mozilla.org · Domains · Slashdot Mirror

Re:Posting from IE8... by Anonymous Coward · 2010-11-02 10:35 · Score: 0 · on W3C Says IE9 Is Currently the Most HTML5 Compatible Browser

Flash and Acrobat Reader are by far the biggest infection vectors; raw, browser-based JS is positively benign by comparison.

While this is factually correct, it is not the whole story. Firstly in the context of this discussion; Folk who disable Javascript are probably not running ANY browser plugins (I'm certainly not). Secondly, in the broader context; The Flash and AR exploits are typically bootstrapped via browser based js.

If we talk about pure browser based exploits, the majority are reliant on javascript.

Re:This is the news? by Anonymous Coward · 2010-11-01 20:22 · Score: 0 · on IE9 May Not Be Enough To Save IE

No, it won't.

Re:Smart Move? by dondelelcaro · 2010-11-01 12:02 · Score: 4, Informative · on Google Sues US Gov't For Only Considering Microsoft

Gmail doesn't [support S/MIME], and it's a gaping hole in their messaging offering when compared to pretty much any popular messaging application on the market.

There are various client-side plugins which support S/MIME for Gmail (which is actually the right place to do it). See Gmail S/MIME and other similar plugins.

Try Pale Moon by surveyork · 2010-11-01 06:43 · Score: 1 · on IE9 May Not Be Enough To Save IE

I think I had the same problem with Fx. There's, at least, one bugzilla bug report regarding Fx's pauses, lags, jerkiness. Mozila folks are aware of the issue and they claim to be working on it. I haven't tried Fx 4, but I use Pale Moon plus some anti-lag tweaks I found on the web and now the lags while filling forms, etc. seem gone.

Re:Hang on a minute... by jpate · 2010-11-01 06:33 · Score: 1 · on IE9 May Not Be Enough To Save IE

o rly?

Re:Well, duh? by hairyfeet · 2010-10-29 17:32 · Score: 1 · on Microsoft's Silverlight Strategy 'Has Shifted'

Actually if you are using an up to date version of Firefox you are already using their JIT which is called TraceMonkey BTW. There is also a link there to the code tree if any of the coders here would like to see if they can make it even better.

As for TFA it shows me that MSFT needs a better leader than Ballmer. I have seen some truly awesome Silverlight apps such as the SilveOS Silverlight OS in a browser, but MSFT just doesn't seem to be pushing the tech like they should. It is like they have this powerful framework but the suits just don't have a clue what to do with it. Hell just looking at SilveOS I can think of a few, like having OS VMs stored on a server at corporate headquarters that could be launched from ANY PC anywhere and give the employee a secure OS with access to the Intranet from anywhere in the world!

Silverlight is good tech that could easily do more than HTML anything, but MSFT just don't know how to promote it. Kinda sad really. BTW you can launch the browser in SilveOS and surf, so Yo Dawg you can have a browser in a browser so you can surf while you surf.

MITM in the wild by tepples · 2010-10-29 14:47 · Score: 1 · on How To Protect Against Firesheep Attacks

Make simple and explain what the warning screens will mean.

Untrusted issuer could mean you're about to get MITM'd. It has happened. To guard against this, the operator of the web site will need to offer the fingerprint elsewhere for comparison. Is there a best practice, other than just paying for a commercial CA certificate? And if you're on shared hosting, how does the server know which domain's certificate to present before the browser (which more likely than not runs on a platform lacking SNI) sends the Host: header?

Re:Depends on what "beta" means... by celticmonkey · 2010-10-28 14:38 · Score: 1 · on For Firefox 4, You'll Need To Wait Until 2011

Nightlies are NOT betas. These are two different things.

Beta releases are milestone releases that represent the closing of bugs. Nightlies are buggy as all hell experiments that change, well, every night.

Here are the nightlies:
http://nightly.mozilla.org/

Here are the betas:
http://www.mozilla.com/en-US/firefox/all-beta.html

17 bugs! by crabel · 2010-10-28 11:22 · Score: 3, Informative · on For Firefox 4, You'll Need To Wait Until 2011

Currently there are 17 bugs open. https://bugzilla.mozilla.org/buglist.cgi?quicksearch=blocking2.0%3Abeta7 The good thing: 6 hours ago there were 18 bugs ;-)

Re:Memory hogging, CPU hogging. by ArhcAngel · 2010-10-28 08:50 · Score: 1 · on For Firefox 4, You'll Need To Wait Until 2011

I finally got tired of FF 3.6 causing my entire windows 7 Pro x64 PC to slow to a crawl after running a few hours so this last weekend I looked to see if they had released a 64 bit version and sure enough...they haven't. Fortunately Vector 64 took the time to recompile the source and I was able to download and install it. Getting the Beta Flash (Square) drivers from Adobe wasn't too hard. They work well but YMMV. I run Greasemonkey with numerous scripts and all seem to be working as expected. I have had it running for several days and now when I go check memory usage it is sitting at ~450MB right where it was when I launched it. The whole browsing experience is more fluid. Of course with all that beta code there are hiccups but they are much less frustrating than constantly fighting for control of my machine.

Re:Depends on what "beta" means... by God'sDuck · 2010-10-28 08:39 · Score: 3, Informative · on For Firefox 4, You'll Need To Wait Until 2011

>>>Firefox folks seem to think "beta" means "Let's add new features every couple of days". I've been using Minefield... and it got a lot less stable once it hit the "beta" stage

That's weird. I've been using SeaMonkey, based upon the same mozilla/gecko core, and its beta is rock solid. I haven't been able to crash it, or even slow it down by watching lots of youtube videos.

Mozilla's "Beta" is different from Minefield. Minefield is the nightlies where they test new things and is meant for the benefit of developers and masochists: http://www.mozilla.org/projects/minefield/

Betas might have bugs, but they're meant to mostly work. Minefield might work, but it's meant to mostly have bugs.

Re:Anybody remember if... by Dayofswords · 2010-10-28 07:19 · Score: 1 · on For Firefox 4, You'll Need To Wait Until 2011

the nightlys have a x86-64 version for windows, linux and mac

http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/

Re:Let's just encrypt everything all the time by 2muchcoffeeman · 2010-10-27 06:08 · Score: 1 · on How To Protect Against Firesheep Attacks

There's a couple of Firefox extensions that actually do encrypt everything all the time ... or, at least, they redirect everything that has an encrypted SSL to that HTTPS URL instead.

HTTPS Everywhere | Electronic Frontier Foundation

(which is also here: HTTPS Everywhere :: Add-ons for Firefox)

Force-TLS :: Add-ons for Firefox

Re:Let's just encrypt everything all the time by 2muchcoffeeman · 2010-10-27 06:08 · Score: 1 · on How To Protect Against Firesheep Attacks

There's a couple of Firefox extensions that actually do encrypt everything all the time ... or, at least, they redirect everything that has an encrypted SSL to that HTTPS URL instead.

HTTPS Everywhere | Electronic Frontier Foundation

(which is also here: HTTPS Everywhere :: Add-ons for Firefox)

Force-TLS :: Add-ons for Firefox

Re:Not just malware by Jesus_666 · 2010-10-26 12:11 · Score: 1 · on Riskiest Web Domains To Visit

I recommend Ghostery. Detects and optionally blocks tracking sites and receives updates every once in a while to keep up with new ones. I just had a look and sure enough they already know about Demandbase.

The info page reveals that Demandbase offers to track "all Web site visitors in your target market, including those who do not submit their contact information" and allow you to "integrate them with your direct marketing programs - from email campaigns to telesales". So yeah, they advertise knowing uncomfortably much (from the trackee's perspective) about your visitors.

Re:It Hurts by improfane · 2010-10-25 17:27 · Score: 1 · on Why Mozilla Needs To Pick a New Fight

There are so many plugins for firefox that make it invaluable: Take a look at some of the following:

Vimperator VIM bindings for Firefox
BarTab unload tabs from memory after a time limit
Lazarus form recovery I got sick of accidentally navigating away from pages, especially Slashdot.

Some may be moved to other browsers over time or already but these kinds of plugins make Firefox very handy and usable to me. I do not like using other people's computers because of the adverts, the lack of keyboard control and slowness.

Re:It Hurts by improfane · 2010-10-25 17:27 · Score: 1 · on Why Mozilla Needs To Pick a New Fight

There are so many plugins for firefox that make it invaluable: Take a look at some of the following:

Vimperator VIM bindings for Firefox
BarTab unload tabs from memory after a time limit
Lazarus form recovery I got sick of accidentally navigating away from pages, especially Slashdot.

Some may be moved to other browsers over time or already but these kinds of plugins make Firefox very handy and usable to me. I do not like using other people's computers because of the adverts, the lack of keyboard control and slowness.

Re:It Hurts by improfane · 2010-10-25 17:27 · Score: 1 · on Why Mozilla Needs To Pick a New Fight

There are so many plugins for firefox that make it invaluable: Take a look at some of the following:

Vimperator VIM bindings for Firefox
BarTab unload tabs from memory after a time limit
Lazarus form recovery I got sick of accidentally navigating away from pages, especially Slashdot.

Some may be moved to other browsers over time or already but these kinds of plugins make Firefox very handy and usable to me. I do not like using other people's computers because of the adverts, the lack of keyboard control and slowness.

Re:It Hurts by Thinboy00 · 2010-10-25 16:13 · Score: 1 · on Why Mozilla Needs To Pick a New Fight

Ability to "tear out" a tab into its own window, and to re-combine tabs into existing windows (Opera, Chrome, IE9).

Not sure whether that comes with vanilla Firefox, but have a look at this. I'm sure that you can do it in the latest version of Firefox (not beta) with that addon, and possibly without.

Re:It Hurts by Thinboy00 · 2010-10-25 16:01 · Score: 1 · on Why Mozilla Needs To Pick a New Fight

This. They're supposedly working on other browsers, but for now, Firefox is the only way to get this addon, which is truly marvelous (I'm a student, I would know).

Re:Tall statement by JonySuede · 2010-10-25 11:49 · Score: 1 · on New Programming Language Weaves Security Into Code

you might want to look at Eudora OSE it is somewhat leaner than Thunderbird 3 but it is not as spartanish as mutt

Re:It Hurts by master5o1 · 2010-10-25 09:43 · Score: 1 · on Why Mozilla Needs To Pick a New Fight

From what I can see, FaviconizeTab just seems like Chrome's built-in 'Pin Tab' function.

Social networking software by guanxi · 2010-10-25 05:20 · Score: 1 · on Why Mozilla Needs To Pick a New Fight

When Mozilla started, the browser market was dominated by a proprietary application that did not respect end user control and open standards. They've been a tremendous success, opening up the web and the browsers, and making end-user control almost standard. Bravo.

I agree that the browser war is won. I don't think they should pull out -- I suspect things would start reverting if they did -- but they are victims of their own success to a degree. (For some reason that is beyond me, this huge FOSS success has become 'uncool' on Slashdot, where it's fashionable to repeat that it's 'bloated', even though the whole thing is only 8 MB.)

Now there's a new application market that's dominated by a closed, proprietary application that does not respect end user control or open standards, and that's social networking. It might seem quixotic for Mozilla to take on Facebook, but the same was said about Microsoft and Internet Explorer, which was just as dominant then as Facebook is now. And further, opening the social networking space fits aligns almost perfectly with Mozilla's mission:

Principles

The Internet is an integral part of modern life–a key component
in education, communication, collaboration, business, entertainment
and society as a whole.
The Internet is a global public resource that must remain open and
accessible.
The Internet should enrich the lives of individual human
beings.
Individuals' security on the Internet is fundamental and cannot be
treated as optional.
Individuals must have the ability to shape their own experiences
on the Internet.
The effectiveness of the Internet as a public resource depends
upon interoperability (protocols, data formats, content), innovation
and decentralized participation worldwide.
Free and open source software promotes the development of the
Internet as a public resource.
Transparent community-based processes promote participation,
accountability, and trust.
Commercial involvement in the development of the Internet brings
many benefits; a balance between commercial goals and public benefit
is critical.
Magnifying the public benefit aspects of the Internet is an
important goal, worthy of time, attention and commitment.

Advancing the Mozilla Manifesto

There are many different ways of advancing the principles of the
Mozilla Manifesto. We welcome a broad range of activities, and
anticipate the same creativity that Mozilla participants have shown in
other areas of the project. For individuals not deeply involved in the
Mozilla project, one basic and very effective way to support the
Manifesto is to use Mozilla Firefox and other products that embody the
principles of the Manifesto.

Mozilla Foundation Pledge

The Mozilla Foundation pledges to support the Mozilla Manifesto in
its activities. Specifically, we will:

build and enable open-source technologies and communities that
support the Manifesto's principles;
build and deliver great consumer products that support the
Manifesto's principles;
use the Mozilla assets (intellectual property such as copyrights
and trademarks, infrastructure, funds, and reputation) to keep the
Internet an open platform;
promote models for creating economic value for the public benefit;
and
promote the Mozilla Manifesto principles in public discourse and
within the Internet industry.

Spread this by Amorymeltzer · 2010-10-25 02:50 · Score: 1 · on Firefox Extension Makes Social-Network ID Spoofing Trivial

This needs to be heard by everyone. NOW. Sure, your New York Times access is largely trivial, but Facebook and gmail access? That's someone's life. Amazon, and soon Netflix, PayPal, and eBay? That's someone's money. Maybe once people start losing money and their jobs websites will realize the severity of security, as that's usually when it hits home. But until then, very neat.

Protect yourself: https://addons.mozilla.org/en-US/firefox/addon/12714/

Re:No HTTPS encryption by muckracer · 2010-10-25 01:34 · Score: 4, Informative · on Firefox Extension Makes Social-Network ID Spoofing Trivial

> Kudos to FaceBook and most other networks for NOT using encryption for anything but the log in [--DrYak]

> I still have to manually change http to https in the URL every time they decide to sign me off. [--cindyann]

Install the HTTPS-Everywhere FF Plugin. It will SSL-encrypt Facebook and a host of other domains. Only draw-back: Chat doesn't work via SSL atm.

https://www.eff.org/https-everywhere

And while you're at it, also install the BetterPrivacy Add-on:

https://addons.mozilla.org/en-US/firefox/addon/6623/

which will get rid of the LSO cookie Facebook sets each time you use it. Best used in conjunction with AskforSanitize.

how much of those have big or animated images? by higuita · 2010-10-25 01:28 · Score: 1 · on Firefox 4's JavaScript Now Faster Than Chrome's

how much of those have big or animated images?

IIRC, caches images in ram and specially animated images (gif and apng) can eat many for each frame:

https://bugzilla.mozilla.org/show_bug.cgi?id=523950

so the problem might be probably that many images are bigger than they should be and uses more animations than they should.

the the sad true is that most webpages are too bloat and heavy, if one have too many open tabs, that bloat will slowly end eating your ram (no matter what browser you have)

Re:A better explaination by thomst · 2010-10-25 01:11 · Score: 3, Informative · on Firefox Extension Makes Social-Network ID Spoofing Trivial

here: http://codebutler.com/firesheep.

Steve Manuel of TechCrunch claims that the Force-TLS 2.0 Firefox extension can defeat Firesheep. (You have to configure it manually for each site you want to protect, though, so it's somewhat of a PITA.)

Another option is the HTTPS Everywhere Firefox extension from EFF and the Tor Project. Although HTTPS Everywhere has a predefined ruleset that includes some of the most popular Web sites, you'll still have to write your own ruleset for any site not on their default list.

Re:Thanks for the hard work by BZ · 2010-10-24 18:01 · Score: 3, Informative · on Firefox 4's JavaScript Now Faster Than Chrome's

There are several things wrong here:

1) Spidermonkey still compiles the AST to bytecode.
2) An assembler does just that: assembles. This means a 1-1 mapping of some other sort of
representation of the exact machine instructions you want into actual bits in memory.
There are no smarts here and no optimization going on; the only question is how fast
you generate those bits in memory; an ideal assembler does this as fast as possible
and without using too much memory. Now you have to generate assembly (or whatever
representation the assembler takes as input) for it to assemble. That's the job of
the compiler. JaegerMonkey takes the bytecode generated in step 1 and compiles it,
passing the output to the assembler borrowed from Nitro. This compilation step is
where (some of) the optimization takes place, and this is not code shared with Nitro.
3) Tracemonkey is most certainly useful for Sunspider; just not as useful as for other
things. See, for example, http://arewefastyet.com/?machine=6 where the purple line is
below the black one solely because of Tracemonkey. Alernately, see
https://bug580468.bugzilla.mozilla.org/attachment.cgi?id=482609 where you can see the
scores on each sunspider subtest as of a week or so ago; the -m column is JaegerMonkey
without Tracemonkey, -j is Tracemonkey without Jaegermonkey, and -mjp is what's
actually being used now (a combination of the two, with some smarts about deciding
when to use which one).
4) The goal of Kraken is in fact to include anticipated use cases. If you know
anticipated use cases it doesn't include, I'm sure Rob Sayre would love to know what
they are.

Re:HOW is it faster?!? by dhammond · 2010-10-24 06:30 · Score: 1 · on Firefox 4's JavaScript Now Faster Than Chrome's

Re:and yet Firefox still can't use 1 core... :( by Anonymous Coward · 2010-10-24 05:26 · Score: 0 · on Firefox 4's JavaScript Now Faster Than Chrome's

mr anderson would like to know whether you are reporting about the performance of the latest nightly build which is what the article is all about. He suspects not.

BarTabs: download just the tab you see... by Artemis3 · 2010-10-24 04:50 · Score: 1 · on Firefox 4's JavaScript Now Faster Than Chrome's

But in the meantime, try BarTab, and never look back. See, just because you open 20 tabs, doesn't mean you have to download and render their content right away. In fact, i wonder why this isn't the default behavior in browsers, what is the point in wasting resources in tabs you are not seeing?

Of course you are also right about the lack of using multiple cores, but this addon makes life much easier.

Re:How about a "Facebook Firewall" browser? by camperslo · 2010-10-23 17:10 · Score: 1 · on 10 Oddly Useful Specialty Web Browsers

If the reviews are to be believed, Ghostery has been sold to an advertising company and may be functioning as spyware

https://addons.mozilla.org/en-US/firefox/addon/9609

From the Ghostery/Better Advertising Privacy Policy- "We collect user traffic patterns"; "we track click-through information, including IP addresses"; "We may place a text file called a 'cookie' in the browser files of your computer."; "We may provide personal information to or permit access to personal information by our vendors and service providers"; "If Better Advertising should ever file for bankruptcy or have its assets sold to or merged with another entity, information Better Advertising receives from you, from this website, is a Better Advertising asset and may be transferred."

Re:Dillo by realityimpaired · 2010-10-23 07:26 · Score: 1 · on 10 Oddly Useful Specialty Web Browsers

You might like https://addons.mozilla.org/en-US/firefox/addon/1833/ if you're looking for a mozilla-based addon that's Facebook friendly. It doesn't implement all of the features that Flock has/had, but it does implement the basic social networking aggregation into a sidebar addon for Firefox. :)

Re:How about a "Facebook Firewall" browser? by revealingheart · 2010-10-23 06:19 · Score: 1 · on 10 Oddly Useful Specialty Web Browsers

There's the RequestPolicy extension for Firefox (and perhaps other Gecko-based browsers). This allows you to browse websites without third-party domains loading scripts, images and other media onto the page.

The upside to this is that you'll no longer be followed by social networking websites wherever you go. The downside is that you'll have to spend time changing the settings for some websites to work, as even CSS will be blocked when hosted on a different domain - the eternal vigilance problem.

You can also install CS Lite for cookies, BetterPrivacy for Flash cookies and NoScript, which makes it difficult to be tracked. An extra browser for when you want everything enabled temporarily (such as Opera or Chromium) works well together.