Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
Re:Basic touch screen plus Firefox mouse gestures?
Ok, so the first version of Firefox's "Mouse Gestures" came out on July 26, 2004 https://addons.mozilla.org/en-US/firefox/addons/versions/39#version-0.9.20040725. Which is before this patent was filed. So if we found evidence of someone using mouse gestures with a touch screen monitor, would that constitute prior art?
Heck, it goes back further than that. Perhaps Apple should be paying Opera a license fee?
-
Basic touch screen plus Firefox mouse gestures?
Ok, so the first version of Firefox's "Mouse Gestures" came out on July 26, 2004 https://addons.mozilla.org/en-US/firefox/addons/versions/39#version-0.9.20040725. Which is before this patent was filed. So if we found evidence of someone using mouse gestures with a touch screen monitor, would that constitute prior art?
-
Re:No plugins like Adblock and NoScript
I don't have a computer with IE7/8 on it. For those, I use IE NetRenderer.
-
Re:Something to credit Microsoft for
Thank God Firefox makes supporting standards such a high priority.
-
Re:A wikipedia that was "cool like that"
Edit your userContent.css, or install the Stylish plugin. http://www.mozilla.org/unix/customizing.html#usercss
.metadata {display: none !important;} -
Noscript
I can't believe people still haven't heard of Noscript
It (along with adblock plus) is the reason Firefox is the most secure browser. -
Re:Keep spreading lies
Noscript ftw.
Captcha: installs
-
Just offer some money and you're fine
Just offer a small compensation from the multi-million dollar Mozilla Foundation budget and people will volunteer. As Schneier said, "If McDonald's offered a free Big Mac for a DNA sample, there would be lines around the block."
-
Re:Apples and Oranges
Why throw JavaScript in there? The rest are server-side languages, while JavaScript is client-side.
Two reasons I can think of:
1) An increasing amount of number of applications are being delivered via the web browser
2) JavaScript increasingly lives a number of other places besides the browser. See Rhino, JScript.NET, Seed, and probably a few other places I'm not thinking of right now. -
Javascript: A *Good* Language
But javascript is an awfully convoluted language. Why does it become easy when you put a language like that into the equation?
To put it bluntly: "Because a lot of people already know it."
... The problem with attracting developers is that so many of them these days have went on to develop web applications with awful scripting languages like Javascript...You know what I don't think this is accurate at all. Javascript is actually a very elegant language, what is convoluted is the "web" platform.
-
Re:Is it FUD if there's some truth to it?
If your search history worries you try: https://addons.mozilla.org/en-US/firefox/addon/3173
-
Re:Removing IE poses one very significant problem
What if I build by own systems?
Then you are tech savvy enough to use this.
-
Re:The article doesn't describe the actual exploit
https://developer.mozilla.org/En/Same_origin_policy_for_JavaScript
http://en.wikipedia.org/wiki/Same_origin_policy
cant just grab pages at random in javascript -
Re:Ban Pop-ups
Javascript alerts would be fine, as long as they would stay only with their own content and not interrupt other tabs/windows or other programs on the system.
There is a very long-standing bugzilla bug about this for Mozilla, you can read:
https://bugzilla.mozilla.org/show_bug.cgi?id=59314
Bug 59314 - Alerts should be content-modal, not window-modal(comment #39 describes a security problem that sounds similar to the problem here)
Lots of good ideas in that page about how alerts could be handled differently. I like the one where the alert becomes an infobar. If you aren't on that tab when the alert happens, you won't be forced to see it, and it can't interrupt anything else you're doing.
In the meantime, closing all open browser windows before you visit your bank site is still the safest thing to do.
-
Re:Wikipedia Search = Sucky
-
Re:Product dumping
I would say its not hard to believe that market use of Linux/BSD on the desktop rival this at least.
I would.
Honestly I am not sure how people are counting number of Linux/BSD desktop/laptop users since there is no license to buy.
The current favored method is tracking web users across large collections of websites through cookies and the browser's User Agent.
Linux has <1% marketshare and declining (enable javascript for hitslink if you use NoScript)
Of course, this metric is skewed somewhat by the fact that Firefox users can fake their user agent (for sites like fafsa.ed.gov, for instance)...then go using one copy of a download to install numerous times/instances.
Is that so very different from your average XP install?
According to the Apple site, a copy of Leopard costs $129.
To be pedantic, that is supposed to be an upgrade disc.
-
Re:Hardcore Slashdotters won't notice...
It's called Smart Bookmarks
-
Re:Hardcore Slashdotters won't notice...
On a related note, I have been storing all of my favorites on the bookmark bar (or whatever it is called). As more sites are using the "favicon", it has been helpful to just edit the bookmark and remove the title altogether (leaving just the icon). You can fit a lot of favorites in the toolbar in this manner.
Check out the Smart Bookmarks extension if you're on Firefox. Allows you to do that and more without renaming your bookmarks.
-
Re:Chrome supports a company that sells ads.
But don't just get all high-and-mighty about how advertising is for suckers, while posting to a site that wouldn't exist without it with a browser that wouldn't exist without it.
Absolutely. And it's probably worth noting: 88% of Mozilla revenue [PDF 62kB] comes from those ads.
-
Re:Local software solution instead
PasswordMaker for Firefox. Give one password and it will generate irreversible password hashes for each site you visit. Stores nothing on your computer by default so there is nothing to crack.
-
Re:I noticed a dhs.org redirect once
More likely your browser was pre-fetching search results and one of your search results was on a dhs.gov web page.
-
Re:Web ads have themselves to blame
The problem with the hosts file is that the advertisers keep switching servers and IP ranges in an attempt to dodge host based filtering. A better solution is a browser extension, such as AdBlock Plus with subscription lists and support for regular expression based filtering.
-
Re:More intrusive ads for the same revenue?
That is why NoScript is a must have add-on for Firefox. Combine with AdBlock Plus for an especially effective prescription against subversive scripts and annoying ads.
-
Re:More intrusive ads for the same revenue?
That is why NoScript is a must have add-on for Firefox. Combine with AdBlock Plus for an especially effective prescription against subversive scripts and annoying ads.
-
Awfulbar
Some, like Firefox 3, we can probably mostly agree on.
Not really. I mean, intentionally making your product less functional (with no way to restore the stripped functionality) generally isn't a good thing.
-
Awfulbar
Some, like Firefox 3, we can probably mostly agree on.
Not really. I mean, intentionally making your product less functional (with no way to restore the stripped functionality) generally isn't a good thing.
-
Re:Taking a harder line on certs.
When he told me (paraphrased) that they "KNOW the entity they give a cert to isn't committing fraud because they have to sign a LEGAL DOCUMENT that says they aren't!"
A marketroid spouting nonsense about technical matters. What else is new?
Of course, you and I know that a CA is supposed to verify identity of the party that they're issuing a certificate to, not its trustworthiness (unless they're issuing a sub-CA certificate, but that's a different matter). Much misunderstanding does indeed come from this misconception of a CA's role.
Of course, https is screwed up anyway because of the way it munges security and authenticity together. Ideally, browser and server should immediately do a key exchange, then once the connection is encrypted, perform optional authentication after the browser sends the host field. The lock icon should indicate encryption and authentication separately.
Ok, now you seem to fall prey to the same misconception. Without being sure about the identity of the party your communicating with, there can be no security. Think about it.
You could be talking to an interloper who does nothing else than pass your messages to your bank, and your bank's messages to you. And take notes, of course.
That's what's is called a man-in-the-middle-attack. And apparently they're not just the stuff of some James-Bond movie, but occasionally do happen in real life. Here, a prankster was setting up an open Wifi honeyspot and rigged it to eavesdrop on SSL communications. Of course, Firefox caught the bad certificates, which the victim dutifully shrugged off and filed as a bug. Haha. Or maybe it was a trawl, she did indeed mention that she was "bumming off an unsecured Wifi access point" a leetle bit too early in the thread...
Without public key verification (either by certificate, or by manually comparing fingerprints) there can be no security against such attacks.
-
Re:A Better "Web of Trust"
What about simply creating a better web of trust?
Congratulations!
You Sir have just re-invented CaCert. CaCert is a certification authority which operates by a web-of-trust model: users certify each other after seeing id, and only users having gathered a minimum amount of assurance points can get a certificate.
Unfortunately, CaCert is not trusted by the browsers (such as Mozilla or Konqueror), who seem to be more hung up about expensive audits and pompous root key signing ceremonies.
Other CA's, such as Comodo/CertStar or RapidSSL/GeoTrust don't seem to have any problems being blessed by browsers though. Thanks to these fly-by-nighters it's still very easy to mount an Mitm attack using your open Wifi honeypot, which will be undetectable, unlike this poser here.
-
Re:A Better "Web of Trust"
What about simply creating a better web of trust?
Congratulations!
You Sir have just re-invented CaCert. CaCert is a certification authority which operates by a web-of-trust model: users certify each other after seeing id, and only users having gathered a minimum amount of assurance points can get a certificate.
Unfortunately, CaCert is not trusted by the browsers (such as Mozilla or Konqueror), who seem to be more hung up about expensive audits and pompous root key signing ceremonies.
Other CA's, such as Comodo/CertStar or RapidSSL/GeoTrust don't seem to have any problems being blessed by browsers though. Thanks to these fly-by-nighters it's still very easy to mount an Mitm attack using your open Wifi honeypot, which will be undetectable, unlike this poser here.
-
Just to back up your point:
-
Re:You'll see WAR
The Kitchen Sink, you say?
-
Mozilla plugins == Active X...
Everyone trashes Active X as a security problem while Mozilla plugins get a pass and this is rather silly. The essence of both is that you download a DLL and it runs arbitary code in the process space of the browser (and then hence, often the user). Active X is just a different way of talking to the DLL, nothing more.
If you can run flash plugins, java plugins, and other plugins, inside of a browser, they can and will have the same security problems that plague Active X. It's random binary code that a user gets off of the internet.
SERIOUSLY, ANYONE BITCHING ABOUT ACTIVE X SHOULD JUST READ THIS GODDAMNED LINK.
http://www.mozilla.org/projects/plugins/
IT'S THE SAME FRICKING TECHNOLOGY... UNIDENTIFIED BINARY CODE RUNNING IN THE SAME ADDRESS SPACE AS THE BROWSER.
DUH.
-
Re:It's spelt Firefox
You do know there's a plugin called Firesomething, right? Call it what you want. Or install Firesomething and "All your branding are belong to Firesomething." Every time it starts it can have a different name.
Yes, it's for 1.x Firefox. There are instructions in the link to fix it so it works with versions up to 4.0.
-
Flashblock is your friend
-
Didn't some TLA fund tor development?
TLA=Three Letter Agency
They can use tor to download anything they want from any US server, or they can simply connect to any other countries' mirrors.
That's why reading this is always mind-boggingly hilarious:This source code is subject to the U.S. Export Administration Regulations and other U.S. laws, and may not be exported or re-exported to certain countries (currently Cuba, Iran, Libya, North Korea, Sudan and Syria) or to persons or entities prohibited from receiving U.S. exports (including those (a) on the Bureau of Industry and Security Denied Parties List or Entity List, (b) on the Office of Foreign Assets Control list of Specially Designated Nationals and Blocked Persons, and (c) involved with missile technology or nuclear, chemical or biological weapons).
Hm, yeah, right, sure.
-
Re:Ideally...
Here you go: https://addons.mozilla.org/en-US/firefox/addon/394
HTH!
-
Efforts underway to resolve problem.
This subject is being discussed by Firefox developers, Comodo CA people, the person who reported the problem, and somebody named "Patricia" from CertStar, the issuer, here.
Robert Alden of Comodo says they "have suspended Certstar's reseller activities until our investigation has been completed." The CertStar site now says "Due to technical issues we are unable to process orders at this time. We are working hard to resolve the issue and apologize for any convenience caused. Please check back later."
The Mozilla team is discussing revoking some root CA keys.
-
Re:Certificate revoked already
Update: a bug has been opened to handle this incident. It seems the offending company was spamming, and nowhere did they state that they were a reseller for Comodo, nor were there any ownership checks done before issuing the certificate.
-
Re:Don't take the bait
That is why I don't think we have anything to worry about with regards to FF going anywhere. With Chrome, Safari, or IE I have to have a browser THEIR way, and with FF I can have it MY way, which to me is worth a hell of a lot more than some faster Javascript, which I have blocked with Noscript so is kinda pointless to me anyway. With FF I have Forecastfox to keep me abreast of bad weather, I have Noscript and Adblock Plus so I don't need to be irritated by ads, I have video downloader and download statusbar to make videos and downloads nicer, and finally I have FEBE to keep my FF on the desktop synced to my flash.
So while folks can talk about this browser being faster or that browser having a better engine I just can't see anything taking the place of FF for me. And Google would be crazy to cut off the cash to FF because I am sure that MSFT would be more than happy to pay to be the default search engine in FF. So while I have tried Chrome and Opera and think both have nice things to offer, being able to see the web MY way makes FF a no brainer for me.
-
Re:Don't take the bait
That is why I don't think we have anything to worry about with regards to FF going anywhere. With Chrome, Safari, or IE I have to have a browser THEIR way, and with FF I can have it MY way, which to me is worth a hell of a lot more than some faster Javascript, which I have blocked with Noscript so is kinda pointless to me anyway. With FF I have Forecastfox to keep me abreast of bad weather, I have Noscript and Adblock Plus so I don't need to be irritated by ads, I have video downloader and download statusbar to make videos and downloads nicer, and finally I have FEBE to keep my FF on the desktop synced to my flash.
So while folks can talk about this browser being faster or that browser having a better engine I just can't see anything taking the place of FF for me. And Google would be crazy to cut off the cash to FF because I am sure that MSFT would be more than happy to pay to be the default search engine in FF. So while I have tried Chrome and Opera and think both have nice things to offer, being able to see the web MY way makes FF a no brainer for me.
-
Re:Don't take the bait
That is why I don't think we have anything to worry about with regards to FF going anywhere. With Chrome, Safari, or IE I have to have a browser THEIR way, and with FF I can have it MY way, which to me is worth a hell of a lot more than some faster Javascript, which I have blocked with Noscript so is kinda pointless to me anyway. With FF I have Forecastfox to keep me abreast of bad weather, I have Noscript and Adblock Plus so I don't need to be irritated by ads, I have video downloader and download statusbar to make videos and downloads nicer, and finally I have FEBE to keep my FF on the desktop synced to my flash.
So while folks can talk about this browser being faster or that browser having a better engine I just can't see anything taking the place of FF for me. And Google would be crazy to cut off the cash to FF because I am sure that MSFT would be more than happy to pay to be the default search engine in FF. So while I have tried Chrome and Opera and think both have nice things to offer, being able to see the web MY way makes FF a no brainer for me.
-
Re:Don't take the bait
That is why I don't think we have anything to worry about with regards to FF going anywhere. With Chrome, Safari, or IE I have to have a browser THEIR way, and with FF I can have it MY way, which to me is worth a hell of a lot more than some faster Javascript, which I have blocked with Noscript so is kinda pointless to me anyway. With FF I have Forecastfox to keep me abreast of bad weather, I have Noscript and Adblock Plus so I don't need to be irritated by ads, I have video downloader and download statusbar to make videos and downloads nicer, and finally I have FEBE to keep my FF on the desktop synced to my flash.
So while folks can talk about this browser being faster or that browser having a better engine I just can't see anything taking the place of FF for me. And Google would be crazy to cut off the cash to FF because I am sure that MSFT would be more than happy to pay to be the default search engine in FF. So while I have tried Chrome and Opera and think both have nice things to offer, being able to see the web MY way makes FF a no brainer for me.
-
Re:Don't take the bait
That is why I don't think we have anything to worry about with regards to FF going anywhere. With Chrome, Safari, or IE I have to have a browser THEIR way, and with FF I can have it MY way, which to me is worth a hell of a lot more than some faster Javascript, which I have blocked with Noscript so is kinda pointless to me anyway. With FF I have Forecastfox to keep me abreast of bad weather, I have Noscript and Adblock Plus so I don't need to be irritated by ads, I have video downloader and download statusbar to make videos and downloads nicer, and finally I have FEBE to keep my FF on the desktop synced to my flash.
So while folks can talk about this browser being faster or that browser having a better engine I just can't see anything taking the place of FF for me. And Google would be crazy to cut off the cash to FF because I am sure that MSFT would be more than happy to pay to be the default search engine in FF. So while I have tried Chrome and Opera and think both have nice things to offer, being able to see the web MY way makes FF a no brainer for me.
-
Re:Don't take the bait
That is why I don't think we have anything to worry about with regards to FF going anywhere. With Chrome, Safari, or IE I have to have a browser THEIR way, and with FF I can have it MY way, which to me is worth a hell of a lot more than some faster Javascript, which I have blocked with Noscript so is kinda pointless to me anyway. With FF I have Forecastfox to keep me abreast of bad weather, I have Noscript and Adblock Plus so I don't need to be irritated by ads, I have video downloader and download statusbar to make videos and downloads nicer, and finally I have FEBE to keep my FF on the desktop synced to my flash.
So while folks can talk about this browser being faster or that browser having a better engine I just can't see anything taking the place of FF for me. And Google would be crazy to cut off the cash to FF because I am sure that MSFT would be more than happy to pay to be the default search engine in FF. So while I have tried Chrome and Opera and think both have nice things to offer, being able to see the web MY way makes FF a no brainer for me.
-
Re:Ideally...
Personally, I can't wait until Chrome is available for Mac. I will be switching from Firefox pretty quickly. Firefox has never worked well on the Mac, although the current version is much better than the horrid mess that was Firefox 2.0.
May I ask if you have tried/considered Camino (formerly Chimera), the Mozilla project's native Mac OS X browser? (Same engine, just a native GUI)
-
Re:Chrome has a long way to go
Do you remember when Firefox came out as an alternative browser and its main focus was being on slim and fast? Well, those days are gone and we now have a bloated monster which takes for-fucking-ever to boot on my slower machine.
They're working on it. If you dare you can take a look at a nightly and see for yourself. For me it's now almost as fast as opera and that is under linux. Firefox used to be a real dog under linux, mind you, even worse than the windows version.
Why is this, I really want to know?
Well, I guess they can only do so much. We have tons of new features and an amazing Addon-System by now, the guys who developed all that probably couldn't focus on performance at the same time. But the good news is, as said, it's improving and one of your next fox updates will give you a nice speed boost.
-
Re:What's the point?
Have you tried FEBE for Firefox yet? I am pretty much doing the same trick and FEBE makes it so easy to keep all my bookmarks, passwords, preferences, etc synced between the portable FF and the desktop. Great little tool to have if you are using multiple Firefox browsers.
-
Re:Blaming Linux...
I bolded the quote to show what their real problem was. They had a shit load of threads trying to use a single socket and of course there was huge overhead involved due to the mutex lock (Semaphore on kernel side) on a shared resource (the socket). So they blame Linux instead of them selves for such a half-ass implementation of sending out packets from multiple threads with a single socket. They would have gotten the same exact result if they tried it with a single TCP connection socket and attempted to have multiple threads firing off packets with that. If you want multiple threads sending out packets use multiple sockets... Wow what a concept!
Your attitude is reminds me of a response I recently got to a bug in Firefox 3 here on Slashdot: the page which triggered the bug is "stupid", and it's not the Firefox developers fault that the program locks up when it encounters a "stupid" page. Thus it's a low priority to fix it, since it only affects users of "stupid" pages; hardly even a bug at all !
As for this UDP issue, I find it very hard to believe that a properly designed system needs to hold the lock long enough to cause significant lock contention. We are talking about adding a single item to a linked list or a comparable operation. It takes - what, setting two pointers ? Or three if it's a doubly linked list.
Besides, threads are just processes which share more context than processes in general. And a socket is just a logical construct the operating system uses in its network API. There's no inherent reason why two threads sending UDP packets over a single UDP socket should be any slower than sending them over different sockets, or two separate processes sending them over different ports, since they ultimately leave through the same hardware interface. If it is indeed slower, then that is because of the design choices a particular implementation has taken. These choices may or may not be justified; however, the user is not "stupid" simply because he didn't realize you would make these particular choices instead of some other, possibly equally reasonable ones.
Sorry for my ranting, but it just pisses me off when moron programmers blame the operating system for their own stupidity.
It is always hard to hear criticism of things you hold dear. That doesn't mean that the bearer of the bad news is a moron.
-
Re:Is any browser safe?Hey they are all safer now.
MS IE Patched
Firefox 2.0 and 3.0 patched
and Opera 9.63 released earlier this weekLet browsing begin again!
-
Re:My password manager is in my wallet
There's always the Bugmenot addon if you're using Firefox, and the password manager will remember the login details like it will for any other account.