Payment Request API | W3C

Payment Request API; W3C; 2017-09-21.

  • Adrian Bateman, Microsoft Corporation
  • Zach Koch, Google
  • Roy McElmurry, Facebook
  • Domenic Denicola, Google
  • Marcos Cáceres, Mozilla


Web Privacy Census | Altaweel, Good, Hoofnagle

Ibrahim Altaweel, Nathaniel Good, Chris Jay Hoofnagle; Web Privacy Census; In Technology Science; 2015-12-15.

tl;dr → there are lots of (HTML4) cookies; cookies are for tracking; cookies are bad. factoids are exhibited.


Most people may believe that online activities are tracked more pervasively now than they were in the past. In 2011, we started surveying the online mechanisms used to track people online (e.g., HTTP cookies, Flash cookies and HTML5 storage). We called this our Web Privacy Census. We repeated the study in 2012. In this paper, we update the study to 2015.


  • Universe
    • Quantcast
    • “top 1 million”
  • Attack
    • Firefox 39
    • OpenWPM
  • Client
    • HTML4 Cookies
    • HTML5 Storage
    • Flash
  • Use Cases
    indistinguishable in the census method

    • Analytics
    • Tracking (Trak-N-Targ)
    • Conversion
    • Personalization
    • Security


HOWTO Disable HTML5 Video Autoplay in Firefox

media.autoplay.enabled = false [default true]

Does not work until Firefox 41:

  • 1242713media.autoplay.enabled=false does not prevent videos on youtube to autostart; In Bugzilla of Mozilla; 2016-01-25→current.; still open.
    tl;dr → describes Firefox 42, on Linux.
  • 659285Extend media.autoplay.enabled to provide a way to disable untrusted play() invocations; In Bugzilla of Mozilla; 2011-04-24→2016-01-25; resolved as fixed.

PrivacyCon (Privacy Conference) | FTC

PrivacyCon; Federal Trade Commission (FTC); 2016-01-14





Inventory, 75 comments.



The App-ocalypse: Can Web standards make mobile apps obsolete? | Ars Technica

The App-ocalypse: Can Web standards make mobile apps obsolete?; Larry Seltzer; In Ars Technica; 2015-12-28.
Teaser: Many big tech companies—absent Apple—are throwing weight behind a browser-based world.

tl;dr → Betteridge’s Law; i.e. No.

  • WebApps are a Google-culture thing.
  • And good luck with Apple; they are intransigent in their non-interest.


In (the arbitrary) order of appearance in the piece:



Via: backfill.

Disabling the use of RC4 in Firefox

This is for client-side disablement within your span of control within your client web-reading affordance (firefox):

  1. about:config
  2. search for rc4
  3. disable


With context about why RC4 ought to be disabled at all.



$ openssl ciphers -V 'ALL:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT' | grep RC4
      0xC0,0x11 - ECDHE-RSA-RC4-SHA       SSLv3 Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
      0xC0,0x07 - ECDHE-ECDSA-RC4-SHA     SSLv3 Kx=ECDH     Au=ECDSA Enc=RC4(128)  Mac=SHA1
      0xC0,0x16 - AECDH-RC4-SHA           SSLv3 Kx=ECDH     Au=None Enc=RC4(128)  Mac=SHA1
      0xC0,0x0C - ECDH-RSA-RC4-SHA        SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128)  Mac=SHA1
      0xC0,0x02 - ECDH-ECDSA-RC4-SHA      SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128)  Mac=SHA1
      0x00,0x8A - PSK-RC4-SHA             SSLv3 Kx=PSK      Au=PSK  Enc=RC4(128)  Mac=SHA1

Tracking Protection in Firefox for Privacy and Performance | Kontaxis, Chew

Georgios Kontaxis (Columbia), Monica Chew (Mozilla); Tracking Protection in Firefox for Privacy and Performance; In Proceedings of the Web 2.0 Security and Privacy (W2SP); 2015-05-23; 4 pages; copy, slides (18 slides).


We present Tracking Protection in the Mozilla Firefox web browser. Tracking Protection is a new privacy technology to mitigate invasive tracking of users’ online activity by blocking requests to tracking domains. We evaluate our approach and demonstrate a 67.5% reduction in the number of HTTP cookies set during a crawl of the Alexa top 200 news sites. Since Firefox does not download and render content from tracking domains, Tracking Protection also enjoys performance benefits of a 44% median reduction in page load time and 39% reduction in data usage in the Alexa top 200 news sites.


  • Mozilla Firefox
  • Configuration
    • about:config
    • privacy.trackingprotection.enabled=true
  • Release
    • Firefox Nightly
    • Firefox 35
    • Not committed for any production release?
  • Development
    • 1029886tracking bug for tracking protection
  • Architecture
    • curated blocklist
    • Disconnect’s list (not EasyList)
    • (Google) SafeBrowsing API
  • Features
    • Cookie Blocking
    • Beacon Blocking
  • Justification
    • Performance (page latency reduction).
    • Sotto voce, surveillance blocking.
    • Sotto voce, ad blocking.
  • Threat Model
    • <quote cite=”ref” page=”2″>Our adversary is a powerful billion-dollar online advertising and social networking industry</quote>
  • trackingprotectionfirefoxat some github.
  • Performance claims
    • some telemetry
    • some simulation


Somehow solving similar problems.



Archaeological order…




Wandering, moot, through the naïvete of the chain of reasoning here, flow with it.


Authors = <quote cite=”ref” page=”4″>

Finally, browser makers bear tremendous responsibility in mediating conflicts between privacy interests of users and the advertising and publishing industries. Tracking Protection for Firefox is off by default and hidden in advanced settings. We call upon Mozilla, Microsoft, and other browser makers to make tracking protection universally available and easy to use. Only then will the balance of power shift towards interests of the people instead of industry.



Greybeard = <moot>

Browser makers can’t have it both ways here.  They can’t be “common carriers” who make net-neutral and nework-neutral consumer premises equipment (CPE) as pure-play suppliers the media trade and also be the arbiters of the rights, rules and procedures of that industry without also entering that industry as a primary; i.e. as a publisher which owns a venue and manages an audience, which, as busking, is a fine and honorable vocation with a long and storied tradition dating back to the earliest ages.  Indeed Firefox Sponsored Tiles.

Hiding such intervention capability in the “advanced settings” doesn’t ameliorate the conceptual error here. The terms of the trade have always and ever been between the publisher and the advertiser. The consumer (which is you, dear reader), as a catalyst of the relationship, is party to this activity only insofar is the terms of the publisher-advertiser business arrangement specify that the publisher is able to deliver any quantifiable action, generally, quantifiable attention, of the consumer (which, to remind, is you, dear reader) to the advertiser under the terms of their bilateral deal (common commercial terms being: CPM, CPC, CPA, etc.).  The consumer’s consent being entailed by virtue of having received media from the publisher in the first instance.

As for your part of this, you are a consumer, and only that.  As the appelation implies, you don’t own the creative product that you’re enjoying, you never did, you never will. Your rights are limited to personal experience under the stated terms.  Otherwise, by convention, broader allowances would had to have been granted to you in an expression, an explicit writ. Your activities with regard to blocking publishers trading with advertisers in order to petition them to change their business practices as you experience them is a project that is, at best, fraught with contradictions and complications. To want to change the legal framework of creative product ownership & delivery is a tall order and would necessarily have implications in other areas of the media business.  The law is pretty clear on the countervailing point.  Namely, that the publisher owns the media, as they created it. They are purveying it under terms set forth. The media is licensed to you, and performed for you, even when on equipment that you own, for the sole purpose of your private enjoyment as an individual.  During your experience of the work, you do not receive any other rights, such as the right of derivation, summarization, retransmission, republication, public performance, etc.  These conditions adhere to you by your presence in the experience as a consumer unit. You are necessarily subject ot the Terms & Conditions set forth at the time the media was administered to you.  Indeed the whole foundation of the Creative Commons and Open Source licensing is centered upon this point.



Activist = <moot2>

Yet “we” build, “we” own & “we” operate the CPE. These HTML5-JS-CSS3 browser media-players are “ours.”  We are the web!  Unlike print, OTA TV or radio media where the players are locked down. We build CPE; we block as we like. This cannot be stopped.



Publisher = We parry and invoke EME, CDM, DRM & block you with DMCA. Like we do with video. QED.

Via: backfill.

Firefox Tiles







  • 290×180
  • 142×70 =

This preference can be set to anything that returns JSON, setting this to an empty JSON object will disable Tiles from showing and fetching new Tiles. With the change below a new user would only see empty Tiles and Firefox could no longer fetch new Tiles. =   data:application/json,{} =

This is the tile reporting interface back to the Mozilla mother ship. Changing or disabling this pref maywill prevent Firefox from being able to report metrics on Tiles. Setting this to nothing will disable the ping.

Other Preferences

about:config for the newtab cluster

Preference Name Status Type Value
browser.newtab.preload default boolean true
browser.newtab.url default string about:newtab
browser.newtabpage.blocked user set string …JSON blob…
browser.newtabpage.columns default integer 3
browser.newtabpage.enabled default boolean true
browser.newtabpage.pinned user set string …JSON blob…
browser.newtabpage.rows default integer 3
browser.newtabpage.storageVersion default integer 1



$ curl --location --verbose
* About to connect() to port 443 (#0)
*   Trying
* Connected to ( port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* 	subject: CN=*,O=Mozilla Foundation,L=Mountain View,ST=CA,C=US
* 	start date: Apr 08 00:00:00 2014 GMT
* 	expire date: Oct 26 12:00:00 2016 GMT
* 	common name: *
* 	issuer: CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US
> GET /v2/links/fetch/en-US HTTP/1.1
> User-Agent: curl/7.29.0
> Host:
> Accept: */*
&lt HTTP/1.1 303 SEE OTHER
< Content-Type: text/html; charset=utf-8
< Date: Thu, 26 Mar 2015 14:02:03 GMT
< Location:
< Content-Length: 405
< Connection: keep-alive
* Ignoring the response-body
* Connection #0 to host left intact
* Issue another request to this URL: ''
* About to connect() to port 443 (#1)
*   Trying
* Connected to ( port 443 (#1)
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA>
* Server certificate:
* 	subject: CN=*,O=", Inc.",L=Seattle,ST=Washington,C=US
* 	start date: Feb 19 00:00:00 2015 GMT
* 	expire date: Oct 19 23:59:59 2015 GMT
* 	common name: *
* 	issuer: CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> GET /desktop/US/en-US.eb4cb64172c72f108cbb2301b958ecf3c9895373.json HTTP/1.1
> User-Agent: curl/7.29.0
> Host:
> Accept: */*
< HTTP/1.1 200 OK
< Content-Type: application/json
< Content-Length: 3909
< Connection: keep-alive
< Date: Tue, 24 Mar 2015 17:43:48 GMT
< Content-Disposition: inline
< Cache-Control: public, max-age=31536000
< Last-Modified: Tue, 24 Mar 2015 00:30:12 GMT
< ETag: "a90166163cf89dd1e2d6c2591b18a988"
< Accept-Ranges: bytes
< Server: AmazonS3
< Age: 159496
< X-Cache: Hit from cloudfront
< Via: 1.1 (CloudFront)
< X-Amz-Cf-Id: ZjFMeI8aQEwExP2f9Xp4LFPW09Gqo87vJBW3BSue79xeYOHbTgi_nw==
{"en-US": [{"bgColor": "", "directoryId": 498, "enhancedImageURI": "", "imageURI": "", "title": "Mozilla Community", "type": "affiliate", "url": ""}, {"bgColor": "#ffffff", "directoryId": 499, "enhancedImageURI": "", "imageURI": "", "title": "Firefox for Android", "type": "affiliate", "url": ""}, {"bgColor": "", "directoryId": 701, "enhancedImageURI": "", "imageURI": "", "title": "TurboTax", "type": "sponsored", "url": ""}, {"bgColor": "", "directoryId": 500, "enhancedImageURI": "", "imageURI": "", "title": "Mozilla Manifesto", "type": "affiliate", "url": ""}, {"bgColor": "", "directoryId": 502, "enhancedImageURI": "", "imageURI": "", "title": "Customize Firefox", "type": "affiliate", "url": ""}, {"bgColor": "#fff", "directoryId": 690, "imageURI": "", "title": "Mozilla Developer Network", "type": "affiliate", "url": ""}, {"bgColor": "", "directoryId": 504, "enhancedImageURI": "", "imageURI": "", "title": "Firefox Marketplace", "type": "affiliate", "url": ""}, {"bgColor": "#3fb58e", "directoryId": 505, "enhancedImageURI": "", "imageURI": "", "title": "Mozilla Webmaker", "type": "affiliate", "url": ""}, {"bgColor": "", "directoryId": 506, "enhancedImageURI": "", "imageURI": "", "title": "Firefox Sync", "type": "affiliate", "url": ""}, {"bgColor": "", "directoryId": 507, "enhancedImageURI": "", "imageURI": "", "title": "Privacy Principles", "type": "affiliate", "url": ""}]}
 * Connection #1 to host left intact


 [{"bgColor": "",
   "directoryId": 498,
   "enhancedImageURI": "",
   "imageURI": "",
   "title": "Mozilla Community",
   "type": "affiliate",
   "url": ""},
  {"bgColor": "#ffffff",
   "directoryId": 499,
   "enhancedImageURI": "",
   "imageURI": "",
   "title": "Firefox for Android",
   "type": "affiliate",
   "url": ""},
  {"bgColor": "",
   "directoryId": 701,
   "enhancedImageURI": "",
   "imageURI": "",
   "title": "TurboTax",
   "type": "sponsored",
   "url": ""},
  {"bgColor": "",
   "directoryId": 500,
   "enhancedImageURI": "",
   "imageURI": "",
   "title": "Mozilla Manifesto",
   "type": "affiliate",
   "url": ""},
  {"bgColor": "",
   "directoryId": 502,
   "enhancedImageURI": "",
   "imageURI": "",
   "title": "Customize Firefox",
   "type": "affiliate",
   "url": ""},
  {"bgColor": "#fff",
   "directoryId": 690,
   "imageURI": "",
   "title": "Mozilla Developer Network",
   "type": "affiliate",
   "url": ""},
  {"bgColor": "",
   "directoryId": 504,
   "enhancedImageURI": "",
   "imageURI": "",
   "title": "Firefox Marketplace",
   "type": "affiliate",
   "url": ""},
  {"bgColor": "#3fb58e",
   "directoryId": 505,
   "enhancedImageURI": "",
   "imageURI": "",
   "title": "Mozilla Webmaker",
   "type": "affiliate",
   "url": ""},
  {"bgColor": "",
   "directoryId": 506,
   "enhancedImageURI": "",
   "imageURI": "",
   "title": "Firefox Sync",
   "type": "affiliate",
   "url": ""},
  {"bgColor": "",
   "directoryId": 507,
   "enhancedImageURI": "",
   "imageURI": "",
   "title": "Privacy Principles",
   "type": "affiliate",
   "url": ""}]}


bgColor directoryId title type url enhancedImageURI imageURI
498 Mozilla Community affiliate
#ffffff 499 Firefox for Android affiliate
701 TurboTax sponsored
500 Mozilla Manifesto affiliate
502 Customize Firefox affiliate
#fff 690 Mozilla Developer Network affiliate (empty)
504 Firefox Marketplace affiliate
#3fb58e 505 Mozilla Webmaker affiliate
506 Firefox Sync affiliate
507 Privacy Principles affiliate


Indeed there is an advertisement in there., It’s a native advertisement, perhaps you can spot it?

enhancedImageURI imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI
(empty) imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI

Firefox blocks Flash v11.202.424 and prior because CVE-2014-9163 (APSB14-27)

Get Flash Player; Adobe


broken Linux and earlier APSB14-27
fixed flash-plugin- Download


  • APSB14-27 Security updates available for Adobe Flash Player


  • 1109795Blocklist Flash versions vulnerable to CVE-2014-9163 ( and below, on linux)


  • CVE-2014-9163 Stack-based buffer overflow in Adobe Flash Player
    before and 14.x and 15.x before on Windows and OS X and before on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in 2014-12.




Flashblock FlashControl
NoScript ScriptBlock, ScriptSafe NotScripts

$ sudo yum update -y flash-plugin
Loaded plugins: auto-update-debuginfo, langpacks, refresh-packagekit
Resolving Dependencies
--> Running transaction check
---> Package flash-plugin.x86_64 0: will be updated
---> Package flash-plugin.x86_64 0: will be an update
--> Finished Dependency Resolution

Dependencies Resolved

Package         Arch      Version                  Repository             Size
flash-plugin    x86_64     adobe-linux-x86_64    6.9 M

Transaction Summary
Upgrade  1 Package

Total download size: 6.9 M
Downloading packages:
No Presto metadata available for adobe-linux-x86_64
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating   : flash-plugin-                     1/2
Cleanup    : flash-plugin-                     2/2
Verifying  : flash-plugin-                     1/2
Verifying  : flash-plugin-                     2/2

flash-plugin.x86_64 0:


Pure URL for Firefox removes garbage like ‘utm_source’ from URLs

Pure URL for Firefox


More than the default settings (cut & paste this into) the config settings in about:addons

utm_cid, smprod, smid,it_source,wpmp_tp, utm_hp_ref,mod,tag,mbid, mtid,ncid,utm_cid,utm_source, utm_medium, utm_term, utm_content, utm_campaign, utm_reader, utm_place, ga_source, ga_medium, ga_term, ga_content, ga_campaign, ga_place, yclid, _openstat,, fb_action_ids, fb_action_types, fb_ref, fb_source, action_object_map, action_type_map, action_ref_map,,,,,

Simplified instructions for the configuration of Firefox to support Yahoo! Messenger’s ymsgr:SendIM URLs


Step 1

In the file ~/.local/share/applications/mimeapps.list, add the following

# ymsgr

Step 2

Within the directory ~/.local/share/applications add a file ymsgr.desktop containing the following:

[Desktop Entry]
Name=Yahoo! Messenger
Comment=Yahoo! Messenger
Exec=purple-url-handler %u

Step 3

Configure the MIME types handler to use the new MIME type and purple-url-handler.



$ rpm -q -a | grep purple

Previously noted

Ad blockers: A solution or a problem? | ComputerWorld

; Ad blockers: A solution or a problem?; In ComputerWorld; 2014-01-15.
Teaser: It’s a cause. It’s a curse. It’s just business. Ad blockers take a bite out of the $20 billion digital advertising pie.

; The business of ad blocking: A Q&A with Adblock Plus lead investor Tim Schumacher; In ComputerWorld; 2014-01-15.
Teaser: interview with Tim Schumacher



  • Adblock Plus
    • Till Faida, president
    • Acceptable Ads program
    • Tim Schumacher
      • the founder of domain marketplace Sedo
      • Adblock Plus’ biggest investor
    • Claims
      • Attributed to Tim Schumacher
      • 148 publishers participate in the Acceptable Ads program
      • 90% of participants in the program aren’t charged at all
      • Attributed to Ad Block Plus
        • rejected 50% of 777 whitelist applicants; because of [their] unacceptable ads,
        • the overall acceptance rate stands at just 9.5%.
        • <quote>Adblock Plus claims that about 6% of all Web surfers in the U.S. run its open-source software, mostly in the form of Google Chrome and Firefox browser add-ons and extensions.</quote>
    • Deals
      • Google
      • Some “Alexa top 100″ site, spoken for anonymously by an ex-employee.
  • AdBlock
    • Not Ad Block Plus, but something else
    • Michael Gundlach, founder, ex-Google
  • ClarityRay
    • Ido Yablonka, CEO
    • URL-swapping mechanism
    • Funding: around $0.5M
  • Destructoid
    • Niero Gonzalez
  • Disconnect
    • Casey Oppenheim, co-CEO
  • Evidon
  • Geekzone
    • Mauricio Freitas, publisher
  • Google
    • 2013-03 => removed Ad Block Plus from its Google Play store, 2013-03
    • 2013-06 => deal with Ad Block Plus

      • Media
        • search ads
        • sponsored search results
      • Venue
        • Google
        • AdSense partners
  • Interactive Advertising Bureau (IAB)
    • Mike Zaneis, senior vice president
  • PageFair
    • JavaScript countermeasure
    • Sean Blanchfield, CEO
    • Funding: around $0.5M
  • Reddit
    • Erik Martin, general manager
  • Some Site
    • Not named explicitly
    • “top-ranking in Alexa”
    • Spoken for by an ex-employee.
    • <quote>On the other hand, the former executive at the Alexa top-ranking site said an Adblock Plus representative told him he had to pay even though Adblock Plus agreed that the publisher’s ads were acceptable and should not be blocked. “If we didn’t pay they would continue to block us. To me it seems like extortion,” he says.</quote>

Quoted for color, breadth & verisimilitude


  • Only time will tell (the old saw)
  • <quote>Everything turns on what consumers do next. </quote>

Via: backfill
Via: Soulskill; Ask Slashdot: Are AdBlock’s Days Numbered?; In Slashdot; 2014-01-17.

Click-to-Play in Mozilla’s Firefox


Via: backfill, backfill

, Mozilla Wiki

; In Mozilla Support

Lightbeam for Firefox



  • Visualizations
    1. Graph
    2. Clock
    3. List
  • Sharing
    • Data stored locally




Via: backfill




Via: backfill



Install on Fedora / Korora and rpm-based distros (gnome/cinnamon); forum discussion; 2013-05-04 -> 2013-05-15.

Basic Fedora RPM Packaging; forum discussion; 2012-03-31 -> 2012-04-18.

  • Trial Packaging: nightingale-1.11.0-2.fc16.src.rpm
  • Summary of issues
    • Bundled libs
    • Downloading external dependencies during building
    • Downloading BINARY dependencies during building
    • No FHS compliant “make install” target.

Mozilla Firefox Social API in Firefox Facebook Messenger (and others)


Turn Off Facebook ServiceDisable Facebook Service




  • Control Messages
  • Service Works
  • Ambient Notification Control
  • Active Notification Control
  • Page Marks (Recommendations)
  • Link Recommendation Control
  • Messages Sent to Widgets
  • from Firefox 23
    • Share (button)
    • Service Discovery


By Mozilla …


Ahem … surely there’s more of a following for Mozilla’s product offerings than one beat reporter over at AOL (TechCrunch).  But that’s not what the search engines are telling me…




Mozilla Prospector is User Personalization Built Into the Browser

Prospector by Mozilla Labs


What is It?

  • Seems to be a concept, a vision.
  • A set of collaborations with publishing businesses.
  • A solicitation of feedback, a call for a vote of confidence in the vision.

Not yet

  • Running code
  • Released feature set
  • An experience
  • Not yet at the wireframe/screen shot stage.


  • Content preferences managed in the browser
  • Content targeting preferences communicated to web servers (e.g. advertisers)
  • Service destinations, e.g. Firefox Marketplace, could recommend based on declared interests.


  • <quote><snip/>we’ve begun testing this concept with volunteer participants<snip/>sharing their interests on their own terms in order to see personalized content, and the results are promising.</quote>
  • <quote>We think this type of offering could bring transparent, effective personalization to users all across the Web in ways we haven’t even thought of yet. What do you think <snip/>? </quote>




Via backfill, backfill, backfill and noted.

Configuring Firefox to support Yahoo! Messenger’s ymsgr:SendIM URLs

tl;dr => the published recipe does not work; it longer works (it once may have).

Problem Statement

I want URLs of the form ymsgr:SendIM?someone to work in Firefox, where work is defined as

  • Double-click in Firefox initiates an URL handler for ymsgr protocol.
  • The handler communicates with the running pidgin.
  • Initiates a new conversation in pidgin using Yahoo! Messenger services.

On Fedora, Fedora 17, 18, 19.

Concept of the Recipe

  • Use purple-url-handler
  • Convince Firefox to initiate this handler for URL scheme ymsgr


The invocation of purple-url-handler works, where work is defined as

  • From the command line …
  • The handler communicates with the running pidgin.
  • Initiates a new conversation in pidgin using Yahoo! Messenger services.

The problem occurs in convincing Firefox to accept the ymsgr protocol as a valid protocol.

Helpful & Instructive

Mozilla 312953 Confusing error message when protocol handler is non-existent app
After some comments, some success is reported with a different recipe than
Registering a protocol in Firefox (which does not work); something in & around:

  • Either personally or system-wide, add MIME types
    • Add MIME types to ~/.local/share/applications/mimeapps.list
    • Add the symlink /etc/gnomes/defaults.list pointing to /usr/share/applications/defaults.list (this advice seems spurious so ignore it)
  • The MIME types descriptions in mimeapps.list
  • There must be a ymsgr.desktop patterned after some of the other *.desktop files located in
    • /usr/share/applications
    • ~/.local/share/applications
  • A winning definition of ymsgr.desktop:
    [Desktop Entry]
    Name=Yahoo! Messenger
    Comment=Yahoo! Messenger
    Exec=purple-url-handler %u
  • A restart of Firefox does not seem to be necessary.

Irrelevant & Wrong

The received wisdom is Registering a protocol in Firefox, instructions for Linux and Mac.  This is wrong and does not work.  Something about within the about:config page, add some various properties and it will “just work.”  It does not.

  • network.protocol-handler.expose.ymsgr (Boolean) false


  • network.protocol-handler.external.ymsgr (Boolean) true
  • (String) "/usr/bin/purple-url-handler %s"
  • network.protocol-handler.expose-all (Boolean) true


Debugging …

gconftool-2 --set /desktop/gnome/url-handlers/ymsgr/command --type String '/usr/bin/purple-url-handler %s'
gconftool-2 --set /desktop/gnome/url-handlers/ymsgr/enabled --type Boolean true
$ rpm -q -f /usr/bin/purple-url-handler
$ gconftool-2 --set /desktop/gnome/url-handlers/ymsgr/command  --type String '/usr/bin/purple-url-handler %s'
$ gconftool-2 --set /desktop/gnome/url-handlers/ymsgr/enabled --type Boolean true

$ for path in /desktop/gnome/url-handlers/ymsgr/{command,enabled} ; do echo "$path -> '$(gconftool-2 --get $path)'"; done
/desktop/gnome/url-handlers/ymsgr/command -> '/usr/bin/purple-url-handler %s'
/desktop/gnome/url-handlers/ymsgr/enabled -> 'true'

Unclear that /etc/gnome/defaults.list is really a valid thing

$ ls -als /etc/gnome/defaults.list
ls: cannot access /etc/gnome/defaults.list: No such file or directory

Recall that the suggestion was to link /etc/gnome/defaults.list to /usr/share/applications/defaults.list, yet /etc/gnome is not a directory:

$ ls -l /usr/share/applications/defaults.list /etc/gnome/defaults.list
ls: cannot access /etc/gnome/defaults.list: No such file or directory
-rw-r--r--. 1 root root 15530 Feb 13 12:26 /usr/share/applications/defaults.list
$ ls -ld /etc/gnome
ls: cannot access /etc/gnome: No such file or directory

The systemwide application MIME types application bindings.

$ cat ~/.local/share/applications/mimeapps.list 
[Default Applications]

[Added Associations]
$ wc -l /usr/share/applications/defaults.list
360 /usr/share/applications/defaults.list
$ head /usr/share/applications/defaults.list 
[Default Applications]

And arbitrarily, the Cherrytree application’s cherrytree.desktop against which to pattern a proposed construction of ymsgr.desktop

$ cat /usr/share/applications/cherrytree.desktop 
[Desktop Entry]
Comment=Hierarchical Note Taking
Comment[cs]=Hierarchická tvorba poznámek
Comment[de]=Hierarchische Notizfunktion
Comment[es]=Gestor de notas jerárquico
Comment[fr]=Prise de Notes Hiérarchisées
Comment[gl]=Xestor de notas xerárquico
Comment[it]=Gestore di Appunti Gerarchico
Comment[pl]=Strukturalny Notes
Comment[ru]=Записная книжка с иерархической структурой
Comment[uk]=Записник з ієрархічною структурою
Exec=cherrytree %f


The failure case

The default settings in Firefox (Firefox 19)

Some modified settings in Firefox (recall, these have no effect set up as such):

On the ubiquity and pointlessness of automated messaging: “it is strongly recommended that you upgrade”

To wit:

  • A security and stability update for Firefox is available
  • It is strongly recommended that you apply this update for Firefox as soon as possible.


  • The release notes just indicate some neat new features and bug fixes.

Note to self:

  • Discount the intensity of automated messaging.

Release Notes for Firefox 19.0