Slashdot Mirror

← Back to Domains

Domain: mozilla.org

Stories and comments across the archive that link to mozilla.org.

Comments · 17,579

  1. Multi-Account Containers in Firefox by tepples · · Score: 3, Informative · on Twitter Kills Its Mac App (betanews.com)

    All of the Twitter clients I have used have pretty good support for multiple Twitter logins. The website has zero such support (unless I've missed something? Would be happy to be proven wrong here).

    If you use Multi-Account Containers, a feature of Mozilla Firefox, any website supports multiple logins. Create a container for accounts related to your brand and another for personal use, and Firefox will track your Twitter cookies separately for tabs belonging to each container. It's not interleaving, but it does let you switch between the two more easily.

    Does Safari support anything similar?

  2. Re:Exploited thru JavaScript by Anonymous Coward · · Score: 2, Informative · on Intel Replaces its Buggy Fix for Skylake PCs (zdnet.com)

    No. JavaScript is a programming language, and can a browser's JavaScript can exploit a PC/Mac/Linux machine, just like any other executable. Firefox has recently issued a fix to partially mitigate of these attacks. I've heard that the hackers are seeking technical blogs on WordPress and other easily hacked CMSs, just so they can install coin mining and other more nefarious JS hacks. I've heard of at least one JS hack that uses Spectre to scan a target devices memory.

    TL;DR Browsers are just as vulnerable to Spectre and Meltdown as executable code. Visiting untrusted sites is almost on the same level as running random executables from the internet.

  3. Re:Sounds fun by Anonymous Coward · · Score: 0 · on Windows 10 Will Soon Get Progressive Web Apps To Boost the Microsoft Store (techradar.com)

    The Node.js runtime has all the same access any native app has, can write and read from your file system, hook to arbitrary dll/dylib/.so libs, network card access, and beyond.

    In a client/server application (web apps and web sites) as described here node.js runs on the application server not the client. Reading and writing to the file system is handled in the same way as it is for web apps using client-side storage APIs like IndexDB.

    How do these "PWAs" hook to arbitrary dll/dylib/.so libs?

  4. Re:No platform-specific code is required? by DavidRawling · · Score: 2 · on Windows 10 Will Soon Get Progressive Web Apps To Boost the Microsoft Store (techradar.com)

    Maybe next time do a ten second Google search before you rant. You'll look better informed (and not foolish). Because, you see, They're part of the HTML5 spec and almost every current browser or platform supports them. But hey - boo Microsoft etc.

  5. Use locally installable technology: LanguageTool by DrYak · · Score: 1 · on A Bug in Browser Extension Grammarly, Now Patched, Could Have Allowed an Attacker To Read Everything Users Wrote Online (gizmodo.com)

    Based on the adverts I've seen for this service, it looks like it is first-and-foremost a browser-based keylogger anyway, with the copy editing features just being the hook to get people to install (and pay?) for the 'service'.

    Yup, I find it personally disturbing that people will let some shady 3rd party unknown server somewhere in Ukraine access (for "proof reading") every single thing they type online.

    You're better off using some technology that can be installed locally (or on your own-controlled servers):

    e.g.: LanguageTool
    - it has a webextension
    - it can be downloaded as a stand-alone version.
    (- and of course, you can point the extension to the URL of your stand-alone server)

    (both of the above are Free/Libre OpenSource Software, so auditable against nefarious code)

  6. Re:Keep them from removing your pet CSS or JS feat by higuita · · Score: 1 · on Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com)

    most people probably do not use any of the 10000 top sites, as that is just a small fraction of all the sites in the internet. Also, how to determine the 10000 top sites? check what IE reports? then it would probably not map what firefox users see, but what IE users see. That info does not show up by magic.

    example: how many people use webm ? is it ok to support that, or is just trash being bundled in the browser? do they use the alternatives to it? or do not use anything? Is feature XYZ slowing down sites? or consuming more ram? have we more crashes since last release?

    if you remove all this, you start developing blindly and then get users to complain that the browser is old, slow, eats too much ram or always crashing

    many of the telemetry they got is in this site: https://telemetry.mozilla.org/ ... you can see it too!

  7. Re:Referrer Header by q4Fry · · Score: 5, Informative · on Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com)

    You beat me to the reply. According to the horse itself, this is in fact precisely what they are doing:

    Starting with Firefox 59, Private Browsing will remove path information from referrer values sent to third parties (i.e. technically, setting a Referrer Policy of strict-origin-when-cross-origin).

    I agree that it should be the default, and (I discovered today), you can set it be in Firefox's about:config by setting network.http.referer.userControlPolicy to 2.

  8. Re:Referrer Header by q4Fry · · Score: 5, Informative · on Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com)

    You beat me to the reply. According to the horse itself, this is in fact precisely what they are doing:

    Starting with Firefox 59, Private Browsing will remove path information from referrer values sent to third parties (i.e. technically, setting a Referrer Policy of strict-origin-when-cross-origin).

    I agree that it should be the default, and (I discovered today), you can set it be in Firefox's about:config by setting network.http.referer.userControlPolicy to 2.

  9. Re:Don't break the referrer by q4Fry · · Score: 1 · on Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com)

    Not only that, if Slashdot had linked the original Firefox blog post instead of the insipid rehash from ZDNet with an auto-playing video, the GP would have seen that they are actually setting the Referrer-Policy to "strict-origin-when-cross-origin" which doesn't affect same-domain referrals unless they downgrade from HTTPS to HTTP.

    Quite frankly, this should be the default already. I have it set that way on all my sites, and today I learned that you can set it client-side on Firefox.

  10. Re:Don't break the referrer by q4Fry · · Score: 1 · on Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com)

    Not only that, if Slashdot had linked the original Firefox blog post instead of the insipid rehash from ZDNet with an auto-playing video, the GP would have seen that they are actually setting the Referrer-Policy to "strict-origin-when-cross-origin" which doesn't affect same-domain referrals unless they downgrade from HTTPS to HTTP.

    Quite frankly, this should be the default already. I have it set that way on all my sites, and today I learned that you can set it client-side on Firefox.

  11. Re:Don't break the referrer by q4Fry · · Score: 1 · on Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com)

    Not only that, if Slashdot had linked the original Firefox blog post instead of the insipid rehash from ZDNet with an auto-playing video, the GP would have seen that they are actually setting the Referrer-Policy to "strict-origin-when-cross-origin" which doesn't affect same-domain referrals unless they downgrade from HTTPS to HTTP.

    Quite frankly, this should be the default already. I have it set that way on all my sites, and today I learned that you can set it client-side on Firefox.

  12. Referrer Header by zenbi · · Score: 1 · on Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com)
    This change is similar to changing the default referrer policy header from no-referrer-when-downgrade to strict-origin-when-cross-origin. (which probably should have been the default anyway)

    Referrer-Policy: strict-origin-when-cross-origin
    Send a full URL when performing a same-origin request, only send the origin of the document to a-priori as-much-secure destination (HTTPS->HTTPS), and send no header to a less secure destination (HTTPS->HTTP).

  13. Re:Thanks but... by tepples · · Score: 1 · on Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com)

    Let me know when key binding support for new-style addons is fixed.

  14. Firefox's other privacy problems need to be fixed. by Anonymous Coward · · Score: 2, Interesting · on Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com)

    Unlike many people, I've actually read Firefox's privacy policy.

    It turns out that Firefox's privacy policy is quite disturbing, especially when considering how often we're told that Firefox supposedly "cares" about our privacy.

    The Firefox privacy policy dated September 28, 2017 makes it clear that Firefox user data can be collected by Firefox and can be sent to various third parties, including Google, some "Adjust" company, some "Leanplum" company, and SalesForce.

    For example, there are very worrying sections like (emphasis has been added):

    Webpage and technical data to Google’s SafeBrowsing service: To help protect you from malicious downloads, Firefox sends basic information about unrecognized downloads to Google's SafeBrowsing Service, including the filename and the URL it was downloaded from.

    and:

    Location data to Google's geolocation service: Firefox always asks before determining and sharing your location with a requesting website (for example, if a map website needs your location to provide directions). To determine location, Firefox may use your operating system’s geolocation features, Wi-fi networks, cell phone towers, or IP address, and may send this data to Google's geolocation service, which has its own privacy policy.

    and:

    On iOS and Android: Firefox by default sends mobile campaign data to Adjust, our analytics vendor, which has its own privacy policy. Mobile campaign data includes a Google advertising ID, IP address, timestamp, country, language/locale, operating system, and app version.

    and:

    On iOS and Android: Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor, which has its own privacy policy.

    and:

    Your email address is sent to our email vendor, SalesForce Marketing Cloud, which has its own privacy policy.

    Some people will foolishly claim that privacy violations like these are "acceptable" because they can supposedly be "disabled".

    No, they're not acceptable at all!

    Intrusive data collection/transmission like this shouldn't have to be disabled; the code implementing this data collection and transmission shouldn't even exist in the first place! There should be nothing to disable because Firefox should not be able to collect this data, and it should not be able to transmit it anywhere.

    Reading Firefox's privacy policy has made me very distrustful of Firefox and Mozilla, and especially of the people who wrongly claim that Firefox somehow "respects its users' privacy".

  15. Re:It won't change unless we resist. by Anonymous Coward · · Score: 0 · on DuckDuckGo CEO: 'Google and Facebook Are Watching Our Every Move Online. It's Time To Make Them Stop' (cnbc.com)

    Ghostery sells your tracking information all the same. You really want uBlock Origin

  16. Re:What is the goal? by Anonymous Coward · · Score: 0 · on Ask Slashdot: How Can I Build a Private TV Channel For My Kids?

    Well personally we didnt let our kids watch videos till they were well into age 2. However i also struggle with this problem.

    I put some nice videos on for him and what ends up happening is that stupid google ends up picking "the axel show" which is just crappy hotwheels product placement garbage, or worse blippy.. Youtube seems to offer no way to outright ban a channel (maybe you have to be logged in), so i am eager to hear other peoples responses to your question here as i have a similar problem.

    I knew i had to do something when i found him one day segmenting his cars into hotwheels and non hotwheels cars (good and bad). His first instance of brand recognition and bias. 100% caused by axel show and some other product ones...

    (just searched around and found this info video https://www.youtube.com/watch?... which allows you to install a browser extension to block channels! https://addons.mozilla.org/en-... ) I think that will work nicely!

  17. Re:Sometimes they don't get in the way by Solandri · · Score: 3, Interesting · on Should Apps Replace Title Bars with Header Bars? (gnome.org)

    The problem is title bars were introduced when 4:3 and 5:4 aspect ratio monitors were the norm. The screen was much closer to a square and so had a lot more vertical space.

    The ubiquity of 16:9 and even 21:9 monitors today means vertical space is a lot more valuable than horizontal space. If 16:9 monitors had been the norm when these UIs were first being developed, I suspect the title bar would've been placed along the left side, not on the top (reversible to the right side for languages written from right to left). I use the Tree-style Tabs extension in Firefox for this reason. Instead of my tabs taking up valuable vertical space, they're shoved off to the side where I have plenty of extra space. (Although Firefox recently moved the tabs into the title bar space. Chrome half-does this too.)

  18. Re:DuckDuckGo's promise by Anonymous Coward · · Score: 0 · on DuckDuckGo App and Extension Upgrades Offer Privacy 'Beyond the Search Box' (theverge.com)

    If you use Tor, stick to Tor Browser's user agent string "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0" and do not change it to else. Do so make you uniquely identifiable. So remove UA switcher.

    uBlock Origin silently poll data in background from raw.githubusercontents.com. Some people asked the dev to fix "phoning home" but was rejected. Use AdblockPlus instead. ABP connect to only filter servers(easylist.to).

    Replace Ghostery to RequestPolicy or 3PRB. The latter support Quantum.

    Isn't "Cookie Autodelete" not work in private mode? If you're not using private mode, you're screwed(really if you are using Tor, you should use private mode).

  19. Re:DuckDuckGo's promise by Anonymous Coward · · Score: 0 · on DuckDuckGo App and Extension Upgrades Offer Privacy 'Beyond the Search Box' (theverge.com)

    If you use Tor, stick to Tor Browser's user agent string "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0" and do not change it to else. Do so make you uniquely identifiable. So remove UA switcher.

    uBlock Origin silently poll data in background from raw.githubusercontents.com. Some people asked the dev to fix "phoning home" but was rejected. Use AdblockPlus instead. ABP connect to only filter servers(easylist.to).

    Replace Ghostery to RequestPolicy or 3PRB. The latter support Quantum.

    Isn't "Cookie Autodelete" not work in private mode? If you're not using private mode, you're screwed(really if you are using Tor, you should use private mode).

  20. Then use Tor. by Anonymous Coward · · Score: 0 · on Is It Time For Zero-Trust Corporate Networks? (csoonline.com)

    Use more Tor's Onion service. See WeSupportTor for an example.
    And stop using centralized services such as Cloudflare.

  21. Implementing motion JPEG in CSS or JS by tepples · · Score: 2 · on PSA: Google Chrome Now Lets You Permanently Mute Websites That Autoplay Videos (independent.co.uk)

    I think Anonymous Coward #56004133's point is that just setting image.animation_mode to once would not stop animation driven by CSS or JavaScript that arranges the frames of an animation as CSS sprites.

    Motion JPEG in JavaScript Arrange the frames as a filmstrip. Then add a script that uses setInterval or requestAnimationFrame to periodically change the background-position of an element that displays a sprited JPEG as its background. Motion JPEG in pure CSS Arrange the frames as a filmstrip, and use a keyframe set and stepped progression to animate the background-position property as described in "CSS Sprite Sheet Animations with steps()" by Guil Hernandez. Try it: Muybridge's galloping horse.
  22. Re:Mute? by markdavis · · Score: 3, Informative · on PSA: Google Chrome Now Lets You Permanently Mute Websites That Autoplay Videos (independent.co.uk)

    >"The cynic in me says that Google is taking money from someone to leave autoplay enabled."

    Agreed. It does make you wonder....

    Now, keep in mind that disabling autoplay completely is actually pretty tricky. Firefox has been working on it, but it keeps breaking certain sites or having unintended actions. The muting part is easy. But we need a REAL fix that gives users full control.

    Searching, I found these:

    https://bugzilla.mozilla.org/s...
    https://bugzilla.mozilla.org/s...

  23. Re:Mute? by markdavis · · Score: 3, Informative · on PSA: Google Chrome Now Lets You Permanently Mute Websites That Autoplay Videos (independent.co.uk)

    >"The cynic in me says that Google is taking money from someone to leave autoplay enabled."

    Agreed. It does make you wonder....

    Now, keep in mind that disabling autoplay completely is actually pretty tricky. Firefox has been working on it, but it keeps breaking certain sites or having unintended actions. The muting part is easy. But we need a REAL fix that gives users full control.

    Searching, I found these:

    https://bugzilla.mozilla.org/s...
    https://bugzilla.mozilla.org/s...

  24. Re: Chrome keeps improving. Firefox keeps stagnati by theweatherelectric · · Score: 1 · on Chrome 64 Released With Stronger Popup Blocker, Spectre Mitigations (bleepingcomputer.com)

    NoScript for one

    NoScript works in Firefox 57+. Giorgio Maone, the author of NoScript, says Firefox's add-ons API is the best of any current browser. So that one's solved for you.

  25. Re:Chrome keeps improving. Firefox keeps stagnatin by theweatherelectric · · Score: 1 · on Chrome 64 Released With Stronger Popup Blocker, Spectre Mitigations (bleepingcomputer.com)

    Firefox is somehow "faster"

    It sure is. Try turning on Firefox's Tracking Protection. Set it to "always" and you will halve your average page load time.

  26. Ubufox and Keybinder by tepples · · Score: 1 · on Chrome 64 Released With Stronger Popup Blocker, Spectre Mitigations (bleepingcomputer.com)

    Two extensions that I have used have not been ported. One was not ported because it depends on legacy APIs known to lack a counterpart in WebExtensions.

    Keybinder This allows disabling the Ctrl+Q keyboard shortcut for Quit, which is too easy for a user to hit accidentally while reaching for Ctrl+W or Ctrl+Tab. Restore Previous Session fails to restore some forms, particularly Slashdot D2 comment forms. A replacement for Keybinder is pending the resolution of bug 1325692 in BMO. The README file in its source code states that its maintainer abandoned the project over the lack of a counterpart to XUL keysets. Ubufox This notifies the user when the APT package manager has upgraded Firefox, so that the user can plan a restart for when no unrestorable forms remain open. In theory, bug 1364978 in BMO and bug 1711778 in Launchpad would track porting Ubufox to WebExtensions, but I don't see 1364978 depending on other bugs.
  27. Ubufox and Keybinder by tepples · · Score: 1 · on Chrome 64 Released With Stronger Popup Blocker, Spectre Mitigations (bleepingcomputer.com)

    Two extensions that I have used have not been ported. One was not ported because it depends on legacy APIs known to lack a counterpart in WebExtensions.

    Keybinder This allows disabling the Ctrl+Q keyboard shortcut for Quit, which is too easy for a user to hit accidentally while reaching for Ctrl+W or Ctrl+Tab. Restore Previous Session fails to restore some forms, particularly Slashdot D2 comment forms. A replacement for Keybinder is pending the resolution of bug 1325692 in BMO. The README file in its source code states that its maintainer abandoned the project over the lack of a counterpart to XUL keysets. Ubufox This notifies the user when the APT package manager has upgraded Firefox, so that the user can plan a restart for when no unrestorable forms remain open. In theory, bug 1364978 in BMO and bug 1711778 in Launchpad would track porting Ubufox to WebExtensions, but I don't see 1364978 depending on other bugs.
  28. Re:Please read Firefox's privacy policy. It's scar by JMJimmy · · Score: 1 · on Firefox 58 Gets Graphics Speed Boost, Web App Abilities (cnet.com)

    From the horse's mouth: https://bugzilla.mozilla.org/s...

    The question is, why is Firefox continuing to collect telemetry data when explicitly told not to?

    The frontend calls Services.telemetry APIs unconditionally, but they won't send data if you've opted out.

  29. Re:No, thanks by theweatherelectric · · Score: 1 · on Firefox 58 Gets Graphics Speed Boost, Web App Abilities (cnet.com)

    The add-on is not supported for Firefox 57 and above

    They have a Chrome version. If they want to support Firefox 57 and above they could just port the Chrome version to Firefox.

  30. Re:Palemoon / Waterfox / etc by theweatherelectric · · Score: 2 · on Firefox 58 Gets Graphics Speed Boost, Web App Abilities (cnet.com)

    Firefox 52+ were the finishing touches to it.

    No, there have been further performance improvements since 52. Try this simple example of the improvement in WebAssembly complication times.

    In WaterFox 56.0.3 the highest result I got was: WebAssembly.instantiate took 1369.3 ms (9 MB/s)
    In Firefox 58.0 the lowest result I got was: WebAssembly.instantiate took 222.5 ms (55.6 MB/s)

    Waterfox will continue to fall behind as new Firefox releases come out. Eventually Waterfox will have to bite the bullet and rebase on whatever the latest Firefox is at that time.

  31. Re:Lovely. Now fix the d@mned tab bar... by MiniMike · · Score: 1 · on Firefox 58 Gets Graphics Speed Boost, Web App Abilities (cnet.com)

    See if your extensions work under Firefox ESR, it's at version 52.6.0. This version is supposed to include updates to mitigate Spectre. I'm using it now, none of the extensions I use have had problems.

  32. Please read Firefox's privacy policy. It's scary. by Anonymous Coward · · Score: 1 · on Firefox 58 Gets Graphics Speed Boost, Web App Abilities (cnet.com)

    I recommend that you read Firefox's privacy policy. Its "privacy controls", as you put it, are quite suspect.

    The Firefox privacy policy dated September 28, 2017 clearly indicates that it can/will send data to Mozilla, along with third parties like Google, Adjust, SalesForce, and Leanplum:

    Webpage and technical data to Google’s SafeBrowsing service: To help protect you from malicious downloads, Firefox sends basic information about unrecognized downloads to Google's SafeBrowsing Service, including the filename and the URL it was downloaded from.

    Location data to Google's geolocation service: Firefox always asks before determining and sharing your location with a requesting website (for example, if a map website needs your location to provide directions). To determine location, Firefox may use your operating system’s geolocation features, Wi-fi networks, cell phone towers, or IP address, and may send this data to Google's geolocation service, which has its own privacy policy.

    On iOS and Android: Firefox by default sends mobile campaign data to Adjust, our analytics vendor, which has its own privacy policy. Mobile campaign data includes a Google advertising ID, IP address, timestamp, country, language/locale, operating system, and app version.

    Firefox Account data: Mozilla receives your email address and a hash of your password when you create a Firefox Account. You can choose to include a display name or profile image. Your email address is sent to our email vendor, SalesForce Marketing Cloud, which has its own privacy policy.

    On iOS and Android: Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor, which has its own privacy policy.

    It doesn't matter if such data collection and transmission can "potentially" be disabled.

    If Firefox's developers really gave a damn about Firefox's users' privacy, then Firefox wouldn't even include any support for any of that tracking and sending of private data to third parties. There'd be nothing to disable, as the code implementing such tracking and data transmission shouldn't even exist in Firefox!

  33. Firefox runs my machine at high load by vossman77 · · Score: 1 · on Firefox 58 Gets Graphics Speed Boost, Web App Abilities (cnet.com)

    I doubt the fixed it, but the new Quantum "faster" Firefox was really dragging down my system. At first, I thought some malicious add-on was mining cryptocurrency on my machine. But it turns out Firefox was just spawning orphan processes. I found the fix at the link below, which is basically to disable multi-threading in Firefox.

    Multiple Firefoxes in the background, exiting the program doesn't clear them up. They persist.

    I am still missing a few of my favorite add-ons as well. The bulk download manager DownThemAll was great, but it sounds like Firefox does not want that functionality, so no add-on has yet to be as useful.

  34. Firefox runs my machine at high load by vossman77 · · Score: 1 · on Firefox 58 Gets Graphics Speed Boost, Web App Abilities (cnet.com)

    I doubt the fixed it, but the new Quantum "faster" Firefox was really dragging down my system. At first, I thought some malicious add-on was mining cryptocurrency on my machine. But it turns out Firefox was just spawning orphan processes. I found the fix at the link below, which is basically to disable multi-threading in Firefox.

    Multiple Firefoxes in the background, exiting the program doesn't clear them up. They persist.

    I am still missing a few of my favorite add-ons as well. The bulk download manager DownThemAll was great, but it sounds like Firefox does not want that functionality, so no add-on has yet to be as useful.

  35. How to avoid Facebook tracking you everywhere. by Futurepower(R) · · Score: 1 · on Facebook Is a 'Living, Breathing Crime Scene,' Says Former Tech Insider (nbcnews.com)

    "... *everybody* has a Facebook account, whether they want it or know about [it]."

    True, and in my opinion, extremely undesirable.

    If you use Firefox, for example, you can use Firefox Facebook Blocker. See "WHY FACEBOOK BLOCKER?" at that link.

    And NoScript.

  36. How to avoid Facebook tracking you everywhere. by Futurepower(R) · · Score: 1 · on Facebook Is a 'Living, Breathing Crime Scene,' Says Former Tech Insider (nbcnews.com)

    "... *everybody* has a Facebook account, whether they want it or know about [it]."

    True, and in my opinion, extremely undesirable.

    If you use Firefox, for example, you can use Firefox Facebook Blocker. See "WHY FACEBOOK BLOCKER?" at that link.

    And NoScript.

  37. Re:This press release is garbage by roca · · Score: 2 · on Mozilla Restricts All New Firefox Features To HTTPS Only (bleepingcomputer.com)

    Mozilla developers like Anne know more about browser development than you do.

    In Gecko, restricting new DOM APIs to secure contexts is simply a matter of adding an attribute to the WebIDL:
    https://github.com/mozilla/gec...

    Probably something similar will be added to the CSS property list.

    There is also a single method you can call on the internal interface of a 'window' object to determine if you're in a secure context.
    https://dxr.mozilla.org/mozill...

    Selective disabling of new features is already standard practice. New features are almost always guarded by hidden preferences so they can be safely disabled just before release if a showstopper bug turns up, or so that they can be incrementally worked on over multiple releases without being shipped in a half-done state.

    There's very little extra work required here.

  38. Mozilla refused to fix MITM by Anonymous Coward · · Score: 0 · on Mozilla Restricts All New Firefox Features To HTTPS Only (bleepingcomputer.com)

    And Mozilla refused to fix HTTPS MITM.

  39. Router, printer, NAS, and other FQDNless devices by tepples · · Score: 1 · on Mozilla Restricts All New Firefox Features To HTTPS Only (bleepingcomputer.com)

    Theres no cost any more to getting an TLS cert

    Yes there is. You need a domain, for instance, and it has to be a fully qualified domain name (FQDN), not something like .local from mDNS or .internal from a private DNS server. For example, what would the FQDN of the configuration page of the router, printer, or NAS on your LAN be? Mozilla acknowledged the difficulty of securing such nameless devices on the LAN in "Deprecating Non-Secure HTTP Frequently Asked Questions":

    Q. What about my home router? Or my printer?

    The challenge here is not that these machines can't do HTTPS, it's that they're not provisioned with a certificate. A lot of times, this is because the device doesn't have a globally unique name, so it can't be issued a certificate in the same way that a web site can. There is a legitimate need for better technology in this space, and we're talking to some device vendors about how to improve the situation.

    It should also be noted, though, that the gradual nature of our plan means that we have some time to work on this. As noted above, everything that works today will continue to work for a while, so we have some time to solve this problem.

    But since May 2015, when Mozilla published this FAQ, I haven't seen it endorse a solution.

    The indieweb people seem to think every householder ought to buy (and continue to renew) a personal domain from a commercial domain registrar. I guess the owner of such a personal domain could allot subdomains of that domain for devices on his own home network and use the DNS challenge of Let's Encrypt to obtain certificates for these devices. Is this practical for most people?

  40. Re:What a clusterfuck by _xeno_ · · Score: 1 · on Erroneous 'Spam' Flag Affected 102 npm Packages (npmjs.org)

    To be fair, the ability to left pad a string was only added to the JavaScript standard last year. Although Array.isArray has existed for quite a while now.

    As for why you need a special function to determine if something is an array, MDN links to this article.

    Note that one context in which you will never need to use Array.isArray over instanceof Array is inside a Node.js program, as it doesn't run in a browser context.

    Although even then, isArray probably doesn't work the way most people would expect: certain "array-like" things aren't arrays, such as arguments. JavaScript is fun.

  41. Re:What a clusterfuck by _xeno_ · · Score: 1 · on Erroneous 'Spam' Flag Affected 102 npm Packages (npmjs.org)

    To be fair, the ability to left pad a string was only added to the JavaScript standard last year. Although Array.isArray has existed for quite a while now.

    As for why you need a special function to determine if something is an array, MDN links to this article.

    Note that one context in which you will never need to use Array.isArray over instanceof Array is inside a Node.js program, as it doesn't run in a browser context.

    Although even then, isArray probably doesn't work the way most people would expect: certain "array-like" things aren't arrays, such as arguments. JavaScript is fun.

  42. Re:My plug ins work by Motherfucking+Shit · · Score: 0 · on Opinion: Chrome is Turning Into the New Internet Explorer 6 (theverge.com)

    Well, here's my mileage:

    These aren't all show-stoppers, but they define how I use Firefox. I spend at least 8 hours a day at a computer, much of it in a browser. Over the years I've tailored my environment to best suit my needs, my productivity, my usage patterns. The ability to heavily customize the browser's interface and behavior was the whole point of Firefox. Unfortunately, much of that capability died with the move to WebExtensions.

  43. Re:My plug ins work by Motherfucking+Shit · · Score: 0 · on Opinion: Chrome is Turning Into the New Internet Explorer 6 (theverge.com)

    Well, here's my mileage:

    These aren't all show-stoppers, but they define how I use Firefox. I spend at least 8 hours a day at a computer, much of it in a browser. Over the years I've tailored my environment to best suit my needs, my productivity, my usage patterns. The ability to heavily customize the browser's interface and behavior was the whole point of Firefox. Unfortunately, much of that capability died with the move to WebExtensions.

  44. Re:My plug ins work by Motherfucking+Shit · · Score: 0 · on Opinion: Chrome is Turning Into the New Internet Explorer 6 (theverge.com)

    Well, here's my mileage:

    These aren't all show-stoppers, but they define how I use Firefox. I spend at least 8 hours a day at a computer, much of it in a browser. Over the years I've tailored my environment to best suit my needs, my productivity, my usage patterns. The ability to heavily customize the browser's interface and behavior was the whole point of Firefox. Unfortunately, much of that capability died with the move to WebExtensions.

  45. Re:My plug ins work by Motherfucking+Shit · · Score: 0 · on Opinion: Chrome is Turning Into the New Internet Explorer 6 (theverge.com)

    Well, here's my mileage:

    These aren't all show-stoppers, but they define how I use Firefox. I spend at least 8 hours a day at a computer, much of it in a browser. Over the years I've tailored my environment to best suit my needs, my productivity, my usage patterns. The ability to heavily customize the browser's interface and behavior was the whole point of Firefox. Unfortunately, much of that capability died with the move to WebExtensions.

  46. Re:My plug ins work by Motherfucking+Shit · · Score: 0 · on Opinion: Chrome is Turning Into the New Internet Explorer 6 (theverge.com)

    Well, here's my mileage:

    These aren't all show-stoppers, but they define how I use Firefox. I spend at least 8 hours a day at a computer, much of it in a browser. Over the years I've tailored my environment to best suit my needs, my productivity, my usage patterns. The ability to heavily customize the browser's interface and behavior was the whole point of Firefox. Unfortunately, much of that capability died with the move to WebExtensions.

  47. Re:My plug ins work by Motherfucking+Shit · · Score: 0 · on Opinion: Chrome is Turning Into the New Internet Explorer 6 (theverge.com)

    Well, here's my mileage:

    These aren't all show-stoppers, but they define how I use Firefox. I spend at least 8 hours a day at a computer, much of it in a browser. Over the years I've tailored my environment to best suit my needs, my productivity, my usage patterns. The ability to heavily customize the browser's interface and behavior was the whole point of Firefox. Unfortunately, much of that capability died with the move to WebExtensions.

  48. Re:My plug ins work by Motherfucking+Shit · · Score: 0 · on Opinion: Chrome is Turning Into the New Internet Explorer 6 (theverge.com)

    Well, here's my mileage:

    These aren't all show-stoppers, but they define how I use Firefox. I spend at least 8 hours a day at a computer, much of it in a browser. Over the years I've tailored my environment to best suit my needs, my productivity, my usage patterns. The ability to heavily customize the browser's interface and behavior was the whole point of Firefox. Unfortunately, much of that capability died with the move to WebExtensions.

  49. Re:My plug ins work by Motherfucking+Shit · · Score: 0 · on Opinion: Chrome is Turning Into the New Internet Explorer 6 (theverge.com)

    Well, here's my mileage:

    These aren't all show-stoppers, but they define how I use Firefox. I spend at least 8 hours a day at a computer, much of it in a browser. Over the years I've tailored my environment to best suit my needs, my productivity, my usage patterns. The ability to heavily customize the browser's interface and behavior was the whole point of Firefox. Unfortunately, much of that capability died with the move to WebExtensions.

  50. Re:My plug ins work by Motherfucking+Shit · · Score: 0 · on Opinion: Chrome is Turning Into the New Internet Explorer 6 (theverge.com)

    Well, here's my mileage:

    These aren't all show-stoppers, but they define how I use Firefox. I spend at least 8 hours a day at a computer, much of it in a browser. Over the years I've tailored my environment to best suit my needs, my productivity, my usage patterns. The ability to heavily customize the browser's interface and behavior was the whole point of Firefox. Unfortunately, much of that capability died with the move to WebExtensions.