Slashdot Mirror

Who says it'll be included with the browser by default? Mozilla has made a bunch of extensions that aren't pre-packaged.

https://addons.mozilla.org/en-US/firefox/addon/resurrect-pages/

Not sure why it's never been very popular. It's one of the most useful add-ons I have. Unlike the proposed add-on in TFA which only uses the Wayback Machine, Resurrect Pages lets you pick from four possible sources (Google cache in full and text-only mode for those annoying pages which won't show the text until all the nonexistent pics finish loading first, Wayback Machine, WebCite, archive.is) for a cached version of the page. There used to be more, but I guess some of those archiving projects died.

Something like resurrect pages?

Firefox 53 removes plug-in support, with the exception of Adobe Flash Player.

https://bugzilla.mozilla.org/s...

Here's the inevitable bug report - which has since been dismissed and closed by the developers:

https://bugzilla.mozilla.org/s...

I took a brief glance at that extension's source. From https://addons.mozilla.org/en-...:

exports.main = function (options) {
            if (options.loadReason === 'install' || options.loadReason === 'startup') {
                var version = sp.prefs.version;
                if (self.version !== version) {
                    if (sp.prefs.welcome) {
                        timers.setTimeout(function () {
                            tabs.open(
                                'http://firefox.add0n.com/privacy-settings.html?v=' + self.version +
                                (version ? '&p=' + version + '&type=upgrade' : '&type=install')
                            );
                        }, 3000);
                    }
                    sp.prefs.version = self.version;
                }
            }
        };

Because phoning home on every update is good for your privacy, right?

Agree with you about all that. The unfortunate bits here are that (1) many browsers do not allow you sufficient capability to protect yourself (because you are the product, not the customer, and it would hurt the customers for the product to protect itself), and (2) Firefox also has plans to remove the low level extension mechanism required to implement fine grained control. XUL is being replaced be something called "WebExtensions", which is similar to what Chrome etc provide. Unfortunately, it is more of a scripting mechanism and will not allow many of the things possible today in Firefox through the lower level XUL interface.

There will still be forks of FF that allow these things, but the ecosystem of security-minded extension builders may be fractured by this, and not every important one will be available to every fork. It could end up being a major problem for people trying to browse the web securely. Also, the modern web is so complex that maintaining a browser with a small team easily means falling behind, with more and more sites not working as the years go by.

We will have to wait and see. Signs are inauspicious, however. The internet is turning from a thing that empowers users, to a thing that empowers advertisers and multinationals.

You can check if e10s is available by going to Options -> General -> "Enable multi-process Firefox". I think what TFA means is that it's off by default (unless you don't use addons) until Firefox 49, but can somebody confirm that?

I definitely do /not/ have that option available.

I can see a few things in about:config and about:support relating to it; it may be possible to get it going by mucking around with options but it's certainly not at the point to justify the headline.

I had this issue when I updated to 48beta a few weeks ago _specifically_ for multi-process. You can force enable it. Follow this: https://wiki.mozilla.org/Elect...

Did you miss this announcement?

It doesn't seem like you can disable it in Chrome, don't know about Opera or Vivaldi though. There's a Chromium fork called Iridium in the works that's hardened for privacy and security features, but I don't know enough about the company behind it to recommend it.

For Firefox, there's a great extension called Privacy Settings that will automatically optimize your settings for security and privacy (N.B. I would select "Full Privacy" but turn on dom.storage.enabled so websites like GOG's and Protonmail's will work, and turn off security.ssl.require_safe_negotiation since too many websites don't have good security yet).

Detectable obfuscation is, by definition, an obvious malicious pattern.

Not always. Sometimes it means "I licensed these functions from a third party under a contract that forbids me to disclose their source code." The Review Policies states: "If your add-on contains code that you don't own or can't get the source code for, you may contact us for information on how to proceed."

Detectable obfuscation is, by definition, an obvious malicious pattern.

Not always. Sometimes it means "I licensed these functions from a third party under a contract that forbids me to disclose their source code." The Review Policies states: "If your add-on contains code that you don't own or can't get the source code for, you may contact us for information on how to proceed."

Unlike Firefox current, Firefox ESR 52 will allow it to be turned off. From Add-ons/Extension Signing:

Signing enforcement will be enabled by default in [ESR] releases, and enforcement can be disabled using the xpinstall.signatures.required preference.

While literally true, that's hardly an honest assessment. It's impractical for all but 0.01% of the userbase. The rest are just stuck with whatever mozilla decides.

Or you could click here: http://archive.mozilla.org/pub...

You aren't as locked out as you're claiming to be.

If you really have unsigned add-ons you want to install, there are multiple options for you. See the FAQ entry "What are my options if I want to install unsigned extensions in Firefox?".

https://wiki.mozilla.org/Add-o...

There's one change I've noticed - the awesomebar dropdown has changed. I think it's the "Searching for something already in your bookmarks or open tabs? We added super smart icons to let you know" referred to in the official release notes.

The icons look different and the layout of the content is slightly different. Here's a shot of the previous version and the new version.

Classic Theme Restorer -> Location bar (3) -> Alternative appearance seems to restore the previous layout but it seems to still have a new font.

Fun times.

Sounds like there are a few options for you.

According to https://wiki.mozilla.org/Addon..., you can use a dev or nightly build which will have the about::config option to disable signing enforcement. This would allow you to keep on a current build.

Otherwise, like you say, submit the extension to Mozilla for signing. There are also automated methods to do this using an API or the jpm util.

What if add-ons don't sign? Can we still "force" them in?

See here: https://wiki.mozilla.org/Add-o...

You can still use unsigned addons in the Developer and Nightly branches. If you're willing to void any promise for support, you can also use an unbranded version of the stable branch: https://wiki.mozilla.org/Add-o...

Sorry for the double post, but see here: https://wiki.mozilla.org/Add-o...

"How will the unbranded versions of Firefox work?

They work just like Firefox, with two differences: they will have a setting to disable mandatory signature checks, and they will not have the Firefox name and logo (instead using a generic name and logo). These builds are available in the en-US locale only."

No changes in the UI. And Classic Theme Restorer still works: https://addons.mozilla.org/en-...

I can tell you have a number of things you take issue with. However I have a differing view from yours, at least on most points.

I can understand the removal of Pocket--it's something that fits squarely in the realm of what an extension should do. However, I happen to like Australis and tabs on top (which is their somewhat logical place as the address bar refers to the current page). The "http://" being hidden is something of use for users who aren't as experienced as power users, and I would like to note that "https://" is not hidden and is, at least for the sites I use, more universally the "default". Just because you haven't used reader mode doesn't mean it's not incredibly useful and something which should be baked right into the browser. You seem to be arguing from a user perspective, but from a user perspective Mozilla has made some very prudent choices with these items. You seem to be arguing more about changes which fit your own use case, which sounds far more like a power user, in which case you have provided the solutions yourself (extensions/about:config changes).

With regards to the DANE bug, you'll note the the comment at the bottom of that chain says it's marked WONTFIX because there is another bug report and they are not sure which direction they are going to go[1]. Just because they are making more visual changes does not mean they are ignoring actual security improvements.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=672600#c64

> I haven't heard any solid reports of sites making use of them.

I installed CanvasBlocker which has a setting to alert me every time the fingerprint is queried.

So far I've noticed it on every page of github.com, the front page of pof.com, every page on medium.com, accounts.firefox.com - there are probably lots more, but I disable javascript by default so most sites don't even get a chance to fingerprint me.

Canvasblocker randomizes on every page load. I think that makes you stand out more. I use task-specific profiles in firefox (e.g. banking profile, facebook profile, gmail profile, etc) and in most of those profiles I use Canvas Defender which lets you manually generate a new fingerprint and then keep it indefinitely but it doesn't warn you when a site is trying to take your fingerprint.

> I haven't heard any solid reports of sites making use of them.

I installed CanvasBlocker which has a setting to alert me every time the fingerprint is queried.

So far I've noticed it on every page of github.com, the front page of pof.com, every page on medium.com, accounts.firefox.com - there are probably lots more, but I disable javascript by default so most sites don't even get a chance to fingerprint me.

Canvasblocker randomizes on every page load. I think that makes you stand out more. I use task-specific profiles in firefox (e.g. banking profile, facebook profile, gmail profile, etc) and in most of those profiles I use Canvas Defender which lets you manually generate a new fingerprint and then keep it indefinitely but it doesn't warn you when a site is trying to take your fingerprint.

My picks would be:
* uBlock Origin
* LastPass
* Youtube Video Downloader
* Data Saver (For Chrome Only)

My picks would be:
* uBlock Origin
* LastPass
* Youtube Video Downloader
* Data Saver (For Chrome Only)

This is why I always try to block ads as much as possible. I'm using this customized hosts file ,uBlock Origin and Ghostery (there are Chrome versions for the addons too).

This makes my web experience extremely smooth (no dumb annoying ads all over the place) and reduces one big malware/virus/infection vector.

As I know that some adblockers can get shady (adblock plus comes to mind), that's why I use both uBlock Origin and Ghostery. That way, if one tries to slip some ads because they are from a "friendly" company, the other usually with catch it. I've seen this happen in Chrome, where Ghostery was trying to redirect traffic to a place and uBlock to another. Let them fight it off, at the end of the day, still not a single ad :) The hosts file is the final trench, and as it is updated with a certain regularity (and there are different customized hosts files floating around), it is a sort of final layer of armor into my Windows installation.

The result of all this is that I've been going anti-virus/malware free for at least quite a few years, only with the default security software from Windows. No ads, weird "unexplained" virus infections, etc. Oh, I also don't click on dumb stuff that comes via email. The secret is reducing the attack surface, sort of speak, and getting rid of ads is like plugging that pipe of raw sewer shit that comes right into your home.

The industry can cry as much as they want because we, as consumers, are blocking ads, and stealing bread from people's mouths. But just as I can just skip ads on my TV (I can go to the kitchen or record the broadcasts and skip the ads), I have that right to do the same online. If you can't make a business without shoving unsorted, unchecked, miscellaneous ads down your users throat's, then that's your problem. Also, if I think your content is worth it, I will definitely pay for it. But if you are trying to serve me some rehashed shit , just like hundreds of sites (I'm looking at you, online media sites, newspapers, etc.), I'll just skip your stuff all together and find what I want in some other site.

This is why I always try to block ads as much as possible. I'm using this customized hosts file ,uBlock Origin and Ghostery (there are Chrome versions for the addons too).

This makes my web experience extremely smooth (no dumb annoying ads all over the place) and reduces one big malware/virus/infection vector.

As I know that some adblockers can get shady (adblock plus comes to mind), that's why I use both uBlock Origin and Ghostery. That way, if one tries to slip some ads because they are from a "friendly" company, the other usually with catch it. I've seen this happen in Chrome, where Ghostery was trying to redirect traffic to a place and uBlock to another. Let them fight it off, at the end of the day, still not a single ad :) The hosts file is the final trench, and as it is updated with a certain regularity (and there are different customized hosts files floating around), it is a sort of final layer of armor into my Windows installation.

The result of all this is that I've been going anti-virus/malware free for at least quite a few years, only with the default security software from Windows. No ads, weird "unexplained" virus infections, etc. Oh, I also don't click on dumb stuff that comes via email. The secret is reducing the attack surface, sort of speak, and getting rid of ads is like plugging that pipe of raw sewer shit that comes right into your home.

The industry can cry as much as they want because we, as consumers, are blocking ads, and stealing bread from people's mouths. But just as I can just skip ads on my TV (I can go to the kitchen or record the broadcasts and skip the ads), I have that right to do the same online. If you can't make a business without shoving unsorted, unchecked, miscellaneous ads down your users throat's, then that's your problem. Also, if I think your content is worth it, I will definitely pay for it. But if you are trying to serve me some rehashed shit , just like hundreds of sites (I'm looking at you, online media sites, newspapers, etc.), I'll just skip your stuff all together and find what I want in some other site.

The Lazarus addon is hands-down one of the best of the lot - it automatically saves what you fill into web forms, meaning that you never lose anything that you write.

Gone are the days, that I'd write up long posts in notepad, on the off chance that I may lose them due to a hiccup during posting :)

>What do you use?

One I have not seen mentioned that I like is:

Nuke Anything Enhanced- a GREAT way to hide/remove stuff you don't want to see, especially useful before printing. Also useful for getting rid of distracting animated junk while you are trying to read. https://addons.mozilla.org/en-...

Of course, I also use Adblock Plus, and Classic Theme Restorer, and a few others.

Everyone should be installing TrackMeNot to pollute the search engine result tracking pool:

  TrackMeNot

  https://addons.mozilla.org/en-US/firefox/addon/trackmenot/

  By issuing randomized queries to common search-engines, TrackMeNot obfuscates your search profile(s) and registers your discontent with surreptitious tracking.

Or just use DuckDuckGo as your search engine.

Everyone should be installing TrackMeNot to pollute the search engine result tracking pool: TrackMeNot https://addons.mozilla.org/en-US/firefox/addon/trackmenot/ By issuing randomized queries to common search-engines, TrackMeNot obfuscates your search profile(s) and registers your discontent with surreptitious tracking.

I'm concerned this plugin might trigger Google's bot detection algorithm. Furthermore, wouldn't it be simpler to use DuckDuckGo?

X-Notifier is a great way to get email updates from lots of different accounts.
https://addons.mozilla.org/en-US/firefox/addon/xnotifier/

Classic Theme Restorer brings back the drop down search engine list that they removed. I'm not one of those people who critiques every decision that Mozilla makes, but I was disappointed when they removed the about:config string that allowed you to retain the search engine list.

Classic Theme Restorer
https://addons.mozilla.org/en-US/firefox/addon/classicthemerestorer/

Everyone should be installing TrackMeNot to pollute the search engine result tracking pool:
TrackMeNot
https://addons.mozilla.org/en-US/firefox/addon/trackmenot/

By issuing randomized queries to common search-engines, TrackMeNot obfuscates your search profile(s) and registers your discontent with surreptitious tracking.

If you need a browsing proxy, which is great for things like tunneling out through an ssh link, it's really hard to beat FoxyProxy Standard. Also available for chrome: FoxyProxy Standard

One issue I see with your hash is using it for sites that have piss poor password policies such as your password can't be over X characters long, or it has to contain letter, number, and limited list of symbols, etc. Your hash could possibly not match the requirements. What do you do in this case?

The final step of the hashing algorithm maps the resulting hash into a character string. The algorithm allows you to customise this mapping to use only a given subset of characters, or given length. Using this feature will require you to store this metadata in your state file, because you rarely get reminded of these password limitations at login, only at registration. Fortunately these sites are rare; the default policy of 8 characters with alpha + numeric + special – and the algorithm makes sure you have at least one of each – works fine for almost all sites.

I encourage you to download and try one of the implementations. The two I mentioned earlier implement the same algorithm, as does a Firefox version and a portable Javascript version.

> They even decided to break compatibility
> with regular Firefox addons... all for you!

Correction... Mozilla broke compatibility with regular Firefox addons, i.e. XUL in order to switch to the same model used by Chrome https://blog.mozilla.org/addon... If I wanted effing Chrome, I'd use effing Chrome already. Firefox's problem is that it's a Chrome wannabee.

You do know about:config still exists, right?

Mozilla continues to remove manually configurable options from the browser. You can go in about:config and these deprecated preferences to your heart's content, it won't change how Firefox behaves. Firefox used to be the most user friendly browser available, not so much anymore, control keeps being taken away.

Windows 7
nearly 10-year-old Dell Inspiron 6400 laptop with SSD
Mozilla Firefox web browser,
AutoIt scripting language,
SciTE and TextPad tabbed text editors with regex support,
IrfanView
FinePrint virtual printer for N-up printing, combining print jobs, univeral print preview, saving without printing, etc.
and VPN client to connect to work.

box-sizing - CSS | MDN

border-box

The width and height properties include the content, the padding and border, but not the margin. This is the box model used by Internet Explorer when the document is in Quirks mode. Note that padding and border will be inside of the box e.g. .box {width: 350px; border: 10px solid black;} leads to a box rendered in the browser of width: 350px. The content box can't be negative and is floored to 0, making it impossible to use border-box to make the element disappear.

Here the dimension is calculated as, width = border + padding + width of the content, and height = border + padding + height of the content.

Although, perhaps less incompetent than yourself, as I don't insult others when I don't know what the fuck I am talking about.

I'll join the chorus of voices saying it was incredibly stupid to use an online service as your only copy of your materials, with no local backup. But what's done is done. If the Wayback Machine doesn't have a copy, try installing the Resurrect Pages add-on to Firefox. It links to a lot more caching and archiving services than just the Wayback Machine.

https://addons.mozilla.org/en-US/firefox/addon/resurrect-pages/

We have active discussions from the Rust side on getting the rust compiler into all of the major Linux distributions. There's definitely some complexity there, but the Rust community is working hard on doing it before Firefox would require Rust to build by default.

Actually, you are the one who is ignorant of how cookies work. Mozilla already has a bug documenting what this guy is asking for, which has several proof-of-concept implementations, one of which is already used in the Tor browser. I implemented vertical and horizontal browser data isolation in about a month in my spare time. Mozilla has finally started working toward this with their isolated tabs. The next logical result will be isolated origins. The change is inevitable. And get this: third-party cookies still work. They are just isolated to the origin domain. You can still use single sign-on, but it becomes one sign-on per origin. You stay logged in for as long as you want. Your browsing habits just stop becoming trackable. Also, browser fingerprinting is a defeated technology. Just randomly rotate between common values, and noise is added to a non-unique signal. The only thing left is IP address tracking, which can easily be defeated by VPNs, or any form of IP masquerading. Tracking on The Web is dying because it is all moving to third-party app monetization libraries, and that is where all of the money is now.

Mozilla sponsored a surfing contest in Hawaii. That isn't cheap.

And if you're still of those complaining about the australis UI and using that as excuse for people to switch to Pale Moon - please, go and install "Classic Theme Restorer" like the rest of us.

Been there, done that, turned my nose up at the T-shirt. Classic Theme Restorer may give back access to old themes, but the post-Australis browser configuration experience sucks balls. THAT is why I switched to Pale Moon. Plus, I wanted to be part of the message to Mozilla that they need to stop ignoring the desires of the majority of their user base if they want to maintain relevance and grow their market share. Australis was just the last 'Fuck You' that came my way from Mozilla before I sent back one of my own. Yes, I understand that browsers are horrendously complex and need to change in the face of changing standards, innovations, and technical requirements. That's no excuse for many of the changes in FF, nor is it an excuse for the way they've treated their loyal supporters. So, Pale Moon it is. If Mozilla should ever decide to get its head out of its ass and try to regain market leadership, they could do a lot worse than take their cues from Pale Moon.

They would get a right kicking on slashdot for implementing another non-relevant feature for the masses!

On another note, people here don't seem to realise that browsers are super hard and uber complex, and approaching the territory of operating systems. And mozilla in this battle is a tiny non-profit charity working for the good of the masses (first with getting everyone to care about standards and w3c against IE, and now fighting for privacy and developing the latest HTML5 / CSS4/ ES6 standards) and trying to stop a take-over by multi-billion dollar corporate empire like Google, who can pump virtually unlimited funding towards Chrome. And yet, people still have the audacity to bitch about Firefox, who have a miniscule and limited amount of funding, as let's face it, hardly anyone donates to!

Thus, I don't blame Mozilla if they implement something like Pocket, which is a tiny api that has no effect on memory or performance.
Just like if Mozilla implemented sponsored tiles, which doesn't effect the privacy of individuals.

And if you're still of those complaining about the australis UI and using that as excuse for people to switch to Pale Moon - please, go and install "Classic Theme Restorer" like the rest of us.

Currently, Firefox periodically decides to eat all memory on my MacBook Pro, until the OS notices and freezes the app (gets to about 40-50 Gb of swap space). But for days/weeks at a time, it will stay running at about 5 Gb of memory.

That's bizarro. It's been years since I've had memory leaks that bad--do you still use Flash? I'd recommend checking out the developer version of Firefox. It has electrolysis and some other features that handle processes differently and is very stable (I've been using it for the past 7 months and am very pleased). Otherwise electrolysis should be making it into the next main release of FF. You can run the developer and normal FF side by side, so I think it's at least worth checking out.

> You don't understand the language

Then why does my day job of writing WebGL apps for Smart TV's run at 60 fps then if "I don't understand the language" -- I guess these shaders just magically wrote themself ! And all those rendering optimizations just "magically" appeared in our code base !! Holy Shit !!! Ghosts are real -- shhh, don't tell the retarded Chinese Cult Politics party! (Yes, I know CCP doesn't official stand for that.)

Don't assume. You look like an tool when you do.

> Slashdot is full of incompetent developers like you,

I know I shouldn't feed the Arrogant Cunt trolls, but since you you started with the ad hominem attacks, you're proof is _where_ again??

But then again I wouldn't expect much from a coward too ashamed to hide behind an anonymous name. I guess you don't want the world to know stupid you really are.

> Since when is a pragma a "shitty hack"?

Are you really that fucking stupid? Wait, that was a rhetorical question -- we already know the answer to that.

a) The FACT that this is enabled by default for ECMAScript's 6 modules should tell you that this was a HACK.

b) Do you actually understand _anything_ about type safety and misspelling, at all?? Maybe if you had spent 30 years programming you would understand the importance of compile-time error detection and type safety? Gee, things that make our job of programming easier Go figure!

c) Why do you keep making excuses for a shitty designed language?

> My favorite is NaN != NaN.

Straw man fallacy. Did I complain about isNan(x) ?? No, so quit changing topics because you've simply read What Every Computer Scientist Should Know About Floating-Point Arithmetic

The bigger problem is the retarded "EVERY number is a double / float64" type crap.

Gee, in ECMAScript 2 float and double are reserved word but not used. Oh wait, They are no longer in ECMA Script 5+. Make up your fucking mind !

Never mind the fact that converting from a string to a var will OVERFLOW and NOT be EXACT.

var s = '9223372036854775808', n = parseInt(s); console.log( n ); // 9223372036854776000 // *facepalm*

Oh, look we have Number.isSafeInteger() but, gee thanks, for a mostly useless function as this _still_ doesn't solve the problem of needing an int64_t type.

var s = '9223372036854775808', n = parseInt(s); console.log( Number.isSafeInteger( n ) );

var n = (1 << 63); console.log( n ); // -2147483648; // *facepalm*

I need an _exact_ native int64_t and uint64_t type -- WHEN will this be supported? Why do I have to use stupid hacks like "a | 0" to cast to an int??

Javascript broken == operator is so fucked up it is laughable. WTF is the point of even having '==' when every smart programmer will use '===' instead???

The four biggest reasons Javascript is a such as piece of shit:

1. Automatic type conversions will get one in trouble:

if( 0 == "0" ) console.log( "equal" ); // equal // WTF!?

2. How about the inability to actually _include_ .js files like, you know, a concept that (almost) EVERY-other-programming language has???

3. When Javascript does stupid shit like Automatic Semicolon Insertion (

I agree; however, what about Chromium or SRWare Iron or even Vivaldi/Opera?

I only use Firefox anyway, as I doubt anyone has extensively analysed Chromium source code in order to search for any hidden Google tracking mechanisms or reporting techniques.
And even if the source appears to be clean, Google aren't stupid, their trackers are over most websites, and through js obfuscation and ajaxing encrypted data back to Google, they may be able to trigger various reporting elements in Chromium to extract user data and uniquely fingerprint each installation.

I know, sounds like paranoia and tinfoil hat stuff, but considering how evil Google is, I wouldn't put it past them.