mozilla

Mozilla Nederland LogoDe Nederlandse
Mozilla-gemeenschap

Abonneren op feed Mozilla planet
Planet Mozilla - http://planet.mozilla.org/
Bijgewerkt: 1 maand 3 weken geleden

Daniel Stenberg: “OPTIONS *” with curl

ma, 19/06/2017 - 23:30

curl is arguably a “Swiss army knife” of HTTP fiddling. It is one of the available tools in the toolbox with a large set of available switches and options to allow us to tweak and modify our HTTP requests to really test, debug and torture our HTTP servers and services.

That’s the way we like it.

In curl 7.55.0 it will take yet another step into this territory when we finally introduce a way for users to send “OPTION *” and similar requests to servers. It has been requested occasionally by users over the years but now the waiting is over. (brought by this commit)

“OPTIONS *” is special and peculiar just because it is one of the few specified requests you can do to a HTTP server where the path part doesn’t start with a slash. Thus you cannot really end up with this based on a URL and as you know curl is pretty much all about URLs.

The OPTIONS method was introduced in HTTP 1.1 already back in RFC 2068, published in January 1997 (even before curl was born) and with curl you’ve always been able to send an OPTIONS request with the -X option, you just were never able to send that single asterisk instead of a path.

In curl 7.55.0 and later versions, you can remove the initial slash from the path part that ends up in the request by using –strip-path-slash. So to send an OPTION * to example.com for http and https URLs, you could do it like:

$ curl --strip-path-slash -X OPTIONS http://example.com/* $ curl --strip-path-slash -X OPTIONS https://example.com/*

In classical curl-style this also opens up the opportunity for you to issue completely illegal or otherwise nonsensical paths to your server to see what it does on them, to send totally weird options to OPTIONS and similar games:

$ curl --strip-path-slash -X OPTIONS http://example.com/*never* $ curl --strip-path-slash http://example.com/allpasswords

Enjoy!

Categorieën: Mozilla-nl planet

Chris McDonald: Message Broker: Goals and (De)Motivations

ma, 19/06/2017 - 22:57

Recently, I read a twitter rant that described message brokers as poor combination load balancer, database, and service discovery tools. It hit me hard since I’d just spent a week diving into writing my own message broker. While I had my dislikes of brokers, I think they are handy tools. The tweeter stated that many of these things should be built into the services. The goal of which to keep the heavy work out of the center of the system. Message brokers doing the opposite when used as a central bus.

Having this description of the problem space is turning out to be nice. It gives me some different framing for the various parts of the message broker I’ll be building and the underlying needs. It also pointed out a heavy flaw that message brokers as a central bus can cause trouble in some systems. While that twitter rant dismayed me at first, I now feel even more energized in building this tool.

This framing of load balancer, database, and service discovery reminds me to go read up on that tech as well. Sourcing papers for those problems while looking into queuing related things. I can acknowledge and make sure these subproblems get solved well enough for my intended scale. That will be a key part of my design going forward, keeping my decisions favoring small to medium scale. I’ve seen message brokers work well in those scenarios and want to make an even better one of those.

This doesn’t mean one couldn’t use the broker in a larger scale operation. But, I’m architecting it to encourage deliberate clustering beyond medium scale. Clustering acknowledges the fact that there are usually groups of services that are able to meet a work request without speaking outside of their group except for one or two edges. What I hope to discover as part of the development process is how to encourage this. Whether documenting and creating examples will be enough, or if I’ll need more core features.

I think keeping the message broker light weight will be instrumental in encouraging clustering. If the message broker is heavy, folks wouldn’t want to run too many instances. If it requires a lot of tuning to be useful, folks will want to only tune it once as a central bus. Side note: as I typed this I realized this is why Redis is so good.

Among the lofty design and architecture goals I want to mention my motivations and put the goals in perspective. This project’s main goal is to be a learning project. I want to better understand the internals of message buses. Most green field backend projects will be utilizing a message bus and smaller services. Understanding the internals of the message bus and keeping them in mind will let me design better services.

I also want to build a complex, performance focused, realistic piece of software in Rust. I find the language fun to work with and writing my own thread orchestration that is safe is delightful. As I build up the basics in the broker and client, I’m learning a lot of practical Rust skills. Like many others writing and coding in Rust in their free time, I’m hoping this will help encourage more jobs writing Rust. If I’m lucky enough, I’ll get to secure one of those jobs.


Categorieën: Mozilla-nl planet

Air Mozilla: Community Participation Guidelines Revision Brownbag (NALA)

ma, 19/06/2017 - 22:00

Community Participation Guidelines Revision Brownbag (NALA) A revised version of Mozilla's Community Participation Guidelines was released in May 2017. Please join Larissa Shapiro (Head of D&I) and Lizz Noonan (D&I Coordinator)...

Categorieën: Mozilla-nl planet

Air Mozilla: Community Participation Guidelines Revision Brownbag (NALA)

ma, 19/06/2017 - 22:00

Community Participation Guidelines Revision Brownbag (NALA) A revised version of Mozilla's Community Participation Guidelines was released in May 2017. Please join Larissa Shapiro (Head of D&I) and Lizz Noonan (D&I Coordinator)...

Categorieën: Mozilla-nl planet

Air Mozilla: Mozilla Weekly Project Meeting, 19 Jun 2017

ma, 19/06/2017 - 20:00

Mozilla Weekly Project Meeting The Monday Project Meeting

Categorieën: Mozilla-nl planet

Air Mozilla: Mozilla Weekly Project Meeting, 19 Jun 2017

ma, 19/06/2017 - 20:00

Mozilla Weekly Project Meeting The Monday Project Meeting

Categorieën: Mozilla-nl planet

Air Mozilla: Rep. Eshoo Net Neutrality Roundtable

ma, 19/06/2017 - 18:30

Rep. Eshoo Net Neutrality Roundtable Congresswoman Anna Eshoo (D-CA) will convene a roundtable to discuss the impacts of net neutrality and the consequence of eviscerating the policy. Eshoo will hear...

Categorieën: Mozilla-nl planet

Air Mozilla: Rep. Eshoo Net Neutrality Roundtable

ma, 19/06/2017 - 18:30

Rep. Eshoo Net Neutrality Roundtable Congresswoman Anna Eshoo (D-CA) will convene a roundtable to discuss the impacts of net neutrality and the consequence of eviscerating the policy. Eshoo will hear...

Categorieën: Mozilla-nl planet

Carsten Book: Reminder :) Please take part in the Sheriff Survey!

ma, 19/06/2017 - 16:45

Hi,
just a reminder that we have our Sheriff Survey Running and please take part in it, it helps us a lot to improve our work!

Link: https://docs.google.com/a/mozilla.com/forms/d/e/1FAIpQLSfGBZ50zkG9W-Wnk1ACBfFvj1iu8e46I5gs9t-G3ZWDpcy4-A/viewform

 

thanks!

Tomcat

Categorieën: Mozilla-nl planet

Cameron Kaiser: TenFourFox FPR1 available

ma, 19/06/2017 - 07:26
TenFourFox Feature Parity Release 1 is available for testing (downloads, hashes, release notes). There are no major changes from the beta except for a couple minor efficiency updates and a font blacklist update, and all remaining applicable security issues have been backported as well.

Chris T reported that old issue 72 (a/k/a bug 641597) has resurfaced in FPR1. Most likely this bug was never actually fixed, just wallpapered over by something or other, and the efficiency improvements in FPR1 have made it easier to trigger again. That said, it has only ever manifested on certain 10.5 systems; it has never been reproduced on 10.4 by anyone, and I can't reproduce it myself on my own 10.5 DLSD PowerBook G4. For that reason I'm proceeding with the release as intended but if your system is affected, please post your steps to replicate and we'll compare them with Chris' (especially if you have a 10.4 system, since that will be much easier for me to personally debug). Please also note any haxies or system extensions as the issue can be replicated on a clean profile, meaning addons or weird settings don't appear to be a factor. If we find a fix and enough people are bitten, it should be possible to spin a point release.

The plan is for a Tuesday/Wednesday release ahead of schedule, so advise if there are any new showstoppers.

Categorieën: Mozilla-nl planet

Emma Irwin: Escaping the economy of souls — starting with Facebook (in 4 steps)

zo, 18/06/2017 - 18:02

“I think it’s time for a reclamation movement.”

Tim Wu author of The Attention Merchant in a talk at @ Mozilla Toronto last week

A little over two months ago, I removed the web-warping, soul exploiting, goggles of a ‘free’ Facebook account — free as in guinea pig. I lost my best friend and partner to cancer around this time, and Facebook knew that.

I found myself staring at content curated just for me — a Ted Talk about end of life care, cancer foundations, hospital foundations, an ‘inspiring’ story of a boy who survived cancer, and a review of ‘Option B’, Sheryl Sandburg’s book on grief… I had joined her Facebook group, but they knew that too:

And there I was, as if waking in a horror movie finding vile tentacles of a venomous creature wrapped around me, I saw; I witnessed and felt the cost of free. The cost of my well being, of dignity and for all those around me — the cost of my attention, focus and awareness of the world around me.

Was my feed part of an experiment or just really shitty and cruel algorithms? Facebook doesn’t hide the fact it’s learning from people like me during personal crises. Rather, it publishes reports on the findings:

 

And probably what upset me the most was that Sheryl Sandburg of Facebook, whose book I liked and shared, who should be protective of people in grief was bringing large numbers of people to her Facebook group —so much heartbreak, so much trauma data. And Sheryl is aware…

“ However, the company was widely criticised for manipulating material from people’s personal lives in order to play with user emotions or make them sad.

In response on Thursday, Facebook said that it was introducing new rules for conducting research on users with clearer guidelines, better training for researchers and a stricter review process.

But, it did not state whether or not it would notify users — or seek their consent — before starting a study.”

— BBC News “Facebook admits failings over emotion manipulation study”

The reason I write this is to wake you up as well, although you are likely partially there — you need to get all the way there. Please stumble with me to some type of reclamation movement, it’s important for humanity (no exaggeration). Facebook, and others in the economy of souls design addictive technology to keep us there.

I’ve used the same excuses you are. The spine of Facebook’s business model is your contact list — and this should be the center of reclaim.

 

 

 

 

 

 

Dumping Facebook means threatening the ambient contact I have with my 81 year old Aunt whom I love and adore. And that is the problem.

— Clint Lalonde (@clintlalonde) May 28, 2017

 

Below are the steps I’ve taken to wean myself off Facebook and my contact list off Facebook for good. I want an empowered online life, and I want that for you too.

Step 1 — Snap out of it!

I really hope you don’t have to lose someone close to you, or go through a trauma or tragedy to see the impact of your data being used against you. If you need inspiration watch Tim Wu’s talk and embrace the message that ‘free’ is not free. Read Facebook’s data policy, and remember they never said they would stop doing this.

Step 2— Get Facebook Messenger, Disable Facebook

Didn’t see that one coming did you? As much as Messenger annoyed me, being a separate App, what it provides is the ability to fully disable Facebook itself, but keep messaging for a transition period — which can be as long as you need it to be. You can still talk to, and share photos with grandma.

Think of Messenger as nicotine gum for FB addiction. Not great, still being tracked, but will likely get you further than cold turkey.

This one step means you you’re unplugged from:

  • Fake News
  • Like/Reactions
  • Mindless feed scrolling
  • Interacting in groups
  • Unsolicited emotional reactions to content

But keep:

  • Messaging
  • Sharing photos,
  • Group conversations

And slowly start migrating people to other tools for chat and conversation. Let them know why.

Step 3— Curate Personal Content

Even though you spent a lot of time reading content on Facebook, chances are you’ve read fake news, crappy click bait and remained in a filter bubble of your own opinions. There’s a whole world out there!

  • Subscribe(yes pay) to actual newspapers with real reporters. I now subscribe to the New York Times, and support local journalism with a subscription as well.
  • Use good tools. I like Flipboard, and organize all ‘read later’ content into Pocket, which is my goto for the times I would normally have opened Facebook. Remember we’re dealing with addiction — replace habits with new ones.
  • Watch Netflix or read a book. Step away from news and the world and escape. ‘Attention Theft’ of Facebook really makes sense to me now I realize how many extended periods of time are available to me.
  • Follow people unlike yourself on Twitter. I know Twitter has issues, but one thing at a time.
Step 4 — Influence others

I feel like a tiny drop in the ocean, but when people tell me their <insert information thing here> is on Facebook, I tell them I’m not on Facebook and so require another way. I see others doing this too. Even public pages on Facebook are not public — they’re draped in a kind of ‘free membership paywall’, that hides half the page if you’re not logged in.

Facebook groups are not good for forums, there are (much, much) better and open source forums. Suggest alternatives.

Tell people why you’re not on Facebook, but not in an arrogant kind of way — more like ‘I quit smoking because my kids need me to live’ kind of way that makes people reflect on their own health.

Public Pages are trapped in a ‘Free Membership Paywall’

Step 4 — Turn off Facebook Messenger

Turn off Facebook Messenger. I haven’t done this yet, but I am using it less and less. I probably use it 3 x a week for people I haven’t moved over to other communications yet.

Go explore the web again.

https://twitter.com/clintlalonde/status/868661574914891777

Step 1 — Snap out of it!

I really hope you don’t have to lose someone close to you, or go through a trauma or tragedy to see the impact of your data being used against you. If you need inspiration watch Tim Wu’s talk and embrace the message that ‘free’ is not free. Read Facebook’s data policy, and remember they never said they would stop doing this.

Step 2— Get Facebook Messenger, Disable Facebook

Didn’t see that one coming did you? As much as Messenger annoyed me, being a separate App, what it provides is the ability to fully disable Facebook itself, but keep messaging for a transition period — which can be as long as you need it to be. You can still talk to, and share photos with grandma.

Think of Messenger as nicotine gum for FB addiction. Not great, still being tracked, but will likely get you further than cold turkey.

This one step means you you’re unplugged from:

  • Fake News
  • Like/Reactions
  • Mindless feed scrolling
  • Interacting in groups
  • Unsolicited emotional reactions to content

But keep:

  • Messaging
  • Sharing photos,
  • Group conversations

And slowly start migrating people to other tools for chat and conversation. Let them know why.

Step 3— Curate Personal Content

Even though you spent a lot of time reading content on Facebook, chances are you’ve read fake news, crappy click bait and remained in a filter bubble of your own opinions. There’s a whole world out there!

  • Subscribe(yes pay) to actual newspapers with real reporters. I now subscribe to the New York Times, and support local journalism with a subscription as well.
  • Use good tools. I like Flipboard, and organize all ‘read later’ content into Pocket, which is my goto for the times I would normally have opened Facebook. Remember we’re dealing with addiction — replace habits with new ones.
  • Watch Netflix or read a book. Step away from news and the world and escape. ‘Attention Theft’ of Facebook really makes sense to me now I realize how many extended periods of time are available to me.
  • Follow people unlike yourself on Twitter. I know Twitter has issues, but one thing at a time.
Step 4 — Influence others

I feel like a tiny drop in the ocean, but when people tell me their <insert information thing here> is on Facebook, I tell them I’m not on Facebook and so require another way. I see others doing this too. Even public pages on Facebook are not public — they’re draped in a kind of ‘free membership paywall’, that hides half the page if you’re not logged in.

Facebook groups are not good for forums, there are (much, much) better and open source forums. Suggest alternatives.

Tell people why you’re not on Facebook, but not in an arrogant kind of way — more like ‘I quit smoking because my kids need me to live’ kind of way that makes people reflect on their own health.

Public Pages are trapped in a ‘Free Membership Paywall’

Step 4 — Turn off Facebook Messenger

Turn off Facebook Messenger. I haven’t done this yet, but I am using it less and less. I probably use it 3 x a week for people I haven’t moved over to other communications yet.

Go reclaim the web.

Feature Photo by Marco Gomes Attribution-NonCommercial-ShareAlike License

Cross posted to Medium

FacebookTwitterGoogle+Share

Categorieën: Mozilla-nl planet

Daniel Stenberg: curl doesn’t spew binary anymore

za, 17/06/2017 - 00:00

One of the least favorite habits of curl during all these years, I’ve been told, is when users forget to instruct the command line tool where to store the downloaded file and as a direct consequence, curl instead sends a lot of binary “gunk” to the terminal. The end result of that is at best just a busload of weird-looking characters on the screen, but with just a little bit of bad luck it can also lock up the terminal completely or change it in other ways.

Starting in curl 7.55.0 (from this commit), curl will inspect the beginning of each download that has been told to get sent to the terminal (tty!) and attempt to detect and prevent raw binary output to get sent there. The code is only simply looking for a binary zero in the data.

$ curl https://example.com/image.jpg Warning: Binary output can mess up your terminal. Use "--output -" to tell curl to output it to your terminal anyway, or consider "--output <FILE>" to save to a file.

As the warning message says, there’s an option to use to switch off this emergency check for when you truly know what you’re doing and you don’t need curl to prevent you from doing this. Then you just tell curl explicitly that you want the output to stdout, with “–output -” (or “-o -” for a shorter version):

$ curl -o - https://example.com/binblob.img

We’re eager to get your input and feedback on how this works. We are aware of the risk of false positives for UTF-16 and UTF-32 outputs, but we think they are rare enough to not make this a huge problem.

This feature should be able to drastically reduce the risk for this:

Pipes

(Update, added after the initial posting.)

So many have remarked or otherwise asked how this affects when stdout is piped into something else. It doesn’t affect that! The whole point of this check is to only show the warning message if the binary output is sent to the terminal. If you instead pipe the output to another program or if you redirect the output with >, that will not trigger this warning but will instead continue just like before. Just like you’d expect it to.

Categorieën: Mozilla-nl planet

Air Mozilla: Webdev Beer and Tell: June 2017

vr, 16/06/2017 - 20:00

 June 2017 Once a month web developers across the Mozilla community get together (in person and virtually) to share what cool stuff we've been working on in...

Categorieën: Mozilla-nl planet

Air Mozilla: Webdev Beer and Tell: June 2017

vr, 16/06/2017 - 20:00

 June 2017 Once a month web developers across the Mozilla community get together (in person and virtually) to share what cool stuff we've been working on in...

Categorieën: Mozilla-nl planet

Will Kahn-Greene: The Soloists

vr, 16/06/2017 - 18:00

Building Firefox is a big endeavor. There are many teams and projects covering initiatives, maintenance, bug fixing, triage, localization, support, understanding feedback, marketing, communication, releasing, supporting infrastructure, crash analysis, and a bazillion other activities all to build a family of browsers and applications.

Teams and projects aren't static. People move around as priorities change and the landscape shifts and projects complete or are scuttled.

Sometimes projects get started up with a single person. Sometimes all the people except one move off a project. Sometimes we find ourselves working alone, in a basement office, with only a stapler equivalent to keep us company.

We are the soloists. You wouldn't believe the list of things we work on. Alone.

Where to find soloists: IRC, Slack

There's an IRC channel #soloists on irc.mozilla.org.

There's also a Slack channel #soloists on the Mozilla Slack [1].

These two places (and whatever other places soloists want to hang out at) are places where we can:

  • find some solace from the weary drudgery of being alone on their projects for days on end
  • ask for help
  • bounce ideas off each other
  • vent frustrations in a friendly forgiving place
  • get advice on dealing with things like code reviews and how to go on vacation
  • get recognition for a job well done

and a variety of other things that alleviate many of the problems we have as soloists.

[1]I just created it, so it's kind of empty. I'm feeling alone in the #soloists Slack channel. So alone. Stickers at the All Hands!

Over the last month or so, we spent some time figuring out #soloists stickers because we like stickers and you like stickers and everyone likes stickers.

They look like this:

/images/soloist_2017_handdrawn.thumbnail.png

Soloist 2017 sticker.

They're 2" by 2" and round. They're warm to the touch. They make you want to climb things. By yourself. Alone. With appropriate safety gear. [2]

If you're a soloist, come find one of us and get a sticker. Also, consider joining soloist channels.

If you support soloists, come find one of us and get a sticker. Ask us about the things we're working on. We may be solo, but we're working on real projects that almost certainly affect you. As a group, we did great things in the last 6 months. Alone. So alone.

[2]That's how they make me feel, anyhow.
Categorieën: Mozilla-nl planet

Daniel Stenberg: curl: read headers from file

vr, 16/06/2017 - 09:20

Starting in curl 7.55.0 (since this commit), you can tell curl to read custom headers from a file. A feature that has been asked for numerous times in the past, and the answer has always been to write a shell script to do it. Like this:

#!/bin/sh while read line; do args="$args -H '$line'"; done curl $args $URL

That’s now a response of the past (or for users stuck on old curl versions). We can now instead tell curl to read headers itself from a file using the curl standard @filename way:

$ curl -H @headers https://example.com

… and this also works if you want to just send custom headers to the proxy you do CONNECT to:

$ curl --proxy-headers @headers --proxy proxy:8080 https://example.com/

(this is a pure curl tool change that doesn’t affect libcurl, the library)

Categorieën: Mozilla-nl planet

Ehsan Akhgari: Quantum Flow Engineering Newsletter #13

vr, 16/06/2017 - 07:11

I’m back with some more updates on another week worth of work on improving various performance aspects of Firefox.

Similar to the past weeks, Speedometer remains a big focus area for performance work.  In addition to the many already identified bugs to work on, we are also still measuring the benchmark quite actively looking for more optimization opportunities.

Another item worthy of an update is Background Hang Reports.  Michael Layzell earlier today enabled collection of native stack traces on Win64 (and Mac) using the Gecko Profiler stack walking backend (Linux support soon to follow).  Because we are now using the Gecko Profiler backend for BHR, we can soon get interleaved native and pseudo-stacks from BHR similar to the ones that we have come to know and love in Gecko Profiler for a long time now!  Also, Doug Thayer has made a lot of progress on hangs.html, his front-end for exploring the native stack traces uploaded from BHR.  This is a nice and super fast tool to explore the hangs that our users are experiencing on the Nightly channel and it shows you the corresponding pseudo-stacks that are extremely helpful if for example the hang is coming from chrome-privileged JS (where we get full call stack information through telemetry).  Please have a look, and send him feedback.

This edition is exceptionally short, but the most interesting part of these is probably the last part anyway, the credits section, where I acknowledge the hard work of the people who worked on improving the performance of Firefox in the past week.  So let’s get to that, and I do hope I’m not dropping any names:

Categorieën: Mozilla-nl planet

Mike Hommey: Announcing git-cinnabar 0.5.0 beta 2

vr, 16/06/2017 - 01:12

Git-cinnabar is a git remote helper to interact with mercurial repositories. It allows to clone, pull and push from/to mercurial remote repositories, using git.

Get it on github.

These release notes are also available on the git-cinnabar wiki.

What’s new since 0.5.0 beta 1?
  • Enabled support for clonebundles for faster clones when the server provides them.
  • Git packs created by git-cinnabar are now smaller.
  • Added a new git cinnabar upgrade command to handle metadata upgrade separately from fsck.
  • Metadata upgrade is now significantly faster.
  • git cinnabar fsck also faster.
  • Both now also use significantly less memory.
  • Updated git to 2.13.1 for git-cinnabar-helper.
Categorieën: Mozilla-nl planet

Daniel Stenberg: curling over HTTP proxy

vr, 16/06/2017 - 00:09

Starting in curl 7.55.0 (this commit), curl will no longer try to ask HTTP proxies to perform non-HTTP transfers with GET, except for FTP. For all other protocols, curl now assumes you want to tunnel through the HTTP proxy when you use such a proxy and protocol combination.

Protocols and proxies

curl supports 23 different protocols right now, if we count the S-versions (the TLS based alternatives) as separate protocols.

curl also currently supports seven different proxy types that can be set independently of the protocol.

One type of proxy that curl supports is a so called “HTTP proxy”. The official HTTP standard includes a defined way how to speak to such a proxy and ask it to perform the request on the behalf of the client. curl supports using that over either HTTP/1.1 or HTTP/1.0, where you’d typically only use the latter version if you the first really doesn’t work with your ancient proxy.

HTTP proxy

All that is fine and good. But HTTP proxies were really only defined to handle HTTP, and to some extent HTTPS. When doing plain HTTP transfers over a proxy, the client will send its request to the proxy like this:

GET http://curl.haxx.se/ HTTP/1.1 Host: curl.haxx.se Accept: */* User-Agent: curl/7.55.0

… but for HTTPS, which should provide end to end encryption, a client needs to ask the proxy to instead tunnel through the proxy so that it can do TLS all the way, without any middle man, to the server:

CONNECT curl.haxx.se:443 HTTP/1.1 Host: curl.haxx.se:443 User-Agent: curl/7.55.0

When successful, the proxy responds with a “200” which means that the proxy has established a TCP connection to the remote server the client asked it to connect to, and the client can then proceed and do the TLS handshake with that server. When the TLS handshake is completed, a regular GET request is then sent over that established and secure TLS “tunnel” to the server. A GET request that then looks like one that is sent without proxy:

GET / HTTP/1.1 Host: curl.haxx.se User-Agent: curl/7.55.0 Accept: */* FTP over HTTP proxy

Things get more complicated when trying to perform transfers over the HTTP proxy using schemes that aren’t HTTP. As already described above, HTTP proxies are basically designed only for doing HTTP over them, but as they have this concept of tunneling through to the remote server it doesn’t have to be limited to just HTTP.

Also, historically, for decades people have deployed HTTP proxies that recognize FTP URLs, and transparently handle them for the client so the client can almost believe it is HTTP while the proxy has to speak FTP to the remote server in the other end and convert it back to HTTP to the client. On such proxies (Squid and Apache both support this mode for example), this sort of request is possible:

GET ftp://ftp.funet.fi/ HTTP/1.1 Host: ftp.funet.fi User-Agent: curl/7.55.0 Accept: */*

curl knows this and if you ask curl for FTP over an HTTP proxy, it will assume you have one of these proxies. It should be noted that this method of course limits what you can do FTP-wise and for example FTP upload is usually not working and if you ask curl to do FTP upload over and HTTP proxy it will do that with a HTTP PUT.

HTTP proxy tunnel

curl features an option (–proxytunnel) that lets the user forcible tell the client to not assume that the proxy speaks this protocol and instead use the CONNECT method with establishing a tunnel through the proxy to the remote server.

It should of course be noted that very few deployed HTTP proxies in the wild allow clients to CONNECT to whatever port they like. HTTP proxies tend to only allow connecting to port 443 as that is the official HTTPS port, and if you ask for another port it will respond back with a 4xx response code refusing to comply.

Not HTTP not FTP over HTTP proxy

So HTTP, HTTPS and FTP are sent over the HTTP proxy fine. That leaves us with nineteen more protocols. What happens with them when you ask curl to perform them over a HTTP proxy?

Now we have finally reached the change that has just been merged in curl and changes what curl does.

Before 7.55.0

curl would send all protocols as a regular GET to the proxy if asked to use a HTTP proxy without seeing the explicit proxy-tunnel option. This came from how FTP was done and grew from there without many people questioning it. Of course it wouldn’t ever work, but also very few people would actually attempt it because of that.

From 7.55.0

All protocols that aren’t HTTP, HTTPS or FTP will enable the tunnel-through mode automatically when a HTTP proxy is used. No more sending funny GET requests to proxies when they won’t work anyway. Also, it will prevent users from accidentally leak credentials to proxies that were intended for the server, which previously could happen if you omitted the tunnel option with a few authentication setups.

HTTP/2 proxy

Sorry, curl doesn’t support that yet. Patches welcome!

Categorieën: Mozilla-nl planet

Justin Dolske: Photon Engineering Newsletter #6

do, 15/06/2017 - 22:34

More exciting progress this week! Here’s Photon update #6!

New Menus

Work on the new Photon menus has reached the point where we’re ready to turn them on by default (for Nightly). Bug 1372309 is tracking the last remaining work (mostly test fixes), and you should see this happen in tomorrow’s Nightly. Up until now you’ve needed to manually enable the “browser.photon.structure.enabled” pref to play with the new menus – you’ll no longer need to flip that pref as it will already be enabled.

The biggest change you’ll notice is that the application menu (a.k.a. the “hamburger menu”) contents look different. Instead of a grid of icons, it’s a linear list of commands. Opening the menu and entering submenus is much snappier than before. Here’s the new look on Windows 10 (left) and macOS (right):

menus

The overflow menu (under the “>>” icon) has existed for a long time now, normally it’s only shown when the window is so narrow that we run out of space to show all the toolbar icons. You can now pin items to it permanently, as the new destination for commands you want easily accessible without taking up toolbar space. (Previously you could do this by adding items to the hamburger menu. That’s no longer customizable.)

overflows

There are also some minor related changes to Customization Mode, which now shows the overflow menu as a customization target instead of the old hamburger menu.

Recent changes

Menus/structure:

  • Enabling the new menus, as mentioned above.
  • The sidebar toolbar button no longer has a panel dropdown, instead it just toggles the display of the sidebar (you can change which sidebar is shown from inside the sidebar itself).
  • Various smaller styling/polish fixes to the different panels and toolbar items have landed and will continue to land this week.
  • WebExtension browser actions will now be pinned to the overflow panel instead of the hamburger menu (though we are aware of at least one remaining issue with this).

 

Animation:

  • The Photon-themed download icon landed, this was spun out of the main download animation bug to start landing pieces as they’re ready.
  • Work continues on animations for downloads toolbar button, stop/reload button, and page loading indicator. We’re working through some performance issues with the latter two — these animations are triggered during our performance test suites, and we see some impact to the measurements.
  • New arrow-panel animations are underway. We’re updating the way panels and menus animate when they’re opened and closed. On macOS we’re temporarily removing the current animation entirely, while we await platform improvements that allow us to get the effect we want in a way that performs well.

 

Preferences:

  • QA-sign off received for the old preferences shipping in Firefox 55 (which have not been the default on Nightly since landing the new preference reorg).
  • Search followups are largely complete, and we are enabling the search feature this week.
    search-prefs-demo

 

Visual redesign:

  • We got some good contributions from community member UK92! Thanks!
    • Updated two of our in-content pages (about:about and about:rights) to use the new Photon style.
    • With maximized windows on Windows 10, the window control buttons now span the entire height of the tabstrip, eliminating a small gap.
  • Landing updates to the sidebar styling (header and search box)
  • Updated the Synced Tabs button icon in the toolbar.
  • Starting work on changing the color of the titlebar on macOS (making it darker, similar to Windows 10).

 

Onboarding:

  • Lots of discussion and decisions, finalized scope and content for Firefox 56 tour.
  • De-scoped automigration, and are instead moving ahead with a manual import option accessible from the new Activity Stream page.
  • Simplified tour and notification logic
  • Outstanding technical issues resolved and a few 56 tour contents are ready to land this week. No more blank tour overlay in Nightly!

 

Performance:

 

Stay tuned for more updates next week!


Categorieën: Mozilla-nl planet

Pagina's