Slashdot Mirror

https://wiki.mozilla.org/Firefox/4.0_Windows_Theme_Mockups

Yeah, and no changelog links. Nothing there but second hand speed ratings for javascript. WTF slashdot??? Here is the closest thing I can find to a changelog: roadmap.

Nice that it was two links deep from the main article...

Download link from Mozilla Nightlies.

CAcert withdrew their request for their root cert to be included in Firefox. Talk to CAcert about it.

StartCom free SSL certificates now seem to work in Internet Explorer, Firefox, and Outlook out of the box. It looks like they're the best bet for free certs that won't display warnings in popular products.

Why?

You mean to say you don't trust your bank, but you DO trust ALL of these guys?

My bank has my money. I'd much rather THEY issue me a certificate than some telecom authority in Turkey -- which you'd blindly accept.

I don't see many people getting MITMed

Bug 460374: A case of MITM in the wild

Firefox 3.6.4 had 7 release candidates, significantly more than most releases have.

User Agent Switcher.

https://addons.mozilla.org/en-US/firefox/addon/59/

I don't have sources per se... but I do have personal experience. I'm using a Motorola Droid with default factory image. I was curious about how Fennec was coming along. You can't find Fennec in the Android Marketplace, but you can get nightly builds if you follow instructions. I've done that. Marketplace doesn't show Fennec as being installed.

Granted - all this assumes what Marketplace does, in fact, only muck with apps it knows about and there isn't some other back-door involved.

If you're on 64-bit Windows, you can improve this a bit by using editbin (from the platform SDK) to set the large address aware flag in firefox.exe, increasing the limit to 4 GB. (If you're on 32-bit Windows, this will have no effect unless you also use the /3gb or /userva kernel flags.)

There are unofficial 64-bit builds, as well as ongoing work on official 64-bit Windows builds.

If you're on 64-bit Windows, you can improve this a bit by using editbin (from the platform SDK) to set the large address aware flag in firefox.exe, increasing the limit to 4 GB. (If you're on 32-bit Windows, this will have no effect unless you also use the /3gb or /userva kernel flags.)

There are unofficial 64-bit builds, as well as ongoing work on official 64-bit Windows builds.

Feature detection, wow, what a concept.

I could then bank on 38% effectiveness (lowest score held by IE)

https://developer.mozilla.org/en/Browser_Feature_Detection

I think Lynx is the wrong example to use, as it does not have Javascript.

Run Internet Explorer for a few days. Go to the sites you go to now currently and see how unresponsive they are:

Enjoy the flash adverts sucking up your CPU.
Enjoy the diet and belly fat banners
Enjoy the and accordion and menu animations
Enjoy the Google Analytics loading
Enjoy the updating banner ads
Enjoy loading Prototype/jQuery/Google Ads again and again for every site you go to
Enjoy vibrant media in-text adverts.
Enjoy some of the sneaky popunders and fake virus warnings
I recommend the no-Javascript experience to anyone.

Load up with RequestPolicy, NoScript and AdBlocker Plus and you're sorted for hiding the crap you don't want to see. The AdBlocker is a way to block the stuff you accidentally let through with RequestPolicy.

As to the content producers, say escapist magazine, screw them. They obviously forgot about me when accepting that cheque from selling out. You don't block or try counter adblockers. It's my computer, my bandwidth.

I think Lynx is the wrong example to use, as it does not have Javascript.

Run Internet Explorer for a few days. Go to the sites you go to now currently and see how unresponsive they are:

Enjoy the flash adverts sucking up your CPU.
Enjoy the diet and belly fat banners
Enjoy the and accordion and menu animations
Enjoy the Google Analytics loading
Enjoy the updating banner ads
Enjoy loading Prototype/jQuery/Google Ads again and again for every site you go to
Enjoy vibrant media in-text adverts.
Enjoy some of the sneaky popunders and fake virus warnings
I recommend the no-Javascript experience to anyone.

Load up with RequestPolicy, NoScript and AdBlocker Plus and you're sorted for hiding the crap you don't want to see. The AdBlocker is a way to block the stuff you accidentally let through with RequestPolicy.

As to the content producers, say escapist magazine, screw them. They obviously forgot about me when accepting that cheque from selling out. You don't block or try counter adblockers. It's my computer, my bandwidth.

There is a Firefox add-on, DNSSEC Validator, which appears to work for the pir.org zone, as well as my own roysdon.net zone. Both are DNSSEC signed, although my roysdon.net is found in the DLV.

You can point the tool to use Comcast's DNSSEC trial resolver which is DLV-enabled at 68.87.68.170.
You can trial Comcast's DNSSEC trial resolved which does not have DLV support at 68.87.64.154 and rely only on the Root signature and previously published ccTLDs like .SE.

pir.org is an example of a zone which you can verify just by having the root zone's key. The root signs .ORG, and .ORG has signed pir.org.
As opposed to DLV-enabled zones, like mine, which rely on dlv.isc.org until .NET is signed. Well, also until Registrars add a way so that .ORG owners can sign their zones.

There is a Firefox plugin that will give a key icon if the domain is signed with DNSSEC https://addons.mozilla.org/en-US/firefox/addon/64247/

I thought I had remembered an Opera alpha release with support for granting a web application full control over a local directory, but I cannot find any reference to writing local files being supported in HTML5. On the other hand, there is a much more sane API for handling reading local files, of course, only once the user has given those files to the web page via a file open dialog or drag and drop.

https://wiki.mozilla.org/Firefox/Goals/2010Q1/IO_Reduction

Seems they have been fixing your lag issues.

This means while you are enjoying a show on hulu.com, a rogue flash ad could still spoil the fun

You might try Flashblock

Flashblock is an extension for the Mozilla, Firefox, and Netscape browsers that takes a pessimistic approach to dealing with Macromedia Flash content on a webpage and blocks ALL Flash content from loading. It then leaves placeholders on the webpage that allow you to click to download and then view the Flash content.

Don't forget the new HTML5 parser that is already working in the betas. Not only will this be the first fully HTML5 compliant parser, it will also be faster, run in a separate thread off the main thread, and make it possible to use SVG and MathML inline in HTML documents.

http://hacks.mozilla.org/2010/05/firefox-4-the-html5-parser-inline-svg-speed-and-more/

that buy says fix is https://hg.mozilla.org/releases/mozilla-1.9.1/rev/8c17cad9e838
and its to browser/base/content/browser.js
but there is no browser.js in my tree
update: oh right, https://hg.mozilla.org/releases/mozilla-1.9.1/raw-rev/8c17cad9e838

Mozilla Firefox\chrome\browser.manifest
says its in
Mozilla Firefox\chrome\browser.jar
so all you gotta do is
unzip -d browser browser.jar ...
rezip browser.jar, replace browser.jar and you're done .... why doesn't firefox issue an update, its just javascript?

that buy says fix is https://hg.mozilla.org/releases/mozilla-1.9.1/rev/8c17cad9e838
and its to browser/base/content/browser.js
but there is no browser.js in my tree
update: oh right, https://hg.mozilla.org/releases/mozilla-1.9.1/raw-rev/8c17cad9e838

Mozilla Firefox\chrome\browser.manifest
says its in
Mozilla Firefox\chrome\browser.jar
so all you gotta do is
unzip -d browser browser.jar ...
rezip browser.jar, replace browser.jar and you're done .... why doesn't firefox issue an update, its just javascript?

I'll put in a plug for my favorite extension here: TreeStyleTab.

Interesting, I might have to give that a try.

When I surf, inevitably one thing leads to another thing, which leads to a site which leads to six more things. So I middle-click almost every link, and it all gets organized into a hierarchical history.

I usually break into multiple Firefox windows when I start having multiple disparate browsing sessions take place. I'll have a window for personal stuff (mail, Slashdot), a window for all the documentation I've got open, and maybe a third window for miscellaneous things.

The other thing I've really liked using is Session Manager because it makes saving these sessions really easy. I have around a dozen saved sessions related to various research projects I've worked on. Need to remember all the pages I referenced when looking at options for authenticating Linux off Active Directory? Just load the session of 20 tabs into a new window. It also makes restoring crashed sessions and whatnot a lot more flexible.

"And reader Trailrunner7 supplies another compelling reason to download 3.6.4: "Security researcher Michal Zalewski has identified a problem with the way Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser's address bar. The vulnerability, which Mozilla has fixed in version 3.6.4, has the effect of tricking users into thinking that they're visiting a legitimate site while instead sending arbitrary attacker-controlled code to their browsers."" Nope, sorry: https://bugzilla.mozilla.org/show_bug.cgi?id=556957#c46

With 128-150 tabs open

No offense, but I think you're doing it wrong.

I routinely open that many tabs. But then, I work in a dynamic environment where I'm often being asked to do a dozen things at once, including several open-ended research projects, plus a handful of web-based apps, plus casual browsing, reading news, etc. And Slashdot, of course.

I'll put in a plug for my favorite extension here: TreeStyleTab. Rather than limiting tabs to a linear strip, this gives it a 2D structure. When I surf, inevitably one thing leads to another thing, which leads to a site which leads to six more things. So I middle-click almost every link, and it all gets organized into a hierarchical history. It helps me organize my thinking when I'm researching something, especially when I don't know exactly what I'm looking for.

TreeStyleTab demo shot

It's got a million options. You can configure it for all sorts of things. You can even have it put a 2D tab strip across the top of the window, if you like that.

The lack of a working TreeStyleTab clone on Chrome meant I went back to Firefox. Everything else was great, but I can no longer do serious web browsing without TST, and so that killed Chrome for me. Yes, it's that important.

TreeStyleTab: Don't leave your home page without it.

I'll take this opportunity to post some non-inflammatory info on planned Firefox development.

Firefox 4.0, which may go into beta as early as next month, is supposed to do a lot in this direction. Overhauled JavaScript engine, overhauled HTML rendering, etc.

http://wiki.mozilla.org/Firefox/4/Beta

http://developer.mozilla.org/en/Firefox_4_for_developers

I thought I had heard that 4.0 was supposed to deliver one-process-per-page functionality, but I'm having trouble finding recent status info. (One drawback to high-speed FOSS development is it's hard to keep track of things like that.) But anyway, the project is named "Electrolysis" ("E10S" in Firefox-developer-speak).

http://wiki.mozilla.org/Electrolysis

http://wiki.mozilla.org/Talk:Firefox/Roadmap

I'll take this opportunity to post some non-inflammatory info on planned Firefox development.

Firefox 4.0, which may go into beta as early as next month, is supposed to do a lot in this direction. Overhauled JavaScript engine, overhauled HTML rendering, etc.

http://wiki.mozilla.org/Firefox/4/Beta

http://developer.mozilla.org/en/Firefox_4_for_developers

I thought I had heard that 4.0 was supposed to deliver one-process-per-page functionality, but I'm having trouble finding recent status info. (One drawback to high-speed FOSS development is it's hard to keep track of things like that.) But anyway, the project is named "Electrolysis" ("E10S" in Firefox-developer-speak).

http://wiki.mozilla.org/Electrolysis

http://wiki.mozilla.org/Talk:Firefox/Roadmap

I'll take this opportunity to post some non-inflammatory info on planned Firefox development.

Firefox 4.0, which may go into beta as early as next month, is supposed to do a lot in this direction. Overhauled JavaScript engine, overhauled HTML rendering, etc.

http://wiki.mozilla.org/Firefox/4/Beta

http://developer.mozilla.org/en/Firefox_4_for_developers

I thought I had heard that 4.0 was supposed to deliver one-process-per-page functionality, but I'm having trouble finding recent status info. (One drawback to high-speed FOSS development is it's hard to keep track of things like that.) But anyway, the project is named "Electrolysis" ("E10S" in Firefox-developer-speak).

http://wiki.mozilla.org/Electrolysis

http://wiki.mozilla.org/Talk:Firefox/Roadmap

I'll take this opportunity to post some non-inflammatory info on planned Firefox development.

Firefox 4.0, which may go into beta as early as next month, is supposed to do a lot in this direction. Overhauled JavaScript engine, overhauled HTML rendering, etc.

http://wiki.mozilla.org/Firefox/4/Beta

http://developer.mozilla.org/en/Firefox_4_for_developers

I thought I had heard that 4.0 was supposed to deliver one-process-per-page functionality, but I'm having trouble finding recent status info. (One drawback to high-speed FOSS development is it's hard to keep track of things like that.) But anyway, the project is named "Electrolysis" ("E10S" in Firefox-developer-speak).

http://wiki.mozilla.org/Electrolysis

http://wiki.mozilla.org/Talk:Firefox/Roadmap

According to the discoverer and the issue; he mixed up two different fixes, initially:

http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html

https://bugzilla.mozilla.org/show_bug.cgi?id=556957#c46

My problem is that I kind of hate the Internet with NoScript.

You might take a look at YesScript (a JavaScript blacklisting plugin sans all the extra protection crud in NoScript). If you use it in conjunction with AdBlock+subscriptions you'll probably block quite a bit.

That said, I like NoScript in general because of just how much faster most sites are with their scripts disabled. It does get annoying though, as more and more sites are completely non-navigable without scripts enabled.

I myself use the FF extension. This has been my primary PDF/DOC/PPT viewer for awhile now.

PDF is actually a useful standard when it comes to reproducing printed or printable documents. The worst thing about PDF is Adobe's Reader implementation. Hopefully, this is a clean implementation, not based on Adobe's lousy, slow, insecure Reader code. I know they say its sandboxed, but still.

Anyone using Safari or Firefox (extension here) on the Mac has been able to do this for some time; PDFs are a lot better without the Adobe plugin.

I know it's very hard for some people to understand that not all commercial companies are out there to get them, with evil plots to steal their identity and money. You must think that Abine is this all-powerful corporation that bribes all editors and is scheming to take all innocent, OSS-loving TACO users and screw them over. Well, I'm sorry to disappoint you. If you think this update is harmful to the general public (and I would disagree), then that's a problem with our policies, and ultimately my problem.

Mozilla is one of the most open organizations in the world, and there are multiple channels you can use to complain or to try to get this decision reversed. Or you can continue with your conspiracy theories and proud indignation because you don't like the new version of a program.

I know it's very hard for some people to understand that not all commercial companies are out there to get them, with evil plots to steal their identity and money. You must think that Abine is this all-powerful corporation that bribes all editors and is scheming to take all innocent, OSS-loving TACO users and screw them over. Well, I'm sorry to disappoint you. If you think this update is harmful to the general public (and I would disagree), then that's a problem with our policies, and ultimately my problem.

Mozilla is one of the most open organizations in the world, and there are multiple channels you can use to complain or to try to get this decision reversed. Or you can continue with your conspiracy theories and proud indignation because you don't like the new version of a program.

So HTML/Javascript is a good way of subverting "don't run your software on my computer without my permission" policy?

Or is there some argument here that a browser environment is safe but any other virtual machine sandbox and the local user permissions system for restricting binaries are horribly insecure?

Feel free to review it yourself if you like. Here's all the necessary information:

Our policies

Editor Guide

Code validator

You can also send a message to our mailing list (see wiki link) and ask another editor to corroborate.

Feel free to review it yourself if you like. Here's all the necessary information:

Our policies

Editor Guide

Code validator

You can also send a message to our mailing list (see wiki link) and ask another editor to corroborate.

Feel free to review it yourself if you like. Here's all the necessary information:

Our policies

Editor Guide

Code validator

You can also send a message to our mailing list (see wiki link) and ask another editor to corroborate.

What print bug does Firefox have that's not actually just expected behavior

Well, there's this one that's been critical since 2005. At least they've fixed the truncation problems and missing thead/tfoot (comments say that 3.0 release candidates fixed the dataloss) but it still has weird border issues in print preview. (note the missing bottom edge of the input above the first sample table... at least on my windows xp print preview anyway, it's a shame that windows printing is really a function of how shitty your printer driver is.)

+1

All the comments moaning about licenses miss this point:

Any Firefox extension you have could be bought out and converted into something you don't like. And Mozilla (at least in the person of the reviewer who approved the changes to TACO) offers only limited protection from this.

The Changing of Defaults and Unexpected Features add-ons policy appears to address what an add-on does when it's first installed. It doesn't adequately address notifications of changes pushed in updates to add-on functionality.

We have an unexpected features policy, also called No Surprises. We wouldn't have allowed the update if it enabled unexpected features for users, or if it had really changed its core functionality. But it didn't. It added several features, but they are also privacy and security tools, and they're turned off by default.

So, in your opinion, a change that makes an add-on with no interface that just works out of the box with no interface elements at all into an add-on that adds multiple interface elements, pop-ups on pretty much every page (as almost every nominally popular site nowadays uses cookies in one form or another), and begins by flashing an introduction menu that contains among other things advertisement for "premium service"...

Is not a change that changes core functionality?

I mean really. One can split hairs and claim that it's "an add-on that generally protects your privacy by opting out of...", but in my, and apparently pretty much everyone's opinion, the sudden appearance of "features" like interface, pop-ups etc is a very, very serious change to core functionality. Which was from end-users point of view to STFU and just opt us out.
The worst part is, this approval essentially dropped my trust towards Mozilla's auto-update function and add-on review process from full one hundred to zero. Because trust is hard earned (and mind you, you earned it with your hard work so far), and lost over one major failure. And allowing a hijack like this to be piggy backed as an "update" is a pretty damn major breach of trust. Whether you like it or not, this raises a question if the next update that you will decide that change is "minor" will get our UI painted full of targeted ads, which apparently will pass your check just as well so long as ads are relevant to core functionality of an add-on?

For the next time: if an add-on that previously required no user action other then installation and didn't do anything to tell user about itself starts using flashy pop-ups to advertise itself, adds elements to UI and gets a flashy configuration window with advertisements for its host company, it's a change of core functionality for end user. Even if developer in you feels it's a "small upgrade", for end user it will be a major change and in this case, a game breaking one.

We have an unexpected features policy, also called No Surprises. We wouldn't have allowed the update if it enabled unexpected features for users, or if it had really changed its core functionality. But it didn't. It added several features, but they are also privacy and security tools, and they're turned off by default.

I don't agree that we should warn about codebase changes, since that's the developer's prerogative, but I do agree that we should communicate privacy policy or EULA changes. That's something that we can't do through Firefox at the moment, but we definitely want to include in the future.

Another extension that some might find useful is SSLPasswdWarning. It evaluates password input fields and pops up a warning whenever they post via non HTTPS.

NoScript is overly complex, and so is flashblock for that matter. I view them both as solutions looking for problems.

There is a simple, elegant tool which does either job better, and then gets the hell out of your way: QuickJava. Click the button, javascript off. Same as if you disabled it in the Tools menu, the way it should be. Not "mostly" off, but OFF. Click it again, javascript on. Click the flash button, flash plugin disabled. Click it again, re-enabled.

Now THAT is the correct solution to the problem.

Could be thin edge of the wedge global politics. With the Australia government being put under pressure by the US and Europe to try to squeeze in these laws, so that they can be used as an example by others to introduce them elsewhere.

Silly stuff recording emails sent and received, so what happens if you run your own email server (something that will eventually become the norm), by law you will be required to monitor your own activities and dob yourself in. Broadband always on connections, so you logged in on april 2005 and are still logged in, no what is the point of that. Recording all web site visits, easy solution web accessing equivalent of https://addons.mozilla.org/en-US/firefox/addon/3173/ track me not a search engine obscuring addon .

Likely also in the future in will be more common to have a home web server that you and your family can log into remotely, to get and leave messages, access your content, to work on your content from remote locations, so will you have to record this and report any suspicious activity by you or your family.

The cloud services in their real application are distributed services (not big data centres renting access, the deluded dreams of the lock in monopolists). The traffic flow will be enormous and intertwined, as people collect, collate, alter, update and redistribute data in every direction imaginable. Logging all of it all of the time is simply a ludicrous idea, especially when people will take the logical step to protect their privacy by burying their actual activity under a mountain of automated obfuscating activity.

To be annoyed by /r9k/ (at least audibly), Javascript is required. You almost got a mod down 'offtopic' because I block this kind of nonsense by default.

Well, as a matter of fact even better than that.

I remember when this happened with some Silverlight thing in the past, but I can't remember what the reason was the Mozilla devs gave for allowing this type of silent local add on installation.

Found an old bugzilla debate/bug from 2009 (!) about when this happened previously. It seems some consider it a moot point because Firefox reports add-ons have been installed when it boots. Did this MS update get around that somehow?

Here's the link: https://bugzilla.mozilla.org/show_bug.cgi?id=476430

And the old story from the last time MS did this: http://voices.washingtonpost.com/securityfix/2009/06/microsoft_patch_to_fix_firefox.html

Does anyone know of a good (hopefully low-cost/free) central patch management software/tool for things like Flash?

Sure!