Slashdot Mirror

Here's how to disable it. Not sure yet how this is implemented. https://support.mozilla.org/en...

Trends like these make me weep for what were my favorite open source projects, Debian and Firefox.

Both of them were on the right side of things for so long. They weren't there to take my information for some corporation to consume for profit. They were there to offer software that just worked, and it worked really well.

Firefox was the first to fall. Starting with Firefox 4, it became a total disaster. The performance remained so poor. The UI was progressively molested until it has become unusable. Now they're adding unwanted "features" like Pocket integration that nobody really wants. Just a few days ago we found out that their built-in PDF reader (which should never have been built-in in the first place) had a serious security flaw that allowed attackers to steal our files! Needless to say, I no longer use Firefox, and now use Vivaldi instead.

Debian fell most recently, with the addition of systemd. Before then, I knew I could count on it. I've used Debian for many years, and it has worked flawlessly for me. Then I decided to upgrade my system to Debian 8. What a mistake! My system no longer booted like it should. It would just hang. I'm just an average Linux user. I'm not an expert. So I was totally lost about how to fix whatever this problem was. I searched the mailing lists, and I saw a lot of emails from a lot of other people experiencing similar problems with systemd. I may not be an expert Linux user, but I saw the writing on the wall. After witnessing the decline of Firefox, I knew that the same thing was happening to Debian. So I did what any sensible person did: I found another distro. Well, I didn't exactly find another Linux distro, because I have moved to PC-BSD instead. It reminds me of what Debian was before Debian 8 and systemd: fast, stable, secure, and trustworthy.

It pains me greatly to see what has happened to them. Both Debian and Firefox were so great to me and so many others, for so very long. They protected our privacy, rather than misusing and abusing us. They treated us like we were kings and queens. But times changed, and so did those projects. Their decline has been swift and painful, and I'm so sad to see them go. As a long time user of both, moving to alternatives was painful, but a very necessary thing. I cannot put myself in the position where I am the victim of severe browser flaws or the victim of an operating system that does not reliably boot.

There does appear to be a problem with the manual update set up. I ended up proceeding as if I were doing a fresh install: go to https://www.mozilla.org/en-US/... to download the installer and run it. When you do, and restart Firefox, About will in fact say 39.0,3.

Is this the real person that divulged it? I ask because I can't quite figure out why we have this blog post https://blog.mozilla.org/secur... .
It backs up the version you report.

However, if you go to this page https://www.mozilla.org/en-US/... you will find that they are giving credit to an entirely different person. A security researcher named Cody Crews.

It's interesting because everyone is giving Mozilla a big slap on the back for acting so fast, yet the fact of the matter is if MSFA 2015-78 is to be believed, we actually don't have the timeline between when it was first reported until it was patched. In this scenario, all we have is the timeline between the time it was found in the wild until it was patched. That would leave me asking this; Did Mozilla put off the patch until they discovered it was in the wild already?

Is this the real person that divulged it? I ask because I can't quite figure out why we have this blog post https://blog.mozilla.org/secur... .
It backs up the version you report.

However, if you go to this page https://www.mozilla.org/en-US/... you will find that they are giving credit to an entirely different person. A security researcher named Cody Crews.

It's interesting because everyone is giving Mozilla a big slap on the back for acting so fast, yet the fact of the matter is if MSFA 2015-78 is to be believed, we actually don't have the timeline between when it was first reported until it was patched. In this scenario, all we have is the timeline between the time it was found in the wild until it was patched. That would leave me asking this; Did Mozilla put off the patch until they discovered it was in the wild already?

TrackMeNot is good to flood search engines
http://addons.mozilla.org/en-U...

AdNauseam is about flooding click ads
https://addons.mozilla.org/en-...

Flagger is more poking fun at surveillance organizations
https://addons.mozilla.org/en-...

TrackMeNot is good to flood search engines
http://addons.mozilla.org/en-U...

AdNauseam is about flooding click ads
https://addons.mozilla.org/en-...

Flagger is more poking fun at surveillance organizations
https://addons.mozilla.org/en-...

TrackMeNot is good to flood search engines
http://addons.mozilla.org/en-U...

AdNauseam is about flooding click ads
https://addons.mozilla.org/en-...

Flagger is more poking fun at surveillance organizations
https://addons.mozilla.org/en-...

We have a viable alternative. It's called NSS from Mozilla, and it's free of all patent encumberments that have plagued LibreSSL/OpenSSL/SSLeay to this day. It also offers FIPS compliance.

https://wiki.mozilla.org/NSS

Thunderbird + Lightning Extension + Davmail replaces Outlook in Exchange Server environments.

Thunderbird ships with the Lightning add-on enabled by default as of June.

Why would anyone support Firefox. They betrayed there user by folding to governments push for DRM implementation. http://betanews.com/2014/05/14... and this is Firefox https://support.mozilla.org/en... So do you think that they would not do same with the stick or the tablet OS. If you want a stick PC you are better of with Intel compute stick with Linux or Windows. At least this is a complete OS just ad Kodi or Plex and you have your HTPC, just configure it and you done. Or just buy a mini PC from China Intel base, they all cost a bought the same From $129.00 to $179.00! Most of those Mini PC come with android but there some have windows 8.1 & Android 4.2 – 5.01 some even have a display. Intel compute stick start at $149.00 and windows is $179.00 your choice. At least you know what you are getting, and you will have the options of the software.

HTML video/audio elements and DOM scripting are transparent to the client. It shouldn't be so hard for a browser or browser extension to block media autostart. It is strange that no extension seems to do it reliably. But according to bugzilla, setting media.autoplay.enabled to false in Firefox (v41+) should now prevent all autostarts without user interaction.

GP: what a strawman. Media elements were added to HTML so we can finally get rid of uncontrollable, unsafe binary plugins/programs like Flash or VLC being launched from/embedded in the browser. Before HTML media there was codec hell, and online videos and codecs were a major attack vector. HTML media elements don't require DRM and you can choose to not install DRM in certain browsers.

We used to have applications run locally. They used to have a lot more freedom - any and all apps could know exactly who you are and what your computer's UUID was, not only how your battery's doing. Today most of what you use - the obvious examples being your mail and to a lesser extent office suite - is at least sandboxed inside your browser.

This is not to say there hasn't been a rise in tracking, but the story just got me thinking that maybe it's a good thing it's being done in a browser.
(And you should be whitelisting the use of cookies and javascript - and blocking unnecessary trackers).

We used to have applications run locally. They used to have a lot more freedom - any and all apps could know exactly who you are and what your computer's UUID was, not only how your battery's doing. Today most of what you use - the obvious examples being your mail and to a lesser extent office suite - is at least sandboxed inside your browser.

This is not to say there hasn't been a rise in tracking, but the story just got me thinking that maybe it's a good thing it's being done in a browser.
(And you should be whitelisting the use of cookies and javascript - and blocking unnecessary trackers).

APK Hosts File Engine 9.0++ SR-1 32/64-bit: http://start64.com/index.php?o... [start64.com] FREE & adds speed, security, + reliability, doing more with less, more efficiently vs. addons + fixes DNS' redirect security issues: --- A.) Hosts do more than: 1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... [techcrunch.com] ) 2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G... [wikipedia.org] 3.) Request Policy -> http://yro.slashdot.org/commen... [slashdot.org] B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects e.g. /. beta). C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less "moving parts" complexity D.) Hosts files yield more: 1.) Speed (adblock & hardcodes fav sites - faster than remote dns) 2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers) 3.) Reliability (vs. downed, Kaminsky redirected (99% ISP DNS' = unpatched vs. it), DGA, Fastflux, & dynDNS botnets) 4.) Anonymity (vs. dns request logs + dnsbl's). --- * Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization). * Addons = more complex + slow browsers in messagepassing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray's destroying Adblock. * Addons slowup slower usermode browsers layering on more - & bloat RAM consumption + excessive cpu use too (4++gb extra in FireFox https://blog.mozilla.org/nneth... [mozilla.org]) (Instead, work w/ a more capable native kernelmode part you already have - hosts (An integrated part of the ip stack)) APK P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend" ...apk

Yes, A quick Google search gave me a PowerShell script that will install a specified version of Firefox and allow you to specify the language also. Mozilla has a latest folder on the ftp server if you want to modify the script.

I would probably just use ftp from a command line if I was trying to download Firefox without using the native web browser for some reason.

ftp://ftp.mozilla.org/pub/fire...

http://blog.vertigion.com/post...

"uBlock is using 33MB of RAM" - by andymadigan (792996) on Friday June 12, 2015 @10:31PM (#49902053)

Inefficient: Hosts @ 3-11mb w/ current data & does things adblock variants can't & U RAN FROM IT http://apple.slashdot.org/comm... ).

UBlock uses 63++ MB & AdBlock = 128mb++ -> http://www.ghacks.net/2014/06/...

SCREENSHOT -> http://cdn.ghacks.net/wp-conte...

BEST UBlock's done = 38mb/ABP = 64mb -> http://www.extremetech.com/wp-... From http://www.extremetech.com/wp-...

* See 'p.s.' below - Says all (& I didn't do the saying!)

---

"which blocks more ads? Answer: uBlock/Adblock" by andymadigan (792996) on Sunday June 14, 2015 @12:04AM (#49907001)

WRONG - "Almost ALL Ads Blocked"'s PAID NOT TO by default-> http://techcrunch.com/2013/07/...

&

ABP too http://finance.yahoo.com/news/...

UBlock/Adblock = far less efficient on CPU & RAM (added messagepassing, SLOW usermode vs. hosts in kernelmode) & NEITHER does a fraction of what hosts do in more speed, security, reliability, & anonymity.

---

"your system blocks fewer ads" by andymadigan (792996) on Sunday June 14, 2015 @12:04AM (#49907001)

See above: + hosts do MORE w/ less via 1st link above!

---

"I'm more than happy to spend an extra 1% of my computer's power to block far more ads than your shitty idea" by andymadigan (792996) on Sunday June 14, 2015 @12:04AM (#49907001)

You're 'happy' being illogical & stupid?

AdBlock's 4++gb & 100% CPU use inefficiency -> https://blog.mozilla.org/nneth...

+

ClarityRay defeats it & NOT hosts (clarityray BLOCKS addons via native browser methods).

---

YOU started it -> http://apple.slashdot.org/comm... & here too http://slashdot.org/comments.p...

I finished YOU WITH IT all above!

APK

P.S.=> Howard Stark in "Capt. America" - hosts (Cap's Shield) vs. AdBlock & variants (steel):

"It's stronger than steel & 1/3rd the weight"

So

"Run, Forrest: RUN!!!" & "eat your words"

... apk

See subject: Which of those 4 types are you that FEAR hosts?

1.) Advertiser
2.) malware maker &/or botnet herder
3.) An INFERIOR competitor (e.g. - AdBlock, Ghostery, & RequestPolicy)
4.) webmaster (I held the app back for them in fact, it was done, in 3 parts though in tty mode, as far back as 2003 here but when malvertizing went out of control, out the door she went to 'the masses' for the absolute good, since any idiot knows being destructive = easy, but doing good NEVER is, but it's worth it imo)

* Doesn't 'take a brain' to realize THAT much - after all: THEY'RE THE ONES WHO GET "HURT" by it - problem is THEY have been hurting others bandwidth/speed, security, & more for DECADES...

Funniest part is that those technically unjustifiable downmods are "the best they got" but they certainly CAN'T get the better of me disproving my points on hosts files' mulitiple nigh ubiquitous value to end users...

APK

P.S.=> In fact? I'd almost WAGER per #3 above in this case, that it's Wladimir Palant (AdBlock creator) who wrote me by email, 1st, saying "hosts are a shitty solution" - well, when I confonted him in email reply to show me that "Almost ALL ADS BLOCKED" can do MORE than custom hosts? He refused to reply, & RAN like a scared rabbit - ESPECIALLY after this article study showed how massively INEFFICIENT in RAM (5gb usage) & HIGH CPU USAGE AdBlock is https://blog.mozilla.org/nneth...

OR

Sebastian Noack (AdBlock+ 'creator' who merely bit off W. Palant's code) ... apk

Setup with a noVNC web interfaces, and sshkey management in the web management panel (so users can employ their personal ssh keys post-deployment)

[Unbalanced parentheses.] Which guide to configuring keys in popular SSH clients does your documentation link to?

We don't provide one. Support refers users to the official security guides for the appropriate distro, general questions are answered using this as the main source. Documentation for users is almost identical to that on Digital Ocean (they target the same market segment). We don't write subject documentation for users. They do, if we approve it we pay them and publish it (it's the low cost end of the market, minimal SLA).

Internally we follow NIST procedures and are audited to meet several ISO 27K standards (mainly for insurance purposes). We don't own any data centres, or control the hardware. That's a very common practise, with all but the high-end hosting providers (usually).
Our internal procedures are more stringent with the main (non-hosting) business as most of the clients are Defence related (this is Canberra, the majority of work here is Defence related).

However I was (redundantly) asking why someone who calls themselves a security professional and system administrator does not follow BP.

Because BP got hacked by Chinese? Naaah.

[smile] where following BP means jumping in a tug and telling the captain to "follow that slick".

Found one, apparently no whitelist though.
Disable clipboard manipulations

And why not?

Some script/program having access to a password field is totally irrelevant from a security standpoint. Heck, even browsers most of the times can't even tell that some html field is THE password field (because there's no standard...often they just guess).

That's interesting. Which browsers guess which form field takes a password please? It'd save me some time if you could tell me the function is used to guess it - but I can just dig through the documentation if you don't remember precisely.

I know how Iceweasel/Firefox finds a password form field - and it's not "guess" work.(it remembers the form field positions from when you hit the Submit button - if you have autologin enabled).
The password manager I use knows nothing of form fields - it handles password request from applications. When I'm not using Iceweasel I just copy and paste from the password manager (which I use to hold additional information relevant to each password).

A stock page login form field:-

<form id="bridgeForm" action="#" target="loginframe" autocomplete="on">
<input type="text" name="username" id="username" />
<input type="password" name="password" id="password"/>
</form>

<iframe id="loginframe" name="loginframe" src="$foobar.html"></iframe>

Refs: Firefox password debugging, the login manager

And why not?

Some script/program having access to a password field is totally irrelevant from a security standpoint. Heck, even browsers most of the times can't even tell that some html field is THE password field (because there's no standard...often they just guess).

That's interesting. Which browsers guess which form field takes a password please? It'd save me some time if you could tell me the function is used to guess it - but I can just dig through the documentation if you don't remember precisely.

I know how Iceweasel/Firefox finds a password form field - and it's not "guess" work.(it remembers the form field positions from when you hit the Submit button - if you have autologin enabled).
The password manager I use knows nothing of form fields - it handles password request from applications. When I'm not using Iceweasel I just copy and paste from the password manager (which I use to hold additional information relevant to each password).

A stock page login form field:-

<form id="bridgeForm" action="#" target="loginframe" autocomplete="on">
<input type="text" name="username" id="username" />
<input type="password" name="password" id="password"/>
</form>

<iframe id="loginframe" name="loginframe" src="$foobar.html"></iframe>

Refs: Firefox password debugging, the login manager

That's because your parser's broken.

No, my parser is fine. Your's matches your usename - that is just a pseudonym, right?

... but still, if PAM is configured with OpenSSH, a PAM bug may sometimes be mis-identified to be an OpenSSH bug

Then it's not an OpenSSH bug. (and that's not English)

No matter if it's a PAM bug or an OpenSSH bug, a but report which points out a vulnerability is good thing for the community

(assuming the coward means "bug report"). No - it's a waste of limited resources. Big scare about an insecurity in OpenSSH which did not exist

"King Cope" posted to the Full Disclosure mailing list Fri, 17 Jul 2015 21:23:36 +0000 (UTC) (according to my email system) with an exploit

ssh -lusername -oKbdInteractiveDevices=`perl -e 'print "pam," x
10000'` targethost

and "a patch for openssh-6.9p1 that will allow to use a wordlist and any passwords piped to the ssh process to be used in order to crack passwords remotely.". By applying the patch it allows an attacker to try as many attacks as possible within the gracetime (2 minutes). The best case scenario allows an estimated 10000 attempts in that time period.

I only read it because he's usually good for a laugh, or, as is this case, a face-palm.

Which might brute force a very short (stupid) password that would fall to a small, lucky, dictionary attack. Which is why BP is to use a key.

He mentions in that email that it has been "tested against a new FreeBSD 10.1 system and older FreeBSD versions such as version 6.2.".

something that will allow the users to tighten up their configuration to deny that bug from being able to function in the first place

Tighten up what? Their SSH configurations? It is a bug in PAM that is restricted to small range of BSD versions.
Tightening up SSH, which is already as tight as it can be against the exploit unless you deliberately loosened it (as Sex Conker would recommend - but he's an idiot). Default configurations already stop the exploit (no root ssh login, all ssh logins with keys).

The exploit would only affect insecure systems that use piss poor password security - and even then only on a limited number of BSD systems.

That belief is a broken as the idea that if there's a story a cigarette lighter exploded, which causes a panic about cigarette lighters, and calls for a recall of them - turns out to be a case of someone in petrol soaked pants being injured when the cigarette lighter in their pocket exploded as a result of them falling out of a building and landing on their arse. Unfortunately they had a box of matches in the back pocket which exploded on impact, setting fire to their pants - the heat of the flames caused the cigarette lighter to explode.

The moral of the story is not - oh the panic about cigarette lighters exploding was a good thing.
It would have been a "good thing" if that energy was spent on warning people of the dangers of wearing petrol pants and falling out of windows.

It would be a "good thing" if people focused on the actual bug in PAM instead of trying to justify their earlier panic (the sky is not falling).

The coward that wrote that gibberish you're defending , who is obviously not you, is referring to what bug report?Hint: there was none, just another of King Cope's self-promoting and inflated security exploits (he also thinks robots.txt is a security hole). You fell for it, get over it.

I did it with ftp.mozilla.org , I didn't think or knew about using releases.mozilla.org. I seem to remember ftp.mozilla.org did not work a few years ago but maybe they changed their mind :)

My useless log, from a trial :

(...)

230- ftp.mozilla.org / archive.mozilla.org - files are in /pub/mozilla.org
230-
230- Notice: This server is the only place to obtain nightly builds and needs to
230- remain available to developers and testers. High bandwidth servers that
230- contain the public release files are available at http://releases.mozilla.org/
230- If you need to link to a public release, please link to the release server,
230- not here. Thanks!
230-
230- Attempts to download high traffic release files from this server will get a
230- "550 Permission denied." response.
230-
230- Low-traffic files, including SeaMonkey releases, are OK.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub
250 Directory successfully changed.

(...)

ftp> dir
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- 2 ftp ftp 47228492 Jun 25 00:05 firefox-38.1.0esr.tar.bz2
226 Directory send OK.
ftp> get firefox-38.1.0esr.tar.bz2
local: firefox-38.1.0esr.tar.bz2 remote: firefox-38.1.0esr.tar.bz2
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for firefox-38.1.0esr.tar.bz2 (47228492 bytes).
226 Transfer complete.
47228492 bytes received in 48.93 secs (942.6 kB/s)
ftp>

Press Shift F5 to open the CPU profiler. Before you toggle it on then off after a minute for results, click the sprocket options icon and tick "Show Gecko Platform Data". More info at https://developer.mozilla.org/en-US/docs/Mozilla/Performance/Reporting_a_Performance_Problem

Yes, it should be a standard possibility in the browser. But until then, I use Firefox-Muter.

But it's stupid to need an extension for something as basic. Or even for a (completely unrelated) 15 year old bug which still needs an extension to be corrected.

Yes, it should be a standard possibility in the browser. But until then, I use Firefox-Muter.

But it's stupid to need an extension for something as basic. Or even for a (completely unrelated) 15 year old bug which still needs an extension to be corrected.

That's not planned for the moment, but with PreferenceStats.jsm (currently in Firefox Nightly), it is already possible to write an add-on that does monitors each tab. Firefox doesn't have a feature for stopping all scripts in a page yet (that's https://bugzilla.mozilla.org/s..., if you're curious), but reloading the tab without scripts (or other features) shouldn't be too hard.

Per Mozilla's description of the <video> element:

Then it may or not start playing automatically

The autoplay attribute of the <video> element controls this. Which browser autoplays even if the autoplay attribute is not specified?

Some systems may display a play/pause/bla bar, others will not.

The controls attribute of the <video> element controls this. Which browser shows controls if the controls attribute is not specified or hides controls if the controls attribute is specified? But I'll grant that live streaming is more likely to need custom JavaScript controls.

Local application access!

I'm still trying to determine if this would be effective JavaScript Shell

You just have to be able to set an environment variable no matter who you are and you're root. It's just a question if FireFox has its own "environment" or relies on an under-privileged UNIX account.

From what I can tell, this is a wide-open window. Huge, huge, flaw.

'can be bought' is not the same as having the phones sitting in Best Buy, AT&T, Verizon, or T-Mobile retail stores. I'm not talking developer editions either. The 'where to buy' drop-down on the Firefox OS site doesn't even have the US: https://www.mozilla.org/en-US/... Samsung tepidly swapped Tizen onto the Galaxy Gear, but no phones are in retail in the US: https://en.wikipedia.org/wiki/...

Is Edge going to be portable to non Windows operating systems like GNU/Linux, FreeBSD, Solaris, OS X, HP-UX, OpenServer X, Haiku OS, AIX, Android and Firefox OS?

You must feel so smart listing all those UNIX operating systems. You know so many!

Is Edge going to be portable to non Windows operating systems like GNU/Linux, FreeBSD, Solaris, OS X, HP-UX, OpenServer X, Haiku OS, AIX, Android and Firefox OS?

I can see Beavis and Butthead saying "Dude! Let's strap a PISTOL to this DRONE and make it SHOOT. Heh heh heh." That shit is so obvious as to be scarcely newsworthy, let alone eyebrow-raising. To make it shoot they use... a solenoid, right? Well Gosh Lolly Good Golly!

If it's man-threatening eyebrow raisin' tech yer interested in, analyze the motion on multiple axes of this Breast Massaging Robot and also Patent CN102058466A for a similar device that has more useful functions and methods than the Mozilla Web API:

The invention discloses a Chinese massage robot, relating to the field of Chinese massage mechanical and automatic devices. The Chinese massage robot is characterized by comprising a bed body (16), a spatial six degrees of freedom main body mechanism and a massage hand (15) and can realize a palm-rubbing technique, a scrubbing method, a pushing manipulation, a wiping manipulation, a pressing manipulation, a pointing method, a finger-nail pressing method, a clapping method, a striking method, a rebounding method, a rolling method, a palm-kneading method, a finger-kneading method, a tremble manipulation, a shaking manipulation, a holding method, a kneading method, a plucking method, a pushing method, a twisting method, a pulling and turning method, a stretching method and other general single-hand and dual-hand massage methods. The invention has the advantages of simple structure, high rigidity, small size, light weight, low cost, large motion space, sensitive and quick action, favorable decoupling, real-time and dynamic response characteristics of system control, and the like.

Let goofballs who are easily amused play with guns and drones. We cannot afford to lose our lead on this technology front.

But until you actually, and openly, do something about these problems, you are equally guilty. Because you are lazy.

Through the /SARC when it comes down to it you are right of course. Please +mod Parent as an amazingly and thought provoking response, a fine rant response. I must admit that over the years I have been part of the problem. Despite time put in to learn the mechanics of computer language, network, protocol and presentation, applying many an operations-oriented shim or patch or fix.. I have NOT delved deep into any single open-source project, taken the reins, become part of a team, or even one of those prolific lone wolf coders. I have no curriculum vitae in open source. Now that I look back on it that's kind of shameful, especially as I present myself as a critic of the times. I'll try to do better with the next half of my life.

Who are those bad actors and what is bad acting? Leaving aside the potential for cross site scripting, malformed instructions, rooting and malware for a moment. There was a time when smooth continuous motion on the borders of a web page, however clever the item, was considered distracting by static purists, who even objected to looping animation. I was never one of those, though I did see they clearly disliked the intrusive and unexpected. Then came the sounds, loud and lots. In a platform where a mute button or volume control must be explicitly coded few did and if your volume control was up you'd be blasted out of your seat muttering "What were they thinking?" But all that is past and gone. There are no aesthetic elements made possible by Flash that are not not do-able from HTML or JS.

And because migration is now possible some feel migration is necessary. The Register is cheekier than I, spicing urgent reminders with lambasting criticism. Clearly from Adobe's position proactive measures are necessary and a ground-up audit/rewrite is necessary using a compiler framework that (with performance penalty of course) mitigates the silly things like use-after-free. And in Open Source there have been reverse engineering projects and attempts to replicate Flash, lately even shims...

But what has been missing is an publicly audited open source Flash initiative that had begun years ago, begun right as Flash was introduced. Some would call such a thing intellectual property theft. I'd bring up OpenSSL as a shining example except for... certain things that have happened. Are they worse than the things that might have happened if some corporate actor, RSA for example, imposed bin-only blobs on everyone, Windows Linux and Apple? Who can say.

But you won't, and there is one telling phrase why not:
"Because in this silly Collectivist world of planned obsolescence..."
You have a mindset that can't be reasoned with.

What you really mean is, You reach down and you flip Flash over on its back. Flash lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over, but it can't. Not without your help. But you're not helping.

Point taken.

I have been using long this flash disable plugin. It is easy to use; it is simple : it just triggers internal configurations that Firefox has always had. It adds a button to enable flash on those few sites were Flash is used for content and cannot be replaced. I recommend ticking 'Disable at startup' and 'Ask to activate' in the preferences. "Simple & easy" always provides better security.
Enough said.

Let's stop using misleading phrasing that will make people think they blocked any past, current, or hypothetical future version of the plugin.

Hey, there are a lot of linux users here - we're used to it. Mozilla has been blocking the current version of Flash on Linux for three years now. The people who know that codebase can't seem to figure out how to put in an if statement (I jest - they just don't give a fuck about it working).

Mozilla was blocking all Flash until the second update came out. The page https://www.mozilla.org/en-US/... clearly showed that. You could change it to from "disabled" to "ask to activate" if you chose to.

Chrome also updated today, but the bundled Flash player in Chrome is click-to-play by default. IE should do that with its bundled player. And Microsoft should use Windows Update to block the plugin player for old version of IE. And old Java in any browser, with an override available.

Chrome now runs Flash in a separate process, because Adobe are so inept they cannot be trusted not to leave lots of security bugs in their products. So Google wrapped it in a process wrapper [...] Firefox should do the same!

Firefox has been running Flash Player in plugin-container.exe for years.

Windows 7 and 8 include "compatibility mode" for running applications designed for Windows XP. Heck, Windows 7 Pro even included a coupon for a copy of XP in a virtual machine at no additional charge. What would be the counterpart to compatibility mode for running SWF objects?

Shumway: https://developer.mozilla.org/...

"uBlock is using 33MB of RAM" - by andymadigan (792996) on Friday June 12, 2015 @10:31PM (#49902053)

Inefficient: Hosts @ 3-11mb w/ current data & does things adblock variants can't & U RAN FROM IT http://apple.slashdot.org/comm... ).

UBlock uses 63++ MB & AdBlock = 128mb++ -> http://www.ghacks.net/2014/06/...

SCREENSHOT -> http://cdn.ghacks.net/wp-conte...

BEST UBlock's done = 38mb/ABP = 64mb -> http://www.extremetech.com/wp-... From http://www.extremetech.com/wp-...

* See 'p.s.' below - Says all (& I didn't do the saying!)

---

"which blocks more ads? Answer: uBlock/Adblock" by andymadigan (792996) on Sunday June 14, 2015 @12:04AM (#49907001)

WRONG - "Almost ALL Ads Blocked"'s PAID NOT TO by default-> http://techcrunch.com/2013/07/...

&

ABP too http://finance.yahoo.com/news/...

UBlock/Adblock = far less efficient on CPU & RAM (added messagepassing, SLOW usermode vs. hosts in kernelmode) & NEITHER does a fraction of what hosts do in more speed, security, reliability, & anonymity.

---

"your system blocks fewer ads" by andymadigan (792996) on Sunday June 14, 2015 @12:04AM (#49907001)

See above: + hosts do MORE w/ less via 1st link above!

---

"I'm more than happy to spend an extra 1% of my computer's power to block far more ads than your shitty idea" by andymadigan (792996) on Sunday June 14, 2015 @12:04AM (#49907001)

You're 'happy' being illogical & stupid?

AdBlock's 4++gb & 100% CPU use inefficiency -> https://blog.mozilla.org/nneth...

+

ClarityRay defeats it & NOT hosts (clarityray BLOCKS addons via native browser methods).

---

YOU started it -> http://apple.slashdot.org/comm... & here too http://slashdot.org/comments.p...

I finished YOU WITH IT all above!

APK

P.S.=> Howard Stark in "Capt. America" - hosts (Cap's Shield) vs. AdBlock & variants (steel):

"It's stronger than steel & 1/3rd the weight"

So

"Run, Forrest: RUN!!!" & "eat your words"

... apk

Can adblock do 16 things hosts do for speed, security, & reliability:

1.) Protect vs. malicious sites/servers (beyond malicious ads: See 2-10 next)
2.) Protect vs. fastflux botnets + stop communication to C&C servers
3.) Protect vs. dynamic dns botnets + stop communication to C&C servers
4.) Protect vs. DGA botnets + stop communication to C&C servers
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phishing
10.) Protect vs. bandwidth caps
11.) Get you past a dnsbl
12.) Keep you off dns request logs
13.) Speed up websurfing by adblocks & hardcoded fav. sites
14.) Work on ANY webbound app (think stand-alone email programs) multiplatform.
15.) Give you easily texteditor controlled data for the above
16.) Do all that & block ads (better than addons) more efficiently in cpu cycles + memory usage

* ANSWER ="NO" to each above on AdBlock doing it as well or at all!

APK

P.S.=> AdBlock does FAR less than hosts do & FAR less efficiently - hosts do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):

AdBlock's 4++gb & 100% CPU usage flooring inefficiency -> https://blog.mozilla.org/nneth... + ClarityRay defeats it + it 'souled-out' & is crippled by default paid off to not do its job http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/...

AdBlock adds complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

AdBlock's SLOWER than hosts: http://superuser.com/questions...

For the BEST hosts file?

APK Hosts File Engine 9.0++ SR-2 32/64-bit -> http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

... apk

Can adblock do 16 things hosts do for speed, security, & reliability:

1.) Protect vs. malicious sites/servers (beyond malicious ads: See 2-10 next)
2.) Protect vs. fastflux botnets + stop communication to C&C servers
3.) Protect vs. dynamic dns botnets + stop communication to C&C servers
4.) Protect vs. DGA botnets + stop communication to C&C servers
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phishing
10.) Protect vs. bandwidth caps
11.) Get you past a dnsbl
12.) Keep you off dns request logs
13.) Speed up websurfing by adblocks & hardcoded fav. sites
14.) Work on ANY webbound app (think stand-alone email programs) multiplatform.
15.) Give you easily texteditor controlled data for the above
16.) Do all that & block ads (better than addons) more efficiently in cpu cycles + memory usage

* ANSWER ="NO" to each above on AdBlock doing it as well or at all!

APK

P.S.=> AdBlock does FAR less than hosts do & FAR less efficiently - hosts do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):

AdBlock's 4++gb & 100% CPU usage flooring inefficiency -> https://blog.mozilla.org/nneth... + ClarityRay defeats it + it 'souled-out' & is crippled by default paid off to not do its job http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/...

AdBlock adds complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

AdBlock's SLOWER than hosts: http://superuser.com/questions...

For the BEST hosts file?

APK Hosts File Engine 9.0++ SR-2 32/64-bit -> http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

... apk

Can adblock do 16 things hosts do for speed, security, & reliability:

1.) Protect vs. malicious sites/servers (beyond malicious ads: See 2-10 next)
2.) Protect vs. fastflux botnets + stop communication to C&C servers
3.) Protect vs. dynamic dns botnets + stop communication to C&C servers
4.) Protect vs. DGA botnets + stop communication to C&C servers
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phishing
10.) Protect vs. bandwidth caps
11.) Get you past a dnsbl
12.) Keep you off dns request logs
13.) Speed up websurfing by adblocks & hardcoded fav. sites
14.) Work on ANY webbound app (think stand-alone email programs) multiplatform.
15.) Give you easily texteditor controlled data for the above
16.) Do all that & block ads (better than addons) more efficiently in cpu cycles + memory usage

* ANSWER ="NO" to each above on AdBlock doing it as well or at all!

APK

P.S.=> AdBlock does FAR less than hosts do & FAR less efficiently - hosts do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):

AdBlock's 4++gb & 100% CPU usage flooring inefficiency -> https://blog.mozilla.org/nneth... + ClarityRay defeats it + it 'souled-out' & is crippled by default paid off to not do its job http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/...

AdBlock adds complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

AdBlock's SLOWER than hosts: http://superuser.com/questions...

For the BEST hosts file?

APK Hosts File Engine 9.0++ SR-2 32/64-bit -> http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

... apk

Can adblock do 16 things hosts do for speed, security, & reliability:

1.) Protect vs. malicious sites/servers (beyond malicious ads: See 2-10 next)
2.) Protect vs. fastflux botnets + stop communication to C&C servers
3.) Protect vs. dynamic dns botnets + stop communication to C&C servers
4.) Protect vs. DGA botnets + stop communication to C&C servers
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phishing
10.) Protect vs. bandwidth caps
11.) Get you past a dnsbl
12.) Keep you off dns request logs
13.) Speed up websurfing by adblocks & hardcoded fav. sites
14.) Work on ANY webbound app (think stand-alone email programs) multiplatform.
15.) Give you easily texteditor controlled data for the above
16.) Do all that & block ads (better than addons) more efficiently in cpu cycles + memory usage

* ANSWER ="NO" to each above on AdBlock doing it as well or at all!

APK

P.S.=> AdBlock does FAR less than hosts do & FAR less efficiently - hosts do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):

AdBlock's 4++gb & 100% CPU usage flooring inefficiency -> https://blog.mozilla.org/nneth... + ClarityRay defeats it + it 'souled-out' & is crippled by default paid off to not do its job http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/...

AdBlock adds complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

AdBlock's SLOWER than hosts: http://superuser.com/questions...

For the BEST hosts file?

APK Hosts File Engine 9.0++ SR-2 32/64-bit -> http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

... apk

I absolutely agree with using Ghostery (or something like it) for privacy reasons. That said Ghostery and AdBlock both use quite a bit of memory*, and IMHO slow things down as much as the ads they are blocking (apart from flash ads which FlashBlock or native click-to-play capability solves with much less overhead). Furthermore, I almost never see ads when running Ghostery, and conversely the EasyPrivacy filter list for AdBlock does much of the same thing that Ghostery does. So I would recommend trying them both out, and then sticking to just one rather than running both at once. Also, if you use Ghostery make sure it is configured to block new elements by default.

Lastly, if you (or someone you do tech support for) refuses to use Ghostery (or NoScript) because it sometimes break webpage functionality, Disconnect is a good option to look at. It doesn't block nearly as much as Ghostery, and isn't as informative about what it is (and isn't) blocking, but it is better than nothing. I have never had it break a website, and requires no config tweaking.

*Note, the memory usage issue may get better in a couple releases.

Hello, it's 2015, where's my MULTIFUCKINGTHREADING?

What problems have you run into with Web Workers?

https://developer.mozilla.org/...

Tell that to...
Mozilla

Yep a shining example of a company meeting user requirements, producing an ever better product to the praise of the open source community.

In all seriousness though you're missing something very key. Some positions, or even some parts of a project can benefit greatly from isolated working from home. A far many more don't. To work from home you need to have a project that supports isolated workers, a project that does not rely on adhoc complicated communication, and an infrastructure (not just technical, but also workplace culture) to support remote workers.

https://input.mozilla.org/en-U...

that's where i put it. less the 39.0 i reported it oh at least 3 years ago 5 years before that. There may be a Bugzilla report, i wouldn't have a clue in the world where it is as i said this bug has been around since at least 2005. I have long since gave up any kinda hpe it will get fixed so i don't save Bugzilla reports i made 10 years ago.