Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
R: Java in extensions/add-ons
17 views
Skip to first unread message
Armando Stellato
May 22, 2013, 4:36:28 PM5/22/13
to Peter Likarish, dev-ext...@lists.mozilla.org
Dear Peter,
we have (had?) an extension too:
https://addons.mozilla.org/it/firefox/addon/semantic-turkey/
we have been overwhelmed, crashed, beaten by the many issues that we
encountered at each new version of Firefox making it not working each time.
Not to speak about the bugs in The Hub, rejecting bytecode or jar present in
extensions (upon their upload), or larger than # bytes, and most of all, the
impossibility of passing a review and thus publish (even with all the
possible caveats) your extension if it is going to use java code: a
publishable extension cannot contain bytecode, as it could be malicious. If
open source, the bytecode can be reviewed, but then, practically, if it is
even barely complex, no one is going to do it.
Probably going to give up...I would say I'm a bit disappointed, given the
amount of time we invested, always trying to chase temporary solutions
doomed to be impracticable in the following version, but I may understand
FF-Java may be a niche of an application profile, causing more dangers than
solutions...
Given it for extinct (or at least, highly undesired), we will probably opt
for a separate java server, to be ran separately, and then queried by the UI
on Firefox...
Cheers,
Armando
> -----Messaggio originale-----
> Da: dev-extensions-bounces+stellato=info.uni...@lists.mozilla.org
>
[mailto:dev-extensions-bounces+stellato=info.uni...@lists.mozilla.org]
> Per conto di Peter Likarish
> Inviato: mercoledì 22 maggio 2013 22.09
> A: dev-ext...@lists.mozilla.org
> Oggetto: Java in extensions/add-ons
>
> Hi all,
>
> I'm part of a research team that has been developing an extension that
> makes use of java. Or at least it used to. In Firefox 21 we are unable to
use
> any of the previous methods for getting access to the java class files in
our
> jars. We're aware of this:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=748343
> But comments 73 & 75 seem to indicate that there is some work around.
>
> and
>
> https://developer.mozilla.org/en-US/docs/Java_in_Firefox_Extensions
>
> But the timeline for everything is confusing.
>
> Can anyone confirm whether:
> 1) They have java working in their extension?
> 2) There is no longer any interoperability between FF extensions and java?
>
> Many thanks,
>
> Peter
>
> _______________________________________________
> dev-extensions mailing list
> dev-ext...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-extensions
we have (had?) an extension too:
https://addons.mozilla.org/it/firefox/addon/semantic-turkey/
we have been overwhelmed, crashed, beaten by the many issues that we
encountered at each new version of Firefox making it not working each time.
Not to speak about the bugs in The Hub, rejecting bytecode or jar present in
extensions (upon their upload), or larger than # bytes, and most of all, the
impossibility of passing a review and thus publish (even with all the
possible caveats) your extension if it is going to use java code: a
publishable extension cannot contain bytecode, as it could be malicious. If
open source, the bytecode can be reviewed, but then, practically, if it is
even barely complex, no one is going to do it.
Probably going to give up...I would say I'm a bit disappointed, given the
amount of time we invested, always trying to chase temporary solutions
doomed to be impracticable in the following version, but I may understand
FF-Java may be a niche of an application profile, causing more dangers than
solutions...
Given it for extinct (or at least, highly undesired), we will probably opt
for a separate java server, to be ran separately, and then queried by the UI
on Firefox...
Cheers,
Armando
> -----Messaggio originale-----
> Da: dev-extensions-bounces+stellato=info.uni...@lists.mozilla.org
>
[mailto:dev-extensions-bounces+stellato=info.uni...@lists.mozilla.org]
> Per conto di Peter Likarish
> Inviato: mercoledì 22 maggio 2013 22.09
> A: dev-ext...@lists.mozilla.org
> Oggetto: Java in extensions/add-ons
>
> Hi all,
>
> I'm part of a research team that has been developing an extension that
> makes use of java. Or at least it used to. In Firefox 21 we are unable to
use
> any of the previous methods for getting access to the java class files in
our
> jars. We're aware of this:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=748343
> But comments 73 & 75 seem to indicate that there is some work around.
>
> and
>
> https://developer.mozilla.org/en-US/docs/Java_in_Firefox_Extensions
>
> But the timeline for everything is confusing.
>
> Can anyone confirm whether:
> 1) They have java working in their extension?
> 2) There is no longer any interoperability between FF extensions and java?
>
> Many thanks,
>
> Peter
>
> _______________________________________________
> dev-extensions mailing list
> dev-ext...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-extensions
Benjamin Smedberg
May 24, 2013, 10:48:10 AM5/24/13
to Peter Likarish, dev-ext...@lists.mozilla.org
On 5/22/2013 4:08 PM, Peter Likarish wrote:
> Hi all,
>
> I'm part of a research team that has been developing an extension that makes use of java. Or at least it used to. In Firefox 21 we are unable to use any of the previous methods for getting access to the java class files in our jars.
We strongly discourage using Java in Firefox extension. The Java plugin
> Hi all,
>
> I'm part of a research team that has been developing an extension that makes use of java. Or at least it used to. In Firefox 21 we are unable to use any of the previous methods for getting access to the java class files in our jars.
has had known vulnerabilities for pretty much every day of the past two
years. We are therefore making Java click-to-play by default. Currently
this also means that extensions cannot use the Java plugin (see
https://bugzilla.mozilla.org/show_bug.cgi?id=834918) without explicitly
activating it.
In bug 775301 we're considering not allowing plugins in chrome.
--BDS
Axel Grude
May 31, 2013, 12:30:54 PM5/31/13
to
April Morone
May 31, 2013, 12:47:11 PM5/31/13
to Axel Grude, dev-ext...@lists.mozilla.org
Noted. Thank you for telling of this information.
April Morone
>> show_bug.cgi?id=834918<https://bugzilla.mozilla.org/show_bug.cgi?id=834918>)
> dev-extensions mailing list
> dev-ext...@lists.mozilla.**org <dev-ext...@lists.mozilla.org>
> https://lists.mozilla.org/**listinfo/dev-extensions<https://lists.mozilla.org/listinfo/dev-extensions>
>
April Morone
On May 31, 2013 12:35 PM, "Axel Grude" <axel....@gmail.com> wrote:
> On 5/22/2013 4:08 PM, Peter Likarish wrote:
>> We strongly discourage using Java in Firefox extension. The Java plugin
>> has had known
>> vulnerabilities for pretty much every day of the past two years. We are
>> therefore
>> making Java click-to-play by default. Currently this also means that
>> extensions cannot
>> use the Java plugin (see https://bugzilla.mozilla.org/**
> On 5/22/2013 4:08 PM, Peter Likarish wrote:
>> We strongly discourage using Java in Firefox extension. The Java plugin
>> has had known
>> vulnerabilities for pretty much every day of the past two years. We are
>> therefore
>> making Java click-to-play by default. Currently this also means that
>> extensions cannot
>> show_bug.cgi?id=834918<https://bugzilla.mozilla.org/show_bug.cgi?id=834918>)
>> without
>> explicitly activating it.
>>
>> In bug 775301 we're considering not allowing plugins in chrome.
>>
>
> I would love that. Less crashes.
>
>
> ______________________________**_________________
>> explicitly activating it.
>>
>> In bug 775301 we're considering not allowing plugins in chrome.
>>
>
> I would love that. Less crashes.
>
>
> dev-extensions mailing list
> dev-ext...@lists.mozilla.**org <dev-ext...@lists.mozilla.org>
> https://lists.mozilla.org/**listinfo/dev-extensions<https://lists.mozilla.org/listinfo/dev-extensions>
>
Jeff Griffiths
May 31, 2013, 1:14:03 PM5/31/13
to April Morone, dev-ext...@lists.mozilla.org
An alternative architecture I've seen used by some developers with
success is to use a socket connection to talk to a service running on
the host operating system, eg 1Password has a 'helper' daemon running at
all times on my Mac, and the extension just uses the WebSocket protocol
to communicate with it.
The trade-off I think is the added complexity of running a service on
the user's machine, it really helps here that you've run some sort of
software installer that handled that setup. The benefit is that your
browser extensions can be relatively light-weight and pure JS, for
example I believe 1Password uses a single code-based for their
extensions on Safari, Chrome and Firefox ( where they use Jetpack )
Jeff
On 2013-05-31 9:47 AM, April Morone wrote:
> Noted. Thank you for telling of this information.
> April Morone
> On May 31, 2013 12:35 PM, "Axel Grude" <axel....@gmail.com> wrote:
>
success is to use a socket connection to talk to a service running on
the host operating system, eg 1Password has a 'helper' daemon running at
all times on my Mac, and the extension just uses the WebSocket protocol
to communicate with it.
The trade-off I think is the added complexity of running a service on
the user's machine, it really helps here that you've run some sort of
software installer that handled that setup. The benefit is that your
browser extensions can be relatively light-weight and pure JS, for
example I believe 1Password uses a single code-based for their
extensions on Safari, Chrome and Firefox ( where they use Jetpack )
Jeff
On 2013-05-31 9:47 AM, April Morone wrote:
> Noted. Thank you for telling of this information.
> April Morone
> On May 31, 2013 12:35 PM, "Axel Grude" <axel....@gmail.com> wrote:
>
>> On 5/22/2013 4:08 PM, Peter Likarish wrote:
>>> We strongly discourage using Java in Firefox extension. The Java plugin
>>> has had known
>>> vulnerabilities for pretty much every day of the past two years. We are
>>> therefore
>>> making Java click-to-play by default. Currently this also means that
>>> extensions cannot
>>> We strongly discourage using Java in Firefox extension. The Java plugin
>>> has had known
>>> vulnerabilities for pretty much every day of the past two years. We are
>>> therefore
>>> making Java click-to-play by default. Currently this also means that
>>> extensions cannot
>>> use the Java plugin (see https://bugzilla.mozilla.org/**
>>> show_bug.cgi?id=834918<https://bugzilla.mozilla.org/show_bug.cgi?id=834918>)
>>> show_bug.cgi?id=834918<https://bugzilla.mozilla.org/show_bug.cgi?id=834918>)
>>> without
>>> explicitly activating it.
>>>
>>> In bug 775301 we're considering not allowing plugins in chrome.
>>>
>>
>> I would love that. Less crashes.
>>
>>
>>> explicitly activating it.
>>>
>>> In bug 775301 we're considering not allowing plugins in chrome.
>>>
>>
>> I would love that. Less crashes.
>>
>>
>> ______________________________**_________________
>> dev-extensions mailing list
>> dev-ext...@lists.mozilla.**org <dev-ext...@lists.mozilla.org>
>> https://lists.mozilla.org/**listinfo/dev-extensions<https://lists.mozilla.org/listinfo/dev-extensions>
>>
>> dev-extensions mailing list
>> dev-ext...@lists.mozilla.**org <dev-ext...@lists.mozilla.org>
>> https://lists.mozilla.org/**listinfo/dev-extensions<https://lists.mozilla.org/listinfo/dev-extensions>
>>
April Morone
May 31, 2013, 1:35:18 PM5/31/13
to Jeff Griffiths, dev-ext...@lists.mozilla.org
I will soon be adding a UI widget. Any ideas on this tht can help because
I will be using my home computer to do so (at the moment, I am only at
volunteer contributor level with and for Mozilla. So, I will be using my
home desktop computer that hs high specs to handle it, plus Ubuntu
12.04LTS, currently, on it). Any additonal info could help. I know to use
DOJO, dealing wih AJAXand Javascript, plus the code to do so. But any
additional advise would be greatly appreciated before I start this, this
coming Monday).
April Morone
>>>> show_bug.cgi?id=834918<https:/**/bugzilla.mozilla.org/show_**
>>>> bug.cgi?id=834918 <https://bugzilla.mozilla.org/show_bug.cgi?id=834918>
>>> dev-extensions mailing list
>>> dev-ext...@lists.mozilla.****org <dev-ext...@lists.mozilla.**org<dev-ext...@lists.mozilla.org>
>>> >
>>> https://lists.mozilla.org/****listinfo/dev-extensions<https://lists.mozilla.org/**listinfo/dev-extensions>
>>> <https:**//lists.mozilla.org/listinfo/**dev-extensions<https://lists.mozilla.org/listinfo/dev-extensions>
I will be using my home computer to do so (at the moment, I am only at
volunteer contributor level with and for Mozilla. So, I will be using my
home desktop computer that hs high specs to handle it, plus Ubuntu
12.04LTS, currently, on it). Any additonal info could help. I know to use
DOJO, dealing wih AJAXand Javascript, plus the code to do so. But any
additional advise would be greatly appreciated before I start this, this
coming Monday).
April Morone
On May 31, 2013 1:14 PM, "Jeff Griffiths" <jgrif...@mozilla.com> wrote:
> An alternative architecture I've seen used by some developers with success
> is to use a socket connection to talk to a service running on the host
> operating system, eg 1Password has a 'helper' daemon running at all times
> on my Mac, and the extension just uses the WebSocket protocol to
> communicate with it.
>
> The trade-off I think is the added complexity of running a service on the
> user's machine, it really helps here that you've run some sort of software
> installer that handled that setup. The benefit is that your browser
> extensions can be relatively light-weight and pure JS, for example I
> believe 1Password uses a single code-based for their extensions on Safari,
> Chrome and Firefox ( where they use Jetpack )
>
> Jeff
>
> On 2013-05-31 9:47 AM, April Morone wrote:
>
>> Noted. Thank you for telling of this information.
>> April Morone
>> On May 31, 2013 12:35 PM, "Axel Grude" <axel....@gmail.com> wrote:
>>
> An alternative architecture I've seen used by some developers with success
> is to use a socket connection to talk to a service running on the host
> operating system, eg 1Password has a 'helper' daemon running at all times
> on my Mac, and the extension just uses the WebSocket protocol to
> communicate with it.
>
> The trade-off I think is the added complexity of running a service on the
> user's machine, it really helps here that you've run some sort of software
> installer that handled that setup. The benefit is that your browser
> extensions can be relatively light-weight and pure JS, for example I
> believe 1Password uses a single code-based for their extensions on Safari,
> Chrome and Firefox ( where they use Jetpack )
>
> Jeff
>
> On 2013-05-31 9:47 AM, April Morone wrote:
>
>> Noted. Thank you for telling of this information.
>> April Morone
>> On May 31, 2013 12:35 PM, "Axel Grude" <axel....@gmail.com> wrote:
>>
>> On 5/22/2013 4:08 PM, Peter Likarish wrote:
>>>
>>>> We strongly discourage using Java in Firefox extension. The Java plugin
>>>> has had known
>>>> vulnerabilities for pretty much every day of the past two years. We are
>>>> therefore
>>>> making Java click-to-play by default. Currently this also means that
>>>> extensions cannot
>>>> use the Java plugin (see https://bugzilla.mozilla.org/****<https://bugzilla.mozilla.org/**>
>>>
>>>> We strongly discourage using Java in Firefox extension. The Java plugin
>>>> has had known
>>>> vulnerabilities for pretty much every day of the past two years. We are
>>>> therefore
>>>> making Java click-to-play by default. Currently this also means that
>>>> extensions cannot
>>>> show_bug.cgi?id=834918<https:/**/bugzilla.mozilla.org/show_**
>>>> bug.cgi?id=834918 <https://bugzilla.mozilla.org/show_bug.cgi?id=834918>
>>>> >)
>>>> without
>>>> explicitly activating it.
>>>>
>>>> In bug 775301 we're considering not allowing plugins in chrome.
>>>>
>>>>
>>> I would love that. Less crashes.
>>>
>>>
>>> ______________________________****_________________
>>>> without
>>>> explicitly activating it.
>>>>
>>>> In bug 775301 we're considering not allowing plugins in chrome.
>>>>
>>>>
>>> I would love that. Less crashes.
>>>
>>>
>>> dev-extensions mailing list
>>> dev-ext...@lists.mozilla.****org <dev-ext...@lists.mozilla.**org<dev-ext...@lists.mozilla.org>
>>> >
>>> https://lists.mozilla.org/****listinfo/dev-extensions<https://lists.mozilla.org/**listinfo/dev-extensions>
>>> <https:**//lists.mozilla.org/listinfo/**dev-extensions<https://lists.mozilla.org/listinfo/dev-extensions>
April Morone
May 31, 2013, 1:39:04 PM5/31/13
to Jeff Griffiths, dev-ext...@lists.mozilla.org
If I don't yet hear on the specs being ironed out on the opti9onal widget
project, than I will actually hold off doing so on Monday, until I do. So,
you might have a little bit of time to get back to me on this, after all.
Didn't mean to seem as though rushing for additonal information.
project, than I will actually hold off doing so on Monday, until I do. So,
you might have a little bit of time to get back to me on this, after all.
Didn't mean to seem as though rushing for additonal information.
April Morone
On May 31, 2013 1:14 PM, "Jeff Griffiths" <jgrif...@mozilla.com> wrote:
> An alternative architecture I've seen used by some developers with success
> is to use a socket connection to talk to a service running on the host
> operating system, eg 1Password has a 'helper' daemon running at all times
> on my Mac, and the extension just uses the WebSocket protocol to
> communicate with it.
>
> The trade-off I think is the added complexity of running a service on the
> user's machine, it really helps here that you've run some sort of software
> installer that handled that setup. The benefit is that your browser
> extensions can be relatively light-weight and pure JS, for example I
> believe 1Password uses a single code-based for their extensions on Safari,
> Chrome and Firefox ( where they use Jetpack )
>
> Jeff
>
> On 2013-05-31 9:47 AM, April Morone wrote:
>
>> Noted. Thank you for telling of this information.
>> April Morone
>> On May 31, 2013 12:35 PM, "Axel Grude" <axel....@gmail.com> wrote:
>>
On May 31, 2013 1:14 PM, "Jeff Griffiths" <jgrif...@mozilla.com> wrote:
> An alternative architecture I've seen used by some developers with success
> is to use a socket connection to talk to a service running on the host
> operating system, eg 1Password has a 'helper' daemon running at all times
> on my Mac, and the extension just uses the WebSocket protocol to
> communicate with it.
>
> The trade-off I think is the added complexity of running a service on the
> user's machine, it really helps here that you've run some sort of software
> installer that handled that setup. The benefit is that your browser
> extensions can be relatively light-weight and pure JS, for example I
> believe 1Password uses a single code-based for their extensions on Safari,
> Chrome and Firefox ( where they use Jetpack )
>
> Jeff
>
> On 2013-05-31 9:47 AM, April Morone wrote:
>
>> Noted. Thank you for telling of this information.
>> April Morone
>> On May 31, 2013 12:35 PM, "Axel Grude" <axel....@gmail.com> wrote:
>>
>> On 5/22/2013 4:08 PM, Peter Likarish wrote:
>>>
>>>> We strongly discourage using Java in Firefox extension. The Java plugin
>>>> has had known
>>>> vulnerabilities for pretty much every day of the past two years. We are
>>>> therefore
>>>> making Java click-to-play by default. Currently this also means that
>>>> extensions cannot
>>>
>>>> We strongly discourage using Java in Firefox extension. The Java plugin
>>>> has had known
>>>> vulnerabilities for pretty much every day of the past two years. We are
>>>> therefore
>>>> making Java click-to-play by default. Currently this also means that
>>>> extensions cannot
>>>> use the Java plugin (see https://bugzilla.mozilla.org/****<https://bugzilla.mozilla.org/**>
>>>> show_bug.cgi?id=834918<https:/**/bugzilla.mozilla.org/show_**
>>>> bug.cgi?id=834918 <https://bugzilla.mozilla.org/show_bug.cgi?id=834918>
>>>> >)
>>>> show_bug.cgi?id=834918<https:/**/bugzilla.mozilla.org/show_**
>>>> bug.cgi?id=834918 <https://bugzilla.mozilla.org/show_bug.cgi?id=834918>
>>>> >)
>>>> without
>>>> explicitly activating it.
>>>>
>>>> In bug 775301 we're considering not allowing plugins in chrome.
>>>>
>>>>
>>> I would love that. Less crashes.
>>>
>>>
>>>> explicitly activating it.
>>>>
>>>> In bug 775301 we're considering not allowing plugins in chrome.
>>>>
>>>>
>>> I would love that. Less crashes.
>>>
>>>
0 new messages