Slashdot Mirror
Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
LDAP Write Support
17 year old feature request. https://bugzilla.mozilla.org/s... The biggest feature that keeps enterprises from adopting TB.
-
Re:And I verified
It's off by default for now, Mozilla's blog entry on the matter makes it clear that it'll be turned on at some point in the not-too-distant future.
"Firefox does not yet use DoH by default."
That's pretty unambiguous.
-
Re:And I verified
it is off by default. https://wiki.mozilla.org/Trust... "TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it."" Set `network.trr.mode` to 2 to make DNS Over HTTPS the browser's first choice but use regular DNS as a fallback (0 is "off by default", 1 lets Firefox pick whichever is faster, 3 for TRR only mode, 5 to explicitly turn it off)."
I am sorry, AGAIN, what is the problem ? People are simply throwing mud and getting angry because they want to.
The GP's quote is important:
This is from "we know better than you" Mozilla.
Mozilla has a looooooooooooooooooong history of adding something as an option, then one or two versions later making it the default, and then sometimes later making disabling of the feature impossible. You might say they're highly paternalistic and man-splaining both browser UI and DNS. Or maybe you might say they're SJW tyrants who object to Internet freedom. Both are correct, but just with different political viewpoints.
-
15 year old bug - basic new mail functionality
New Mail Notification Icon remains in Taskbar until manual "get new mail",
https://bugzilla.mozilla.org/s...
15 years old, still "minor" and "unclassified".
-
Re:Version 60 and still crappy
* Claws Mail - very fast and light-weight GUI client (MUA). ported to many OSes and extended with plug-ins.
* Sylpheed - very light-weight GUI client. Windows/OSX/GTK+(Linux/BSD/etc)
* Mutt - a bit hard-core but runs reasonably well from command-line on Unix-like systems, even usable on OSX. Windows version is weird (PDcurses port looks the best, but has bugs/work-arounds)
* Alpine - that classic PINE feel, but still actively maintained.
* Eudora Open Source Edition - classic e-mail client. OSE is really a fork of Thunderbird. For the real deal you need to port the source yourself. (I'm not sure why you would, beyond nostalgia)
* Mailbird - Windows freeware
* Mail.app - OSX only. older versions significantly better (and faster) than latest. -
Thunderbird.net?!
When the heck did that happen? I suppose that is what happens when you rely on your Linux distribution to provide Thunderbird, but still, I'd expect something that links off mozilla.org. I looked, and https://www.mozilla.org/thunde... redirects to https://www.thunderbird.net/en... so its good, but my first reaction was - is this safe?
-
And I verified
it is off by default. https://wiki.mozilla.org/Trust... "TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it."" Set `network.trr.mode` to 2 to make DNS Over HTTPS the browser's first choice but use regular DNS as a fallback (0 is "off by default", 1 lets Firefox pick whichever is faster, 3 for TRR only mode, 5 to explicitly turn it off)."
I am sorry, AGAIN, what is the problem ? People are simply throwing mud and getting angry because they want to. -
Re:Hipster using wifi in fashion coffee shops...
Mozilla employee here, though not involved with this project.
The hipsters will be fine, as the most likely setting falls back to the system DNS when TRR fails. For a little more detail see: https://wiki.mozilla.org/Trust...
-
Re: I'd want to know how to disable the behaviorFrom:
https://blog.nightly.mozilla.o...
https://wiki.mozilla.org/Trust...- 0: Off by default
- 1: Firefox chooses faster
- 2: TRR default w/DNS fallback
- 3: TRR only mode
- 5: Disabled
I imagine the setting we're all looking for is: user_pref("network.trr.mode", 5);
-
Re: I'd want to know how to disable the behaviorFrom:
https://blog.nightly.mozilla.o...
https://wiki.mozilla.org/Trust...- 0: Off by default
- 1: Firefox chooses faster
- 2: TRR default w/DNS fallback
- 3: TRR only mode
- 5: Disabled
I imagine the setting we're all looking for is: user_pref("network.trr.mode", 5);
-
Already mentioned but nobody cared...
-
Re:NoScript and Ghostery
Another essential one: Google link cleaner. Why spend all that latency and net traffic informing Google what you actually clicked on so they can sell your thoughts to the highest bidder?
-
Suraj Jain's JavaScript Switcher
I'll go back to Firefox when they give back the option to white list / disable java script (no, no-script doesn't cut it) and cookies in an easy, comprehensive and coherent way.
Please define "easy, comprehensive and coherent". If you want easy, install the "JavaScript Switcher" extension by Suraj Jain to give each domain an off switch.
-
Re:Press Space Enter to lose data
More and more I'm leaning towards wanting a browser that permits per-website Javascript white/black listing. Safari added some great per-website settings controls, and just needs to add Javascript blocking to be perfect.
Firefox supports the "JavaScript Switcher" extension by Suraj Jain. It allowed access to the site.
-
No need to read the article...
Just go to their blog post and read it. As it says, there is no voting they just want feeback in the comments about it.
To me.. marketing types are funny (peculiar, not haha) in that they feel the world and their product revolves around marketing and perception. I think it is somewhat important for a product, but you need a good product first and foremost. It seems that Firefox has been making strides to get get back to where they need to be, although I am not sure they're there yet. I am personally willing to switch back from Pale Moon , but they're going to have to really convince me of it...and new icons aren't going to do it.
-
Re: Fission indeed!
>"But is it a full site isolation that also separates third party cookies per main site?"
You can already do this in Firefox now...
-
Re: Why do I use Firefox Again?
There are already options for RSS reader add-ons, I use FeedBro myself. So you may or may not get something exactly like Live Bookmarks, but you certainly will have ways to access RSS feeds without leaving the browser or using a web based reader.
-
Re: Shadow DOM is a W3C standard
Firefox's implementation is planned to be enabled by default in version 63. Safari supports shadow DOM already, and Edge is working on an implementation as well.
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_shadow_DOM
And Firefox 63 is due to be released in October.
-
Re:...yet..
>"Two of my favorite extensions are impossible in 57+
Yep, first thing I wanted was "classic theme restorer" because I HATE tabs on top. Really, that is the only reason I want/need it. There is a workaround, however, by having a custom userChrome.css
-
Re:This is stupid garbage
What are the negative impacts of encryption?
I think the right question to ask is "what are the tradeoffs of moving to encryption?". The hardest part about designing a system for the web is that the costs are borne by everyone, while the protection offered needs to fit the most vulnerable person. There is no way for a browser to force the server to behave in a certain way, while the deployment of HTTPS almost exclusively benefits the browsers, not the servers.
To me, the situation is very clear cut, the benefits of universal deployment of HTTPS vastly outweigh the costs. I can understand and respect other people looking at the situation and coming to a different conclusion, but I want to make sure that the facts on the table are correct first.
My experience tells me that the most obvious approach to changing the cost equation, namely negotiating how much security is required in each a given context, will not work. The main limit is that people only defend against attacks they can imagine, and their five seconds of imagination is not as thorough as a billion dollar intelligence agency. Tapping all US backbones to snoop all internet packets and save them for future reference seemed wild until it was a well-established truth.
(Also, having more negotiation simply means more options which are less tested and more likely to be broken in ways we haven't noticed. Like IPSEC tunnels with a billion options that are easy to accidentally run insecurely even with a full team of experts vs. OpenVPN.)
I'll answer your examples point by point.
2) Increased bandwidth requirements as caching servers are rendered moot
This is the one argument against HTTPS by default that resonates with me. Bandwidth problems are real, and caching is important. Unfortunately caches are inherently in conflict with the confidentiality part of security. The cache has to see the response to store it and the cache has to see the request to check the cache. I think the current state of the art is that you can proxy your connection through the cache, if you choose to trust it. This only rules out transparent caches. Designs where either the server or the client has a cache it can trust are workable.
Maybe some day we can use fully homomorphic encryption databases to create caches that don't break the confidentiality guarantees, but that's strictly research material today.
3) Automatic ability to identify you uniquely when using a service
I'm not sure what you're thinking of here? What unique identifier does TLS have that HTTP doesn't? I would expect that encrypting more data means that there's less to use to fingerprint a client?
4) Requires CA (Let's Encrypt helps, but modern HTTPS really does not promise who is on the other end anymore)
6) Most of the "attacks" described could just as easily happen via malware, which is still an issue. This removes only one attack vector and even then incompletely (leading to false sense of security, see 4).Ah, I see. It's a waste of effort to work on curing cancer because people can still die of AIDS. Even in the field of computer security, we can separate problems and solve them independently, even when there are other vectors that cause the same symptom.
If you think that CAs don't promise who's on the other end, I encourage you to demonstrate by standing up a server that responds with a valid cert for gmail.com. CAs are far from perfect, but they're also far from HTTP. There's policy enforced through audits (and even auditors can be distrusted, third point), and more recently there's technical enforcement too. If you make a gmail.com cert you either don't upload it to the CT log
-
Re:Shadow DOM is a W3C standard
This is a non-story. They wanted to move Youtube onto Polymer sooner so they did it before Polymer supported a higher version of Shadow DOM than the v0. A good move to be ready for the next version. Chances are good a new version of Polymer will be out before 2019, since it relies on an API that is going away.
Firefox is blowing it out of proportion simply to get people to ignore the "v0" in the equation. Firefox has been working on adding Shadow DOM support for 3 years and still aren't there yet.
-
Re:Shadow DOM is a W3C standard
This appears to be correct. Mozilla are in the middle of implementing Shadow DOM and there's an about:config flag you can flip to turn it on (although whether that means Youtube will automatically start using it is another question, most websites go by browser ID rather than probing for features alas.)
The notion this is tied to "version 0" is the bit that I don't get about the summary. It doesn't matter what version of Shadow DOM is targeted by Youtube, none of the major browsers except Chrome supports it right now.
On that basis, I'd say "Google making use of a good new standard that they happen to support but other browser makers haven't gotten around to yet, with a safe workaround for browsers that don't support it" is hardly the anticompetitive act the summary makes it out to be. I'd expect websites, be they Google or anyone else, to do the same thing.
-
Re: Shadow DOM is a W3C standard
More fully,
Shadow DOM supported by default in Chrome and Opera. Firefox is very close; they are currently available if you set the preferences dom.webcomponents.enabled and dom.webcomponents.shadowdom.enabled to true. Firefox's implementation is planned to be enabled by default in version 63. Safari supports shadow DOM already, and Edge is working on an implementation as well.
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_shadow_DOM
-
Re:No autoplay, period.
>"I've had the following two settings set in Firefox ever since I discovered them and I never get autoplaying media:"
And I tried those on and off for many months and discovered that although they stop just as much autoplay as the addon does, they also blocked many sites from EVER working with ANY media. One good example (among many I discovered) was Spotify, which became unusable.... not the case with the addon. And no, I didn't keep a list of the dozens of other important places that stopped working because others were doing so in many Mozilla bug reports such as:
https://bugzilla.mozilla.org/s...
1400625
1313233
1231886
1433987
1433987
etc -
Re:Bug 1325692 still blocks Keybinder
It works on Windows and macOS. It doesn't work on Linux.
Is it recommended to run Firefox for Windows in Wine on Linux?
If this deeply matters to you then you should get involved with the bug you mentioned and help implement it. Why don't you do that?
Reason 1 of 3: Switching from Firefox ESR 52 doesn't matter enough to me to devote 30 GB of drive space on my primary PC (source).
Reason 2 of 3: My primary PC is already maxed out at 4 GB of RAM, one 2 GB stick in each of its 2 slots, and switching from Firefox ESR 52 doesn't matter enough to me to sit through hours of thrashing swap.
Reason 3 of 3: Switching from Firefox ESR 52 doesn't matter enough to me to quit my day job to free up enough time to learn my way around the Firefox code base. -
Re:Bug 1325692 still blocks Keybinder
So use this add-on. It works on Windows and macOS. It doesn't work on Linux. But again, it only has 2,308 users. Let's pretend that if it did work on Linux, the user count would increase by 50%. So you're asking Mozilla to stop the world for the sake of 1,154 users. It just doesn't seem practical.
If this deeply matters to you then you should get involved with the bug you mentioned and help implement it. Why don't you do that? It's a nice, targeted project with a clear beginning and end. -
Re:Video pop-outs?
>"What's the easiest way to block the auto pop-out of videos when you scroll down? Whoever came up with that needs to be drug out back..."
Oh, indeed. It is like, "Let's do the most annoying thing we can think of to users- autoplay video"! "Oh drat, that is not annoying ENOUGH, so let's make it FOLLOW the user down the page!" What a great idea! Next up, autoplaying video AS A BACKGROUND?
This is as close as I can get to effectively dealing with it right now...
https://addons.mozilla.org/en-... -
Re:Bug 1325692 still blocks Keybinder
That's a big "nearly"
It's a small nearly. There are 14,862 users of Keybinder. Why should all the other improvements be delayed for one feature used by a small number of people?
-
Bug 1325692 still blocks Keybinder
I use a lot of strange addons, and nearly every one was available immediately or just a few months after the switchover.
That's a big "nearly". There's no counterpart to Keybinder for Firefox 57 and later, and there won't be until bug 1325692 is fixed.
-
No autoplay, period.
Muting audio is not enough. It shouldn't play video AT ALL. Video and animation, audible or not, is still extremely irritating, distracting, and consumes copious amount of bandwidth and CPU, and thus power and battery. And all that slows further rendering and makes using slower/older machines that much more painful. And on multiuser systems, it affects other people and processes, too (yes, I know that is rare nowadays, but I deal with it all the time on big systems, and remote viewing and remote X sessions).
If you want something MUCH better and RIGHT NOW, see this addon: https://addons.mozilla.org/en-...
It hasn't been updated recently, and has some flaws, but it beats the hell out of anything else I can come up with right now. Works well most of the time.
I really wish we could stop all the annoying animation and scrolling/fading/creeping crap on sites, too. And no, disabling javascript is no longer an option.
-
Re:You know
They already did this 5 years ago and just removed it last year.
I removed it immediately.
-
Re:You know
They already did this 5 years ago and just removed it last year.
I removed it immediately.
-
Re:Why hardcode the look?
And in that regard I would much rather have a proper hierarchical grouping of tabs that makes efficient use of screen real estate.
Have you tried Tree Style Tab in Firefox? Much more useful than the horizontal tab strip browsers offer by default.
-
Re:You know
They already did this 5 years ago and just removed it last year.
-
Re:You know
They already did this 5 years ago and just removed it last year.
-
Re:Why does Slashdot link to Popular Mechanics?
With Firefox Quantum and uBlock Origin add-on I am able to view https://www.popularmechanics.c..., including the linked article, without seeing any ads. What browser and adblocker are you using?
-
Re:Xiph's Daala.
Mozilla employs people from Xiph such as Chris Montgomery, Timothy Terriberry, Jean-Marc Valin, and Thomas Daede. I don't think paying the bills is laughable. Mozilla has funded development of Opus, Daala, and AV1.
If it helps, here's a recent blog post from Chris Montgomery on AV1's contstrainted directional enhancement filter. -
Re:Firefox is best browser
Naw, please don't do this, Firefox.
Leave these features in extensions, where they belong:
https://addons.mozilla.org/en-... -
Re:Firefox is best browser
Naw, please don't do this, Firefox.
Leave these features in extensions, where they belong:
https://addons.mozilla.org/en-... -
Links to about:config settings ???
Please provide links to all of the about:config settings.
I didn't know about these add-ons. Links for Firefox:
Tracking Token Stripper
No Coin
Neat URL
Block ads on your network with Raspberry Pi and pi-hole -
Links to about:config settings ???
Please provide links to all of the about:config settings.
I didn't know about these add-ons. Links for Firefox:
Tracking Token Stripper
No Coin
Neat URL
Block ads on your network with Raspberry Pi and pi-hole -
Links to about:config settings ???
Please provide links to all of the about:config settings.
I didn't know about these add-ons. Links for Firefox:
Tracking Token Stripper
No Coin
Neat URL
Block ads on your network with Raspberry Pi and pi-hole -
Firefox is starting to use Rust
Mozilla is starting to rewrite important parts of Firefox using Rust. I think that once more programmers see how using Rust has let Firefox's devs get to be so much more productive we will start to see other software be written in it, too. I know this might be hard to believe, but I think within the next 10 years we'll see a big push to port the Linux kernel to Rust, and I think it will be fully ported to Rust by 2030, with no C code left at that point.
-
Re:Stylish still exists? We moved on years ago, fa
Are you sure you aren't confusing Stylish with Scriptish?
-
Re:Spot the blame-jumping
Maybe there needs to be some kind of permissions system for extensions so that the user is prompted to grant access to things like history, credentials, form fields, user key-strokes, etc.
There is. That's part of the new extension system. The concept of permissions is fundamentally at odds with the old extensions system and was one of reasons for the new extension system.
Unfortunately, as pointed out elsewhere in this thread, there's no way to implement Stylish such that it doesn't have the rights to leak every URL you visit, since it can just add extra CSS that sends that information back via loading an image on its remote server. Of course, uMatrix or similar could block such a thing, but that's definitely a tool for advanced users.
-
Re:Spot the blame-jumping
the real blame lies squarely with the FF devs.
Wrong.
On what fscking planet is there justification for ALLOWING an extension to access history in the first place?!
For examples, try searching for Firefox extensions involving history.
Maybe there needs to be some kind of permissions system for extensions so that the user is prompted to grant access to things like history, credentials, form fields, user key-strokes, etc. Until there is, understand that you need to trust your extensions just as much as you have to trust the browser itself. This shouldn't be a surprise to anyone.
-
Use Stylus Instead
As the summary notes, stylish has been suspicious for a while. I switched to stylus last time and have been more than happy with it.
-
Re:haha
You can already have this. Wipe your phone and install LineageOS (https://www.lineageos.org/) so that your device is free of all the nasty stock Google shit. Additional software can be found from F-Droid (https://f-droid.org/). There's nowhere near as much as you'd get in the "normal" Google store, but that's one of the prices you pay for safety.
Combine Firefox Mobile (https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/) with either uBlock Origin (https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/) for plain adblocking, or uMatrix (https://addons.mozilla.org/en-US/firefox/addon/umatrix/) if you want a more complete web cleansing solution by basically forcing a whitelist into your browser.
(yes, I want a Librem 5, I've already placed my order)
-
Re:haha
You can already have this. Wipe your phone and install LineageOS (https://www.lineageos.org/) so that your device is free of all the nasty stock Google shit. Additional software can be found from F-Droid (https://f-droid.org/). There's nowhere near as much as you'd get in the "normal" Google store, but that's one of the prices you pay for safety.
Combine Firefox Mobile (https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/) with either uBlock Origin (https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/) for plain adblocking, or uMatrix (https://addons.mozilla.org/en-US/firefox/addon/umatrix/) if you want a more complete web cleansing solution by basically forcing a whitelist into your browser.
(yes, I want a Librem 5, I've already placed my order)
-
Re:Facebook Container
> Have a look at Firefox Multi-Account Containers --
> https://support.mozilla.org/en... -- they allow you to run
> Facebook, your shopping, etc. in separate contexts that
> insulate all cookies, web data, etc. from one another.You could always do that; it's called separate profiles, e.g.
firefox -no-remote -P facebook
firefox -no-remote -P youtubeNo need for add-ons or extra code in the browser. This also works with Pale Moon.