As of Firefox 48, it’s impossible to disable mandatory addon signature verification without monkey patching Firefox or recompiling with MOZ_REQUIRE_SIGNING unset. Personally, I find this unacceptable as the user should always be in charge. It’s also completely useless as any party powerful enough to disable the signature verification in about:config could just as easily sideload a powerful (but signed) extension like greasemonkey and then install a malicious greasemonkey script.

Rants aside, the correct solution (for the user) is to either recompile Firefox with mandatory signature verification disabled or use the Firefox Developer build. Unfortunately, Firefox is a monster and recompiling it just isn’t a viable option for me (or anyone with a laptop). Also unfortunately, prepackaged Firefox binaries are missing some useful security features like PIE and dynamic libraries. Finally, the Firefox Developer build is a bit too bleeding edge for my taste (I would like my primary browser to be relatively bug free).

So, I’ve written a (disgusting) script that monkey patches Firefox’s omni.ja to make signature verification optional again. I’ve only tested it on Arch Linux but it should work on all unix-like systems. However, if your omni.ja file is not in /usr/lib/firefox/, you’ll have to tell the script where to find it (i.e., ./nosign.sh /path/to/omni.ja).

• Requirements: coreutils, gawk, python2, sudo
• Download: nosign.sh (signature)

NOTE: This script does not disable addon signature verification, only makes it optional. To turn it off, you still need to set xpinstall.signatures.required to false in about:config.

WARNING: This script updates the omni.ja file IN PLACE (using sudo).

WARNING: Use at your own risk.

Caveat lector: I wrote this post in high school; it’s likely outdated and poorly written.

I am noticing a very annoying and self-defeating trend with OpenIDs. The main purpose of OpenID is to allow people to have one login for multiple sites. OpenID is pointless if few sites accept it. This problem will correct itself eventually as more sites adopt OpenID. The biggest problem is the number of sites providing and not accepting OpenID. This defeats the whole purpose of OpenID. It is pointless to have a myriad of choices for OpenIDs if you can’t use them anywhere. Multiple OpenIDs for multiple sites just means multiple logins which is the very thing that OpenID is supposed to fix. I hope that many sites *ahem blogger* will soon start accepting OpenIDs as login credentials instead of just providing them.

Caveat lector: I wrote this post in high school; it’s likely outdated and poorly written.

I am starting to see this very often and find it very annoying: people report a bug, later they find a preexisting report for the same bug, they then mark that preexisting bug as a duplicate of their bug. I end up getting lots of “this bug has been marked as a duplicate of bug x” emails and this is VERY annoying. To prevent this people need to rigorously check for a preexisting report. Second, when you find two duplicate bugs, search the bug tracker for any more duplicates and mark all of the newest duplicates as duplicates of the oldest bug. This prevents chains of duplicates which in turn maximizes the efficiency of the bug reporting and fixing process.

Example:

Chained:

 report 1     ->    report 2     ->     report 3     ->     report 4
    |                  |                   |                   |
Commenters         Commenters           Commenters         All commenters
from report 1      from reports 1-2     from report 1-3

Non-chained:

report 1 ----\
 commenters 1 \
report 2 ------> report 4
 commenters 2 /   all commenters
report 3 ----/
 commenters 3

In the chained version commenters move from report to report wasting comments on bugs that will probably never be seen again after being marked a duplicate. In the non-chained version commenters move directly from the duplicate to the final (and oldest) bug report wasting as few as comments possible on the duplicates.

Caveat lector: I wrote this post in high school; it’s likely outdated and poorly written.

I broke my previous keyboard and went shopping for a new one (FYI: water + G15 == not good). I wanted another back-lit keyboard (like my previous G15). When I went to Best Buy (not my favorite store) I saw the slick Raser Lycosa Keyboard I decided to try it. My advice: don’t. While the keyboard itself is great (I like the low, rubber covered keys) the neither the the USB port nor the headphone jack worked on either of the keyboards that I tried (I returned the first one and tried the second one in the store). The problem: Interference. My computer refused to mount my USB flash drive while plugged into the Lycosa and the headphones buzzed (like a radio). I ended up getting the latest (annoyingly orange) G15 keyboard which works but I HATE ORANGE.

Caveat lector: I wrote this post in high school; it’s likely outdated and poorly written.

I usually don’t correct my old blog posts from when I was in high school but… this one offends my coffee sensibilities. There’s no such thing as an espresso roast; the issue I described below is under-extraction. This is usually caused by not grinding the coffee fine enough, old beans, and/or not putting enough coffee in the portafilter.

I religiously drink decaf lattes (by “religiously” I mean every Sunday) and am becoming very annoyed with the common misconception that lattes are just coffee and milk. True lattes are not made with standard coffee beans, they are made with espresso beans. Espresso beans are roasted longer and thus are much richer but less bitter. Many so called coffee shops claim to sell lattes but use regular coffee beans in their espresso machine. The resulting drink is not a café latte. It is called a café au lait.

Here’s my plea: Coffee shops, please correctly label your drinks.

PS: If you go to Canada, bring your own espresso. I can’t find a decent Latte in all of Nova Scotia.