mozilla.org · Domains · Slashdot Mirror

Re:chrome frame by CharlyFoxtrot · 2010-02-21 07:36 · Score: 4, Informative · on Why You Can't Pry IE6 Out of Their Cold, Dead Hands

I just use Firefox Portable with IETab for the internal POS (not talking about point of sale folks) applications that won't work in anything but internet exploder. Oh and Hidetab comes in handy from time to time too.

Re:2GB on XP isnt enough anymore by jon3k · 2010-02-20 09:46 · Score: 1 · on Ars Analysis Calls Windows 7 Memory Usage Claims "Scaremongering"

I highly HIGHLY recommend a flash blocking add-on like FlashBlock for Firefox. There will be a play button where all the embeded flash videos would be and it won't load them until you click play. You can of course whitelist sites that you'd like to load all flash from. But now you don't have to have those 10 pages in tabs each with 2, 3 or more flash ads or graphics eating up CPU cycles.

Re:It's OSS by dveditz · 2010-02-19 04:45 · Score: 1 · on Mozilla Debates Whether To Trust Chinese CA

SSLed checksums for the binaries... oh, wait, Mozilla doesn't bother publishing those, for some reason.

Really? So what are these, then? https://archive.mozilla.org/pub/mozilla.org/firefox/releases/3.6/SHA1SUMS

We don't advertise it because anyone competent to check SHA1 hashes should be able to check PGP signatures, and the mirror network scales unlike hosting everything ourselves. Obviously the SSL server is not mirrored because giving out the cert would make it pointless.

Re:Well in that case by fulldecent · 2010-02-18 02:09 · Score: 1 · on Mozilla Debates Whether To Trust Chinese CA

I see your post as +5, but maybe people are modding you without clicking the link. I still see:

Remember visited SSL details and warn when changes, like SSH
Importance: enhancement with 8 votes (vote)

Re:But the File Format Sucks. :) by AlXtreme · 2010-02-17 20:36 · Score: 1 · on 20 Years of Photoshop

A tool made for GUI mockups like Firefox Pencil is even easier than Inkscape or Scribus.

Yes, it's a plugin/add-on. Give it a try, you might be surprised.

Re:Well in that case by TheLink · 2010-02-17 19:26 · Score: 1 · on Mozilla Debates Whether To Trust Chinese CA

> You forget that any CA can sign for any web site.

That attack won't work if Mozilla stopped the useless debates and just fixed their browser:

https://bugzilla.mozilla.org/show_bug.cgi?id=286107

That bug is already nearly FIVE years old.

The concern of "same site, different CA" is overblown, warn and let the user approve the new CA for the site - if the user gets lots of "New CA" warnings for the same site the user SHOULD get suspicious and not do anything till the user gets out-of-band confirmation that stuff is actually OK.

Users who don't want or can't handle such warnings should use the "Stop bothering me, I don't care that much about security" browser setting.

It won't really matter - they can (and already do) get pwned in so many other ways.

The thing is Mozilla doesn't really care about actual security, and neither do the CAs or most websites. They just care about the appearance of security. It's all about "pay us every year and your users won't get scary warnings".

In case anyone thinks DNSSEC will help, DNSSEC will just allow people to collect more tolls/taxes without really improving security (it actually facilitates DoS attacks :) ).

Have the best of both worlds by Anonymous Coward · 2010-02-17 11:58 · Score: 1, Interesting · on Mozilla Debates Whether To Trust Chinese CA

Why do Certificate Authorities have to be either completely trusted or not trusted at all? It couldn't be a ton of work to enable restrictions to be placed on the domains a CA is authoritative for.

Looks like there's already a thread discussing this for the Mozilla suite.

Re:Conclusion by Jazzbunny · 2010-02-16 22:55 · Score: 5, Informative · on Today's Best CPUs Compared... To a Pentium 4

Just install AutoPager and you get the article in one long page. You find performance per dollar at page 17 and other interesting nuggets of information well before that last page conclusion.

BetterPrivacy by Anonymous Coward · 2010-02-16 22:17 · Score: 0 · on Next Flash Version Will Support Private Browsing

Ouch, have you tried: BetterPrivacy
Auto deletes flash cookies on exit and/or after a user-configurable expiration timeout.

FlashBlock by shovas · 2010-02-16 13:08 · Score: 4, Informative · on Next Flash Version Will Support Private Browsing

Someone mentioned it in passing but I'll say it directly: FlackBlock

I'm not one to turn off the web with NoScript or not contribute to sites I'm visiting by using AdBlock. FlashBlock is a great compromise. Normal ads, no stupid flash instability. Click on the flash when actually want it to run for where it's actually needed. You'll be surprised how well it works.

Better Privacy extension by harmonise · 2010-02-16 12:01 · Score: 3, Informative · on Next Flash Version Will Support Private Browsing

This feature is here now for Firefox users with the Better Privacy extension.

Firefox extensions by pydev · 2010-02-16 11:59 · Score: 5, Informative · on Next Flash Version Will Support Private Browsing

Get FlashBlock or NoScript to turn off flash altogether.

Get BetterPrivacy to automatically delete Flash cookies on exit; it seems to work well.

Firefox extensions by pydev · 2010-02-16 11:59 · Score: 5, Informative · on Next Flash Version Will Support Private Browsing

Get FlashBlock or NoScript to turn off flash altogether.

Get BetterPrivacy to automatically delete Flash cookies on exit; it seems to work well.

Firefox extensions by pydev · 2010-02-16 11:59 · Score: 5, Informative · on Next Flash Version Will Support Private Browsing

Get FlashBlock or NoScript to turn off flash altogether.

Get BetterPrivacy to automatically delete Flash cookies on exit; it seems to work well.

Flash Cookies by adrianturner · 2010-02-16 07:13 · Score: 1 · on Did We Lose the Privacy War?

To automatically get rid of these use the BetterPrivacy add-on.

arguments for and against by Exter-C · 2010-02-15 19:33 · Score: 1 · on Are All Bugs Shallow? Questioning Linus's Law

One of the key arguments that people like to taunt regarding software security and specifically open source security is the fact that they compare say redhat enterprise 4 to Windows 2003. If you look at the Redhat Errata you may start to be alarmed. The question then comes around... 'who actually installs EVERY single redhat package when they install the whole system?'.. the answer from my experience is very few. However that is where many of the comparisons come from. If you segregate the overall number of comparable systems between linux and windows you will often find that the number of security vulnerabilities to be not wildly different. However if you compare the whole distribution's release to a windows install then your going to think.. 'dang windows is secure'. There are several other points in the argument that I tend to enjoy asking people who use these types of numbers.
1. if you have so few vulnerabilities what is your exposure footprint? e.g. how many people are trying to trojan you on windows vs linux?
2. how many of the vulnerabilities have been reported by the community that develop the software? If we look at Firefox for example most of their vulnerabilities are not actually reported by hackers or security experts but by their core developers who realise someone else in their team wrote some crap code or didn't properly do something. Here are some URL's to give some further evidence http://www.mozilla.org/security/announce/2009/mfsa2009-47.html http://www.mozilla.org/security/announce/2009/mfsa2009-63.html (although after actually going to find evidence I found that in 3.0 and 3.5 most vulnerabilities came from researchers and not the community like many earlier releases)

arguments for and against by Exter-C · 2010-02-15 19:33 · Score: 1 · on Are All Bugs Shallow? Questioning Linus's Law

One of the key arguments that people like to taunt regarding software security and specifically open source security is the fact that they compare say redhat enterprise 4 to Windows 2003. If you look at the Redhat Errata you may start to be alarmed. The question then comes around... 'who actually installs EVERY single redhat package when they install the whole system?'.. the answer from my experience is very few. However that is where many of the comparisons come from. If you segregate the overall number of comparable systems between linux and windows you will often find that the number of security vulnerabilities to be not wildly different. However if you compare the whole distribution's release to a windows install then your going to think.. 'dang windows is secure'. There are several other points in the argument that I tend to enjoy asking people who use these types of numbers.
1. if you have so few vulnerabilities what is your exposure footprint? e.g. how many people are trying to trojan you on windows vs linux?
2. how many of the vulnerabilities have been reported by the community that develop the software? If we look at Firefox for example most of their vulnerabilities are not actually reported by hackers or security experts but by their core developers who realise someone else in their team wrote some crap code or didn't properly do something. Here are some URL's to give some further evidence http://www.mozilla.org/security/announce/2009/mfsa2009-47.html http://www.mozilla.org/security/announce/2009/mfsa2009-63.html (although after actually going to find evidence I found that in 3.0 and 3.5 most vulnerabilities came from researchers and not the community like many earlier releases)

Re:Open Web alternative to Newgrounds? by Anonymous Coward · 2010-02-15 17:01 · Score: 0 · on Five Years of YouTube and Forced Evolution