Slashdot Mirror

Browser vendors don't get paid by CAs.

I just read Mozilla's CA inclusion policy, and you appear correct. The browser maker doesn't get paid; the auditing firm "with access to the details of the subordinate CA’s internal operations" gets paid.

Why would anyone with even a modicum of technical sophistication allow random JavaScript from domains they don't trust to run in their browser? It's crazy not to use plugins like NoScript and Request Policy to control what is allowed to run in the browser. Combine with AdBlock Plus for better results.

Why would anyone with even a modicum of technical sophistication allow random JavaScript from domains they don't trust to run in their browser? It's crazy not to use plugins like NoScript and Request Policy to control what is allowed to run in the browser. Combine with AdBlock Plus for better results.

Why would anyone with even a modicum of technical sophistication allow random JavaScript from domains they don't trust to run in their browser? It's crazy not to use plugins like NoScript and Request Policy to control what is allowed to run in the browser. Combine with AdBlock Plus for better results.

Yeah, I never see the search suggestions myself. I don't use google's search box [1], nor do I use the search box in my browser. I use Mozilla's keywords to search through the location bar, like I have for the past thirteen or so years.

(Technically, I don't use Google any more either, but let's just assume I do.)

Although back in the days, there was no fancy UI for adding keyword searches. You needed a bookmark whose URL you had to edit to add a %s for the search string... Hell, I still do it that way.

[1] Besides, the suggestions there only work with JS enabled.

Stop sending them the contents of all your emails

I dumped GMail for Kolab, and am quite satisfied with that. Costs $3 per month for a privacy-friendly webmail based in Switzerland.

block their tracking shit that's all over the web

Using Disconnect, Self-destructing Cookies, and UBlock Origin seems to get rid of most of the crap on the web without breaking anything.

use alternate map services

There's the OpenStreetMap project: check out this online and this for mobile.

Stop sending them the contents of all your emails

I dumped GMail for Kolab, and am quite satisfied with that. Costs $3 per month for a privacy-friendly webmail based in Switzerland.

block their tracking shit that's all over the web

Using Disconnect, Self-destructing Cookies, and UBlock Origin seems to get rid of most of the crap on the web without breaking anything.

use alternate map services

There's the OpenStreetMap project: check out this online and this for mobile.

Stop sending them the contents of all your emails

I dumped GMail for Kolab, and am quite satisfied with that. Costs $3 per month for a privacy-friendly webmail based in Switzerland.

block their tracking shit that's all over the web

Using Disconnect, Self-destructing Cookies, and UBlock Origin seems to get rid of most of the crap on the web without breaking anything.

use alternate map services

There's the OpenStreetMap project: check out this online and this for mobile.

Not sure if stupidity comes naturally to you, but comparing a $950 server cpu to a budget $100 desktop cpu is a little moronic to say the least.

Next thing you'll complain about is how your Xeon is more powerful than a ARM Cortex!
Oh, and while in the thread, don't forget to compare a browser developed by a multi-billion dollar corporate spying empire to one developed by a miniscule non-profit chartable organisation; like so many others have the audacity to do so here.

"Flash is literally a zombie at this point."

Big problem: Adobe Flash is a "zombie" to technically knowledgeable people who read a lot of technology news. For most people, Flash makes their computers vulnerable.

Is Adobe selling vulnerabilities to hidden parts of the U.S. government, or to other organizations, and fixing the vulnerabilities only after they are discovered publicly? Or is Adobe management so incompetent that there are 10 or 20 or, in this case, 36 vulnerabilities in every version? In either case, the large number of vulnerabilities seem to be a strong advertisement not to install Adobe products on computers that have a connection to other computers or to the internet.

I count 11 new versions of Adobe Flash in 10 months.

The best story I've found about this month's Adobe Flash vulnerabilities is this one: Kill Flash now. Or patch these 36 vulnerabilities. Your choice.

I see web pages that don't need Adobe Flash Player using it anyway. Is that because most people don't use the Better Privacy browser add-on? Flash makes what are called persistent cookies. Better Privacy deletes persistent cookies.

Every time I start Adobe Acrobat Professional, it asks to connect to the internet in 3 different ways. So, when I want to make a PDF file, I generally use the free Bullzip PDF printer.

Because I have no way of knowing what Adobe is doing or hiding, I generally use the free Sumatra PDF Reader.

To me, it seems that Adobe is engineering such a bad reputation for itself that it will eventually put itself out of business. (It seems that Microsoft is following the Adobe methods. Windows 10 seems to be intentionally vulnerable. Microsoft products also have huge numbers of vulnerabilities.)

Easily fixed using the great Classic Theme Restorer extension, which I've used ever since Australis (new skin) went live.

Generally, all "Gecko" browsers are clubbed together into Firefox stats, as far as I know.

I really don't understand why people use Pale Moon when it offers nothing over Firefox?!
If you really love the old look of the browser, you can simply get the Classic Theme Restorer extension and customise the browser UI as much as you want (which I also use).

Wow, what an amazingly ignorant comment.
Where do I start?!

I was going to write a long reply, but I don't think anyone is even reading this post any more, so I won't bother wasting my time.

I will however say that Mozilla has contributed more to the open web than any other company!
Secondly, Mozilla is a tiny non-profit (charitable) organisation, mostly volunteers, and yet people have the audacity to complain and compare to a multi-billion dollar spying corp empire like Google?!

Of course, Firefox is the only reason Mozilla ever had any relevance.

erm, Mozilla championed (along with Opera) the development of the latest web standards, including HTML5, CSS3, and especially Javascript (EMCAScript) which Google so heavily rely upon but never give back to the community.
Secondly, they woke up everyone to the evil tactics of Microsoft to make the web into a proprietary standard (same thing Google is now trying to do after ripping-off the code for Apple's Safari). And Mozilla championed and helped to standard the web and raise awareness of W3C as well as Accessibility standards and developing for all browsers, not just Internet Explorer.

With regards to the UI, it was developed after much research and feedback from users and how they use their browser.
Yes, there's many things I don't like about Australis (the new browser UI), so that's why there's a great extension (Classic Theme) to customise the browser to however you want.

Amazing how idiotic some people are and how few brain cells they have... or just amazingly ignorant unable to see past their own nose.

If you want this now, you can have it. Simply have more than one profile, and tell the browser to start with a new instance using the new profile. This lets you make shortcuts / launchers / whatever that can be entirely separate, even if using the same browser.

For instance, I have two launchers for pale moon, one for general browsing, and another for email:

The first is the default with the "-new-instance" flag:
palemoon %u -new-instance
The second specifies a different profile:
palemoon -profile "/home/cfalcon/.moonchild productions/email_only" -new-instance

You can make as many of these as you like, and the action of "making a new profile" is just mkdir, and then point it to the new directory. You can also set a different theme in each profile, allowing you to know at a glance what is what.

Chrome has a similar feature:
google-chrome --profile-directory=(whatever)

And firefox even has a profile manager:
https://developer.mozilla.org/...

The topic of the article is probably a way to make this easier. The method will definitely be less secure to some degree, but as long as they don't remove the existing standard way of doing things, it will improve privacy for people who can't be arsed to set it up the current way.

If you want to prevent tracking, on Firefox,Ghostery and uBlock Origin are your friends :)
That and a nice hosts file will keep you out of a lot of trouble :)
This new Firefox feature sounds really sweet, this makes a lot of sense. If all the Operating Systems can support "multiple users", why can't our browsers, in 2016, support segregation of web sessions?
Make the frontier the Window, the browser instance, the tab, I don't care. Just give us the option to have multiple identities when connected and that's a huge step forward.
The "incognito" or "private" mode was a step in the right direction, but that makes the total number of simultaneous identities to 2: the incognito window and the normal one.
I believe this is a good step on the right direction, decoupling the sessions from all the "infrastructure" (cookies ,history, etc.) is the foundation to later add all the customization and segmentation we might want. Again, on any modern OS, you will get your own "partition" of the system configurations (registry or configuration files), so in essence, the browsers must go the route of the OS: enable multiple identities, running segregated on the same machine, without interfering with each other.

If you want to prevent tracking, on Firefox,Ghostery and uBlock Origin are your friends :)
That and a nice hosts file will keep you out of a lot of trouble :)
This new Firefox feature sounds really sweet, this makes a lot of sense. If all the Operating Systems can support "multiple users", why can't our browsers, in 2016, support segregation of web sessions?
Make the frontier the Window, the browser instance, the tab, I don't care. Just give us the option to have multiple identities when connected and that's a huge step forward.
The "incognito" or "private" mode was a step in the right direction, but that makes the total number of simultaneous identities to 2: the incognito window and the normal one.
I believe this is a good step on the right direction, decoupling the sessions from all the "infrastructure" (cookies ,history, etc.) is the foundation to later add all the customization and segmentation we might want. Again, on any modern OS, you will get your own "partition" of the system configurations (registry or configuration files), so in essence, the browsers must go the route of the OS: enable multiple identities, running segregated on the same machine, without interfering with each other.

Um, he did reply? And the Bugzilla developers did implement a fix.
In my opinion, the way the Perl ‘community’, exemplified by people like you, tends to stick its head in the sand and vilify every critical sound as heresy, is much, much worse than the actual technical problem. As they say, there are known unknowns and unknown unknowns. A language bug, when discovered, is a known unknown. It's irritating, but as a Perl hacker with quite some experience I can deal with that. But to think that people like this give the advice you get on Perl fora, make Perl design decisions, code Perl packages and write Perl documentation, and that this attitude pervades the whole language ‘community’, that just makes me shudder.

> He has a point, which is proven via a bugzilla hack.

A couple hours after Netanel first filed his "critical vulnerability report" bugzilla's devs replied that he had not uncovered a security bug. Over the next 6 hours Netanel continued to argue that he had. 20 minutes after Netanel's last comment he was asked to do a simple test that would demonstrate that he was wrong. He never replied.

One has to read the bug report carefully to understand the particular combination of logical errors he'd made but the gist of it is that he misunderstood the role of a security checking mechanism called "taint mode" and misinterpreted some results from failed attempts to hack a bugzilla instance, thinking he had actually hacked it when he had not.

In his presentation a few weeks later Netanel continued to be sure he was right and convinced a huge audience, including you I guess, that he was right and had found a critical vulnerability that "shattered the security of most Perl CGI projects in the world". He had not.

At least Amazon puts their money to somewhat productive uses.

Now compare that to Mozilla, who apparently spent $15,000 to remove the word "slave" from documentation and code.

And if you think I'm joking or exaggerating, I'm not.

Check it out for yourself: https://blog.mozilla.org/blog/2015/12/10/mozilla-open-source-support-first-awards-made/

Buildbot: $15,000. Buildbot is a continuous build and integration system which has been immensely valuable to Mozilla over the past few years. Their award will be used to remove the term “slave” from all documentation, APIs and tests, and also to make improvements so Buildbot works better in the Amazon EC2 cloud.

[emphasis added]

Mozilla? The same company that just threw away $15k to remove the term "slave" from documentation?

I wonder what kind of damage their "audits" will do to these projects.

Mozilla? The same company that just threw away $15k to remove the term "slave" from documentation?

I wonder what kind of damage their "audits" will do to these projects.

ServiceWorker - May 9, 2016, 5:04:48 AM - This is an experimental technology. Because this technology's specification has not stabilized, check the compatibility table for usage in various browsers.

Yes, if you want/need to use experimental, new, HTML5 specifications that are not supported across different browsers, then I am going to agree that an app is not your best choice... However, I wouldn't say that that makes it an older version since it does not implement the standard. My above statement was not meant to be an if, and only if definition. I would say that for this case, it is an experimental standard which has not been implemented yet.

Again, my point is that is makes sense to actually look at these different requirements, your budget, and make an intelligent determination based on the requirements and the resources you have to bear. It does not make sense to say "let's do an app, since an app can do everything" unless you have an unlimited budget and you have the goal of writing an app, for the purpose of writing an app.

Why don't we see similar outrage about the telemetry that Firefox includes?

Here are some examples of the data that Firefox sends to Mozilla:

Browser Updates: Once per day, Firefox sends the following info to Mozilla when it checks for browser updates: your Firefox version information, language preference, operating system, and version.

Add-ons Blocklist: Firefox contacts Mozilla once per day to check for add-on information to check for malicious add-ons. This includes, for example: browser version, OS and version, locale, total number of requests, time of last request, time of day, IP address, and the list of add-ons you have installed.

About once per day, Firefox connects to Mozilla and provides you with new snippets, if available. Mozilla may collect how often snippets are clicked, snippet name, browser locale, and which version of Firefox you're using.

To help display relevant snippets, Firefox sends Mozilla a monthly request to look up your location at a country level using your IP address.

Mozilla collects and aggregates your data with that of other Firefox users and sends it back to your browser so you can see how your Firefox performance changes over time. This data includes, for example: device hardware, operating system, Firefox version, add-ons (count and type), timing of browser events, rendering, session restores, length of session, how old a profile is, count of crashes, and count of pages.

For downloaded executables that do not appear in these lists, Firefox may send metadata, including URLs associated with the downloaded file, to the SafeBrowsing service.

Usage statistics or "Telemetry" is a feature in Firefox that sends Mozilla usage, performance, and responsiveness statistics about user interface features, memory, and hardware configuration. Your IP address is also collected as a part of a standard web log.

In order to provide the tiles feature, Firefox sends to Mozilla data relating to the tiles such as number of clicks, impressions, your IP address, locale information, and tile specific data (e.g., position and size of grid).

To help choose the best default search engine for your location, Firefox sends Mozilla a request once to look up your location at a country level using your IP address.

In order to understand the performance of certain Mozilla marketing campaigns, Firefox sends data, including a Google advertising ID, IP address, timestamp, country, language/locale, operating system, app version, to our third party vendor.

It doesn't take much more RAM to break things into multiple processes. It just looks that way because of copy-on-write pages. Look at active pages in vmstat. I told them to use one process per origin domain, and have each origin have its own storage, and even created a proof of concept on top of webkit in 400 lines of code. Not a single comment against. Just silence. Firefox is dead.

For the curious, sanity continues to prevail: mandatory addon signing has been pushed back again and xpinstall.signatures.required continues to function. Originally planned for version 46 it's now sitting at a possible version 48 release. With any luck the entire idea will be scrapped, but I encourage anyone who disagrees with this horrible signing policy to voice their opinion.

For the curious, sanity continues to prevail: mandatory addon signing has been pushed back again and xpinstall.signatures.required continues to function. Originally planned for version 46 it's now sitting at a possible version 48 release. With any luck the entire idea will be scrapped, but I encourage anyone who disagrees with this horrible signing policy to voice their opinion.

I believe that Yandex has Subject themselves to US jurisdiction, by sending DMCA takedown notices of their own.

Their website is accessible in the United States, therefore, it is possible that DMCA takedowns may be issued against them, and I don't know how Yandex will respond if they do receive them, but if they ignore them, there could potentially be liability.

As far as is known.... Russia is not a piracy haven, and they do respond to issues in that regard.

However, Google might ignore Yandex because Yandex is not very high-profile, even if they're popular in Russia.

I guess you could say this as potentially one of the lesser-known "cracks" that a tool like Youtube-DL could potentially hide in for a longer period of time without getting very much attention, so they might slip under the radar, at least for a time.

I have Windows 10 installed on my Laptop (everything but gaming) and my wife's ageing ThinkPad.

I find it noticeably faster esp. on low end Graphics. You mileage may vary.

In comparison to Win 8 (which I had installed, too and which was horrible) it's fairly consistently done and an easy transition for nontechnical users coming from Win 8.

Yes, you do have to opt out of a bunch of stuff that should be opt in. Sadly, the OS is not the only Software you're using that does it this ways. In Chrome you need to opt out of telemetry, too ( https://www.google.com/intl/en... ), Firefox does it right and lets you opt in ( https://support.mozilla.org/en... ). A lot of iOS and Android apps you probably use are "calling home" a lot without even asking you or giving you the chance to opt out (which is bad manners) etc. pp. Apple OSes are a notable exection.

I think as an educated software users we have to adapt by regularly checking the telemetry settings of the software we use like we did adapt habits like manually looking for software updates with security fixes in past times (or defragmenting the harddrive etc. pp.). Computers were never maintenance-free and will remain so.

The mugger likely searched the victim on FB after the mugging.

And this is the reality. You can't do anything on Facebook (even searches) without being caught in one of their algorithms to increase their profit (in this case, by increasing interconnectedness).

What's even more scary is that Facebook is now tracking and advertising to you when they see you outside of Facebook [1]. This combined with the fact that Facebook trackers are everywhere infested on most sites, means without some means of being ignored [2], you could be tracked even if you didn't visit FB.

Paranoia: it's healthy now.

[1] http://www.theverge.com/2016/5...
[2/CH] https://chrome.google.com/webs...
[2/FF] https://addons.mozilla.org/en-...

An effective cheap solution would be to install https://addons.mozilla.org/en-... and set it to bring up random tech related sites. So random breaks of varying tech content, often when people need a break it's because they are stuck, so this activity can expose you to random new ideas, only problem is it might be to distracting, just one more click.

According to https://developer.mozilla.org/... document.execCommand('copy') works on Chrome 42+, Firefox 41+, IE9+ and Opera 29+

You want this.

"You can set the Integer pref browser.backspace_action to 2 on the about:config page to disable the backspace action. BTW Shift + Backspace does the reverse: going Forward if possible, so that is taken as well." https://support.mozilla.org/en...

There is a Firefox ticket requesting a feature like the parent poster mentioned. It's only been open since the year 2000.
Since a website can tell the browser to pop a dialog asking the user to confirm before they leave, maybe that explains the low priority.

Firefox for Android supports extensions, and the top 3 extensions are privacy related:

https://addons.mozilla.org/en-US/android/

Chrome for Android does NOT support extensions.

Does Chrome for Android support apps and extensions?
        Chrome apps and extensions are currently not supported on Chrome for Android. We have no plans to announce at this time.

https://developer.chrome.com/multidevice/faq

d) Does not play Netflix.

Huh? https://blog.mozilla.org/blog/...

And, for the Mac users, you should be good once Firefox 47 comes out: https://blog.mozilla.org/futur...

d) Does not play Netflix.

Huh? https://blog.mozilla.org/blog/...

And, for the Mac users, you should be good once Firefox 47 comes out: https://blog.mozilla.org/futur...

Don't worry, Mozilla is working on breaking [Tree Style Tabs].

How?

By switching from XUL to the Chrome-inspired WebExtensions. This is ostensibly part of the Electrolysis project to add a multi-process model to Firefox in order to keep a long operation in one tab from causing other tabs to lose responsiveness.

He's right, statcounter by default has been blocked by AdBlockPlus for a long time (although possibly only the "easyprivacy" list).

And seeing as ABP is the most popular extension by far, and the in-built Tracker Protection in Firefox also blocks statcounter (although currently only active in private browsing mode).

... the stats could be pretty skewed.

Don't know why someone modded you down to zero, you are techincally correct. Anyone that knows the history of Mozilla knows it was birthed when Netscape release the source code of their browser to the world. It's even the first sentence on the history page of Mozilla.org.

amazingly, there are open source games.

I can think of a couple practical problems with porting such a game.

1. First, a lot of these "open source games" have only the program available under a free software license, with the assets remaining under "all rights reserved" terms. Doom (1993) is in this position, as shown by the DMCA notice that Id Software's parent company sent to Mozilla Corporation about a JavaScript port thereof.
2. Second, on the whole, a game with both a free program and free assets is likely to be less attractive than a comparable proprietary game due to the lower production values associated with a project that had to be done in spare time due to lack of revenue. Gratis without libre is easy; libre without gratis is not solved to my knowledge.

there are also games in this nice thing called the public domain.

True, but these games aren't video games. The copyright term in Slashdot's home country is 95 years for pre-1978 works and works made for hire, and any game that old would have been developed before the invention of microprocessor-driven video games in the mid-1970s. But if the intended suggestion was to port a classic board game to Android, I can accept that.

If you're trying to insinuate that his web browser uses OpenSSL: Mozilla doesn't. They use their own NSS library for the encryption bits.

It's all text

Check out the text-reflow add-on.

Also you might find the reader view function in firefox does much of what you need. Unlike other page-reformatters/sanitizers it does not send the page to a 3rd party server for processing, everything is handled in the browser itself. But the price for that privacy is that it does not work on some pages.

Check out the text-reflow add-on.

Also you might find the reader view function in firefox does much of what you need. Unlike other page-reformatters/sanitizers it does not send the page to a 3rd party server for processing, everything is handled in the browser itself. But the price for that privacy is that it does not work on some pages.

...because, of course, Thunderbird == Unix/Linux. That having been said, it would be nice to see Thunderbird handed off to someone willing to handle bugs that have been around for almost SEVEN YEARS. (See also, Deleting the last read message opens the previous message.)

You know that Mozilla is unhappy with the way addons like Greamonkey, NoScript, and AdBlock give the user control over their Web browsing experience (to the chagrin of businesses that rely on violating user's privacy for profit), and so they're planning on switching to Chrome's plugin model, right?

Well, that's why I love the Firefox plugin self-destructing cookies. Most websites work fine because they get to store all the cookies they want; but ten seconds after closing the last tab of that page, all it's cookies are wiped out. (Just remember to also block 3rd-party cookies to prevent e.g. Facebook and Google from obtaining persistent cookies by being omnipresent on the web.)

No. Firefox uses its Gecko rendering engine on Android. See the build instructions for Firefox for Android.

Why? You'll just argue and fight about it and the others are already aware of it. Eich is part of it, certainly but only one of a tiny thing and Eich's an idiot anyhow.

But, statements like this:

“Mozilla believes both in equality and freedom of speech. Equality is necessary for meaningful speech.”

No, Mozilla should believe in making a browser - just that.

I should have made it more clear - it's not just external things. I've known about a dozen people who worked there and another dozen who still do. (I actually get around a lot.)

Lemme see if I can find some public statements. Here's a small glimpse.
https://www.glassdoor.co.uk/Re...

Notice the first comment.

Here's another one - one which you might, initially, cheer for:
https://blog.mozilla.org/blog/...

Nope... I don't even want my browser doing that. The list goes on, and on, and on...

Don't get me wrong, Firefox's developer edition (Aurora) is good enough for me to call it top-notch, almost best of breed. However, I want a browser - not a political statement. Eich? He's just a drop in the bucket. For the next 12 months, read the Mozilla stories and the comments.