an ideal world, all extensions would work equally with Firefox and Pale Moon, but the more Firefox evolves and moves away from its roots, for better or for worse, the more extensions need to cater to its needs - at the expense of everything else.

Anyway. I tried compiling the current source of HTTPS Everywhere from GitHub against the Pale Moon SDK, just to check what it would do, and as it stands, it does not seem to run out of the box. It does install, but the icon doesn't show up. So it will indeed require a bit of tinkering to make it compatible; and that means it will definitely need to be forked, unfortunately.

rea987

Re: HTTPS Everywhere workaround for Pale Moon 25+

Unread post by rea987 » 2015-03-27, 01:45

As I pointed out before, applying lastest ruleset to https-everywhere-5.0development.1.xpi works just fine. Yeah, not ideal but absolutely enough for me and most of the people. I do not think that Pale Moon cannot offer that sort of cheap method as a solution or a fork; but it would be nice to inform people.
Last edited by rea987 on 2015-04-03, 12:10, edited 1 time in total.

Locked