Configuring/Hardening Firefox for Security and Privacy
- dom.event.clipboardevents.enabled => false
- clipboard.plainTextOnly => true
- referer spoofSource => true
|2391 ##linux Channel website: https://freenode.linux.community | Pastebin: https://paste.linux.community | Need an op? Join ##linux-ops | CoC? ##linux-offtopic, please.|
|1931 #python Don't paste, use https://paste.pound-python.org/ | http://bit.ly/psf-coc | Tutorial: http://bit.ly/MCAhYx | New programmer? http://bit.ly/23X7emF | Specify 2.x or 3.x in your question | Find your local User Group: http://goo.gl/S1Zsq | #python-fr #python.de #python-es #python.tw #python-br #python-nl #python-ir #python.it #python-ro #python-india #python-hu #python-dk #python-dev|
|1926 #freenode Welcome to #freenode | Feel free to message staff at any time. You can find us using /stats p (shows immediately-available staff) or /who freenode/staff/* (shows all staff) | See https://freenode.net/news/spambot-attack regarding spam | User mode +R blocks unregistered user PMs|
One of the best ways to reduce complexity (read: stress) in web development is to minimize the differences between your development and production environments. After being frustrated by attempts to unify the approach to SSL on my local machine and in production, I searched for a workflow that would make the protocol invisible to me between all environments.
Most workflows make the following compromises:
Use HTTPS in production but HTTP locally. This is annoying because it makes the environments inconsistent, and the protocol choices leak up into the stack. For example, your web application needs to understand the underlying protocol when using the
secure flag for cookies. If you don't get this right, your HTTP development server won't be able to read the cookies it writes, or worse, your HTTPS production server could pass sensitive cookies over an insecure connection.
Use production SSL certificates locally. This is annoying
Ideas are cheap. Make a prototype, sketch a CLI session, draw a wireframe. Discuss around concrete examples, not hand-waving abstractions. Don't say you did something, provide a URL that proves it.
Nothing is real until it's being used by a real user. This doesn't mean you make a prototype in the morning and blog about it in the evening. It means you find one person you believe your product will help and try to get them to use it.