Accueil > Mozilla > Firefox 7: leave my address bar alone

Firefox 7: leave my address bar alone

Two useful parameters you can edit from the config page in Firefox (type about:config in the address bar to access this page):

  1. Don’t highlight the domain name of the website: browser.urlbar.formatting.enabled = false (new in Fx 6)
  2. Always display the protocol of the page (including http://): browser.urlbar.trimURLs = false (new in Fx 7)

Now, does someone know a way for a sysadmin to easily stop notifications about new releases for all users on Mac OS X? At work, users do not have admin privs and so cannot do the updates themselves. As we get a lot of comments from our users that Firefox asks them to update, we need a way to force Firefox to shup up. Asking each user to edit their preferences to disable notifications is out of question. And it’s also out of question to update Firefox on 70 computers every 6 weeks (yes, a sysadmin’s weekly job is not to update Firefox all the time, especially when he works part-time!). Updates are usually only acceptable when everybody is on vacation, i.e. Easter, summer and Christmas mostly (which means every 4 months). But in 4 months, Mozilla releases 3 new versions of Firefox!! Hum…. too frequent updates, this reminds me another story about Firefox last year.

About these ads
Catégories:Mozilla
  1. imphil
    19 août 2011 à 12:06   | #1

    Very true, the address bar changes are the most annoying ones of the new releases. The highlighting completely fails for TLDs that use 3rd level domains as regular domains (e.g. .name domains; john.doe.name is totally differant than marcus.doe.name)

  2. 19 août 2011 à 1:55   | #2

    Thanks, much appreciate the browser.urlbar.trimURLs trick. Always thought that was a bad idea, full URLs are pretty important.

  3. 19 août 2011 à 2:00   | #3

    Except that these new updates are fairly well tested and are also security updates so you can’t just ignore updates for 3-4 months because you have more important things to do.

  4. 19 août 2011 à 2:18   | #4

    Can’t they just update it?

    • Frédéric Buclin
      19 août 2011 à 12:24   | #6

      Can you configure these parameters for all users remotely? Ideally, a prefs.js file put somewhere which would take precedence over each user preferences (or at least take precedence if users use the default values).

  5. Boris
    19 août 2011 à 6:44   | #7

    Why not just install Firefox on a part of the computer where the automatic update _will_ work instead of in /Applications ? That seems like it would solve your updating problem….

    • Frédéric Buclin
      19 août 2011 à 12:27   | #8

      Is it possible to limit the user capabilities to updates only? We don’t want the user to be able to uninstall the application, or install a beta version or something else. Our users are students, and you probably know how students are: they know everything better than anyone else, and are happy to mess everything if they can.

  6. 19 août 2011 à 8:32   | #9

    Perharps can you change the file rights of the firefox directory ?That’s what i make under linux to not have to log in root for updates.

    Elsewhere, see app.update.auto ?

  7. pd
    19 août 2011 à 9:11   | #10

    ABSO-FREAKING-LUTELY!

    Thanks so much. Obscuring parts of a URL is right up there with the worst decisions Mozilla has made – and the list is not short!

  8. 19 août 2011 à 9:16   | #11

    Don’t tell me that with previous versions you went unpatched for FOUR MONTHS!? Unpatched, I mean, without updating the minor versions?

    • Frédéric Buclin
      19 août 2011 à 12:36   | #12

      Depends, but we clearly don’t update 3 times in a month (see the "another story" link in my post: Firefox 3.6.4, 3.6.6, 3.6.7 and 3.6.8 released in one month!).

      IMO, people should stop panic everytime you are one or two releases behind the latest one. The fixed vulnerabilities in the latest release will not necessarily be exploited in the next two months (if at all). It’s trivial for a single user at home to click the "Update Now" button (also because he is an admin on his own PC). It requires much more time when you have 70 computers to manage.

      • 19 août 2011 à 2:21   | #13

        Then what’s the difference between running unpatched unsupported 3.6.4 for three months than running unpatched unsupported 5.0 for three months?

        I was under the assumption that, somehow, major versions couldn’t be easily updated in corporate environments, but minor versions could. If minor versions couldn’t anyway, there is absolutely no reason bothering with complaining about rapid release cycles from a corporate point of view. Remember: running Firefox 3.6.4 TODAY is 10 times worse than running Firefox 4.0. Both are no longer supported, and although Firefox 3.6 is supported, it’s only the latest version, not 3.6.4.

        The biggest problem with rapid release cycles is how it negatively affects how fast new features are implemented, and how well. THAT’s my biggest grip with it.

  9. kang
    19 août 2011 à 10:46   | #14

    The URL should highlight anything before the first slash instead of imitating chrome IMO.

    Getting rid of http://.. I don’t know, doesn’t really change a thing for me, except for some apps that don’t recognise the URL now when I copy paste
    Then again other browsers do it and no one complains.

    and to answer your question:

    http://kb.mozillazine.org/App.update.enabled

    • 19 août 2011 à 2:23   | #15

      The problem with highlighting between the slashes is that http://www.hotmail.com.seefile.cc.cn would be easily confused with http://www.hotmail.com. With the proper way of doing it, only cc.cn gets highlighted, which is what matters.

      Get used to it is all the advice I can give you. It’s best for you.

    • 19 août 2011 à 2:24   | #16

      Highlighting the whole domain would prevent sites from using the old "username-that-looks-like-a-domain-you-trust.com:meaningless-password-to-further-pad-the-address-bar@badsite.com" trick, but highlighting only the top few levels of a domain also avoids a different type of phishing attack:

      http://secure.ebay.com-login-myaccountId.h8023lkan8y69nk009nu8B.badsite.com

      Novice users see "secure.ebay.com" which looks familiar and a bunch of junk after it which does not. The owners of badsite.com get the ebay logins of their most gullible or least observant visitors.

  10. 19 août 2011 à 3:32   | #17

    We previously did security updates every four weeks, so the 6 weeks are a slowdown of those. If you did not install those updates before, then people should have gotten the same kind of warnings – and they have been easy attack targets as we have quite interesting exploits for old releases published with almost every security update, and we did have that for a while.
    So 1) you are putting those people at risk and 2) the pace for critical updates has actually slowed down.
    I agree that we should create and provide an easy service that can run as admin in the background and apply updates, though (they should be *downloaded* by the app running as the normal user and *applied* by the background service running as admin, IMHO).

  11. Frédéric Buclin
    19 août 2011 à 4:00   | #18

    6 weeks remains pretty frequent. You all make the assumption that Firefox is the only software we have to worry about. If everytime a software releases a security update the sysadmin should apply it immediately, then he would spend his whole day doing this kind of stuff.

    What you suggest about having a service which can run as admin in the background to apply updates is exactly what I have in mind. If there was such a service, this would solve all the problems for us. As soon as an update is available, it’s downloaded by Firefox (assuming the user is using it) and the update would be silently applied in the background and available once the user restarts Firefox. This would be ideal, yes! If there is such a bug filed on bmo, please give me the bug ID, either here or on IRC. :)

  12. sdf
    22 août 2011 à 5:08   | #19

    you should be fired for enabling (or even FORCING) your users to use unsecure browsers. 4 months is ridiculous in browser time. do you know how many security holes are being exploited while your users surf the webs? don’t tell me you only upgrade flash every other year too.

  13. 13 octobre 2011 à 8:39   | #20

    thanks a lot, that url trimming thing drove me nuts for so long!!!!!!
    i don’t know why they did that, it’s especially annoying for https sites for example.

    you rule!

  14. A real computer scientist
    13 octobre 2011 à 3:08   | #21

    Now if just Chrome would get rid of that silly behaviour too. It’s absolutely INACCEPTABLE to not display the protocol in the URL. It’s so stupid I can’t believe a computer scientist agreed to program the code needed for this (I’m sure it was somebody from the marketing department). And now even Firefox makes the same silly mistakes as Google does with Chrome.

    Come on, how stupid has the world become? Please give me back the Web of ca. 1997. Even with all its flaws back then, it was still a much better WWW than the one with have today with all these insecure standards and things made for idiots rather than intelligent people.

  15. 14 octobre 2011 à 10:21   | #22

    Thank you so much for the right info. Very easy to make the change. Too bad it’s hidden in the config. Kinda felt paralyzed without seeing the protocol. You helped me a lot!

  16. juan32
    23 juin 2012 à 4:56   | #23

    Thanks, the domain name sometimes show the part "worldpress.com" for example in black, and is useless, Hide the protocol functionality is really bad, for example when you change from http to https or ftp. And when you copy the url and paste it, sometimes appear the protocol, for what?? I don’t know.

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s

Suivre

Recevez les nouvelles publications par mail.