You are not logged in. Please login or register.
We are very pleased and happy to announce the newest release of Hyperbola GNU/Linux-libre with v0.4.4.
See our official news for further details.
HyperForum → Packages → questions regarding Iceweasel-UXP
- If I understand correctly, Iceweasel-UXP is based on Basilisk. Is it a hard fork or does it receive updates from upstream? Is the appropriate place to submit bug reports and features requests Hyperbola's issue tracker or upstream's?
- Is it appropriate to request backporting of Firefox >=52 (last pre-Quantum ESR) and/or >=57 (post-Quantum) features that do not rely on WebExtensions or otherwise conflict with Hyperbola's goals?
- If I understand correctly, Iceweasel-UXP is based on Basilisk. Is it a hard fork or does it receive updates from upstream? Is the appropriate place to submit bug reports and features requests Hyperbola's issue tracker or upstream's?
- Is it appropriate to request backporting of Firefox >=52 (last pre-Quantum ESR) and/or >=57 (post-Quantum) features that do not rely on WebExtensions or otherwise conflict with Hyperbola's goals?
Probably not, webext has security issues so its not likely. Do you need any addons that are from >=57 firefox?
Pretty sure there are alternatives to most addons from firefox. Unless they non-free software. of course... 
PS, Iceweasel-uxp does recieve updates from upstream pretty sure, and Basilisk probably recieves applicable upates from some code in firefox.
Probably not, webext has security issues so its not likely.
I didn't mean to suggest that Iceweasel should implement WebExtensions. I'm aware of the security issues. I was referring to other features of Firefox, such as privacy-enhancing patches implemented as part of the Tor Uplift Project.[1] However, if
Basilisk probably recieves applicable upates from some code in firefox.
then this might happen anyway.
I've also noticed a possible branding issue with Iceweasel, which is that although the .desktop file provides the name "Iceweasel-UXP", once Iceweasel is running it's WM_CLASS is "Firefox", which is visible with xprop. In GNOME (I have not checked with other desktop environments) the title bar says "Firefox" and an entry appears in the dock with the Iceweasel logo but the name "Firefox". If Iceweasel-UXP is added to Favorites, the Firefox entry appears in addition to the Iceweasel one. I think that this might be a violation of Mozilla's trademark policy, but if it is I'm not sure if I should report it here or upstream.
Do you need any addons that are from >=57 firefox?
Pretty sure there are alternatives to most addons from firefox
I did not see NoScript in the Iceweasel addons page, but I found the legacy version here.[2] I'm not sure whether NoScript was specifically excluded due to some freedom issue I'm unaware of or if it just wasn't considered.
The only addon I miss is Invidious Redirect[3]. It has only ever been a WebExtension, so I guess it can't be backported.
[1] https://wiki.mozilla.org/Security/Tor_Uplift
[2] https://noscript.net/getit#classic
[3] https://addons.mozilla.org/en-US/firefo … -redirect/
mozillas trademark policy has gotten much more lax-- it is no longer required to change the name to iceweasel in order to change the things they insisted upon traditionally as their own quality assurance.
also referrers, user agents and internal os strings probably arent affected by trademark policy anyway. trademark would apply more heavily to to brand of the browser itself-- the title bar, the icon, not the values in xprop.
worst case, devs would probably get a c&d (bad pr these days, so they probably wouldnt) and theyd have to change the code. but honestly, any browser can spoof ff internally. i dont think they can do anything about that. think about it-- this isnt because theyre charitable, microsoft and google cant stop mozilla from spoofing their user agent either. copyright is about contents, you cant copyright a brand name-- trademark is about appearances. no one is going to mistake iceweasel for firefox-- its called iceweasel, eh? probably dont call it "mozilla iceweasel" though. at a guess, they would have cause to make a fuss over that.
trademark would apply more heavily to to brand of the browser itself-- the title bar, the icon, not the values in xprop.
Yes, I agree. I only mentioned xprop's output because I think that the WM_CLASS value might have something to do with why the icon and titlebar say "Firefox".
worst case, devs would probably get a c&d (bad pr these days, so they probably wouldnt) and theyd have to change the code.
I'm not particularly worried about Mozilla either. I consider this a very minor issue and only meant to use it as an example of one that I'm not sure whether to report for Iceweasel or Basilisk. In this particular case the answer is probably Basilisk.
Guys, i suggest see our Iceweasel-UXP, Icedove-UXP and Iceape-UXP articles for further details. Anyway if you have some question, you should contact g4jc who is developing our UXP applications.
- If I understand correctly, Iceweasel-UXP is based on Basilisk. Is it a hard fork or does it receive updates from upstream? Is the appropriate place to submit bug reports and features requests Hyperbola's issue tracker or upstream's?
Please submit all bug reports to our bug tracker. If it is an upstream issue we will correlate with upstream. It is a soft-fork of Basilisk as we're working pretty closely with them at the moment. We do have some different application goals, primarily removal of DRM and some different privacy and security defaults, but both of us are working towards the same goal of keeping XUL alive and patched with security updates. All of the toolkit (browser engine) portion of Basilisk changes are also applicable for Iceweasel-UXP. You can have a look at UXP's recent changes here.
- Is it appropriate to request backporting of Firefox >=52 (last pre-Quantum ESR) and/or >=57 (post-Quantum) features that do not rely on WebExtensions or otherwise conflict with Hyperbola's goals?
The WebExt code is radically different, so anything pre-FF52 we can have a look at and in some (rare) cases we can backport post-Quantum stuff by either inventing it from scratch or borrowing the few relevant bits that are not dependent on it. I'd rather not reinvent things from scratch, but others are certainly welcome to do so. If you're going to submit a bug report I prefer you link to the last known XUL (legacy) version and we can go from there.
- I did not see NoScript in the Iceweasel addons page
For addons we are currently bundling, they are included in the package repository directly. This may change once upstream implements a shared addons database for UXP applications. You can find our NoScript package here. There are some patches we've applied, primarily removal of Google, some networking pings, and the whitelist. We do not feel the whitelist should auto-populate every time the addon starts, as many of the websites listed are running non-free JavaScript and can open you up to security vulnerabilities, so we disable this and let the user decide what should be whitelisted. See the current patch here.
I'll update the wiki to clarify this.
I was referring to other features of Firefox, such as privacy-enhancing patches implemented as part of the Tor Uplift Project.
I'm currently monitoring these. Many of them do not currently apply to us as they are for post-Quantum design and/or are incomplete.
We're not currently trying to compete with Tor browser, as it requires a significant rewrite of the HTTP layer that was optimized for Tor. Mozilla has not fully gotten on board with that either which is why Tor browser continues to exist.
Their modifications include longer proxy timeout defaults and GUI changes to mark all onions as "secure" with a green lock regardless of whether or not they run HTTPS. There is also the Tor Browser button, which works exclusively with their browser and uses their custom networking layer to open a new circuit per page and set a bunch of default about:config options with a slider.
I currently recommend using different Profiles for extra privacy. You can launch iceweasel-uxp with --ProfileManager and you can have one for banking/personal, and one for every day browsing.
We have back-ported some important items such as disabling SSLKEYLOGFILE which is a patch borrowed from Tor that prevents local SSL stripping. See here for more details.
I only mentioned xprop's output because I think that the WM_CLASS value might have something to do with why the icon and titlebar say "Firefox".
I'll try to reproduce and fix this for the next release, thanks for the report.
You can find our NoScript package here. There are some patches we've applied, primarily removal of Google, some networking pings, and the whitelist. We do not feel the whitelist should auto-populate every time the addon starts, as many of the websites listed are running non-free JavaScript and can open you up to security vulnerabilities, so we disable this and let the user decide what should be whitelisted. See the current patch here.
The first thing I do after installing NoScript is disabling everything in the whitelist. However, the annoying thing is that Mozilla browsers have JavaScript turned on by default (javascript.enabled is set to true in about:config), so I need to run JavaScript in order to download NoScript if I forget to disable it in the about:config settings (unless I download it from a search engine which runs without JavaScript such as DuckDuckGo Lite/HTML). As long as NoScript isn't bundled with Mozilla browsers on Hyperbola, disabling JavaScript in the settigns should be activated by default in order to protect users from running non-free JavaScript by mistake.
As long as NoScript isn't bundled with Mozilla browsers on Hyperbola, disabling JavaScript in the settigns should be activated by default in order to protect users from running non-free JavaScript by mistake.
if thats the idea, just bundle librejs.
if youre going to disable js completely, hopefully the page it loads at start tells you how to go to about:config and turn js on. i get the libre aspect, but dont take a shortcut that kills usability. just bundle librejs. it will also have the outcome you want, but in a better way. the startpage-with-instructions for turning js on is also acceptable.
LibreJS isn't compatible with Iceape (as far as I know) and also is resource intensive rendering Iceweasel unusable.
Hyperbola can provide a list of about:config flags that the developers chose to set for freedom or privacy purposes which the users can easily modify.
and also is resource intensive rendering Iceweasel unusable.
well there i agree, fsvo of unusuable on some machines.
HyperForum → Packages → questions regarding Iceweasel-UXP
Powered by PunBB, supported by Informer Technologies, Inc.