Slashdot Mirror
Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
Re:Removed "Disable Javascript" check box
Chances are you can still modify those options through the about:config page (I hope).
Removing an option from the UI is the first step to Mozilla deleting the option altogether. Look to autoHide tabs for an example of this already happening, and tabs-on-bottom planned on being removed. When they force tabs on top I will stop using/upgrading Firefox.
This is why I get pissed off by the asshats who say "don't complain about the UI option, you can change it in about:config". 1-2 years after the UI is changed, the option, in all its forms, will be gone.
-
Re:No longer able to autoHide tabs.
-
Re:A new logo?? Eyeroll
To add:
http://www.mozilla.org/en-US/firefox/releases/0.1.html
Phoenix is a redesign of the Mozilla browser component, similar to Galeon, K-Meleon and Chimera, but written using the XUL user interface language and designed to be cross-platform. More information about Phoenix is available at the Phoenix Project Page.
http://www.mozilla.org/en-US/firefox/releases/0.6.html
Mozilla Firebird, formerly known as Phoenix, is a redesign of the Mozilla browser component, similar to Galeon, K-Meleon and Camino, but written using the XUL user interface language and designed to be cross-platform. More information about Mozilla Firebird is available here.
-
Re:A new logo?? Eyeroll
To add:
http://www.mozilla.org/en-US/firefox/releases/0.1.html
Phoenix is a redesign of the Mozilla browser component, similar to Galeon, K-Meleon and Chimera, but written using the XUL user interface language and designed to be cross-platform. More information about Phoenix is available at the Phoenix Project Page.
http://www.mozilla.org/en-US/firefox/releases/0.6.html
Mozilla Firebird, formerly known as Phoenix, is a redesign of the Mozilla browser component, similar to Galeon, K-Meleon and Camino, but written using the XUL user interface language and designed to be cross-platform. More information about Mozilla Firebird is available here.
-
"includes...mixed content blocker"
...and breaks HTTPS Everywhere badly . Poor show Mozilla, poor show.
-
Mixed Content blocker is awesome for security, but
..many sites still need to be updated to work with it. Likely some behind the firewall stuff as well. (And many of these sites break in IE10 and Chrome as well)
See here for full details: https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/
Basically it prevents loading active content (JS/CSS/etc) from a non-HTTPS source when the page is HTTPS.
Also, if you are a HTTPS Everywhere user and wondering why sites like XKCD and NYtimes are no longer HTTPS, this is why.
-
Re:Yes, there is a simple fix
Well, each to their own, but I really can't see it being a boon to usability (I saw your screenshot in your other reply and thought "yikes"), and I think if it really had such wide possibility of appeal and merit it would have been reinvented by now.
Or perhaps it has - have you tried Tile Tabs?
-
Mozilla bug 516752
or an object handled by the sound API in case the noise is generated from within the calling process.
I found "the sound API" in your comment ambiguous. Did you mean by the browser's sound API or by the operating system's sound API? The NPAPI architecture allows to shortcut the browser's sound API and directly call that of operating system's, and the latter may not enforce association of an audio stream with a window or subwindow.
If you meant the operating system's sound API, the browser knows which process it's coming from. But using the process to identify a tab that plays audio would require all browsers to adopt a process per tab, and I'm not aware of any browser other than Chromium that consistently uses a process per tab. YouTube has implemented the feature described in the article as a workaround for the fact that not everybody is able to switch to Google Chrome or another Chromium browser. If you want this implemented in browsers other than Chromium, join me in voting for bug 516752.
-
No need for Google's JavaScript on YouTube
There are lots of alternatives that can play back YouTube videos without using Google's JavaScript or Adobe Flash (e.g. ViewTube, youtube-dl, UnPlug, quvi and youtube-viewer (which also supports viewing comments).
-
You're in for a rude shock
The plugins.click_to_play pref was removed as Firefox switched to per-domain and per-plugin prefs.
To get per-element click-to-play back you need this extension in Firefox 24 and above. Ironically it re-uses the original pref. -
Firefox Extention
= no autoplay
I use a Firefox Extension "Youtube AutoPlay Stopper" https://addons.mozilla.org/en-US/firefox/addon/youtube-autoplay-stopper/?src=search
Itws one of the many reasons why its my browser of choice.
-
Nobody mentioned the exploit?
There's a pretty good unwrapping of the payload here, and it's a pretty creative exploit of the javascript interpreter to execute shellcode. Just from a glance at the shellcode, I see a hand-crafted HTTP header so at minimum they're using the OS network stack directly to give the tor-level UUID a public IP coorelation. Beyond that, they could be doing anything since they're already through the sandbox.
-
discussed three years ago
This sort of timing attack was discussed three years ago on the Mozilla blog.
Could someone elaborate on exactly what hasn't been fixed for the Mozilla-based browsers? Dunno about the rest.
-
Re:Yep, that.
Or Abine DoNotTrackMe, which I marginally prefer over Ghostery because the latter is run by the ad networks (of course, I'd prefer an OpenSource alternative...)
NoScript, Perspectives, Flashblock, BetterPrivacy and HTTPS Everywhere round out the package.
And occassionally PrefBar so I can change my browser UserAgent on the fly, just to mess with 'em...
-
Re:Wow, you never heard of
Why no, I hadn't. I do know that there are ways to hide the browser type,. Bu teven though I am a astupid autistic fuckhead, I do know this. There is no reason that I should have to fuck with my browser because some asshole assumed that Mac gets only Mac, Windows only Windows. What kind of world view is it that thinks that it is at all acceptable to have to get one program to get another program to do something that should have been available in the first place. Maybe you have hours to futz with just trying to get something to work, to hell with actually doing work with it, but I don't. Your argument is invalid, and serves mainly to illustrate that assholes are out there that make a need for such shit in their inability to think.
-
Re:interesting take.
It seems to be fixed in most major browers, and I can't reproduce it locally on the lastest Firefox. This blog post talks about it a bit more.
-
Wow, you never heard of
-
Your video is broken
Please see about proper mailbox support
It's a video, and a transparent div is overlaying the Flash player, preventing me from clicking the Flash object to start it. Is there a transcript?
-
Re:The crucial point
God bless DownloadHelper
-
Re:what is it?
Well I tried it just now and either I was mistaken in thinking that youtube was the site where it would assert without even clicking, or if youtube changed something on their end to quit doing that. But once you click the player to pause, change volume, etc. the bug reasserts. This breaks on tons of other sites with many different plugins. Other browsers dont seem to have such problems with it, but from reading countless pages of bug reports and discussion I get the idea there is something particularly bad here in the mozilla design - for some reason it seems to actually give up the keyboard input when it focuses a plugin, rather than passing it on after parsing it still, and I read stuff like "We should give plugins the ability to pass through shortcuts to the browser" ( https://wiki.mozilla.org/Firefox/Features/Plugin_keyboard_focus ) which seems rather backward - the browser should be deciding what part of the keyboard input to pass through to the plugin rather than begging adobe to pass them back after the fact, no?
Clearly it's not impossible to do that, IE and Safari both manage it without issue.
-
Re:what is it?
Well I tried it just now and either I was mistaken in thinking that youtube was the site where it would assert without even clicking, or if youtube changed something on their end to quit doing that. But once you click the player to pause, change volume, etc. the bug reasserts. This breaks on tons of other sites with many different plugins. Other browsers dont seem to have such problems with it, but from reading countless pages of bug reports and discussion I get the idea there is something particularly bad here in the mozilla design - for some reason it seems to actually give up the keyboard input when it focuses a plugin, rather than passing it on after parsing it still, and I read stuff like "We should give plugins the ability to pass through shortcuts to the browser" ( https://wiki.mozilla.org/Firefox/Features/Plugin_keyboard_focus ) which seems rather backward - the browser should be deciding what part of the keyboard input to pass through to the plugin rather than begging adobe to pass them back after the fact, no?
Clearly it's not impossible to do that, IE and Safari both manage it without issue.
-
Re:Isn't all of it ridiculously aggressive now?
I just wish they worried about things that REALLY matter. See bug 392073, opened in 2007. I just can't believe this is so low in Mozilla's priority list. It's just silly.
The new Flickr design, for example, looks very nice. Except on firefox it hangs for a couple of seconds with 100% CPU usage every time you scroll down. Buggy JS code? Maybe. But it kills the browser completely. They could at least try to run every tab as a separate process (maybe they should have shut the hell up instead of criticizing the competition when they did that? Anyone remember the "heat" google got for making Chrome run each tab as a separate process? Doesn't sound so silly now, does it?)
-
Re:what is it?
https://addons.mozilla.org/en-us/firefox/addon/fxchrome/ FXChrome seems to do a pretty good job simulating the look and feel of Chrome.
-
Re:Not useless, but its usefulness is now over
Careful, advertisers like Google have paid Adblock Plus to whitelist their ads. Sure it's google ads today, but Google owns the vast majority of online ad networks and commands practically all the online ad markets, and if they're paying off the ad blockers to whitelist...
Then those ad blockers get forked into non-crippled versions.
I will admit that I was gobsmacked when I got that window after updating ABP to the first version with that garbage, though.
-
Re:My guarantee
And not until Servo (next gen Firefox rewritten in Rust) is out; around version 100.
-
Re:The meat is the payload.
Alright people, we've got the tortillas and the onions, all we need are some bell peppers and some meat and we've got ourselves a fajita.
Don't forget TACO....
-
Hundreds of iframes make a page unresponsive
Yes, <iframe> was proposed as an alternative to AJAX. But years ago, hundreds of iframes on a page would cause certain browsers to crash. And even in 2013, the test case from that bug still causes Chrome to show an unresponsive tab alert on my laptop. Besides, putting each comment in its own iframe doesn't support batching. Unlike JavaScript, which can request multiple comments as a single JSON or XML object, each iframe needs its own HTTP request.
-
Mozilla is hiring
Mozila is looking for a "Information Technology Enterprise Architect". They need one, too; their online services are flaky.
>"Work for mankind, not for the man" - Mozilla job billboard, San Francisco.
-
Re:Easy
Why would she need dozens of tabs currently active rather than use an extension like TooManyTabs? Don't get me wrong, I've been a power user since I first got on with Netscape 1.x, and used to be way over the top with the number of Firefox tabs -- then I started getting tired of the performance hit, and stopped to think whether I really needed ALL of them open simultaneously. Turned out that I didn't -- I usually had a bunch pointing to comments I was planning/writing (many of which I never got around to finishing), articles I planned to read (which now go into Readability or TMT), articles thought I might want to reference (now in TMT or bookmarked), plus the usual assortment of app tabs (Gmail, shopping cart, etc.). After all, I can only have so many windows & tabs visible at the same time...
I'm still a Firefox power user, but usually max out tab usage at around 20 and run a similar number of extensions. My computer's a single-core 2GHz (an exciting upgrade from my old 1.6GHz last year) with 1GB of RAM, running Linux for the performance boost over WinXP. Not ideal, but given I'm just doing generic web/office stuff that doesn't require a really high-powered system, it's OK -- and frankly, I'm a lot happier with my stuff this way than I was back when I casually bought replacements rather than do things like take the time to ask myself "do I REALLY need 90 tabs active?"
-
Re:PandaFrom your link:
The name "Firefox" (a reference to the red panda) was chosen for its similarity to "Firebird"
From Mozilla themselves:
A "Firefox" is another name for the red panda.
http://www-archive.mozilla.org/projects/firefox/firefox-name-faq.html
-
Re:Google
Actually, when it comes to Firefox, it's pretty easy to find 2.0, or even 0.8 if you really want. Mozilla has a page of every version of Firefox ever released: https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/
-
Re:Why not promote a Dvorak keyboard instead?
well, you can always use my silly FF extension or many other keyboard layout switching tools (including the ones actually built into every OS) to type with DVORAK, who is stopping you?
-
Re:NSA
Mozilla Firefox and other browsers treats self encrypted certs as WORSE than unencrypted and put big scary messages up
I think it is reasonable action for a certificate you don't know the source. You can always add the certificate to your browser and avoid the error. The rationale for the pop-up is that an unknown self-signed certificate is as bad as no encryption - totally open to a main-in-the-middle attack, but people have a higher expectation of security from SSL.
-
Re:what about the cache?
This Bug?
https://bugzilla.mozilla.org/show_bug.cgi?id=820259
Filed 1/1/2013, so worth adding your voice or seeing if there's any commonality between your setup and others who get the bug, doesn't look like it though as the submitter was using Linux.
-
Re:For god's sake, give the UI its own thread
How'd you make through that entire post without linking to the actual bug for doing this?
-
Re:Memory hog
It's no defense of Firefox, but one, not-fully-solved issue is crufty profiles. Over time a profile *can* acquire database corruptions as well as other issues (like already uninstalled addons having changed and left about:config settings). These can all lead up to:
- - Poor memory use
- - Slow startup/shutdown
- - Increased jitters & pauses
- - Instability
The profile isn't always the issue, but if you've chased down other potential causes (poorly behaving addons, plugins, etc) and your profile is a year or two old, you might consider doing a Reset. It will save your old profile to the desktop and import your data to a new one. Some data is not transferred - like preferences and addons - it's all listed on the page I linked.
This can be a nice solution to chronic problems and one I'd recommend before giving up on Firefox. -
Re:why?
Apparently a simple change
https://bugzilla.mozilla.org/show_bug.cgi?id=854467 -
Re:Speed != Responsiveness
It doesn't matter how much Firefox devs work on "UI sluggishness" if it's a single thing can lock up all input to the browser.
The Gods have smiled and sent the clue-bat flying through MoFo last month, so Electrolysis is back on.
-
How about fixing a 7-month old text rendering bug?
Makes the browser just about unusable on older (but not that old) AMD/ATI hardware. https://bugzilla.mozilla.org/show_bug.cgi?id=812695
-
Re:why?
According to the bug https://bugzilla.mozilla.org/show_bug.cgi?id=873709&resub&utm_source=feedly it will still be an option in about:config
Furthermore, that plugin isn't referring to this javascript at all, instead it's referring to a change in the API for plugins
-
Re:why?
Firefox has support? What's the toll free number?
-
Re:why?
Not according to my button plugin of choice's author. He indicates it is a change in the API that will make his plugin inoperable.
According to the author's bug report, it's just an API change that he will need to update the extension to use. I don't see anything about the facility to turn off javascript being removed.
-
Re:What is the Problem with Mozilla
You liked fennec on n900? I found it to be pretty much unusable. The interface was nice, but the n900 just didn't have the juice to run it properly. Using desktop firefox (iceweasel) from easydebian ran much faster, and as an added bonus, was compatible with all the firefox addons. Fennec addons is still a barren wasteland. No requestpolicy. No cookie monster. Noscript mobile is out there, but not on addons.mozilla.org.
Fennec sucks. It's a horrible replacement for real firefox. However, it's also the best browser for android, because somehow all the other browsers suck more.
As an added bonus of lameness. Mozilla has decided to remove the link to download the firefox mobile apk from their site. They only link to google play now. I had to search duckduckgo to find the real link hiding on their wiki*.
Their reasoning for this seems to be to encourage users to update regularly. Their wiki says, "You will need to keep Firefox up to date yourself if you do not install it through the Market." This is not true. Google Play will try to update firefox even if you did not install it through the Play Store. This kind of crap is exactly why I refuse to install the Play Store (actually whole gapps package) to begin with. *Fennec is also available through F-Droid, but it's hidden by default because it "promotes non-free addons". -
Re:why?
I tend to enable JavaScript (since disabling it breaks too many sites) but I don't allow it to do anything outside of the web page with the browser itself (manipulate windows or context menus)
You don't do anything, that's by design.
Firefox 22, by default, allows JavaScript to do those things.
-
Re:Simple != Dumb
the menu option made you unable to use mozilla marketplace.. http://www.mozilla.org/en-US/apps/
besides, I bet there's plenty more of menu options they didn't remove that just 1% touches, if not anywhere else then in the hidden menu.. like connections per server. they're just dicking around and it's a political move that would be moving towards breaking noscript in the future.
-
Re:Really, they should make it easier to do
You can try PrefBar which adds a toolbar with customizable buttons that can be used to toggle things like Java, Javascript, Flash, etc. I used it back in the day when I was still on dial-up; I'd load pages with all the bling disabled first and only if the content looked interesting would I enable (and download) the various imagesand applets. With the advent of broadband and Noscript, my need for PrefBar lessened but if you want a quicker way to activate/deactivate Javascript then PrefBar will probably work for you.
Heh. I just reinstalled the extension and it still remembers all my old settings, which only goes to show you how ancient my Mozilla profile must be
-
Re:Really, they should make it easier to do
I've been using this for awhile now, works as advertised:
JS Switch -
Re:why?
Are there still security issues with having JS enabled?
Javascript is used by most malware installation systems. The typical route is that a trustworthy hacked site is modified to include a <script> tag with its source on the malware hosting domain. The resulting script will then use some mechanism to attempt to install malware, either simply dropping an executable download on the visitor and hoping they run it, or attempting to exploit either a browser or a browser plugin bug. Turn off javascript, and the exploit is never downloaded, so can't run.
There are also direct browser attacks that would require javascript to function, e.g. http://www.mozilla.org/security/announce/2013/mfsa2013-53.html or http://www.mozilla.org/security/announce/2013/mfsa2013-46.html (to pick a couple from the last month or two).
So, yes, your system is still less secure if you have JS enabled than if you don't.
-
Re:why?
Are there still security issues with having JS enabled?
Javascript is used by most malware installation systems. The typical route is that a trustworthy hacked site is modified to include a <script> tag with its source on the malware hosting domain. The resulting script will then use some mechanism to attempt to install malware, either simply dropping an executable download on the visitor and hoping they run it, or attempting to exploit either a browser or a browser plugin bug. Turn off javascript, and the exploit is never downloaded, so can't run.
There are also direct browser attacks that would require javascript to function, e.g. http://www.mozilla.org/security/announce/2013/mfsa2013-53.html or http://www.mozilla.org/security/announce/2013/mfsa2013-46.html (to pick a couple from the last month or two).
So, yes, your system is still less secure if you have JS enabled than if you don't.
-
Re:Illegal power without Constitutional authority
Funny story, a few years back when I wrote this, I added in the functions to encrypt and decrypt text in browser input elements with a predetermined password. At the time when I was working on it, FF was some much older version and to my surprise when I was debugging the code, I realised that I could use Javascript to read input characters from password fields in my code from ANY page. That was unfortunate (I think they fixed that by now). But of-course today if you use something like gmail or hotmail, they can capture keystrokes and document change events and send them back to the servers individually, so at this point if you are going to use something like leetkey for encryption, you have to use the function (that is provided in my addon at least) to open a new browser window or tab with a text area where you can type something and encrypt it first and then cut and paste into your email window's text area.