Inform user when 3rd party software installs plugin Topic is solved

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
User avatar
wannabegeek101
Hobby Astronomer
Hobby Astronomer
Posts: 22
Joined: 2021-07-17, 06:29

Inform user when 3rd party software installs plugin

Unread post by wannabegeek101 » 2021-07-18, 09:27

I hope this isn't off-topic, but can I please submit a feature request for pale moon to inform the user when 3rd party software on the user's computer installs an NPAPI plugin, as it is a potential security risk, especially given, correct me if I'm wrong, but my amateur guess is that these plugins could be long-past end-of-life and left over from the era when NPAPI plugins existed?

New Tobin Paradigm

Re: Inform user when 3rd party software installs plugin

Unread post by New Tobin Paradigm » 2021-07-18, 10:24

There will be no change in how plugins are handled. Except in the future NPAPI may be wholey pref disabled by default (but never removed.. ever.. I won't allow it).

Two reasons why:

One is that as Linux systems start removing GTK2 completely as it is long end of life the dependancy on GTK2 for GTK3 builds will have to be broken. The side effect is that old plugins compiled against GTK2 will not run in GTK3 builds nor will GTK3 builds be able to be compiled or run correctly on systems without GTK2.

The second issue is across the board as plugins age out of usefulness or fitness they have become increasingly an edge case as a whole. We love NPAPI and would love to see new ones pop up or non-flash/java continue on but the reality is that with the draconian tech elite against any choice by the user prevailing that seems increasingly unlikely. Still there will always be the case where the user MUST have plugin capabilities despite the risks and whatnot so removing NPAPI just can never be an option for us but an explicit choice the user has to make to use them is a reasonable compromise.

In the event the winds of fate blow the other way then the default setting for a pref can always be re-evaluated. Besides, removing NPAPI would literally be more work than it is worth. Not to Mozilla cause they get off on it but for us why expend the effort when there is plenty of failed junk from the past decade that is far more important to get rid of than something that users actually care about?
Last edited by New Tobin Paradigm on 2021-07-18, 10:42, edited 3 times in total.

User avatar
wannabegeek101
Hobby Astronomer
Hobby Astronomer
Posts: 22
Joined: 2021-07-17, 06:29

Re: Inform user when 3rd party software installs plugin

Unread post by wannabegeek101 » 2021-07-18, 10:33

What do you mean? Are you saying that this feature request will not be acted upon, or have you misunderstood my question/"amateur guess"?

New Tobin Paradigm

Re: Inform user when 3rd party software installs plugin

Unread post by New Tobin Paradigm » 2021-07-18, 10:44

I said precisely what I meant. Please re-read it.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Inform user when 3rd party software installs plugin

Unread post by Moonchild » 2021-07-18, 10:56

Almost all plugins are system-installed. They aren't installed "in the browser"; the browser just picks them up from the system.
It is and has always been the user's responsibility to know what they install on their system that might include NPAPI plugins, and the browser isn't supposed to be a gatekeeper for it.
So: if you install software, make sure you know if it comes with a plugin or not, and/or check your plugins section after installation if you're not sure to set them up as intended (or flat-out disable them there if you don't want the browser to ever load or use them)

As Tobin said: we won't be changing how this is handled - we've done it this way since the start and won't be changing it just because some people decided they wanted to push inferior or more complex (and uncontrollable) in-browser solutions that are "always on".
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
wannabegeek101
Hobby Astronomer
Hobby Astronomer
Posts: 22
Joined: 2021-07-17, 06:29

Re: Inform user when 3rd party software installs plugin

Unread post by wannabegeek101 » 2021-07-18, 11:01

New Tobin Paradigm wrote:
2021-07-18, 10:44
I said precisely what I meant. Please re-read it.
Apologies, only the first sentence of your reply appeared last time I read it (must've been a glitch). I will reread it now

User avatar
wannabegeek101
Hobby Astronomer
Hobby Astronomer
Posts: 22
Joined: 2021-07-17, 06:29

Re: Inform user when 3rd party software installs plugin

Unread post by wannabegeek101 » 2021-07-18, 11:08

Based on both Tobin and Moonchild's replies, I will be closing this issue (if I can figure out how)

EDIT: I can't figure out how to close the issue. Doesn't matter
Last edited by wannabegeek101 on 2021-07-18, 11:10, edited 1 time in total.

New Tobin Paradigm

Re: Inform user when 3rd party software installs plugin

Unread post by New Tobin Paradigm » 2021-07-18, 11:09

This is a forum not an issue tracker. Though currently the forum acts as a gatekeeper to keep irrelevant issue noise from cluttering up our actual issue trackers.

User avatar
wannabegeek101
Hobby Astronomer
Hobby Astronomer
Posts: 22
Joined: 2021-07-17, 06:29

Re: Inform user when 3rd party software installs plugin

Unread post by wannabegeek101 » 2021-07-18, 11:11

New Tobin Paradigm wrote:
2021-07-18, 11:09
This is a forum not an issue tracker. Though currently the forum acts as a gatekeeper to keep irrelevant issue noise from cluttering up our actual issue trackers.
In future, do feature requests go on the forum or issue tracker?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Inform user when 3rd party software installs plugin

Unread post by Moonchild » 2021-07-18, 11:18

Comprehensive reading seems to be a bit of a problem, here.
currently the forum acts as a gatekeeper to keep irrelevant issue noise from cluttering up our actual issue trackers.
What does that tell you? it tells you that your first point of contact should be the forum so our issue trackers remain focused on development.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
wannabegeek101
Hobby Astronomer
Hobby Astronomer
Posts: 22
Joined: 2021-07-17, 06:29

Re: Inform user when 3rd party software installs plugin

Unread post by wannabegeek101 » 2021-07-18, 11:21

Moonchild wrote:
2021-07-18, 11:18
Comprehensive reading seems to be a bit of a problem, here.
currently the forum acts as a gatekeeper to keep irrelevant issue noise from cluttering up our actual issue trackers.
What does that tell you? it tells you that your first point of contact should be the forum so our issue trackers remain focused on development.
Okay

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Inform user when 3rd party software installs plugin

Unread post by Moonchild » 2021-07-18, 11:35

wannabegeek101 wrote:
2021-07-18, 11:08
I can't figure out how to close the issue. Doesn't matter
As an aside, a number of boards have a "checkmark" button to mark what you think is a resolving answer. That is as close as "closing an issue" as you can get on the forum.
Attachments
Image1.gif
Image1.gif (1.5 KiB) Viewed 1205 times
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
RealityRipple
Astronaut
Astronaut
Posts: 644
Joined: 2018-05-17, 02:34
Location: Los Berros Canyon, California
Contact:

Re: Inform user when 3rd party software installs plugin

Unread post by RealityRipple » 2021-07-19, 11:07

This would be more in the purview of an extension. So I made one: https://realityripple.com/Software/Mozilla-Extensions/Unplug/.

User avatar
wannabegeek101
Hobby Astronomer
Hobby Astronomer
Posts: 22
Joined: 2021-07-17, 06:29

Re: Inform user when 3rd party software installs plugin

Unread post by wannabegeek101 » 2021-07-19, 11:22

RealityRipple wrote:
2021-07-19, 11:07
This would be more in the purview of an extension. So I made one: https://realityripple.com/Software/Mozilla-Extensions/Unplug/.
I appreciate it, although I would appreciate if you gave me a reason to believe it's legit, since I'm not going to install random software from a website I don't recognise (RealityRipple). Currently both the github and gitlab links link to a 404 error page, and even if they did work, I don't know coding, so I wouldn't understand the code anyway (unless it's extremely simple). Nothing against you, and I appreciate you've taken the time to make this, but obviously I don't know who you are, so I don't want to install it without a reason to believe it's legit.

Kind regards

Attronarch
Moonbather
Moonbather
Posts: 58
Joined: 2016-03-21, 12:35

Re: Inform user when 3rd party software installs plugin

Unread post by Attronarch » 2021-07-19, 11:43

wannabegeek101 wrote:
2021-07-19, 11:22
I appreciate it, although I would appreciate if you gave me a reason to believe it's legit, since I'm not going to install random software from a website I don't recognise (RealityRipple). Currently both the github and gitlab links link to a 404 error page, and even if they did work, I don't know coding, so I wouldn't understand the code anyway (unless it's extremely simple). Nothing against you, and I appreciate you've taken the time to make this, but obviously I don't know who you are, so I don't want to install it without a reason to believe it's legit.

Kind regards
Astounding.

Do you believe people hang out on this forum with a specific intent to create malicious extensions so they could steal your invaluable data?

And now you want him to somehow persuade you that it's "legit?"

If you don't trust his extension, why would you trust his reply?

Hey, RealityRipple, I have several of your extensions, could you kindly let me know if you are stealing my data or doing something evil with my device?

Thank you.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Inform user when 3rd party software installs plugin

Unread post by Moonchild » 2021-07-19, 12:11

wannabegeek101 wrote:
2021-07-19, 11:22
although I would appreciate if you gave me a reason to believe it's legit
Nice display of appreciation for someone going out of their way actually making an extension for you based on what you posted in this thread...
Keep it up, I'm sure you'll have plenty of people overly motivated to help you with anything in the future.
:(
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
wannabegeek101
Hobby Astronomer
Hobby Astronomer
Posts: 22
Joined: 2021-07-17, 06:29

Re: Inform user when 3rd party software installs plugin

Unread post by wannabegeek101 » 2021-07-19, 12:38

Moonchild wrote:
2021-07-19, 12:11
wannabegeek101 wrote:
2021-07-19, 11:22
although I would appreciate if you gave me a reason to believe it's legit
Nice display of appreciation for someone going out of their way actually making an extension for you based on what you posted in this thread...
Keep it up, I'm sure you'll have plenty of people overly motivated to help you with anything in the future.
:(
I very much appreciate the extension, but I don't install software from unknown sources (for obvious reasons), so I was asking if there's a way for the creator to prove it's legit, so that their work doesn't go to waste.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Inform user when 3rd party software installs plugin

Unread post by Moonchild » 2021-07-19, 12:50

He links to the source code. you can inspect everything yourself.
https://github.com/RealityRipple/Unplug/
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

New Tobin Paradigm

Re: Inform user when 3rd party software installs plugin

Unread post by New Tobin Paradigm » 2021-07-19, 15:54

RealityRipple despite the occasional arguments of scope is nevertheless an upstanding Extension Developer and largely dominates our selection of External listings. He also operates the mdn backup resource that preserves key info that is being purged from the internet by Mozilla.

He IS trustworthy but is also a free spirit who does their own thing and I have come to respect that over time. When he applies for an external listing, the add-on still goes through the same review process as any hosted one and there has yet to be any sort of issue that would put his status into question on that front. If there was you can be sure I would be on a crusade about it. Fuckin proof enough for you?

As others stated, he went to the trouble of creating something that never existed before just for you. Be greatful or be silent because you won't like the alternative consequences.

Is that understood?

User avatar
RealityRipple
Astronaut
Astronaut
Posts: 644
Joined: 2018-05-17, 02:34
Location: Los Berros Canyon, California
Contact:

Re: Inform user when 3rd party software installs plugin

Unread post by RealityRipple » 2021-07-19, 17:16

The only guarantees I can provide are the VirusTotal scan, the digital signature I use on every program I write to ensure they aren't modified after leaving my computer, the source code, and the thousands of users that have downloaded my other software and not sounded any alarm.

Just to double-check, did the 404 problem go away on both GH and GL?


Basically the entirety of the extension is a 150-line dialog script and a 50-line overlay script. And the dialog script is only long because it's building XUL elements by hand. Most of it is extremely readable, even by people who don't know javascript:

A loop to find new plugins that runs every ten seconds
A loop to display them if the count of new (unblocked) plugins is greater than zero
And a loop to change a true/false preference to "true" when a plugin has been shown in a dialog, so it doesn't prompt you again.

Most the fiddly bits are localization strings. The only preferences accessed are easily found - "plugin.prompt.X" for the mentioned true/false value and "plugin.state.x" to turn the plugin on or off based on the user's selection in the dialog.

Locked