Slashdot Mirror

Installed the update and it didn't turn my laptop into a smoking crater on my desk; so far, so good..

Are you on Windows 7 with IE 10 installed? Or Windows 8.1?

Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1

It boggles my mind that they released the browser with this bug unresolved. Almost 500 comments on the Bugzilla entry and the end result was "ship it!" I mean, look at some of these screenshots:

https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=682682
https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=735090
https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=797936
https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=720401

Who gives a damn if a large number of users can't even read the text on a page because, OMG!, we've just gotta have an HTML5 volume control! Someone probably should mention to Mozilla that just ripping off Chrome's look and release cycle doesn't really work if you don't also have Google's engineering and QA teams.

I don't think we need any more evidence that nobody is left steering the Firefox ship these days besides the cabin boy "designers".

Installed the update and it didn't turn my laptop into a smoking crater on my desk; so far, so good..

Are you on Windows 7 with IE 10 installed? Or Windows 8.1?

Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1

It boggles my mind that they released the browser with this bug unresolved. Almost 500 comments on the Bugzilla entry and the end result was "ship it!" I mean, look at some of these screenshots:

https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=682682
https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=735090
https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=797936
https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=720401

Who gives a damn if a large number of users can't even read the text on a page because, OMG!, we've just gotta have an HTML5 volume control! Someone probably should mention to Mozilla that just ripping off Chrome's look and release cycle doesn't really work if you don't also have Google's engineering and QA teams.

I don't think we need any more evidence that nobody is left steering the Firefox ship these days besides the cabin boy "designers".

Installed the update and it didn't turn my laptop into a smoking crater on my desk; so far, so good..

Are you on Windows 7 with IE 10 installed? Or Windows 8.1?

Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1

It boggles my mind that they released the browser with this bug unresolved. Almost 500 comments on the Bugzilla entry and the end result was "ship it!" I mean, look at some of these screenshots:

https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=682682
https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=735090
https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=797936
https://bug812695.bugzilla.mozilla.org/attachment.cgi?id=720401

Who gives a damn if a large number of users can't even read the text on a page because, OMG!, we've just gotta have an HTML5 volume control! Someone probably should mention to Mozilla that just ripping off Chrome's look and release cycle doesn't really work if you don't also have Google's engineering and QA teams.

I don't think we need any more evidence that nobody is left steering the Firefox ship these days besides the cabin boy "designers".

If you currently have automatic updates on, this release of Firefox is the one where you probably want to turn them off.

You would be INSANE TO DO THIS. Ask any security guru about holes. Firefox 3.6 has +100 exploits! Think about that one when tempted to go back to the old good old days?

Here is what I use aka ESR release which gets updated only once a year. But for regular viewing I have upgraded to Chrome. FF is for corporate sites these days and firebug. Though it has improved vastly and plugins do not break as much like they used too.

Chrome and IE 9+ (no you did not misread that), both have multiprocess models and lowrights mode in WIndows 7 and higher. They are modern in that all cpus are used for each tab. One bad site wont take down the rest of your 60. It means increased security as privilege escalations are issues with firefox even with a standard user. I like the fact that my 2010 era cpu which is a 6 core phenom II can distribute loads since it is aging but can scale well. Firefox is getting slower on it as a result, chrome and IE both can distribute the loads on all cores.

There is adblock plus for IE now too and it has been in Chrome for ages.

Until Firefox gets modern I will stay away. It is old and out of date. Yes they add element support for newer things but the rendering engine, memory, security, and even the plugins are not modern.

It's 2014 and you're still using flash on youtube? Why the hell?

youtube.com/html5

Ew. That html5 mode is a "trial" that I consider a buggy alpha.

Lots of youtube videos will just fail, and dutifully remind you download flash. Most industry-backed and homepage-featured content wants to force the adertisement API on you, which only works on flash. Status quo for years. So if you join that trial and want US content not made by your cousin, or anything with copyrighted background music accidentally sprinkled in, google will try to monetize ads... and you'll be seeing those static-filled error messages about upgrading to flash.
I recommend the video without flash extension on FF
It is buggy too (ALT+W to trigger if you don't see video load), but issues are fewer than by html5 alone. So turn off flash fully and set it to autoparse on each page load via its options pref screen. Downside seems to be:

FF only
Fullscreen is gray (broken videos)
Anything without video sources available in libre formats will only work as a orced non-streamed file download, and h264-mp4 and flv are pretty common. html5 still has a long way to go, and google won't consider it ready until it can monetize ads with it.

Another workaround used to be setting iPhone and iPad user agent strings, but I failed to get that to work today.

@-moz-document domain(www.google.com) {
li.ads-ad{
display: none;
}
}

Firefox is an app that runs on XULRunner. XULRunner uses no native widgets, it has its own widget set and its own interface definition language, XUL. Firefox's entire user interface is written in XUL. The widget set in code is the same for OSX, Windows, Linux, Solaris, and whatever else it runs on.

The interface only looks different between windows and linux or mac because the default CSS theme for the application is auto detected and selected at startup so the widgets 'look and feel' native, but again - they aren't.

You can make the widgets look like any OS you want, make it act a lot like most other OSes as well, though some functionality is different such as the file open dialogs and such, which I guess you can count as 'widgets', which are actually native depending on OS/features.

At Mozilla, there is only XUL - http://www.mozilla.org/keymast...

Seriously though - http://en.wikipedia.org/wiki/X...

there are very, very few applications that could possibly warrant the development of a new widget set, but that a web browser is certainly among them.

There is only XUL.

The JIT engine in Firefox's JavaScript runtime has had problems with SELinux in the past (bug 506693, found via Google firefox jit).

You're in luck. The Nexus S is a 'tier 2' device that Mozilla staff used as a development target:

https://developer.mozilla.org/...

Unfortunately WebP isn't all that good for a next-gen format.
http://people.mozilla.org/~jos...

Is there any way to detect this server-side?

Yes, and no.. Its detectable client side with javascript on certain browsers. You could then post the information back to your server and blacklist/whatever the resulting IP (likely behind NAT which would then affect the browsers that you cannot detect it on).

For examples with firefox see:

https://developer.mozilla.org/...

The resistance to support WebP in Mozilla seems to be more politically motivated than technical.

Why not add JPEG-XR as well?

https://en.wikipedia.org/wiki/JPEG_XR

"JPEG XR[3] (abbr. for JPEG extended range[4]) is a still-image compression standard and file format for continuous tone photographic images, based on technology originally developed and patented by Microsoft..."

Keyword in bold. Still, a very nice format.

tl;dr, Firefox is MPL.

The resistance to support WebP in Mozilla seems to be more politically motivated than technical.

AMEN!!!! WebP is modern. JPEG, GIF and PNG are all older than most pop stars. Why do we use the image compression equivalent of MPEG1 still?

Seriously, this is so dumb. I continue using Firefox for two specific reasons (tagged bookmarks and Pentadactyl) but Vimperator and Pocket are making Chrome more tempting. I choose WebP (using the official encoder I build directly from Google's repository) for my online photo storage. Decades of photos and scans I would estimate occupy about 1/8th the space of JPEG with little perceptual difference. WebP really shines on very clean, noise-free images and occasionally I'll have 5 megapixel images compress down to under 200kb (variable block compression, it's the 21st century.

Few points about WebP. It might be nice for Google to fix encoder crashes with extremely large images, and maybe improve that GIF2WEB converter.

It is nice that Google provides an installer that makes Windows transparently handle WebP. Would love to see better support for it in KDE apps.

The resistance to support WebP in Mozilla seems to be more politically motivated than technical.

Why not add JPEG-XR as well?

https://en.wikipedia.org/wiki/JPEG_XR

The resistance to support WebP in Mozilla seems to be more politically motivated than technical.

Tough to detect with MOST browsers. They don't report cert chaining in a way that's useful for this. You COULD check the trust chain everytime you HTTPS. Firefox has the Lock icon to click. Same for Safari.

There are plugins for Firefox that alleviate this:

An indicator of changes in chain-of-trust, etc.
https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/

https://addons.mozilla.org/en-US/firefox/addon/perspectives/ Way cool "web-of-trust" validation infrastructure, with more info here:
http://perspectives-project.org/
http://perspectives-project.org/firefox/

People STILL ask me why I don't use Chrome or Surfari...

Additionally? Modify your workstations settings to use an authoritative external DNS server. OpenDNS is good... enough. Or your ISP servers from home. Then? Use TOR to browse. Be careful with your bank! They may close web-access to your account if TOR has it appear that you log in from Switzerland and Iceland!

These are not the best counter measures, and don't handle every case. TOR relies on SSL - but on a proxy-port, not 80, so usually outside the scope of these gateways. Depending how your company has it's CA published, they may still look "right" when using external DNS lookups, too.

Tough to detect with MOST browsers. They don't report cert chaining in a way that's useful for this. You COULD check the trust chain everytime you HTTPS. Firefox has the Lock icon to click. Same for Safari.

There are plugins for Firefox that alleviate this:

An indicator of changes in chain-of-trust, etc.
https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/

https://addons.mozilla.org/en-US/firefox/addon/perspectives/ Way cool "web-of-trust" validation infrastructure, with more info here:
http://perspectives-project.org/
http://perspectives-project.org/firefox/

People STILL ask me why I don't use Chrome or Surfari...

Additionally? Modify your workstations settings to use an authoritative external DNS server. OpenDNS is good... enough. Or your ISP servers from home. Then? Use TOR to browse. Be careful with your bank! They may close web-access to your account if TOR has it appear that you log in from Switzerland and Iceland!

These are not the best counter measures, and don't handle every case. TOR relies on SSL - but on a proxy-port, not 80, so usually outside the scope of these gateways. Depending how your company has it's CA published, they may still look "right" when using external DNS lookups, too.

This list is part of a much longer list that I maintain and sometimes publish.

* 7-ZIP -- Create/Extra ZIP and many other other file compression formats, very powerful. Note can open some installer EXE and MSI files (see Microsoft Orca for more MSI options) (free, open source, Windows, there may be Linux/Mac variants). http://www.7-zip.com/

* CCleaner -- System optimization, privacy and cleaning tool. (free, closed source, Windows) http://www.ccleaner.com/ **Alternate Tool** BleachBit -- Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. (free, open source Linux/Windows) http://bleachbit.sourceforge.n...

* Greenshot -- Good Screen Shot tool with simple annotation options. (free, open source, Windows) http://greenshot.sourceforge.n...

* IrfanView -- Image Program View, convert, crop, optimize, sideshow, batch Processing etc (free noncommercial, closed source, Windows) http://www.irfanview.com/

Instantbird -- Multi Protocol Instant Messaging (IM) Client - AOL, MSM, Yahoo, etc (free, open source, Linux/Mac/Windows) **Alternate Tool** Pidgin - Multi Protocol Instant Messaging (IM) Client - AOL, MSM, Yahoo, etc (free, open source, Linux/Mac/Windows) http://pidgin.im/

* KeePass Password Safe -- Good Quality secure password manager, stores passwords encrypted. (free, open source, Windows Linux/Mac with Mono) http://keepass.info/

* LibreOffice -- Power-packed Open Source personal productivity suite for Windows, Macintosh and Linux, that gives you six feature-rich applications for all your document production. Excellent replacement for other Office Suites, can open many different and sometimes odd file types -- (free, open source, Linux/Mac/Windows) http://www.libreoffice.org/

* Mozilla.org FireFox -- Web browser for more security then Internet Explore (free, open source, Linux/Mac/Windows) http://www.mozilla.com/ http://www.mozilla.org/

* SpeedCrunch -- fast, high-precision and powerful cross-platform desktop calculator (free, open source, Linux/Mac/Windows) http://www.speedcrunch.org/ & http://speedcrunch.blogspot.co...

* UltraEdit -- Probably the absolute best most powerful text editors around, edit huge files, FTP, column mode, and more (shareware, closed source, Win/Mac/Linux) http://www.ultraedit.com/ **Alternate Tool** Noteppad++ -- Good Text / Source Code Editor replacement for Microsoft Windows Notepad/Wordpad (free, open source) http://notepad-plus.sourceforg...

* VLC Media Player -- One of the best media players out there. Highly portable multimedia player for various audio and video formats (MPEG-1, MPEG-2, MPEG-4, DivX, mp3, ogg, ...) as well as DVDs, VCDs, and various streaming protocols. It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network. (free, oen source, Linux/Mac/Windows)
http://www.videolan.org/

This list is part of a much longer list that I maintain and sometimes publish. There are few others, but some are more as needed special use cases. * 7-ZIP -- Create/Extra ZIP and many other other file compression formats, very powerful. Note can open some installer EXE and MSI files (see Microsoft Orca for more MSI options) (free, open source, Windows, there may be Linux/Mac variants). http://www.7-zip.com/ * CCleaner -- System optimization, privacy and cleaning tool. (free, closed source, Windows) http://www.ccleaner.com/ **Alternate Tool** BleachBit -- Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. (free, open source Linux/Windows) http://bleachbit.sourceforge.n... * Greenshot -- Good Screen Shot tool with simple annotation options. (free, open source, Windows) http://greenshot.sourceforge.n... * IrfanView -- Image Program View, convert, crop, optimize, sideshow, batch Processing etc (free noncommercial, closed source, Windows) http://www.irfanview.com/ Instantbird -- Multi Protocol Instant Messaging (IM) Client - AOL, MSM, Yahoo, etc (free, open source, Linux/Mac/Windows) **Alternate Tool** Pidgin - Multi Protocol Instant Messaging (IM) Client - AOL, MSM, Yahoo, etc (free, open source, Linux/Mac/Windows) http://pidgin.im/ * KeePass Password Safe -- Good Quality secure password manager, stores passwords encrypted. (free, open source, Windows Linux/Mac with Mono) http://keepass.info/ * LibreOffice -- Power-packed Open Source personal productivity suite for Windows, Macintosh and Linux, that gives you six feature-rich applications for all your document production. Excellent replacement for other Office Suites, can open many different and sometimes odd file types -- (free, open source, Linux/Mac/Windows) http://www.libreoffice.org/ * Mozilla.org FireFox -- Web browser for more security then Internet Explore (free, open source, Linux/Mac/Windows) http://www.mozilla.com/ http://www.mozilla.org/ * SpeedCrunch -- fast, high-precision and powerful cross-platform desktop calculator (free, open source, Linux/Mac/Windows) http://www.speedcrunch.org/ & http://speedcrunch.blogspot.co... * UltraEdit -- Probably the absolute best most powerful text editors around, edit huge files, FTP, column mode, and more (shareware, closed source, Win/Mac/Linux) http://www.ultraedit.com/ **Alternate Tool** Noteppad++ -- Good Text / Source Code Editor replacement for Microsoft Windows Notepad/Wordpad (free, open source) http://notepad-plus.sourceforg... * VLC Media Player -- One of the best media players out there. Highly portable multimedia player for various audio and video formats ) as well as DVDs, VCDs, and various streaming protocols. It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network. (free, open source, Linux/Mac/Windows) http://www.videolan.org/

You mean the same Id Software who issued a cease-and-desist to Mozilla? Besides, Id Software has historically waited around five years after first publication of a game to distribute the source code of its engine as free software.

(Excuse the following mini-rant: the last day or two I've been finding my ability to "get into" FirefoxOS quite frustrating, as described here)

I'm hopeful. I'd like to try it and see, and more importantly, learn to participate directly, but I'm finding it impossible because I'm too cash-poor to pay even $200-300 for a new phone or tablet (e.g. the Geeksphone Revolution), and there doesn't seem to be any other way to get a real FirefoxOS device in the US (where I am), an in any case being stuck in an area with only CDMA coverage, a FirefoxOS "phone" seems unavailable anyway, making that kind of money hard to justify even if I had it available.

I could come up with $25-50 for a device to learn on, but I can't have one. The ongoing announcements of affordable devices seemingly everywhere else but where I could use one feels pretty frustrating.

I also feel like an idiot because I can't seem to find any useful technical information about FirefoxOS at a level between "try to read the raw source code" and the very attractive but not very informative brochureware at https://www.mozilla.org/en-US/... .

It's frustrating: I'm too poor to buy a special-order device, and too "rich" (by global standards) to be able to buy the devices most recently announced. I'm too "smart" to get the information I want (from the brochureware) and too "stupid" (from the source) at the same time.

If I don't shut up here this is going to turn into a tedious, incoherent essay, so I will.

Firefox OS is trying to fix much of this.
https://wiki.mozilla.org/Firef...
https://developer.mozilla.org/...
The Web is the most successful platform of all time and we're leading the pack on bringing a the Web platform to mobile in a way that's integrated rather than fractured like the existing app store models.

Firefox OS is trying to fix much of this.
https://wiki.mozilla.org/Firef...
https://developer.mozilla.org/...
The Web is the most successful platform of all time and we're leading the pack on bringing a the Web platform to mobile in a way that's integrated rather than fractured like the existing app store models.

This story sounds familiar.

Ghostery
VPN
Delete cookies on exit
Telegram not Facebook
Don't play angry-birds!!

Join site(s) like 38 Degrees, Avaaz even with the god-awful tories in power, 38 Degrees have made a substantial difference many times.

Donate to EFF, UCL, etc.

The kernel is Gonk. https://developer.mozilla.org/... Since Mozilla has full control, it has to be different of Android kernel.

The obvious question that everyone will be asking is "why should I install this rather than cyanogenmod, firefox OS or replicant if I really mistrust big business?

TrackMeNot is s fun plugin to generate search engine noise:
https://addons.mozilla.org/en-...

Then there's Flagger which inserts dubious keywords in your URLs:
http://flagger.io/

Both are in need of some updates and further work though. TrackMeNot constantly needs to update the internal URL of search engines (special parameters and such). And Flagger could probably use some keywords in Arabic and other languages as well.

What I'd like is a profile generator for Facebook, Linkedin etc.: Create a profile in your name, and let it go off making friends, posts, and random content. When somebody searches for you, they'll just find junk, and it will not be clear whether it is you or a different person with the same name.

though the later is lagging a bit behind on VP9/Opus.

Opus is already in released Firefox, and here's the checked-in patch for VP9, so check it out.

though the later is lagging a bit behind on VP9/Opus.

Opus is already in released Firefox, and here's the checked-in patch for VP9, so check it out.

Here's the checked-in patch, so check it out.

Here's the checked-in patch, so check it out.

If you like FF so much prove it and go to the bottom of this page http://www.mozilla.org/en-US/c... and click donate and stop bitching about it when you could do something to contribute.. Maybe Mozilla would not have to be doing this if you did because what's 1, 5, 10, 20, or even 50 bucks? Most video games cost more than that and I use FF far more than most games I own. I know that sounds trollish but it's the truth and I'm not trying to troll $1 is not much but when everyone is doing it it is.

There are instructions here.

I can see that, yes. But those same phones also support client side image scaling via the HTML5 Canvas tag. (See here: http://hacks.mozilla.org/2011/...)

The fact is screen resolutions simply aren't there yet. There is no reason to upload and store the whole 15MP photo when you can only see 1/4 of it (if that).

With the canvas tag you can actually generate a thumbnail client side as well, and upload it alongside the main image, completely offloading the imag processing and reducing bandwidth (inbound and outbound upon re-serving up the file)

Whilst I, like every else here, seem to hate the changes being made here, are all the people here who post complaints here totally IT incapable?

If anyone here reads /. using firefox, it doesn't take a huge degree of effort to edit the HTML 'on the fly', and strip out all the offensive code. Has anyone looked at the RSS feed lately? It is abominable!

SOLUTION: Install Stylish, and voila. Complete control to throw away all the crap.

We probably should set up a community-driven recipe that everyone can download without the hassle of writing their own recipe. I *might* try to get round to doing this in a day or so... No promises, though.

You are kidding right? "Solving" this by abusing the hosts file is the most crude solution one could possibly come up with, and, btw, renders /. entirely inoperable (what a loss...).

Guess either you aren't the real apk, or you indeed have the poor technical understanding you seem infamous for.

for the record, slashdot sets a cookie. it's called betagroup. It appears to contain an integer value between 0 and 99. The poor souls where this number is sufficiently small (ATM <20) get redirected to beta. The others do not.
In case the solution has not become obvious yet modify that cookie.

-- "But I use chrome, you insensitive clod!"

jQuery is a compatibility library to allow writing JavaScript for IE6 effortlessly. If you are developing for a specific platform, it's just an unnecessary layer of obfuscation. I can fully understand that they rejected your app. You should write standard JavaScript where it's possible, not use some obscure wrapper library. You can learn here how to use the standard API instead of an unnecessary wrapper lib like jQuery. Good luck!

How it's done is here. Basically, you test to see which of the various XMLHttpRequest objects work (basically it's several for Microsoft and one for the rest of the world), and use the one that works. I personally don't do it exactly that way, I use a try/catch block but that seems like a good answer too.

Details on the return values here.

It's quite straightforward. While there are good reasons to use jQuery, there's no need to use it solely to handle AJAX calls for multiple browsers.

Do you think your browser is secure? every Firefox and Chrome feature releases contain critical security fixes and I don't hear people giving them the same treatment Flash get. I am not a Flash fan, but It is not fair how browser vendors are not blamed too for their bugs with the same emotion people talk about other technologies. Every time a Slashdot post talk about a new browser release never mention the security bugs, only the nice things

Work on that bug depends on bug 715905 being patched first. It is already ASSIGNED and if you have ChatZilla you can pester mayhemer about it with the following command:
/at ircs://irc.mozilla.org:6697/mayhemer,isnick?msg=Please%20hurry%20up%20and%20patch%20bug%20715905%20so%20work%20on%20bug%20378637%20can%20proceed

The NSA likely has keys from all the major SSL cert vendors, rendering this "spamvertisement" moot. HTTPS does not mean that you're secure from everybody. It means you've added a layer of security that will thwart MOST prying eyes, but those that really want to know what you're doing WILL know what you're doing.

Having the keys from multiple SSL cert vendors does not help a bit (and having the keys from many vendors isn't much better than having the keys of a single vendor). It does NOT magically allow you to decrypt SSL traffic from servers whose host key was signed against that cert vendor's certificate!

To decrypt traffic of multiple SSL websites requires you to obtain the private part of the SSL host keys from all the web-servers themselves. Note that web server host keys are signed via signing requests that do not contain a copy of the private key, so even when the cert vendors (CAs) are hacked, you cannot directly listen in on SSL communication. When the servers implement Perfect Forward Secrecy, then even obtaining a copy of the server's host key won't help as each connection uses a temporary key that's exchanged via Diffie Hellman Key Exchange, a method that generates a key shared between two hosts, that (somewhat counter-intuitively) cannot be deduced by sniffing the traffic between those two participants.

What you can still do is to set up a MITM attack: you set up your own intermediate server with its own host key and sign your host key(s) using one of the SSL vendor's certs that you obtained. Then you redirect all traffic to the servers that interest you via your server (i.e. proxying all SSL connections) and then obviously in the process you obtain the cleartext of all SSL sessions running via your server.

However, the MITM attack is much more difficult to deploy and scale than simple monitoring and recording IP data. Also skilled users will easily detect the MITM attack, as the host key's public part of the servers in question will suddenly change. There are firefox extensions to check for these signs of a MITM. Even SSL Everywhere has a checker built in (via the SSL Observatory). Or try Certificate Patrol.

> this means that Firefox on Android with HTTPS Everywhere is now by far the most secure browser > against dragnet surveillance attacks like those performed by the NSA, GCHQ, and other intelligence agencies.

While I certainly think it is a good idea to encrypt traffic, this statement is highly misleading or naive: Since the CA system is *flawd by design* and every one of those "authorities" in the long list of built-in CA inside your browser can, by negligence or choice, supply any of these and other agencies with a valid certificate for *any hostname in the world*, initiatives like these protect your privacy only from your local sysadmin/ISP, and also do nothing against traffic analysis.

Should a US person/company trust that "China Internet Network Information Center" isn't going to create a cert for a US bank or company to perform a MITM attach with? Should a Chinese company trust "Wells Fargo" not to? Should the Greeks trust "TÜRKTRUST Bilgi letiim ve Biliim Güvenlii Hizmetleri A.. (c) Aralk 2007", or the Turks "Hellenic Academic and Research Institutions Cert. Authority"? What on earth makes you think ALL of these companies can resists pressures to misbehave? Yet all of them are built-in to your browser and "you" trust them.

[..]

The Cert validation in the browsers leads to a *dangerous false sense of security* at most. This is crypto, a weakest-link business [..]

You suggest that MITM attacks on SSL are as bad as someone sniffing on unencrypted traffic. It is not! MITM attacks are active attacks and are much more invasive to carry out. That's not all: in principle all these MITM attacks can be detected: the host key of the Man In The Middle will differ from the host key of the original server (though your browser will accept the differing host key when it is signed by a rogue CA).

It is pretty dangerous for an adversary to carry out MITM attacks on a large scale, as sooner or later, this is going to be detected. The SSL Everywhere extension for example can (optionally) collect information for and check with the SSL Observatory to detect differing certificates that indicate MITM attacks.

There's also the Certificate Patrol Firefox Extension that persistently remembers certificates and warns when certificates changed for no apparent reason.

Firefox most secure? No! No! No!
They dont care about security.
Look at this bug and think again.
While Chrome can connect to proxy over https, Firefox cant. And wont any soon i guess.

Yes, AES-GCM is now supported in Firefox 27

https://addons.mozilla.org/en-US/firefox/addon/settingsanity/ It even restores the 'Advanced' dialog but does not restore all it's options.

I think not. Multiple 'cookie sandboxes' would be nice (especially for purposes of paranoia... ignoring Evercookie and Panopticlick), but it's not happened yet.

Google turned up this, but it's just Firefox's current private-browsing, given a stupid name.

Chrome might have "process per tab," but Firefox creates container processes for plugins. All isolated from the page they are rendering to so if they go down they don't take out Firefox. Might not be as robust, but it works. Also, time to update your knowledge, kittlings. Electrolysis has been in development for almost a year and is available in Firefox nightly builds right now. Still buggy but FF is well on its way.

https://wiki.mozilla.org/Elect...