Debian shall soon have a Conkeror package, thanks to Axel Beckert who takes a minute to break down the current keymap. Naturally, you have to poke fun at vi users here. But wait! I am a vi user!

What can I say, except maybe

1. Emacs (the rudiments, anyway) is like riding a bicycle
2. When I say vi, i mean vile, not vim. vim gives me hives. vile is teh awesome.

I am working on a set of vile-ish bindings, and I can't say I feel any pressing need to stick hjkl in. You could start from there, but that's missing the point, I think.

(You know what's also awesome? My email is still down, so I won't even have to delete flames from people who take their choice of editor/browser Very Seriously until sometime tomorrow.)

I spent some time banging my head against SSL certificate stuff this weekend in the hopes of implementing a Really Awesome Solution to this awful Firefox security theater thing everyone was complaining about, but I didn't get anywhere. However, I noticed something interesting: Mozilla does not trust the CAcert root certificate. A number of useful sites, like Freedesktop.org's bug tracker, use a CAcert-signed certificate rather than a self-signed one.

I really know nothing about this organization, but they seem to have their stuff together, and if you run a largish free software project, you could potentially save a lot of people the trouble of checking yet another self-signing CA. Around the lab, or in one of my tiny projects, I don't think I'd bother, but it is free.

Anyway, we ship their root CA thing in Debian, and OpenSSL stuff picks it up fine. Mozilla's process is somewhat more mysterious. There's an apparently hardcoded list of the usual thugs from the Verisign/Thawte/etc protection racket, and then there's a database in each user profile for whack-a-mole stuff. There is not, shockingly enough, somewhere for an operating system to set system certificate policy. (I guess there is not much room for an operating system in the Mozilla world-view at all). So you have to shove it in there once for every user times every single profile.

Here is the command to do it.

1. apt-get install libnss3-tools
2. certutil -d $HOME/.mozilla/firefox/$HLAGHLLAGHGAAHLGALHHGHLAGH.default -A -n 'CA Cert Signing Authority - Root CA' -t CT,C,C -i /etc/ssl/certs/root.pem

It's only slight pain relief, but it's something. You can also not install certutil, and click through ten million dialog boxes to import it, but screw that.

UPDATE: A commenter points me to StartSSL, another service that may deserve a look here, and is on Mozilla's good side. It appears to be an unholy mix of things that sound awesome (client-side certs for OpenID, web-of-trust identification) and things that seriously skeeve me out (trademark symbols everywhere, Aladdin dongles). They, uh, also have a Linux distribution. No, really.

UPDATE 2: James Andrewartha points out that we should eventually see Mozilla move this stuff out of libnssckbi.so and into SQLite, which sounds like a big win for us. Hopefully before that time I will figure out how to get sqlite(1) to work on my cookies.

Today, like any other day, I started Firefo^WIceweasel. I mapped it at the bottom of my window stack. It promptly raised itself. I closed everything and tried opening a new homepage. Nope, that's fine. I tried again with two tabs saved. It raised itself again.

I have been watching variations of this bug regress for eight years now and I am tired of it. So I installed Conkeror. After a good three-year run of being able to sit down at someone else's random PC and say, "hey, a web browser that nearly works as well as mine" (since it is, you know, the same one), I look forward to being utterly fed up with how primitive the rest of the world is again. And what are we in this for, if not that?

Russel notes a discussion of the problems with embedded media. I've been using a Greasemonkey script for a while to linkify EMBED tags for easier non-embedded downloading, but this doesn't help much on Flash sites such as YouTube. I haven’t installed Flash in years, but I got sick of slinging URLs around and/or giving up and being the unpopular kid, so I took some other Greasemonkey code I was hacking on and mushed it all together:

http://www.red-bean.com/~decklin/userscripts/unembedtube.user.js

(I get a perverse sort of nostalgia out of bringing back the "puzzle piece" for links, and mocking people with it.) YouTube embeds will appear to work like any other, but the URL is changed from the Flash wrapper to the FLV file, which can be opened in MPlayer/Totem/whatever. Since we can figure out this URL, it is also, of course, possible to make such the link back into an embed usable by mplayer-mozilla or a similar plugin.

Unfortunately, I don't have time to look up how to add a configuration menu, but this line of JS does have a certain charm to it:

var evil = 0; // need to make this user-settable

You know what to do. If you want true evil, there are some pointers in the comments. For YouTube videos embedded from other sites, the best I can kludge for now is link to the video's original YouTube page. If someone would like to write a routine to snarf that page with XMLHTTPRequest and yank the necessary arguments out, I would love to add it.

(Insert five-page “think piece” here about the lost dream of MIME and the sad fact that the rise of “Web 2.0” has been driven more by the fact that native installation is irreparably broken and pointless anyway on most PCs than it is by the fact that JavaScript actually works now and the implications of this for the Free Software movement especially in light of the fact that we are still human beings who occasionally do social things like sign up for Twitter even though they're running on some proprietary code base.)

Tip of the day:

.toolbar-primary > toolbarbutton .toolbarbutton-icon {
    padding: 5px !important;
}

More target-acquisition space, no distracting labels. People who write extensions tend to make their labels ridiculous.