Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
Re:JIT javascript
-
Re:My gawd
Want OO in JavaScript? http://dean.edwards.name/weblog/2006/03/base/
Want error handling in JavaScript? https://developer.mozilla.org/en/Core_JavaScript_1.5_Guide/Exception_Handling_Statements
-
Don't forget Flash cookies!
In my humble opinion they're far worse than regular cookies! ( in that they are more pervasive / sneaky / hidden )
Firefox Plugin to delete the Flash cookies:
https://addons.mozilla.org/en-US/firefox/addon/6623Wikipedia page on Flash cookies:
http://en.wikipedia.org/wiki/Local_Shared_Object -
Re:Advertised Speed
What I don't understand, despite having some knowledge of TCP/IP, is how they expect customers to manage their bandwidth usage like this.
If I go to www.downloadlinux.foo and click on the big fat blueray image that DistroX has put up, then a connection is established and the TCP protocol will gradually increase speed until it is saturated. Since that point will be above their trigger, and the file is going to take more than 15 minutes, I can't download the distribution image without throttling?
As far as I know the average user doesn't have a browser with an obvious way to set their own cap, and even if they did they have multiple users on a local network then they can still saturate it.
I looked it up, and there's an extension for Firefox (Firefox Throttle) that will let you cap your up/down speeds, but still I don't yet understand how Comcast's strategy here is reasonable when it will cause their unaware users to get throttled for what is normal use.
-
Re:Hoping for Windows 7's success...
For what it's worth, the situation may not be quite as grim as it seems.
If you go to StatCounter Global Stats and look at the breakdown by region, the areas where IE6 usage are still very high are Africa, Asia, and (to a lesser extent) South America. Within North America, Europe, and Oceania, IE6 usage is about 8.5% on weekdays and 5.5% on weekends. Whether this is because evangelism efforts in those regions are failing, or because piracy levels are high and WGA prevents users from updating through the normal OS update mechanism, or because (until Firefox 3.5.4) IE is required for government-mandated encryption to function, I don't know.
There is also an issue that there are a large number of robots, spiders, viruses, and virus scanners that masquerade as IE6; I wouldn’t be surprised if these non-IE6 IE6 visits account for 0.5-1% of the remaining IE6 numbers. Which is frustrating, because getting an accurate count is more important than anything in deciding when to not bother with support.
-
Re:knowing is half the battle
Because you somehow prefer sFir (Flash-based) headline fonts or text rendered into big headline images? Really, if a site has sucky typography (or content problems or lousy navigation or lame presentation) then just stay away. It's pretty much that easy.
WOFF, if it works, is a fine idea IMO. It's about time that typography grows up and comes to the web. Personally, I'm hoping that this succeeds wildly and increases interest in free/libre/oss fonts and font authoring tools.
Also consider that web-delivered fonts open the door to "render[ing] languages for which font support is usually lacking.". Folks in linguistic minorities can use this to share content without having to wheedle browser/OS makers for font support, and without any fiddly configuration on the part of the reader.
-
Re:flash ?
-
Re:flash ?
-
FUD
If FUD is applied to proprietary software vendors, they fear that disclosing their software bugs might dilute their credibility among customers.
-
Re:Still prefer the suite, just for the browser
It still has the Book of Mozilla (I think it's part of Gecko, as Firefox has it too), but about:kitchensink hasn't been included for a long time. You can install an extension to have that back, though! Here: https://addons.mozilla.org/en-US/seamonkey/addon/742
-
Re:Lenovo
Flashblock is your friend:
https://addons.mozilla.org/en-US/firefox/addon/433 -
Bug 267888
Have you posted this over at mozilla.com?
-
Re:transparent system tray in awn
I got more vertical space in firefox with Hide menubar, Hide caption (makes firefox chromeless) and tree-style tabs.
-
Re:transparent system tray in awn
I got more vertical space in firefox with Hide menubar, Hide caption (makes firefox chromeless) and tree-style tabs.
-
Re:transparent system tray in awn
I got more vertical space in firefox with Hide menubar, Hide caption (makes firefox chromeless) and tree-style tabs.
-
Re:time to update headline
but I would certainly consider paying for Hulu, so long as the price was reasonable
I watch Hulu quite a bit and I would consider it as well. Heck, I would probably pay about $1/month just so that I can forever disable certain ads that I do not like. Every time I see the Axe deodorant commercial I want to find the person who made it (approved it, came up with it, etc.) and kick them in the face for a very long time!
I share your pain when it comes to suffering from Hulu ads. If I get on a kick watching through a season, it seems like I'll get one ad over and over again. Presently my most-hated is the T-Mobile MyTouch ad; I've just heard that song too many times now.
At the same time, I made the effort to opt-in to watch these ads, disabling my ad blocking methods for Hulu's services. Sometimes, when I fail to mute in time and get that damn song again, I consider turning the ad blocking back on, but it passes. I keep the ads there because I appreciate the service Hulu provides, and the fact that it has improved so much in the time it's been running. Complaints I had initially, like having to reactivate full screen each time a new video started playing from my queue, or wanting to sit back and control it with a remote have each been implemented. As an online video service, it's really the best around in terms of how it works. Other networks not on Hulu have shows on their sites, and I've always found their attempts dismal experiences.
I also appreciate the concept that Hulu gives me a chance to bolster shows I like. I don't pay that much attention to television and new shows, and often miss broadcasts or even whole series. It's a terrible day for TV entertainment when a show gets canceled that either has a larger fan base than the network thinks, or develops one after it's canned. When Hulu keeps the last 4 or 5 episodes up, I can watch the show the next day. It might be a better experience to pay a low monthly subscription and have no ads, but I naively like to think that Hulu ad revenue reflects on individual shows. I know that Hulu ratings certainly don't count for as much as broadcast, and it's unlikely that they carry any real weight. Still, I see a potential for networks to use another way to gauge how well a show will do in the long run, and want to see Hulu work toward preventing another Firefly moment.
Of course, the Internet can be a source of too much information. I wasn't very happy when I noticed Hulu sharing cookies / LSOs with Facebook in particular, and found the BetterPrivacy Firefox add-on to help to keep Hulu's collection of information limited to my choices just on their site.
-
Re:Change their perspective to be self gratifying
https://bugzilla.mozilla.org/show_bug.cgi?id=267888
I guess patches are welcome... -
Re:Finish Thunderbird first?
It looks like you are using the latest stable release 0.9. This is the latest release which works with TB2. To get Lightning for the TB3 beta's, get a nightly build. You can find a link to the nightly build for your platform at the bottom of the download page:
http://www.mozilla.org/projects/calendar/lightning/download.html#nightly
Cheers,
Stefan. -
Re:Measurement from the NVIDIA site?
-
Re:Still can't uninstall?
Firefox 1.0 - 3.5 A boolean value that when true makes the add-on not show up in the add-ons list, provided the add-on is installed in a restricted access area (so it does not work for add-ons installed in the profile). This is for bundling integration hooks to larger applications where having an entry in the Extensions list does not make sense."
You forgot the rest--
Note: This property is no longer supported under Gecko 1.9.2 (Firefox 3.6) or later, to prevent extensions from being installed in such a way that the user might not be able to tell they're installed.
-
Re:Microsoft's updated advisory
The was dome debate on Mozillazine and probably a bug or two submitted to create a proper UI for this stuff and have a way of blocking new plugins, but the devs seem to be ignoring it for now. The have made a schoolboy error here - trying to blacklist all "bad" plugins instead of just having a UI and allowing the user to whitelist plugins as they see fit.
According to the (very long!) discussion on the bug in question, Mozilla is working on such a UI.
-
ClickOnce users should be using IE?
Or at least I would. Am I the only one that feels more comfortable with things like that relegated to IE? I don't use the IE Tab extension either, I use IE View, so it opens in IE. Maybe it's just a personal preference.
I realize a plugin like Java has the same powers as ClickOnce, but I just don't want more MS on the FF side. A good feature would be:
"Warn user that a third party add-on has been installed and allow disabling". https://bugzilla.mozilla.org/show_bug.cgi?id=476430
-
Re:Still can't uninstall?
I can't comment on MS's plugin because I don't know how it works, but Firefox does support extensions which are not displayed to the user. If they are installed in locations besides the profile directory (ie are not a normal extension a user chooses to install). I don't think Mozilla's policy is quite that clear cut about when you should or shouldn't make something viewable by the user.
https://developer.mozilla.org/en/Install_Manifests#hidden
"hidden
Firefox 1.0 - 3.5 A boolean value that when true makes the add-on not show up in the add-ons list, provided the add-on is installed in a restricted access area (so it does not work for add-ons installed in the profile). This is for bundling integration hooks to larger applications where having an entry in the Extensions list does not make sense."
-
Re:Still can't uninstall?
Oh come on. As anyone who's following this story is aware, Mozilla has an "approved" method of installing plugins without using the add-ons panel. So pick your bone with them.
-
Re:Great
Mozilla guy responds to that here: https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c83
-
Re:Wait, its okay for Firefox to have a kill switc
It's semantics, but the vulnerability is within
.Net and not specific to IE. I don't suppose it really matters in the end, but this does contribute to the perception that IE is "infecting" Firefox. It's really a common vulnerability that has been exposed in both browsers. No different than if they shared a common rendering dll that had an issue.I believe Microsoft chose to roll this up in the IE cummulative update to minimize some dependency problems (and to perhaps keep the total Patch Tuesday count a little lower?)
I like the comments given in https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c71.
-
Re:Great
Please mod parent down! He is not a real person anyhow, but a member of Microsoft's psy-op team, spreading disinformation. It is outrageous to see shills modded up to +5. You gotta wonder about the motivation of someone who is defending something that was installed by stealth instead of a normal opt-in procedure. Who of those fictitious users of One-Click he is referring to actually installed this plugin on Firefox? None of them!
...because it wasn't offered or advertized, and there was no opportunity to deliberately download this plugin, and therefore nobody asked for it.The real story can be found on the Mozila discussion board.
Fundamentally, Microsoft introduced a security risk into Firefox with these add-ons. That risk came to fruition and thus Mozilla closed the risk entirely. Both have agreed to this, at least for the time being.
Mozilla is only blocking the unpatched vulnerability. It's just that there's no appreciable difference between the patched and unpatched versions so it's all blocked at once. Firefox users are by no means guaranteed to have both the update that caused this and the update that fixed this. Updates are not magic. Some people have them now; some don't. If it's not 100% then it's vulnerable and hence the block.
It's important to note that the vast majority of users with this add-on installed did not know that it was installed, or ask for it to be installed, and it's very difficult to uninstall cleanly due to the hidden extension that is left behind, as well as the "9.*.*" maxversion. This means that users who don't normally care about IE updates, because they are Firefox users, will be vulnerable until it is available to them and installed.
Mozila suggests that if you are one of the very small minority that need this software that was by and large installed into users' browsers without their permission or knowledge then you request Microsoft to write a clean version completely free of this and Mozilla can allow that through.
Neither the plugin nor the extension are updated by the hotfix, only an OS component that they depend upon is changed. All versions of the extension or plugin are affected if the old version of the system component is installed, none are affected if the new version is installed. Firefox doesn't contain a mechanism for checking system library versions, so there's no way to automatically block the plugin only on affected systems. It's all or nothing: disable this functionality completely, or allow even on systems with the vulnerability.
-
Re:Why was the MS plugin again legal?
Once installed the Java plugin can easily be removed by the user via the Firefox configuration GUI
You might want to check this out
-
Re:Great
All the addon did was to add a piece of text in useragent that told the website
.NET version. How do you manage to fuck up that?For anyone curious as to the real state of affairs behind this MS plugin issue, you might be interested in a few things. For everyone else just enjoying a good anti-Microsoft circle-jerk, ignore this post.
The plugins being discussed do more than just change the User Agent of the browser. They allow for XAML applications to run in Firefox and ClickOnce program distribution. For everyone that normally cries about Microsoft pushing IE and trying to lock users into their browser, this is an attempt to allow people to use an alternative browser while still having access to their other Microsoft-centric technologies (.NET in this case). Isn't this a good thing?
This is the bug in question. There is a lot of interesting comment there, including the fact that while everyone is crying about Microsoft "secretly" adding the plugin and preventing users from disabling it, Mozilla doesn't even give users an option to enable it! Their blocklist is all or nothing. Why doesn't that bother anyone here? One poster is very insightful:
Many corporations have begun implementing Firefox and telling their users that it is an equally if not more capable but more secure browser. For a subset of those corporations, the action of removing necessary tech without consent or a secure method for re-enabling it will result in the removal of the browser from the system completely. It will be called a failed experiment. The following day, sys-admins around the world will be left explaining to the non-enthusiast employees that the reversal came because certain business apps would not function in FF. Those users will only hear that FF is not as capable.
But perhaps the best thing about this entire issue, is that Mozilla didn't block the plugins until AFTER they were patched and the mechanism of the block is retarded. Mozilla is claiming that Microsoft agreed to issuing the block of the affected plugins, and that might be true, but only to an extent. Mozilla is currently blocking the plugins based on the name of the plugin, not the version, which means users who have installed the patched version of the plugs (at this point almost everyone using Windows Update) are still unable to use the plugins and have no way to re-enable them.
So essentially, by issuing this patch, Mozilla is doing nothing but hurting its business customers. Slashdotters can scratch their heads trying to figure out who uses these technologies, but the answer is a lot of businesses do. This absolute, non-scriptable and non-changeable block of these plugins will just remind corporations that open source isn't ready for the big leagues and they should just stick with Microsoft and IE. The sad thing is that if this kind of knee-jerk, carte-blanche blocking behavior becomes the norm for Mozilla, they will probably be right! Taking this kind of control away from the users is simply unacceptable, doubly so for businesses.
If you're wondering what MS says about this, you might take a look at this:
First we'd like to make it clear that any customers that have applied the update associated with MS09-054 are protected, regardless of the attack vector. And most customers need not take any action as they'll receive this update automatically through Automatic Updates.
So there it is -- pretty much everyone
-
Re:Great
All the addon did was to add a piece of text in useragent that told the website
.NET version. How do you manage to fuck up that?For anyone curious as to the real state of affairs behind this MS plugin issue, you might be interested in a few things. For everyone else just enjoying a good anti-Microsoft circle-jerk, ignore this post.
The plugins being discussed do more than just change the User Agent of the browser. They allow for XAML applications to run in Firefox and ClickOnce program distribution. For everyone that normally cries about Microsoft pushing IE and trying to lock users into their browser, this is an attempt to allow people to use an alternative browser while still having access to their other Microsoft-centric technologies (.NET in this case). Isn't this a good thing?
This is the bug in question. There is a lot of interesting comment there, including the fact that while everyone is crying about Microsoft "secretly" adding the plugin and preventing users from disabling it, Mozilla doesn't even give users an option to enable it! Their blocklist is all or nothing. Why doesn't that bother anyone here? One poster is very insightful:
Many corporations have begun implementing Firefox and telling their users that it is an equally if not more capable but more secure browser. For a subset of those corporations, the action of removing necessary tech without consent or a secure method for re-enabling it will result in the removal of the browser from the system completely. It will be called a failed experiment. The following day, sys-admins around the world will be left explaining to the non-enthusiast employees that the reversal came because certain business apps would not function in FF. Those users will only hear that FF is not as capable.
But perhaps the best thing about this entire issue, is that Mozilla didn't block the plugins until AFTER they were patched and the mechanism of the block is retarded. Mozilla is claiming that Microsoft agreed to issuing the block of the affected plugins, and that might be true, but only to an extent. Mozilla is currently blocking the plugins based on the name of the plugin, not the version, which means users who have installed the patched version of the plugs (at this point almost everyone using Windows Update) are still unable to use the plugins and have no way to re-enable them.
So essentially, by issuing this patch, Mozilla is doing nothing but hurting its business customers. Slashdotters can scratch their heads trying to figure out who uses these technologies, but the answer is a lot of businesses do. This absolute, non-scriptable and non-changeable block of these plugins will just remind corporations that open source isn't ready for the big leagues and they should just stick with Microsoft and IE. The sad thing is that if this kind of knee-jerk, carte-blanche blocking behavior becomes the norm for Mozilla, they will probably be right! Taking this kind of control away from the users is simply unacceptable, doubly so for businesses.
If you're wondering what MS says about this, you might take a look at this:
First we'd like to make it clear that any customers that have applied the update associated with MS09-054 are protected, regardless of the attack vector. And most customers need not take any action as they'll receive this update automatically through Automatic Updates.
So there it is -- pretty much everyone
-
Wait, its okay for Firefox to have a kill switch?
Given all the past fuss about Amazon, Apple, and Microsoft to have the ability to remotely disable features, software or addons it's suddenly not an issue that Firefox has the capability of pushing changes? While I think the Firefox devs gave some serious thought before throwing this switch, I don't think this is a no-brainer. What about environments where they need the
.net add-on? Are they forced to go back to using IE? Do you see Microsoft disabling the old versions of Firefox or Adobe Flash?If you want to read a mix of retarded, informative, and stupid comments have a look at the bug report https://bugzilla.mozilla.org/show_bug.cgi?id=522777. For example - "Firefox shouldn't have to rely on IE patches for security" - this is not related to IE. It also seems to be political as they have no interest in determining if they have the
.net update that negates the vulnerability (the vulnerability is not in the firefox add-on, its in .net which becomes accessible from within Firefox if the addon is enabled). -
Re:This is very annoying for me
Thanks Mozilla, now I have to go back to IE to use 2df.
If you're annoyed enough, it might worth installing the IE Tab add-on: https://addons.mozilla.org/en-US/firefox/addon/1419
-
Re:Great
It's not just a useragent string, but it allows remote code execution. https://bugzilla.mozilla.org/show_bug.cgi?id=522777
-
Re:Oops
-
Re:Oops
-
Here we go again.
How many times must we hear about this plugin? This is at least the third time I've seen an article on it.
If you got 1.0 of the plugin and want to get rid of it, get the update here or Here, install it, and then uninstall it.
I'm saving this in my journal. That way, when they post the next
.NET plugin story next month, I can just post the journal link. Maybe I can keep the story count there too. -
Re:Dual licenses don't work for open source ...
Firefox is triple licensed MPL, GPL, and LGPL
I don't believe you have to assign rights to any contributions, just make sure you tri-license your contributions.
-
Redirector Firefox add-on
You could use the Redirector add-on for Firefox for these situations. It allows you to automatically search & replace URLs with regular expressions. Example:
Include pattern: http://www/\.)?tunnelbroker\.net/(.*)
Redirect to: https://tunnelbroker.net/$2 -
Re:Where's my Delorian????
-
Persistence of identity vs. MITM in the wild
Once you've signed up for your account to access "Bob's cool fishing tackle forum", what you really care about is that it's the SAME site you go back to and enter your password next time, not that someone once paid VeriSign.
Mac OS X uses the same concept of persistence of identity when deciding whether to apply firewall settings to an updated version of an application: if they were signed with the same publisher certificate, even a self-signed one, they're the same app. True, it helps detect if a man in the middle has been added since the user signed up. But it doesn't help if A. one uses two different computers and they don't have some way to share their keychains, or B. a connection has been MITM'd from day one. In fact, B has actually happened.
-
Bug 215243
By the way I use cacert to generate my certificates; it should be inlcuded in the default Firefox certification authorities list. I suspect there is money involved in getting into that list though.
CAcert failed a DRC audit. Bug 215243 comment 158 has the details.
-
two great portable runtime libraries
-
many choices
-
Re:Providing free certificates
> Whats the path to getting the root cert in popular browsers?
The path is long and strewn with rocks:
-
I'm starting with the man in the middle
Putting up scary warnings when all that is required is an encrypted connection is silly.
Without some sort of authentication, you don't know that a man in the middle isn't proxying and decrypting your encrypted connection. These man in the middle attacks are happening. Self-signed certs are good for verifying that the proxy hasn't been added between connections, but that doesn't help if you've got a proxy and have always had it.
-
Re:Crossbrowser libraries just perpetuate the prob
They did honor the standard by naming their proprietary CSS extensions according to the -vendor-attribute pattern, so they're making it clear they are nonstandard, and they're not polluting the global namespace. I don't remember why exactly they chose to do so in the case of opacity, but maybe the spec wasn't stable yet. Arguably it's better to not support a standard property at all than to pretend to support it, but implement it inconsistently, or support a syntax that is still subject to change.
Btw, Firefox, Webkit and Opera have been supporting the standard opacity property for quite some time now. IE is the only browser that doesn't implement it.
It's clearer in the case of border-radius: the spec is a moving target, and browsers are implementing nonstandard extensions to it (slash and percentages in Firefox), but the goal is to support the standard once it's final. To test a new property in the wild, browsers have to implement it when the spec is still a moving target. This actually helps the standard design procedure.
-
Re:bullshit
I can also recommend Slashdotter as a great extension for Firefox. I still use version 1 Slashdot comment style, and the ability to dynamically load sub-threshold comments is very handy.
-
Re:IE
Except Firefox addons are not *necessary* to use any commonly accessed websites
Asides from the sites that only render properly in IE due to poor authoring, there are still sites out there that will actively forbid you from viewing them unless you are using IE. Unfortunately, once in a blue moon I have to visit them. That's why I have the Firefox add-on IE Tab, which pretty much does the same thing as this Chrome Frame thing. Or am I somehow mistaken?
-
Pot, kettle, black, Mozilla. Tsk, tsk.
Oh boy. Here we go.
Mozilla drags IE into the future with Canvas element plugin
Granted, Mozilla's technology doesn't do as much as Chrome Frame. It does less. But it introduced tag soup into IE. One can now, according to Mozilla's own damn hypocritic opinion because of a technological big brother envy, be sure of how IE render content.
"Once your browser has fragmented into multiple rendering engines, it's very hard to manage information across Web sites" - Mozilla
Oh, and how does adding canvas support reduce confusion when even more complete HTML 5 support won't?
But read on guys... It get funnier.
Ars Technica:
This Canvas plugin is only the first step toward bringing standards-based web technologies to Internet Explorer. Mozilla is working on a much more ambitious initiative called Screaming Monkey that will make it possible to plug Mozilla's entire next-generation JavaScript engine directly into Microsoft's web browser. If these plugins gain widespread acceptance, it will empower web developers and give them the ability to target web standards and not have to compensate as much for Internet Explorer's broken behavior.
Hahaha! I love this! Thanks for the laugh, Mozilla!
-
Re:html tag to disable active content