Theming Firefox requires some funky file location detection; ShadowFox does that by executables, which is a little distressing. GitHub project also includes the sources to the distributables, as far as I recall.
I'm using plata theme[1]. The only limitation is that FF Color doesn't apply to about:* pages, whereas SF does. I seldom change my settings anyway, so it's not an issue.
userChrome.css support will be disabled by default in Firefox 69.[1][2] The user must toggle the "toolkit.legacyUserProfileCustomizations.stylesheet" preference to enable that.
Based on the name of that preference, as well as this developer page[3] saying "Support for the userChrome.css file and any of its elements described below are not guaranteed in future versions of Firefox", it seems likely userChrome.css will be dropped in the future.
Seems like this should be fixed in Firefox rather than requiring a theme which executes unsandboxed code on your machine to install itself. I get that people probably want this now, but personally if this bothered me I'd submit a feature request and wait for something more official.
No, it still exists. When I open a new window, it flashes white. When I open a second tab, also flashes white. When I open subsequent new tabs, it doesn't.
And besides, the settings, about:config etc. screens don't follow the dark theme.
I've run into this problem with all sorts of little things on my Mac, so I use this to automate all those little things I tend to forget about! You're welcome to use it / star / fork.
Has anyone found working full dark theme for Firefox mobile on Android? I've tried several available through the standard addons page but they all seem to just change the top bar to some grayish background. I guess the API for change the Side Drop-Down Menu and Settings are not exposed?
Correction #4: "This arbitrary code alters your profile"
Predicted reply: "It just adds a theme that AMO won't allow!"
And so, having nitpicked that to death to save us death by nested replies, I'm going to focus on your second sentence:
> it's done this way because it's impossible to do it with only a WebExtension published on AMO.
Correct. My point is that you can get lots of HN readers to do completely unsafe things — like allow a shell script to make modifications to their Firefox profile — by phrasing it as something appealing, like 'dark mode'. This modification is, by nature of being a command-line profile modification, horrendously unsafe.
It makes a case for why Apple is now implementing kernel-level restrictions for read/write access to ~/Library/Mail, ~/Photos, and so forth — because sooner or later someone will run something that unexpectedly demands access to something it shouldn't have, and the user will be given a chance to deny it. After I upgraded to Catalina beta, Dropbox tried to access my ~/Desktop folder. Why? I only use ~/Dropbox. I denied it access.
I wish I could have the same "permission dialog required" approach applied to ~/Library/Application Support/Firefox, so that nothing but Firefox and tools I explicitly authorize can edit my profile.
Until that day, people will continue running things like this, thinking that they're somehow safe, without any warning from the Firefox team that "Granting this access could allow malicious software to intercept your communications and steal your credentials", which this dark mode thing very much could if someday the author of this "shell script" decides to make it do so.
I use a conventional dark theme and e.g. it flashes a white background whenever I open a new tab before applying a black background. And certain pages can't be styled to block themes from hiding things.
It's inevitable that a good dark plugin will need to avoid the official channels.
The flash is typically due to Firefox waiting for a response from a web server. You can use a page from your local machine to alleviate the wait time. Here's how I do it [^1]:
I remember when operating systems had color themes and all applications magically adhered to the user settings because they used OS toolkits to draw their user interfaces.
It is 2019 and now we get to download a 7.5 megabyte untrusted binary blob that does who knows what to our system in order to patch one application with some rando's idea of a good dark theme. Pray it doesn't break the next time Firefox force-updates your shit.
Above security concerns, I'm worried about installing a custom theme made by someone who would choose such difficult to read color pairing for their own website.
42 comments
[ 2.5 ms ] story [ 95.0 ms ] threadhttps://news.ycombinator.com/item?id=20390261
[1]: https://gitlab.com/tista500/plata-theme#extra-browser-suppor...
Based on the name of that preference, as well as this developer page[3] saying "Support for the userChrome.css file and any of its elements described below are not guaranteed in future versions of Firefox", it seems likely userChrome.css will be dropped in the future.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1541233
[2] https://www.mozilla.org/en-US/firefox/69.0beta/releasenotes/
[3] https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XUL/Tu...
https://hackernoon.com/firefox-hide-tabs-6e1f6cf63d95
I'm using a standard FF dark theme and I don't see anything like that. That's on Win7, FF 67.0.4 (64-bit).
And besides, the settings, about:config etc. screens don't follow the dark theme.
https://github.com/echohack/macbot
GooglePlay: https://play.google.com/store/apps/details?id=org.mozilla.fe...
Some screenshots with dark theme: https://www.xda-developers.com/mozilla-transition-users-from...
1) Convince them to install crapware* into their browser using basic-but-real functionality. Useful keywords: vi, solarized, dark mode, ad blocker.
2) Wait one month.
3) Ship your C&C backdoor via whatever autoupdate mechanism you put into place and see who phones home.
* This tool binary-patches your local system rather than shipping via AMO. That’s not healthy.
Modifying/creating/updating a few text files in your profile directory is not "binary-patching".
And it's done this way because it's impossible to do it with only a WebExtension published on AMO.
Correction #1: "This binary tool patches"
Predicted reply: "It's a shell script, not a binary"
Correction #2: "This executable tool patches"
Predicted reply: "It doesn't patch Firefox, it just alters your Firefox profile"
Correction #3: "This executable tool alters your profile"
Predicted reply: "Shell scripts aren't executables"
Correction #4: "This arbitrary code alters your profile"
Predicted reply: "It just adds a theme that AMO won't allow!"
And so, having nitpicked that to death to save us death by nested replies, I'm going to focus on your second sentence:
> it's done this way because it's impossible to do it with only a WebExtension published on AMO.
Correct. My point is that you can get lots of HN readers to do completely unsafe things — like allow a shell script to make modifications to their Firefox profile — by phrasing it as something appealing, like 'dark mode'. This modification is, by nature of being a command-line profile modification, horrendously unsafe.
It makes a case for why Apple is now implementing kernel-level restrictions for read/write access to ~/Library/Mail, ~/Photos, and so forth — because sooner or later someone will run something that unexpectedly demands access to something it shouldn't have, and the user will be given a chance to deny it. After I upgraded to Catalina beta, Dropbox tried to access my ~/Desktop folder. Why? I only use ~/Dropbox. I denied it access.
I wish I could have the same "permission dialog required" approach applied to ~/Library/Application Support/Firefox, so that nothing but Firefox and tools I explicitly authorize can edit my profile.
Until that day, people will continue running things like this, thinking that they're somehow safe, without any warning from the Firefox team that "Granting this access could allow malicious software to intercept your communications and steal your credentials", which this dark mode thing very much could if someday the author of this "shell script" decides to make it do so.
You saved us nothing. You should have just stopped after admitting you meant to write "This binary tool patches".
The several straw men (with replies) that follow in the first part are disingenuous and just serve to devalue the rest of your comment.
It's inevitable that a good dark plugin will need to avoid the official channels.
[1]: https://habd.as/post/burying-firefox-white-tab-death/#hack-2...
It is 2019 and now we get to download a 7.5 megabyte untrusted binary blob that does who knows what to our system in order to patch one application with some rando's idea of a good dark theme. Pray it doesn't break the next time Firefox force-updates your shit.
Sigh.