Slashdot Mirror

An interesting example of how the human brain filters out information it deems useless, sometimes incorrectly, is Mozilla's new logo.

Their logo is basically the name "mozilla" with the characters "ill" replaced with "://", giving "moz://a".

As evidenced by our discussion about it here at Slashdot, a lot of people read the logo as saying "moz a", "moz-a", "moza", "motza", or some other variant:

https://news.slashdot.org/comments.pl?sid=10135707&cid=53692003

https://news.slashdot.org/comments.pl?sid=10135707&cid=53690807

https://news.slashdot.org/comments.pl?sid=10135707&cid=53691285

https://news.slashdot.org/comments.pl?sid=10135707&cid=53691017

https://news.slashdot.org/comments.pl?sid=10135707&cid=53691919

https://news.slashdot.org/comments.pl?sid=10135707&cid=53692263

So while most people can eventually see how "://" is supposed to represent "ill", it isn't apparent at first and takes extra mental effort to make the connection. Most people see "://" and think of them not as useful characters, but as symbols to be filtered out. So they automatically do so, and see the name as "moz a" or some other variant on that.

It's kind of unbelievable that Mozilla would use such a confusing logo. If people here at Slashdot are confused by it, even if just briefly, it will be incomprehensible to a wider, non-technical audience.

Last week, a friend on facebook posted a link to wwww.google.com/amp/ $ARTICLE_URL and it confused me. I didn't understand why they were linking to google instead of $ARTICLE_URL.

I have never seen an AMP site, because on mobile, I only surf with Firefox + Desktop by Default and Phony addons, and with Phony's user agent set to "Desktop Firefox" (For some sites, you gotta' use both). I've hated "mobile" sites so much for years that I've been avoiding them since before Google rolled-out AMP.

Honestly, Firefox for Android is the only thing that makes mobile browsing tolerable for me. All the mobile browsers I've ever seen on every "Mobile" OS are just absolutely fucking horrible. Firefox for Android is the least horrible. I tried Desktop Firefox on Ubuntu Touch, but Xmir has too many nasty bugs to be usable.

Last week, a friend on facebook posted a link to wwww.google.com/amp/ $ARTICLE_URL and it confused me. I didn't understand why they were linking to google instead of $ARTICLE_URL.

I have never seen an AMP site, because on mobile, I only surf with Firefox + Desktop by Default and Phony addons, and with Phony's user agent set to "Desktop Firefox" (For some sites, you gotta' use both). I've hated "mobile" sites so much for years that I've been avoiding them since before Google rolled-out AMP.

Honestly, Firefox for Android is the only thing that makes mobile browsing tolerable for me. All the mobile browsers I've ever seen on every "Mobile" OS are just absolutely fucking horrible. Firefox for Android is the least horrible. I tried Desktop Firefox on Ubuntu Touch, but Xmir has too many nasty bugs to be usable.

This is probably the most conservative choice out of the different logo designs that were proposed. Personally, I preferred "the eye" and its connection to the former Mozilla Dinosaur.

http://mozilla.org/ -> moz://a

Dear Mozilla: Too much navel-gazing, and not enough good software engineering and innovation.

I realized that Mozilla was no longer focused on software when they used donors' money, not to fix bugs and add features, but to sponsor a surfing competition in Hawaii.

https://www.mozilla.org/en-US/

vs

https://www.google.ca/search?t...

It's pretty much his favorite one.

Oh come on, someone had to make this about Trump :p

The "new logo" link above doesn't have the logo, or a link to it. How about a link that actually uses the logo instead, like this one

As usual, there are several Firefox addons available to help enhance privacy.

1. Canvas Blocker - This extension forces the API to return random values for sites not whitelisted. The server asks your browser to draw something on the canvas and return the results and your browser lies to the server and returns garbage instead. Perfect. As a bonus, this appears to affect WebGL as well. I get new random values for WebGL and Canvas hashes on each visit to the EFF Panopticlick.

2. Stop Fingerprinting - This extension randomizes the string order of the list of returned fonts supported by the browser as well as preventing enumeration of plugins and adding bits of randomness to heights and widths of inline elements to further frustrate font detection.

Using these extensions together with others (Privacy Badger, Ref Control, NoScript, AdBlock Plus), substantially enhances privacy and frustrates fingerprinting by making your browser fingerprint unique per request . The more people that do this the more noise that is generated and the more poisoned the fingerprinting databases of the advertisers and other snoopers become. The advertisers are trying to use as many pieces of discrete information about your browser as they can to make your fingerprint unique. By randomizing some of those pieces, especially ones that rely on local hardware, we can take advantage of their greed to ruin their fingerprinting algorithms.

As usual, there are several Firefox addons available to help enhance privacy.

1. Canvas Blocker - This extension forces the API to return random values for sites not whitelisted. The server asks your browser to draw something on the canvas and return the results and your browser lies to the server and returns garbage instead. Perfect. As a bonus, this appears to affect WebGL as well. I get new random values for WebGL and Canvas hashes on each visit to the EFF Panopticlick.

2. Stop Fingerprinting - This extension randomizes the string order of the list of returned fonts supported by the browser as well as preventing enumeration of plugins and adding bits of randomness to heights and widths of inline elements to further frustrate font detection.

Using these extensions together with others (Privacy Badger, Ref Control, NoScript, AdBlock Plus), substantially enhances privacy and frustrates fingerprinting by making your browser fingerprint unique per request . The more people that do this the more noise that is generated and the more poisoned the fingerprinting databases of the advertisers and other snoopers become. The advertisers are trying to use as many pieces of discrete information about your browser as they can to make your fingerprint unique. By randomizing some of those pieces, especially ones that rely on local hardware, we can take advantage of their greed to ruin their fingerprinting algorithms.

But there is a permission to record audio https://developer.mozilla.org/...

And my point is that the hardware advances didn't keep up the way they used to.

And your point is wrong. Moore's Law never promised serial speed-ups. It promised greater number of elements (transistors) on the same-size chip — and that keeps working, according to TFA. We just don't feel it like we used to.

Where the increase could be translated into serial speed-ups, no effort is required from software folks — the same program would run faster automatically. But when the advances provide for larger caches, RAM, new processor-instructions, more and wider IO-pipes, and multiple threads of execution, a rewrite may be necessary. Other things being equal, Firefox should be able to render the same page about twice faster on a quad-core machine than it does on a dual-core one. It does not...

And that's, where the the software engineers are coming short — despite having these wonderful tools like IDEs and smarter compilers to do their jobs.

It's not the same as the exponential general purpose sequential computing we had experienced up till then.

Few tasks require serial performance — most desktop stuff is, in fact, parallelizable. It just is not done — not done right anyway.

Consider Firefox for just one example — it has gone from event-driven (Netscape) to multi-threaded and now to multi-process. Because loading and rendering even one page offers ample opportunities for parallelizing — you can load multiple elements of the page (images, styles, JS) in parallel. Just not very well.

And, after it runs for a while, its memory usage becomes so high, you have to restart the process — because even with the shiny new malloc there remain problems...

It's not the same as the exponential general purpose sequential computing we had experienced up till then.

Few tasks require serial performance — most desktop stuff is, in fact, parallelizable. It just is not done — not done right anyway.

Consider Firefox for just one example — it has gone from event-driven (Netscape) to multi-threaded and now to multi-process. Because loading and rendering even one page offers ample opportunities for parallelizing — you can load multiple elements of the page (images, styles, JS) in parallel. Just not very well.

And, after it runs for a while, its memory usage becomes so high, you have to restart the process — because even with the shiny new malloc there remain problems...

AFAIK, only _one_ CA has ever been removed from web browsers' trusted issuer lists, and that's DigiNotar.

Certificates issued by StartCom and WoSign on or after 2016-10-21 are distrusted because of backdating to circumvent SHA-1 phase-out.

Man in the middle has been used in the wild for seven years. I've already run into public Wi-Fi hotspots that attempt to MITM the TLS connections of their users, even if only to redirect all users to the TOS page. It wouldn't be too much of a step for an ISP to require subscribers to install the ISP's root certificate so that the ISP can MITM everything.

I run about 6 or 7 plugins which are all fairly common and I have run the same ones for 3 to 5 years.

Plugins or addons?

See if you have perf issues running firefox in "safe mode"...
https://support.mozilla.org/en...

Otherwise, try a full browser refresh, which will reset it to "factory defaults".

I'm on a really old Athlon X2 cpu with less than 4gig of ram (WinXP), and firefox runs beautifully...
But what I tend to do is unusual, I run a bunch of different sites under different Firefox profiles.
So mail would be under a separate profile (and process), and Google sites (like the memory hogging Google Maps) would be under a completely different profile (and process), and another profile for shopping sites, and default for all other browsing.

command line: firefox.exe -profilemanager -no-remote

But to start firefox under default, remove the "no-remote" flag.

https://addons.mozilla.org/add...

You're referring to subresource integrity, correct? That exists, but only Firefox currently allows the server to specify that scripts from a particular origin require SRI.

You're referring to subresource integrity, correct? That exists, but only Firefox currently allows the server to specify that scripts from a particular origin require SRI.

Session manager

Which extension do you use to save locally all pages that are open in a dozen or so tabs, so that they can be reloaded back into tabs once you are ready to read them?

Scrapbook Plus

And then end up getting modded down for making uninformed comments on account of not having read the featured article. Several sites admit that they can't tell tracking blocking (such as privacy.trackingprotection.enabled which uses Disconnect's list) from ad blocking, such as WIRED, The Atlantic, and the INQUIRER, and sites like Slashdot continue to link to stories on these sites.

Since 2004

https://addons.mozilla.org/en-...

For other browsers and platforms too

'nuf said

https://www.mozilla.org/en-US/...

Scripted vector animations can fuck right off, too.

Fogle was a company spokesperson, who got fired before the trial started because whether or not he had actually committed any crime, the appearance of his behavior made him unsuitable as a spokesperson.

Was Eich similarly a company spokesperson? You need only look at Mozilla's press releases. He's quoted in them while he's CTO, and if you go on Youtube, you can see that he makes a number of conference keynotes representing the Foundation. Once he's CEO, he writes this piece on inclusiveness which is linked to in this Mozilla Foundation press release. So, there's Eich representing the Mozilla brand on exactly the issue they already know he has a problem with. He doesn't get a chance to represent the foundation again, as they know they have a problem.

Great work by Mozilla and the Tor Project on the lighting fast (

And yes, NoScript did protect against this (the Tor Browser has it built-in, for users who know what they're doing).

Time to flood these scumbags with so much useless data they drown to death in it...

Good idea. You can have some fun while you do it as well.

Flagger is a browser add-on that automatically puts red flag keywords (like bomb, Taliban and anthrax) into the web addresses you visit. Install Flagger to make a statement: government surveillance has gone too far.

https://addons.mozilla.org/en-...

This proof-of-concept experiment analyzes the domains in your browsing history to show your overall browsing interests based on ODP categories and Alexa siteinfo. All the analysis is done with your local Firefox data and nothing is sent out of Firefox.

If you're just trying to isolate your sessions and you're not worrying about other programs installed locally screwing with them (hi, Ask toolbar!), then you can use Firefox's profile manager to run different Firefox processes from different profiles (firefox.exe -p -no-remote). I believe you'll have to reinstall/reconfigure your plugins in each profile you use, but each will have a completely separate cookie jar, history, etc. If you're willing to risk it, nightly builds have a new feature called "Container Tabs" that is supposed to provide session isolation within a single process more on that here.

The beauty of VM-type isolation is that unless you're important enough for someone to burn a VM escape exploit on, everything you do is completely unaware of everything else you're doing. So you can install crap in VMs, and that crap can't install toolbars or "helpers" in your browsers, or a remote-access exploit for Firefox running in one VM can't give access to any other Firefoxes in other VMs.

Firefox 50 also displays a closed captioning (CC) button in the HTML5 video player, if the video has an accompanying WebVTT file with "captions" tracks:

https://bugzilla.mozilla.org/s...

This has been missing for quite a while and will help make more videos accessible across all browsers.

Mozilla did not add a lock icon strikethrough. That was delayed. Check the official changelog: https://www.mozilla.org/en-US/...

Actual FF 50 Release notes and release tracking page, for anyone who cares to read about what all they're working on right now.

Actual FF 50 Release notes and release tracking page, for anyone who cares to read about what all they're working on right now.

Copy paste? Seriously? You don't use Open With? And you don't have uBlock Origin for Chrome?

Nah, then you'd see an increased network usage. This is probably just Firefox's fsync bug repeated: in order to ensure data integrity, SQLite has a mode that fsyncs on commit. (After all, if the data isn't written to storage, it isn't really committed.) If you combine that with autocommit after every minor transaction, you get a ton of fsyncs and massive data usage.

bug? this one? Reported: 2008-03-07 03:10 PST, Status: RESOLVED FIXED ?

Nah, then you'd see an increased network usage. This is probably just Firefox's fsync bug repeated: in order to ensure data integrity, SQLite has a mode that fsyncs on commit. (After all, if the data isn't written to storage, it isn't really committed.) If you combine that with autocommit after every minor transaction, you get a ton of fsyncs and massive data usage.

I would love to make firefox the default browser in my company. However mozilla has zero interest in that. While chrome provides MSI's and group policy templates to tie the whole thing together, enforce custom settings, etc.

Firefox how to deploy faq: https://wiki.mozilla.org/Deplo... (note the two most important links are broken and defunct)

google how to deploy faq: https://support.google.com/chr... (and many other webpages, but you dont even need instructions because its teh same as every other well designed software package from a major corporation)

Its been like this for literally years. Mozilla simply does not care about centralized policy management or deployment.

Firefox is the best web browser by far and much more stable, and less ram hungry than chrome, so its sad for me. Until i can push out adblock and firefox with a customized home page in 30 minutes to 200 workstations its not going to be standard on my network.

http://www.frontmotion.com/FMFirefoxCE/
MSI and GPO, works like a charm

I haven't used it, but it looks like there's a Firefox add-on for that: https://addons.mozilla.org/en-...

I would love to make firefox the default browser in my company. However mozilla has zero interest in that. While chrome provides MSI's and group policy templates to tie the whole thing together, enforce custom settings, etc.

Firefox how to deploy faq: https://wiki.mozilla.org/Deplo... (note the two most important links are broken and defunct)

google how to deploy faq: https://support.google.com/chr... (and many other webpages, but you dont even need instructions because its teh same as every other well designed software package from a major corporation)

Its been like this for literally years. Mozilla simply does not care about centralized policy management or deployment.

Firefox is the best web browser by far and much more stable, and less ram hungry than chrome, so its sad for me. Until i can push out adblock and firefox with a customized home page in 30 minutes to 200 workstations its not going to be standard on my network.

The easiest way to switch a legacy service to HTTPS is to install an NGINX reverse proxy in front of it.

Provided it has its own fully-qualified domain name.

If a service accessible over a LAN is normally accessed with a private IP address (such as one in 192.168/16), or with a hostname under a phony TLD (such as .local), the CAs won't issue a certificate. This is true, for example, of the HTTP server for administering a router, printer, or NAS. Mozilla's FAQ about deprecation of cleartext HTTP acknowledges this problem but offers no fix yet:

Q. What about my home router? Or my printer?

The challenge here is not that these machines can't do HTTPS, it's that they're not provisioned with a certificate. A lot of times, this is because the device doesn’t have a globally unique name, so it can't be issued a certificate in the same way that a web site can. There is a legitimate need for better technology in this space, and we’re talking to some device vendors about how to improve the situation.

It should also be noted, though, that the gradual nature of our plan means that we have some time to work on this. As noted above, everything that works today will continue to work for a while, so we have some time to solve this problem.

But your new one will not work in most popular browsers. https://blog.mozilla.org/secur... And Chrome joined them this week...

How about the Ambient Light API? And any other sensor-exposing APIs that may be lurking in there? Or, if somebody really thinks there's a good reason to allow sites to read arbitrary sensors, give the user fine-grained control over which sites have access to which sensors. Preferably with the default access being "NONE".

Back Date a couple of certificates ? Don't charge? Compete with another free certificate authority?

You are seriously understating the pattern of behavior on WoSign's part that led to this decision. (Comodo is no better IMO.)

Setting aside cross-site requests etc, I think the first time privacy issues were recognized by browsers was when they restricted access to :visited link styles in order to prevent sites from discovering what other sites you had visited in the browser.

When Brendan Eich's backing of a popular, but ultimately-losing political movement came to light, Mozilla — undoubtedly pressured by Google, who provides 90% of its money — forced the inventor of Javascript to voluntarily step down.

The ongoing collapsing of Her Beautiful Wickedness is no dissimilar — although reasonably popular and, some would say, even with a reasonable chance of getting the same 52% of the vote that Brendan-backed Proposition 8 has gathered, Hillary may lose on legal grounds.

To avoid being seen as a hypocrite, Mr. Schmidt — who didn't merely donate some money, but was actively helping her — ought to resign soon.

I might just move it to Chrome and call it a day

If you move it to Chrome then it will also work in Mozilla's new API without too much effort.

I am in the same boat as you, but I use the Classic Theme Restorer Addon so I don't have to suffer the latest UI degradations.

If they continue to mess up, like with the Social Web stuff, i might switch to Vivaldi, though.

Get this extension first:

https://addons.mozilla.org/en-...

Life is much easier when all your addons don't break with every new Firefox release.