Slashdot Mirror

I really only use Dropbox to share files with other people and I'm very interested in Mozilla's new file sharing service: https://send.firefox.com/

It's also a single download and single day limit.

The send.firefox.com site defaults to one download for one day. Attempting to change to more than one download, or more than one day, triggers an account login page. Also you have to be careful not to visit the link in any way, as this wipes the download and your recipient will receive a 'link expired' page.

So, long story short, wetransfer is more useful at moment.

Surely if you need to upload a screenshot to Mozilla to report a browser bug, it makes more sense to just send the image file you just saved locally.

Not as convienient

From the Email Tabs Test Pilot page:

Email Tabs currently works with the Gmail webmail client, but we’re working to bring it to other popular webmail providers as well.

And how does *that* work? Do I have to be currently logged into Gmail, so Firefox can screw with it, or provide my Gmail credentials to Firefox, so Firefox can access it via some API, or will the mail originate from Mozilla? None of those options sound appealing. In addition, I don't use Gmail via the browser, except to periodically log in, permanently delete things in the Trash, and log out, I use Thunderbird.

Since you didn't read TFA...

It is also worth noting here that Firefox Monitor isn’t actually restricted to Firefox — it‘s a web page that can be accessed from any browser.

So, why even bother?

So what is the deal here — why bother launching a Firefox-branded version of an existing popular database? Well, there are a couple of likely reasons.

From HIBP’s perspective, having the weight of Mozilla behind it will significantly boost awareness of its database. HIBP currently has just over 2 million people signed up for breach alerts, which sounds like a lot until you learn that there are 3.1 billion unique email addresses in the HIBP database. This means less than 0.1 percent of breached email addresses are being monitored by their respective owners.

and

From Mozilla’s perspective, bolstering its security credentials through tie-ups with well-respected platforms such as HIBP can only add to its reputation. However, as noted already, Firefox Monitor in its current guise isn’t much of an integration because it doesn’t really feed directly into the Firefox browser. Instead, it appears Firefox Monitor as it stands is essentially a minimal viable product (MVP) upon which deeper integrations can be created.

Finally,

Mozilla is already piloting a password management tool called Firefox Lockbox, which enables users to store and auto-complete usernames and passwords for websites they visit. Have I Been Pwned? already integrates with password manager 1Password, and it would make a great deal of sense to properly integrate Firefox applications such as Firefox Lockbox with the HIBP database so that users can be informed the moment an online data breach is detected.

Multiple containers in Firefox, assignment to open domain in designated container, and much more: https://testpilot.firefox.com/... It was developed by Mozilla itself.

This is because these new addons will not be allowed to modify the UI or underlying operation of the browser.

Not so much. Firefox's UI can be modified with CSS. Just like when Australis was first introduced.

Tree Style Tab is running in a customizable sidebar; normal tabs at the top can be hidden - with CSS. Try that in Chrome... The least useless SideTabs for Chrome is Sidewise, and it has to run in a completely separate window.

There's also Tab Center Redux - a continuation of Mozilla's Tab Center (Test Pilot experiment), which completely replaces top tabs with side tabs.

And for all the curmudgeons that reject change, there's the Basilisk browser which is "created and maintained by the team behind Pale Moon, and is a fully independent fork of the Mozilla/Firefox code".

There's also a hard-fork of Mozilla's XUL platform UXP - Unified XUL Platform.

More info over at ghacks (in the comments): https://www.ghacks.net/2017/08...
Re Waterfox, etc.

if they supported easy "user accounts" like Chrome, I would use FF instead of Chrome for most browsing.

Mozilla has something like that in the works. They call their simultaneously-active user accounts "Containers". You can try them now via their Test Pilot program or by downloading Firefox Nightly. They have a wiki article about Containers that contains a lot more information.

Read about the Context Graph, where they explain all that:

For instance, if youâ(TM)re learning about how to do something new, like bike repair, our forward button should help you learn bike repair based on others who have taken the same journey. This should work regardless of whom youâ(TM)re connected to, because your social network shouldnâ(TM)t be a prerequisite for getting the most from the web.

Apparently it will work as a recommender system (like those in Amazon, YouTube or any other site with a See also... section), creating connections from the current site to places that others people have used together. IIRC their recent Activity Stream experiment in Test Pilot had a Terms of Service and Privacy policy explaining their data collection practices.

Pale Moon is not on their whitelist. When will this user-agent sniffing/whitelist bullshit ever end?!

It's probably because Pale Moon doesn't implement Media Source Extensions. Check what YouTube thinks your browser supports and if media source extensions aren't available you won't get any 1080p content. The easy fix to get 1080p content on YouTube is to switch to Firefox, which is like a more up to date version of Pale Moon.

Seems they are playing catch up. Mozilla dropped its app store first. (marketplace.firefox.com)

Firefox OS It is already on market, and is probably very used on markets like India and South America

And to understand why it matters you must understand the players. The manufacturers are providing cheap phones where they can run without the restrictions/conditions of WP/Android, same goes for carriers (that are actively pushing Firefox OS phones in emergent markets), and developing apps considering that is Firefox OS around means doing open, multiplatform web apps, not just for one OS/device, that is in the end Mozilla's goal, if Ubuntu touch means more html apps, then it will be something possitive for Mozilla.

You can access and install apps from the Firefox Marketplace on Android, it turned Firefox OS irrelevant, or made it more relevant than before?

ownCloud is one of the projects that uses WebODF. It is software to install a personal cloud on your own hardware. There are also native Windows applications using WebODF. There's also a Firefox OS app to view ODF documents on your phone.

Read the article, they are targeting Firefox, Chrome and Safari as platforms. This is a development tool for some reason put into core.

And the "app" does have to be a web app because this is all about mobile. They will probably integrate submitting the app to the various vendor-approved marketplaces, starting with this one: https://marketplace.firefox.co...

I question all this, because Mozilla has limited resources, mainly from Google searches. But sticking with Desktop only would be risky.

As I understand this, a vulnerable server can expose its private SSL key to an attacker. With this private key, I can decrypt all of its encrypted SSL traffic.

As already mentioned, it's anything in the server's memory. Or the client's, since Heartbleed affects clients too.

Now, as I understand this so far, having the private key is great, but I need to be able to MITM the connection to decrypt anything.

It depends whether the connection is using perfect forward secrecy or not. If it's using PFS, then you need an active MITM to grab the session keys, so you can't decrypt old captured traffic and you need to keep your MITM up for new traffic. If there's no PFS, then all traffic ever sent with a given SSL cert can be decrypted with access to that cert's private key. All you need is to passively sniff it, then store it for later on the off-chance you ever get (or crack) the key.

(I'm going to write a small essay on this, because it's important but very poorly documented on the web.)

Given that, you'd think PFS would be common, but according to this study it's only available on 60-70% of web servers (they don't give a precise number, just 60% that support DHE and 18% that support ECDHE, but those two sets overlap), of which 80% prefer to use cipher suites without PFS, so about half of webservers either don't support PFS or typically won't use it. Slashdot doesn't, for example. Neither does microsoft.com. I guess that's just the homepage, but then windowsupdate.microsoft.com doesn't use it either. It's not supported on outlook.com's web, IMAP, POP3, or SMTP servers. addons.mozilla.org and marketplace.firefox.com also join the club, but their main website and the Firefox update sites do PFS at least. I couldn't find a Google property that didn't do PFS.

And on top of that, of those sites that do use it, 99.3% use 1024-bit DH parameters, which essentially lowers the length of their RSA keys to 1024 bits (which affects the 80% of sites with 2048-bit or longer RSA keys).

If you want to make sure you're actually using PFS, and with decent DH parameters, you generally need to make sure to configure it. Apache does this for you automatically from 2.4.7 onwards (before that, it'll use PFS but only with 1024-bit DH parameters). A lot of other software requires being fed DH parameters manually -- for instance, Courier's IMAP/SMTP servers, ZNC, ircd-hybrid etc. (And when was the last time you configured DH parameters for a server?)

You can check if any given connection supports PFS by looking at the cipher suite in use. If it starts with DHE or ECDHE, it has PFS. (The "E" at the end stands for ephemeral; if it says DH, ECDH, or doesn't mention either of those, then there's no PFS). You can check with e.g. CipherFox in Firefox, or using the openssl command-line tools:

$ openssl s_client -connect www.debian.org:443 | grep Cipher
        Cipher : DHE-RSA-AES256-GCM-SHA384

If you point it at servers you use regularly, you'll probably be pretty depressed at the results. I know I was when I was making that list above...

Well the firefox phone will ship for $100 or less with a 2 year warranty; for that price, how much support do you need?

http://www.ebay.com/itm/281165...

As for apps, there are 3000+ on https://marketplace.firefox.co...

NB: I have an android phone but I'm just curious to see FF OS evolve but the hardware is very 2010...

Surely Dave Winer can't be that out of touch. Firefox OS nails it.

In Firefox OS everything is written in JavaScript, the most widely-deployed scripting language that developers already know. Unlike all the other also-rans to IOS and Android, its system applications — calendar, on-screen keyboard, music player, etc. — are likewise written in JavaScript. To permit this, and unlike BBX, OpenWebOS, Tizen, Windows 8, and everyone else saying "Write apps for our failing platform using HTML/CSS/JavaScript", it has Web APIs to most phone features (battery status, Bluetooth, camera, SMS, etc.), all on various tracks towards standardization. Like lots of phones you can run your apps on the desktop in an emulator; unlike lots of phones the Firefox OS Simulator runs in your browser. Unlike any other smartphone many of the apps you write for the phone will also run and install unchanged as apps on desktops (and Android) running Firefox, many will also work as Chrome apps with minimal effort, and anyone can run an app store, you just put an install button for your app on a web page on your site.

https://marketplace.firefox.com/app/hangman-1

Click

Try the beta (FF15); it fixes most memory leaks in add-ons.

Are you serious? People still see ads on the web?

http://www.firefox.com/
http://www.adblockplus.com/

Please help me help the advertisers realize they are useless and unwanted. Use ABP today.

Now I understand where you're coming from. But I've found that any warning at all pushes some customers away. I used to warn visitors that their IE 7 web browser was out of date until I got sternly worded notices from a prospective customer who claimed that some tool required for doing his job was incompatible with IE 8.

You have to admit that Internet Explorer is a bit of a special case. Microsoft made it easy for web developers to make Windows and IE-only sites using Active X controls with the earlier versions, then realized what a security failure those "features" were and had to remove or break them in the later versions to get past the security nightmare. For most other platforms, anything supported in version N is also supported in version N+1. And the solution that most companies use to work around the IE problem would work just as well as a recommendation for website visitors: Install Firefox or Chrome and use that for all your normal web browsing, but without upgrading Internet Explorer so that can still be used with the ancient cruft that requires it. Or, if explaining all that to the users in a warning is too complicated, just tell Firefox 3.x users "this site is more secure if you use the latest version of Firefox with the DNSSEC add-on" and give exactly the same warning to users of older versions of IE: "this site is more secure if you use the latest version of Firefox with the DNSSEC add-on."

Incidentally, when are businesses going to learn to stop letting themselves get kicked in the teeth like this? We ran into an issue like this a while ago: The accounting people had an application that required IE6, the advertising people had an application that required IE7 or higher (and not Firefox or Webkit). Then they decided the accounting people needed to be able to audit numbers in the advertising system. Say hello to third party hacks or virtual machines to get them both running on the same computer.

Then they'll think they have a fake AV problem.

And if they take it to anyone to try to get it fixed, one look at it and the tech will fix it by installing support for DNSSEC, no?

Then they'll respond to inquiries with "We've discontinued that model, and we do not produce system software updates for discontinued hardware. To make these warnings go away, pay the ETF and buy this year's model of our device."

Right, and then the hardware maker will be the one losing customers because their customers will realize that they're subjecting themselves to a single vendor who only supports their devices for half as long as people actually continue to own them.

http://firefox.com/ , and then look for "Try the new Firefox 4 Beta! Free download" under the big green download link.

Yeah, it's not the standard software website UI, but I'd not call it "the most frustrating".

Going to Support and User guide to find out features instead of seeing "Features" in a main menu is a GUI faux-pas of theirs. GP is an RTFM apologist. You never hit Support links unless looking for Windows drivers or troubleshooting forums. The features are supposed to be well-known by the time you want to look at the manual. Or do the other mainstream browsers tout a manual as well?

Their front page avoids static screenshots like they are the plague. The video shows stylized mockups and a few too subtly zoomed-out previews. Most viewers will see the stylized parts and think the small previews are just as stylized and not the real thing the other 90% of that animated preview is misleading without revealing the real Chrome look too overtly.

Firefox is a success: it knows its target audience is NOT GEEKS ALONE and updated its landing page accordingly. Flock's website missed that boat. If we are to listen to the GP, then only patient candidates with no rush to really get into Web 2.0 (and probably latent techy-qualities anyway) will be satisfied that they're downloading what they came looking for. When the audience isn't 13-year old boys downloading the latest fun trojans cursorware or legit Roller-Coaster-Tycoon game, it costs much more in presentation efforts to convince ADHD visitors to be more than simply curious and actually download and install your product. Let's learn from Mozilla's top menu what Flock should imitate well

Products / Firefox
Features
Under the Hood
Security
Customization
100% Organic Software
Tips & Tricks
Videos
Connect

Then ponder on unnecessary nesting at Flock's site and all the users they miss because of it.

IE also has a 64-bit version, since IE7 IIRC (it was pre-installed in Vista, and pops up if you search for "IE" from Start menu search bar).

The problem isn't availability of browser as such. The problem is what is configured as a default browser out of the box / with minimal hassle. In both Vista and 7, the default is 32-bit IE. In case of Firefox, it's what you get if you go to http://firefox.com/ and click on the huge green "Download" button - and that, again, will be 32-bit Firefox.

Re: Can't we all just get along? by clone53421 (#38313910)>
I AM the law, by crikey!

As you can see from Firefox [firefox.com] [firefox.com], clone53421's comments are an outrage and a vicious libel that he keeps repeating by not changing his signature as I have demanded many times except once which is much less than the number of times I asked.

From: God@mozilla.org
Subject: Bugzilla #132719

Looks like this one's fixed. Anyone mind if I check it into the trunk? This should ensure the refresh button renders with the correct color under KDE. Also I'm GOD, and I'll SMITE you unless you stop using IE6 and malware toolkits that run things in the background in a hidden way for no apparent reason.

clone53421's LIES are EXPOSED by Opera and Mozilla! clone53421 you are not fooling anyone by posting as AC and under your numerous SOCK PUPPETS like CmdrTaco, Pudge, Perens, WillWheaton61, BadAnalogyGuy, tomhudson, Profane Mutherfucka, Eric S. Raymond, President Obama, God, and LordBodak.

You can run but you can't hide Clone, it's obvious you're just further libeling KKK by pretending to be opposed Clone by pretending his arguments are false while actually posting really weak and unbelievable arguments that'll make it look like you're APT pretending to be not ARK.

Re: I disagree by clone53421 [slashdot.org] (#38313910)>
I AM the law, my lord.

As you can see from Firefox [firefox.com], clone53421's comments are an outrage and a vicious libel that he keeps repeating by not changing his signature as I have demanded many times except once which is much less than the number of times I asked.

From: bhobama@mozilla.org
Subject: Bugzilla #132719

Looks like this one's fixed. Anyone mind if I check it into the trunk? This should ensure the refresh button renders with the correct color under KDE. Also I'm PRESIDENT OBAMA. Look at me, I pretended to be a liberal so that people would vote for me but now I force people to buy health insurance from unaccountable insurers and issue orders to have American citizens killed without trials which is something even BUSH didn't do.

clone53421's LIES are EXPOSED by Opera and Mozilla! clone53421 you are not fooling anyone by posting as AC and under your numerous SOCK PUPPETS like CmdrTaco, Pudge, Perens, WillWheaton61, BadAnalogyGuy, tomhudson, Profane Mutherfucka, Eric S. Raymond, President Obama, and LordBodak.

Re: I disagree by clone53421 (#38313910)>
I AM the law, BITCH.

As you can see from Firefox, clone53421's comments are an outrage and a vicious libel that he keeps repeating by not changing his signature as I have demanded many times except once which is much less than the number of times I asked.

From: esr@mozilla.org
Subject: Bugzilla #132719

Looks like this one's fixed. Anyone mind if I check it into the trunk? This should ensure the refresh button renders with the correct color under KDE. Also I'm ERIC RAYMOND Bitch. Look at me, I'm scared of Muslims. I'm a big fat blowhard coward.

clone53421's LIES are EXPOSED by Opera and Mozilla! clone53421 you are not fooling anyone by posting as AC and under your numerous SOCK PUPPETS like CmdrTaco, Pudge, Perens, WillWheaton61, BadAnalogyGuy, tomhudson, Profane Mutherfucka, Eric S. Raymond, and LordBodak.

It used to read "I disagree with APK", an OUTRAGEOUS LIBEL that was PROVEN FALSE by Firefox's developers themselves

Re: I disagree by clone5341 (#38313910)>
I AM the law.

As you can see from Firefox, clone53421's comments are an outrage and a vicious libel that he keeps repeating by not changing his signature as I have demanded many times.

From: p.grimes@mozilla.org
Subject: Bugzilla #132719

Looks like this one's fixed. Anyone mind if I check it into the trunk? This should ensure the refresh button renders with the correct color under KDE

clone53421's LIES are EXPOSED by Opera and Mozilla! clone53421 you are not fooling anyone by posting as AC and under your numerous SOCK PUPPETS like CmdrTaco, Pudge, Perens, WillWheaton61, BadAnalogyGuy, tomhudson, Profane Mutherfucka, and LordBodak.

If anyone figures out how to select text on the page (not in a textarea or input - shift+right/left arrow does that) plz reply.

They fixed that problem with IE. Here's the fix:

1. Open up Internet Explorer.
2. Go to http://www.firefox.com/
3. Click on the link to download the latest version of Firefox.
4. Install Firefox.
5. Use Firefox from now on.

See, it's not that hard, huh?

'Every year, life is getting more and more expensive. Insurance. Rent. Food. And, at the same time, software is getting cheaper and cheaper, sometimes as cheap as a dollar, as we engage in a full speed race to the bottom. This is not going to help developers stay in business. This is not how a healthy industry is maintained.'"

I agree. The race to the bottom for software is not how a healthy industry is maintained. What will we do if software reaches a price point of zero?

There are no clear examples out there of how free software or applications can stay in business.

*rolls eyes*

That would be my second guess. My first guess would have been ftp://ftp.firefox.com and that one does not work. And I would only guess the ftp part because I have knowledge. Many people have no idea what ftp is.

And whadayaknow, that URL does not work.

I use Firefox

Optimist... :P

I'd like to introduce you to Tabbed Browsing.

it's just me or wine http://winehq.org/ and firefox http://www.firefox.com/ websites aren't loading??
Strange coincidence :)

must... preview...
steps should be as follows:

1) Not running as Admin.
2) Installing Commodo.
3) Installing Firefox.

It's the same as XP, but has admin/user privileges straightened out by default, a sandboxed browser, and a beefed up firewall. Do absolutely all drivers/applications work yet? Nope. Do all of mine? Yep.

 
Contrariwise, you're paying $1-300 for what could be accomplished freely on XP by:

1) Not running as Admin.
2) Installing Comodo, or your preferred software firewall.

Actually, the above steps are probably superior to installing Vista, since they will not produce driver/software problems, and Microsoft's software firewalls are notoriously broken. Presumably, you can rollback Vista to an XP-like state by disabling services, but if that's your goal, why not just start with XP, or XP's daddy, 2K?

What are you, new?

http://www.firefox.com
http://www.opera.com

Linux users do not have to pay for software

There, I fixed your purposeful omission it for you.

take responsibility for your own needs and write the software you want.

Isn't free software up to the challenge?

Where have you been for the past twenty years?

As far as I know, there's no law against making a web sight hosted on a URL that is similar to another (domain squaters demonstrate this every day). If they're having a big problem with the traffic, they could do something like what http://www.firefox.com/ has done, put a minimalistic main page that says something like "Looking for YouTube.com? Go Here: [youtube.com], or continue to our page about tube manufacturing: [utube.com/main]" It could even be a very light text-based page if they wanted to really cut down on bandwidth.

The point I was trying to make in my first post was that their argument seems to be "They have a similar name, we were here first, and we don't like it" when in fact, as others have pointed out, there are two other companies with much more similar names that would probably confuse their target market, and take away from bussiness. It's a shame that youtube's growth has hurt them, but there are certainly other solutions then a legal battle in which they seem to be the underdog.

From TFA:

The lawsuit, filed this week in US District Court, asks that YouTube stop using the youtube.com or pay Universal Tube's cost for creating a new domain. It did not specify damages. [emphasis added]

Simple solution: Google pays for registration of the new domain, takes over hosting of utube.com, and sets it up as a disambiguation page like firefox.com (which directs you to either the Firefox web browser or the Firefox consulting firm). Maybe help them pay for an ad campaign telling people about the new site, maybe reimburse them for some of the excess traffic costs.

1.5.0.6. The analysis resulted in 611 defects and 71

You do realize that 611 + 71 is 682. And that 1506 + 682 = 2188. And that Feburary 1st, 1988 is in the year 1988, and that Kevin Karpenske who gave Firefox his domain has been (scroll down to see the post).

An *exposition* on *firefox*, well duh!

AVG:
http://free.grisoft.com/
Ad-aware:
http://www.download.com/Ad-Aware-SE-Personal-Editi on/3000-8022_4-10399602.html?tag=lst-0-1
Spybot Search and Destroy:
http://www.download.com/Spybot-Search-Destroy/3000 -8022_4-10401314.html?tag=lst-0-2
Hijack This!:
http://www.download.com/HijackThis/3000-8022_4-103 79544.html?tag=lst-0-1
Firefox:
http://www.firefox.com/
Trillian:
http://www.trillian.cc/
Spywareblaster:
http://www.download.com/SpywareBlaster/3000-8022_4 -10486084.html?tag=lst-0-1
And just about anything from:
http://www.gamespot.com/pc/index.html

sure, but it's not standard by any means.

Mozilla: http://www.firefox.com/
Internet Explorer: http:///?%20firefox (with a The page cannot be displayed error)

It works in IE, too. Only the keyword is not separate from the title of Favorites entry. So if I bring up the firefox page and then add it to my favorites (shortening the page name down to just "Firefox") I can now type "firefox" in the address bar and it will work. Another limitation of the IE version is it only works on favorites in the root level of the Favorites menu. Organize your favorites into subfolders, and it stops working.

The sun has risen this morning, and the Earth is rotating around its axis.

The big wheel keeps on turning
On a simple line day by day
The earth spins on its axis
One man struggle while another relaxes

-- Massive Attack

Does anyone else find the icon quite similar to another popular icon?

Here is a free download of IE7 with standard-compliant code added.

One of Pat's logs mentions that he was diagnosed with and being treated for infective endocarditis. The medical literature I've read informally refers to that disease as IE.

I think we all know what IE can do to your system. I would have thought Pat would have known better than to mess with it. Perhaps he should spend a little more time reading Slashdot? At any rate, the cure is pretty simple.

"First off, by default IE will not allow you to run an unsigned control. A control can be digitally signed, verifying that it came from you, and the signing process is arduous enough that, say, a bored junior high school student won't bother with the process. Unfortunately, anyone with $20 and who DOES care can get signed relatively easily."