Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
IE is more secure than firefox for the moment
I do like Firefox a lot. It is a wonderful browser, and it is improving at a rapid pace. But I will not use it until the devs get their heads out of their arses. It is not as secure as IE for one simple reaon: no javascript whitelisting. IE has it in the form of security zones.
If firefox ever adds jscript whitelisting to the main app or someone develops an extension for it (that is kept up to date with current releases) I will switch in an instant. Unfortunately I am getting the impression that the devs are very pro-jscript and have no interest in making it easy for users to browse with it off completely. Instead they want to only allow disabling it's most annoying and obvious features. This is a woefully inadequate solution.
With IE I can browse with javascript completely off while still being able to shop at sites like newegg or amazon with jscript (and activex if necessary) automatically enabled. There are many sites nowadays (created by incompetent web designers)that won't even load without javascript. I will either ignore such sites or take the chance on giving them temporary trusted or partially restricted status.
People talk about how insecure and dangerous ActiveX is and they're right, but javascript is almost as bad. IMO, anyone who surfs the internet with javascript on is asking for trouble and shouldn't be surprised when they find it. And, no,I am not talking about popups. Javascript is a hell of a lot more than just the window popup or resize functions. The recent slammer worm, while an example of an exploit of bad IE security in the form of BHOs is also an example of the dangers of javascript. This worm could not function without it and it did not rely on popups or resizing. It used javascript that would never be blocked by the kind of partial blocking that firefox uses.
Mozilla has also had security zone capability through user pref javascript settings for a long time, but a UI for it has never been included in the official browser. At this point it looks like it never will.
There was some effort expended at actually producing a UI for the zones but nothing seems to have come of it. The devs who were working on it gave up when they saw this which unfortunately is not capable of javascript whitelisting at least in current versions of mozilla or firefox.
There have been some attempts at extensions to add in jscript whitelisting to mozilla, but there is nothing that works with current versions of either mozilla or firefox.
All of this work is at least 1-2 years old. Some of it is as 3-4 years old. Nothing is currently being done with any of it. Obviously the devs don't consider it an important feature. In fact they consider it so unimportant that even when it's already in the code, they can't be bothered to make a UI for it it.
So thank you very much, but I will stick with a much safer browsing experience on IE with pwrtwks to give me two click security zone control and trust setter and IE Zone Editor to give me even more control over IE's wonderful security zone features.
For the one remaining gigantic IE annoyance, those popup "warning" windows you get when browsing with activeX turned off on sites with activeX, there is a way to turn them off. It works. -
Re:How Safe is FireFox?
thanks for answering my concerns. i hereby admit i am a lazy-ass and rather than looking at the code, the bugs, the process, etc. before talking about security, i ask slashdot.
i would like to note, though, that as a side-benefit to my procrastination, all /. readers now know FireFox is secure.
in my defense, i also want to note that FireFox' own security claims are rather modest, as noted on the homepage:Built with your Security in mind, Firefox keeps your computer safe from malicious spyware by not loading harmful ActiveX controls. A comprehensive set of privacy tools keep your online activity your business. ... and that's all it says. i wouldn't exactly guess from that that
"we've considered security at every step of the way, from design, to implementation, to testing. We've got some of the top minds in the business constantly trying to find holes in our security story. They find 'em and we fix 'em.".
maybe it's time to step up the marketing? -
Re:Last Year?!
There's a difference between the Mozilla Foundation and the Mozilla project.
The Mozilla Foundation, established in July of 2003, exists to provide organizational, legal, and financial support for the Mozilla open-source software project.
The Mozilla project begun as when Netscape Communications announced in January 23rd ,1998 that the source code for Netscape Communicator would be free of charge.
"Mozilla":
http://www.mozilla.org/mission.html -
For Web Designers out here...
I found this really nifty application called Comparator made by Vansath Dharmaraj -- it's basically a test browser with a split view: the top one is the page rendered in IE, the bottom one is the page rendered using Mozilla (which comes back to say Mozilla-powered browsers such as Firefox).
That, along with Firefox extensions IE View and Web Developer makes coding websites compatible in both IE and Mozilla browsers a hell of a lot easier. -
For Web Designers out here...
I found this really nifty application called Comparator made by Vansath Dharmaraj -- it's basically a test browser with a split view: the top one is the page rendered in IE, the bottom one is the page rendered using Mozilla (which comes back to say Mozilla-powered browsers such as Firefox).
That, along with Firefox extensions IE View and Web Developer makes coding websites compatible in both IE and Mozilla browsers a hell of a lot easier. -
Re:Other Famous Version Number Skips
Possibly also because Netscape 5 is still sitting around on mozilla.org - the code that actually was open sourced and discarded.
Appearently some people inside Netscape actually wanted to release 5 based on the old code, and concurrently work on 6 based on the new code (NGLayout/Gecko). See interview on ars technica with Scott Collins. -
Tom Petty Owes me a Keyboardor How Tom Petty Almost Made Me Quit Smoking
^@%$#%^@##@%$^%@#$ Tom Petty
How dare he make an album like Wildflowers, that can make you zone out and get lost for an hour. I just got done with a zone session that ended up with a cigarette burning through the left CTRL key on my nifty Keytronic LT Wireless Keyboard, the keyboard I've been faithfully typing away at for almost 5 years now. :-( :-( :-(
That keyboard, along with my trusty Logitech Cordless Mouseman, has been the direct interface between myself and the virtual world for some time now. The freedom was incredible. I could ease into my La-Z-Boy recliner, kick back, and surf for hours and hours and hours....[droooooooooool]Tom Petty, along with other artists like King Crimson and Bela Fleck & The Flecktones, have been responsible for many hours of zoned out internet surfing to some of my favorite sites. You've been there - putting on some tunes, firing up your browser, zoning out and surfing away...
Two minutes later, an hour has passed, the album has ended, and you've been around the world and back and hopefully learned something new.That's just how I started off the other night. I popped Tom Petty's Wildflowers cd into the drive, cranked up the volume, and fired up the browser. I was immediately sucked in by the sweet acoutic guitar sounds of the title track. Click... Click... Click... You Don't Know How It Feels comes up, I hear the sentimental lyrics, and I drift back to my younger days... Click... Click... Click... Another 30 seconds rolls by and half the album's over... Cabin Down Below just nails me with the big fat Telecasters running through tube amps turned up to 11 sound... Click... Click... Click... I finally make it to Wake Up Time
... "Time to open your eyes... And rise and shine..." and...I'm accosted by the stench of burning pl
-
Digital Gold CurrenciesProblems like this are one of the driving forces behind the growing popularity of digital gold currencies, such as E-Gold.
For those who are not familiar with these... they allow anybody in the world to pay anybody else in the world a certain amount of gold. The actual gold sits in a vault (or actually several vaults across several locations on earth) and basically what gets exchanged is the rights to a fraction of that gold held in trust.
There are several well established digital gold currencies now, with E-Gold being the oldest, running since 1996 I believe.
One of the important distinctions between using E-gold as a payment system, and (say) credit cards, is that there are no chargebacks. That means that when a merchant receives payment, he is SURE that he has received REAL VALUE and not something that can be revoked.
Because of this, digital gold has really been catching on for online commerce in a lot of locations worldwide where credit cards have not been traditionally used. Places such as India, Southeast Asia, the Middle East, Eastern Europe, and Africa are prime markets for digital currency. And personally, I think that western nations will really benefit from the birth of digital gold currencies as well.
Lets face it: the whole western world banking system is terribly outdated, and as evidenced by the high incidence of online fraud, credit cards are not really a great solution for e-commerce.
(Heck, even the Mozilla Foundation accepts E-Gold donations!)
And I haven't even begun to mention the privacy benefits, and the fact that gold retains its value much better than government issued fiat currency. This page has a bunch of great links about the digital currency revolution...
-
Re:Yup, they sure did!
Here (copypaste, bugzilla links don't work) you go. Note that although it says "fixed", it was backed out from ff 0.9 and moz 1.7 due to regressions, so not fixed in current releases.
Where do I get to pick up my money? -
Re:I have a feelingAlso, if I see one more reply to an IE article with the line "Download the patch here [mozilla.com]" rated as "Funny", I will kill myself.
Ohh and we wouldn't want that...
Download the patch here -
As usual there is a third party patch to fix this.
There is a third party patch out to fix this problem and some other general IE problems. It can be found here: IE Third Party Patch
-
Re:Repeat After Me
Rule of Modularity: the 'simple parts' are not so simple- take any linux distribution and type 'man ls' and see how long that is, it will work for anything substituted for ls, certainly not simple.
The unix philosophy is One tool does one task, and does it well. ls lists the contents of a directory. There are some options for sorting and selecting what information to show. But it's still just listing the contents of a directory. If ls also checked your email (jwz's rule) or something like that, you'd have a point. But you don't. You're just confusing options and complexity.
Rule of Composition: Most new linux apps are not desined to be connected (through a pipe) to anything else-- they are either programs written with curses or for X and that means that they are not connectable.
Don't confuse applications and tools. Apps are big monolithic programs like web browsers and media players. The little unix tools that populate
/bin and /usr/bin are the things that are meant to be used with pipes and other shell constructs. It doesn't usually make sense to pipe the output of an app to much besides a log file.And a pipe doesn't always have to be STDOUT or something. When working locally X11 goes through a pipe, a named pipe. DXPC, the Differential X Protocol Compressor, uses named pipes to send X11 messages to another host in an efficient compressed form. This program doesn't need to modify X or libx11 or anything else to do what it does. It's all through the magic of pipes!
(I originally thought SSH used the same method to forward+compress+encrypt X11 traffic, but it looks like it binds on local TCP ports instead)Rule of Parsimony: use ls -l
/path/to/program of ls -R /path/to/source and check the size column. Or check the man page. Or start the program and look. There are not many small linux programs- especially because of its open-source nature. Linux (kernel) itself is also pretty big,Boy, you're not making much sense there. The linux kernel is actually pretty small. Most apps are quite a deal larger than the kernel. My 2.6.7 kernel here is 1.3M, compressed. My XFree86 4.3.0 X server is 1.7M. Mozilla is close to 20M. And ls, your previous "complex" example, is all of 71K. Apps are big, tools are small. On any OS. Simple.
-
Informative IE Links - IE Bashing Extraordinaire
This browser warning page thoroughly trashes MSIE, but every phrase is linked to a news article that uses the exact same verbiage in order to demonstrate that it isn't just anti MS FUD - It's the honest truth. It's designed and maintained for webmasters to deliver to the IE-using visitors to their webpages. You can read the source code for some more information about that. In case you're curious, here's a paste of the text and links that it has - This should prove quite effective with anyone you're trying to convince to stop using IE:
Warning!Your web browser - a version of Microsoft Internet Explorer - may not function properly on this website, and could have a large number of problems that allow hackers to hijack it with viruses. These viruses could be used by criminals to secretly take over your computer, download child-pornography, or to commit acts of terrorism and fraud. You may automatically update it now with Microsoft's available patches, however, there is a possibility that a necessary patch will not be available due to Microsoft's somewhat sluggish development schedule.
The US Department of Homeland Security strongly suggests that you stop using Internet Explorer immediately.
There are several standards-compliant web browsers that you may use instead of Internet Explorer. Please install one of them as a replacement.
If you suspect that your computer is already being used for criminal activity, it is critical that you seek help from a computer professional in your local area. You may also try one of the free web-based virus scanners that are available.
-
Informative IE Links - IE Bashing Extraordinaire
This browser warning page thoroughly trashes MSIE, but every phrase is linked to a news article that uses the exact same verbiage in order to demonstrate that it isn't just anti MS FUD - It's the honest truth. It's designed and maintained for webmasters to deliver to the IE-using visitors to their webpages. You can read the source code for some more information about that. In case you're curious, here's a paste of the text and links that it has - This should prove quite effective with anyone you're trying to convince to stop using IE:
Warning!Your web browser - a version of Microsoft Internet Explorer - may not function properly on this website, and could have a large number of problems that allow hackers to hijack it with viruses. These viruses could be used by criminals to secretly take over your computer, download child-pornography, or to commit acts of terrorism and fraud. You may automatically update it now with Microsoft's available patches, however, there is a possibility that a necessary patch will not be available due to Microsoft's somewhat sluggish development schedule.
The US Department of Homeland Security strongly suggests that you stop using Internet Explorer immediately.
There are several standards-compliant web browsers that you may use instead of Internet Explorer. Please install one of them as a replacement.
If you suspect that your computer is already being used for criminal activity, it is critical that you seek help from a computer professional in your local area. You may also try one of the free web-based virus scanners that are available.
-
Re:tough to get employers to listen
Interestingly, The University of Delaware has just now adopted Mozilla 1.7 as its new supported browser. over Internet Explorer
To quote the udel.edu website :
"Due to recent security concerns with Internet Explorer, it is recommended that alternative browsers be used if possible. If you do use IE, recognize that doing so increases the importance of making sure your computer's operating system and anti-virus software are completely patched and up-to-date. However, users who encounter problems accessing a web site using Mozilla may have to use Internet Explorer to take advantage of all the features that web site provides. PeopleSoft is an example of a web-based application that still needs to be accessed using Internet Explorer. Mozilla support of PeopleSoft may be announced in the future. " -
Re:Just got my WindowsUpdate popup a minute agoI would MUCH prefer it if I had the "trusted sites" concept in Mozilla/FireFox, because I could universally disable Javascript, yet have it come back on when I visit my own servers, or those vendor sites that need it.
Mozilla and Firefox does have a trusted zones ability. It's called configurable security policies. It's much more fine-grained than IE, allowing you to turn off specific Javascript function calls. Or you could have a whitelist of specific "trusted" sites.
The only catch to it is that there's no GUI for it. You'll have to edit user.js. Here's some preferences to turn off all javascript except your homepage:
user_pref( "capability.policy.policynames", "trusted" );
user_pref( "capability.policy.default.javascript.enabled", "noAccess" );
user_pref( "capability.policy.trusted.sites", "http://abusedemailaddress.com" );
user_pref( "capability.policy.trusted.javascript.enabled", "allAccess" );If you want to put more sites on the whitelist, add a space in the homepage string and then append the new site's URL, without the trailing / path marker.
-
Re:Got it, but..No, I don't think you're a Troll. It sounds like you're using an older version of Firefox. Try getting a newer one at Firfox's site
As far as your back is concerned, they may actually be using something that does expose some sort of problem with Firefox. There may be some things to note. Like - Is it an ASP site? (It may have nothing do with it.)Lastly, don't let some people discourage you from using Firefox with their condescending attitude. I for one like having new users join the fray
:-) -
Link to the REAL fix
OMFG it took MS a whole freaking MONTH for this temporary work-around (which isn't even a fix) and will be useless within minutes of its release?!? I have a better idea, you can get a REAL fix that WORKS from Here and maybe in the meantime I'll learn to spell or at least type!
;) -
Obvious link missing
Fix can be downloaded here.
-
Get the fix early here.The press statement says that it'll hit Windows Update later today...
O get the fix early, HERE.
-
Got it, but..
Got it, but in the meantime I switched to Mozilla Firefox and I honestly don't see any reason to go back to IE apart from a handful of aggressively IE-only sites.
-
I'll bite
I just went here: http://mozilla.org/foundation/donate.html and donated $25. They've saved me multiple times this value in aggravation over the last few months alone.
Anybody in this thread care to match this?
I'd have bought some Mozilla merchandise, but their tee shirts look like they're promoting the PLA. Are they trying to send us a submliminal message? This reminds me a lot of the Sherwin-Williams Paint Logo, which must have been an inside joke by some long forgotten left wing artist (hint, note color of paint, then google the initials on the can). -
Re:Firefox will install with 'power user' access
Your link is to 0.9 -- however, 0.9.1 came out earlier this week.
The correct link is here: Firefox 0.9.1 (zip) -
Re:Give advice to alternative browser newbies!
- Firefox is the less bulky (mozilla has email client, etc)
- During install, check the 'Do you want Firefox to be your default browser?' checkbox.
- I believe Mozilla does, but check out Tools->Settings (I think; currently forced to use IE at the client) where you should be able to turn it off; also Firefox might not have this feature. Download it & find out, its pretty painless.
This process took me about 3 minutes last night on the gf's XP box, including download. Default settings are for no popups. You really don't have to do a thing except click 'Download Firefox'.
There's a firefox link on the front page -
Re:Firefox will install with 'power user' access
Here's your Win32 zip - IIRC you can run this even on a guest account as long as you have access to some unzip software.
-
Re:Another one for the EFF to bust.
-
Tabs - Mozilla?
-
Ok, great
Java becomes more like a usable programming language every day!
The functionality of mailcap, later cloned in win32, GNOME and KDE, is now available to Java as JDIC!
And JDNC provides powerful GUI functionality, including an XML format for describing GUIs, a la Glade, wxWidgets XML resource files, XUL , XAML. Of course, they are all completely incompatible. Also worth mentioning here is GNU Enterprise, which has seemingly similar aims to JDNC.
I don't know what all this has to do with ActiveX. For all I know, ActiveX was MicroSoft's intended replacement (or umrella) for Java and JavaScript. It has met with mixed success, having met with popelarity mostly as a malware target. JDIC and JDNC look like decent proposals to me. It's good to see Java maturing both in speed and functionality. The more choices, the merrier, after all. -
Re:They are welcome to it!so you'd rather have 30 buttons all with the IE logo and the text truncated so you can't tell which is which?
No, I'd rather use a browser that has tabbed browsing... seriously, the browser is the only real application where I *consistently* need to have many instances open.
-
Re:The difference?All the software you need on Windows...isn't free, in any sense. Every major piece of software on Linux, from web browsers and email clients to office packages to IDEs are free-as-in-RMS-compliant.
Yes, I know you have software that absolutely must run on Windows. But the vast majority of popular computing tasks can be accomplished quite well on Linux.
-
Re:Location history upside down
Hmmm, somehow I responded to the wrong article. Whoops. Still, Bugzilla holds all answers. This bug details the history order problem and at least partial solutions.
-
Re:Appropriate Popup...
Aren't you blocking pop ups ? Shame on you.
-
Re:Air travel
Hmmm seems loading fine. Mozilla adblock: check, Cookie blocker: check, Flashvertisement block: check. No the site loads fine.
At least as fine as one hundred other news sites except for the gimmeyourfirstborn-registration from the NYT, everything's in the green for me.
If you haven't got an adblocker and a cookie blocker by now, download one for your favorite OS from this site -
Re:good luck with that
hmmm...http://www.mozilla.org/start/1.5/faq/mai
l -news.html#multiple-smtpThat's the Mozilla FAQ for setting up multiple SMTP servers. That feature has been in there since at least 1.0, probably much longer.
-
Re:Where's MSYou really should be able to conclude from the context that the "GPL is viral" is sarcasm. If you are unable to deduce even that little fact from what I wrote, you will probably be incapable of handling the amount of information that is in the Mozilla relicensing FAQ. But just a little quote from it:
The new standard licensing scheme is an MPL/GPL/LGPL triple license; it should be used for all new Mozilla source files distributed through mozilla.org, and existing files will be changed to it after obtaining the necessary permissions.
-
BugMeNot
Soul-sucking registration no longer required to read the NY Times online! Check out BugMeNot.com for usernames and passwords -- there's even a Firefox plugin, or a JavaScript bookmarklet for those of you who haven't seen the light yet.
-
SVG-enabled binaries are availableThe Mozilla SVG project page says:
While SVG is not switched on by default in official Mozilla builds, the code is checked into the Mozilla CVS repository and you can either build it yourself or download a binary for the most popular platforms. (my emphasis)
and provides clickable downloads for Mac OS X, Linux and Windoze.
I tried playing with the Mac build a couple of months back, but it wasn't quite ready for prime time.
If I had access to serious funding for software development, the first thing I would do would be hire somebody to work on finishing Moz SVG, but there are better reasons than that why I'm never likely to have such funding.
-
The abusive personality may like this
For those of you who can't keep track of the name of this browser from month to month comes a plugin that will randomly generate a new name for the browser...all beginning with fire! Firesomething extension
-
Try Enigmail
I disagree. I was a big proponent of PGP back in the old days (mid-90's). Back then, it was more cumbersome than complicated. Regardless of the effort to set it up, it still required too much effort on my part to encrypt or sign or decrypt each and every message. My circle of co-workers, contractors, and friends gave up on it after a short while.
Recently, I have begun using Enigmail with GPG. It integrates quite nicely with Thunderbird, and I assume it would with Mozilla as well. We use it companywide, with Macs and PCs (ie OSX and Windows), and we convinced a contractor that uses Linux to use it as well.
While the initial configuration did require some degree of effort, it was not too tough. Encrypting, decrypting, signing, and verifying is almost automatic now, requiring very little effort per message. My PGP (I mean GPG) password is queued for 15 minutes, so from time to time I have to re-enter it. All my messages are signed, and if the recipients are in my keychain, it is encrypted as well.
I think if it is set up by a Slashdot-type person (and let's face it-- that's what most of us are paid to do), an "average" user should have no problem with it.
-
Re:Where's MSWell, they've actually used that argument already, but I think it's more of a case of not invented here syndrome. Oh, and they wouldn't want to bind themsleves to abiding to a standard since that would make lock-in more difficult.
Oh, also remember that GPL is viral and since some of the code already exists in Mozilla, I guess they see the whole thing as infected?
Read all about scripting plugins with mozilla. The article was released today to accompany the press release, and clarify how this all fits in to mozilla's existing structure.
-
Re:Location history upside down
It's quite possible that this bug for Firefox 0.9 is the same problem. The one I linked to refers to OS X, but it appears to be the same thing -- something with the overlay. It's a known bug, but not the purview of the Mozilla project. But, oddly, the bug that is linked from there (a duplicate), claims to have been resolved as well. So perhaps it has been fixed.
There do remain several open Venkman bugs which may or may not be valid/related.
-
Re:Location history upside down
It's quite possible that this bug for Firefox 0.9 is the same problem. The one I linked to refers to OS X, but it appears to be the same thing -- something with the overlay. It's a known bug, but not the purview of the Mozilla project. But, oddly, the bug that is linked from there (a duplicate), claims to have been resolved as well. So perhaps it has been fixed.
There do remain several open Venkman bugs which may or may not be valid/related.
-
Re:Location history upside down
It's quite possible that this bug for Firefox 0.9 is the same problem. The one I linked to refers to OS X, but it appears to be the same thing -- something with the overlay. It's a known bug, but not the purview of the Mozilla project. But, oddly, the bug that is linked from there (a duplicate), claims to have been resolved as well. So perhaps it has been fixed.
There do remain several open Venkman bugs which may or may not be valid/related.
-
Re:On the Mac.. Firefox needs some work
I've noticed people complaining about FireFox and how the Mac version isn't all that great...
well to be honest, OS X has its own Mozilla derivative project called Camino which imho rocks the socks off of FireFox in usability and speed. -
roadmap says "code-named Firefox"...the mozilla roadmap says
"Focus development efforts on the new standalone applications: the browser currently code-named Firefox, the Mozilla Thunderbird mail/news application, and standalone composer and other apps based on the the new XUL toolkit used by Firefox and Thunderbird. We aim to make Firefox and Thunderbird our premier products."
Sorry to disappoint you, I suppose, but though I figure FF will stick around this does not bode well.
-
Re:Coming events
-
Same 'ole patch that we've always had...
Obligatory 'install the patch' link here...
-
How to switch to firefox on windows...
- go to http://www.mozilla.org/products/firefox
- download the windows installer
- run aforementioned installer
- Realise that installer automatically imports IE favourites
- Select the Internet Explorer icon, press "Del" key
- When asked if you are sure,say yes (with extreme prejudice)
-
Has to be said
Just one more reason to switch to Mozilla.
-
Can someone explain...
Why anyone is still running Internet Explorer when there are so many better alternatives?