Slashdot Mirror
Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
Re:Javascript == annoying
What's really sad is that initially Javascript had the following idiotic C keywords reserved but doesn't use them -- even more annoying was that you couldn't use them as property names until recently!
* char
* double
* float
* int
* long
* short
* voidReference / See:
* http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf
* http://stackoverflow.com/questions/5306315/browser-support-for-using-a-reserved-word-as-a-property-name-in-javascript
* https://developer.mozilla.org/en-US/docs/JavaScript/Reference/Reserved_WordsJavascript is the new Basic -- it encourages sloppy programming with hard to find bugs.
--
Only cowards use censorship. -
FirefoxOS?
Why bother with Gnome for your apps, when you can target what might become a broader standard? http://www.mozilla.org/en-US/firefoxos/
-
Re:Good for them.
Firefox DOES warn you about vulnerable versions of plugins and suggests disabling as the better option. Here is a list of blocked versions: https://addons.mozilla.org/en-US/firefox/blocked/
-
Re:Run Linux
Almost all of the plugins are soft blocked. They'll be automatically disabled when you start Fx, but you can easily re-enable them without patching or updating anything. In fact, the same dialog that tells you about the soft block lets you uncheck "Disable" to prevent it from being disabled. Very nearly all plugins that are blacklisted are soft blocked. Their criteria for hard blocking plugins (which means the plugin cannot be re-enabled) is that the plugin either "is malicious" or "a soft-block will not resolve the issue in question, such as a start-up crash". See Mozilla's wiki for more information, especially the sections "A High Bar", "Block Conditions", and "Block Severity".
Please don't spread misinformation and FUD about Mozilla's blocklisting when it really is done properly. -
Re:Filesharing sites are pointless when YouTube...
Have you tried ProxMate for Firefox? I use to to unblock when I want to watch some UK shows. I'm sure it works the other way around (i.e. for foreigners who want to watch American-only programming).
Proxmate just loads the page through a proxy and the video is streamed through your connection so there's no slowdown due to a use of a slow proxy.
-
Re:My .02 cents... as a former perl guy...
Huh, I need more current documentation. I've been using the JavaScript Bible, 7th edition, and it doesn't mention Object.keys anywhere. Checking, I find that Object.keys() was introduced in JavaScript version 1.8.5, which came out in 2010, about the same time that book was released. Oldest version of Firefox that supports that is version 4.
-
incredibly annoying doorhanger popup in Firefox 19
Hopefully this will mean a complete rewrite of their click-to-play setup, including fixing this incredibly annoying misfeature of Firefox 19:
http://forums.mozillazine.org/viewtopic.php?f=38&t=2644157
https://bugzilla.mozilla.org/show_bug.cgi?id=820678As far as I can tell, this whole aspect of firefox was never designed properly. It grew into an unmaintainable mess, and now they're having a hard time finding their way out.
-
Re:Need for speed!
I think you are looking for Ghostery...
https://addons.mozilla.org/en-us/firefox/addon/ghostery/
With apologies to Southpark: "They put the trackers on their webpages over there, and... they're gone."
-
Re:Please include flash!The first add-on I install for Firefox: https://addons.mozilla.org/en-US/firefox/addon/flashblock/
I suspect the main reason I install this is the main reason Mozilla don't want to disable Flash by default: annoying animated ads.
-
Re:Please include flash!
Once I switched to a YouTube downloader for FF ( "Easy YouTube Video Downloader" https://addons.mozilla.org/en-us/firefox/addon/easy-youtube-video-downl-10137/ ) there is almost zero reason to even have flash installed anymore except for the odd Web Game. i.e. These 2 have excellent gameplay:
Gemcraft - Chapter 0
http://armorgames.com/play/3527/gemcraft-chapter-0Desktop Tower Defense
http://www.kongregate.com/games/preecep/desktop-tower-defense-1-5 -
Re:So why the hell does Flash get a pass?
If you run NoScript only to block Flash, then you might want to have a look at Flashblock instead: https://addons.mozilla.org/en-US/firefox/addon/flashblock/
Or perhaps QuickJava: https://addons.mozilla.org/en-US/firefox/addon/quickjava/ -
Re:So why the hell does Flash get a pass?
If you run NoScript only to block Flash, then you might want to have a look at Flashblock instead: https://addons.mozilla.org/en-US/firefox/addon/flashblock/
Or perhaps QuickJava: https://addons.mozilla.org/en-US/firefox/addon/quickjava/ -
I've dropped NoScript now
Now that plugins will be click-to-play by default and I block scripted ads already using Adblock Plus.
As for scripting in general, I use an extension to control the Content Security Policy per site -
Re:Installation is the big bottleneck these days
For me, Firefox 18 was unresponsive for a minute or so while loading one of the voxel.js demos. It eventually loaded. I have reported the issue as https://bugzilla.mozilla.org/show_bug.cgi?id=835076.
-
Re:An OS built in HTML5?
Oops, it was the Nexus S...
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Firefox_OS_build_prerequisites
-
5 more years
This makes me hope that 2017 will be the ETA for the fix of this one
Obligatory disclaimer: no, I can't learn a new (for me) language and a new toolchain to fix it. I'll live with the bug as I did for three years.
-
Re:common
Mozilla also fixed an over decade old bug in Firefox 18 (prevent sending insecure requests from a secure context).
-
GoogleSharing add-on
I now use the https://addons.mozilla.org/en-us/firefox/addon/googlesharing/ add-on for FF. This is basically a proxy that is used only for your google searches. It stops Google from profiling you based on your IP address when you search by inserting a middle-man. Together with HTTPS-Everywhere and no logins to Google in the browser I think it's a pretty good setup. You have to trust the GoogleSharing people for not doing what Google does to begin with though
-
Re:Maybe this is the reason
One look at Opus is enough to convince me Microsoft is bullshitting. Opus was a collaboration by all stake holders involved.
-
Re:How about adding a search box?
The address bar isn't a real search bar. It's limited to Google web search. You can replace that but you can't have more than one. I'm using around 100 search engines in Firefox (organized), so being limited to one is really not an option. How do you do it to look up things in dictionaries, search movies, places, people, porn, fora, slashdot, stackexchange, software, books,
-
Re:How does firefox handle searches?
SSL by default for Google since Firefox 14, back in July 2012. See https://bugzilla.mozilla.org/show_bug.cgi?id=633773
For other search engines it depends. For example, Wikipedia has asked that the search through their search plugin keep happening over HTTP for now (see https://bugzilla.mozilla.org/show_bug.cgi?id=758857 ).
-
Re:How does firefox handle searches?
SSL by default for Google since Firefox 14, back in July 2012. See https://bugzilla.mozilla.org/show_bug.cgi?id=633773
For other search engines it depends. For example, Wikipedia has asked that the search through their search plugin keep happening over HTTP for now (see https://bugzilla.mozilla.org/show_bug.cgi?id=758857 ).
-
Re:Brilliant idea
This is kind of what the password hasher plugin does.
https://addons.mozilla.org/en-US/firefox/addon/password-hasher/?src=userprofileIt uses the site's name, along with your password and your configuration settings, to generate a password. This allows one master password to be used which generates unique passwords for every site.
Easy for me to remember, hard to guess. Even if I was keylogged, they wouldn't know what settings I had since I don't use the default settings.
-
Re:Why isn't there a whitelist-only mode?
I find it strange that I can install a flash blocker that allows me to whitelist certain websites but that similar functionality seems to be missing for Java... the easy answer is to not allow java to run unless the site or even specific URL is in a whitelist.
There is a Firefox feature request to add the ability to block all types of media (Flash, applets, other plugins) by site: bug 94035. It was created in 2001. More than 100 duplicate bugs have been added over the decade since. It's still not been implemented.
-
Re:Applets?
-
Re:Hypocritical
While Java applets are very rare
Let's keep that in mind for the rest of this discussion. Java is in no way, shape, or form a necessity for the vast majority of users. It is, however, a huge risk.
How is anyone supposed to ever use it if web browsers start disabling it for every 0-day vulnerability that pops up.
First, Java has been available for web use since 1994. It's nearly 20 years old. It's not like it hasn't had a chance to take hold. There are plenty of reasons people choose not to use it. It's been an option for several projects I've been involved in, and we've never chosen it. Second, that "every 0-day vulnerability" part.. well, that's part of the problem with it. It has a lot of vulnerabilities, and a lot of them take a while to get fixed. So to answer your question, if browsers keep rightfully disabling a vulnerable POS software then people will not use it. Hopefully it will just go away.
It's not like Firefox and Safari don't also have 0-day vulnerabilities
Actually, it sort of is like that. Mozilla is pretty good about fixing bugs. If you don't believe me, here's their list of vulnerabilities. Go ahead and find the section on that page which lists the unfixed vulnerabilities. Here is the vulnerability page for Firefox 18 on Secunia. Take a look at the stats on the right side to see how many vulnerabilities it is currently affected by, as well as the percentage of unpatched. Here is the same Secunia page for Java JRE 1.7, go ahead and compare that to Firefox 18.
IMO there should be a small grace period of 1-2 weeks
Java has had a grace period of 19 years. Under Oracle, it's been around 6 years. This shit keeps happening. There is a pattern here. There is a reason why Java is the #1 infection vector for Windows machines. The browsers are just trying to protect their users. Blocking the #1 infection vector is a pretty decent way to do that. If they also blocked the Acrobat plugin then that would be another step in the right direction.
US CERT has the right idea:
Due to the number and severity of this and prior Java vulnerabilities , it is recommended that Java be disabled temporarily in web browsers as described in the "Solution" section of the US-CERT Alert and in the Oracle Technical Note "Setting the Security Level of the Java Client."
(emphasis mine)
-
Re:Fast - good - now focus on...
I'm using UnloadTab for Firefox, works pretty well. https://addons.mozilla.org/en-US/firefox/addon/unloadtab/?src=api
Of course hundreds of tabs for a week still requires some occasional restart (use ulimit -v in script before starting FF).However I dislike Chrome, because occasionally it starts hogging CPU, so I even can't move my mouse.
-
Re:Wow, more excuses.
Why not just fix the bugs?
-
Re:This road seems familiar.
maybe submit an element to the W3C, and get it standardized so others can also implement it, then "image/cloud" mime type and my rotate&zoom capable 3D data display can be adopted.
Since there's already WebGL in <canvas> I predict your submission will be rejected.
-
Re:Bug Fix/New Feature 12 years in the making
That's nothing, they're still yet to implement Select/Copy of
-
Re:Honestly?
You can enable the "save tab prompt" when quitting. I saves all open tabs and you get re-logged automatically into the sites you were logged in when FF restarts. I close random tabs to leave only the tabs I need to work open when I restart because FF takes to much memory. about:config, preference browser.tabs.warnOnClose, browser.warnOnQuit, browser.warnOnRestart
http://support.mozilla.org/en-US/questions/796107
-
Re:Honestly?
You can enable the "save tab prompt" when quitting. I saves all open tabs and you get re-logged automatically into the sites you were logged in when FF restarts. I close random tabs to leave only the tabs I need to work open when I restart because FF takes to much memory. about:config, preference browser.tabs.warnOnClose, browser.warnOnQuit, browser.warnOnRestart
http://support.mozilla.org/en-US/questions/796107
-
Re:Honestly?
You can enable the "save tab prompt" when quitting. I saves all open tabs and you get re-logged automatically into the sites you were logged in when FF restarts. I close random tabs to leave only the tabs I need to work open when I restart because FF takes to much memory. about:config, preference browser.tabs.warnOnClose, browser.warnOnQuit, browser.warnOnRestart
http://support.mozilla.org/en-US/questions/796107
-
Re:PDF.js
Correcting link: it is case sensitive...
https://wiki.mozilla.org/Show_PDF_inline -
Just switched to Firefox 17 ESR
I just switched to Firefox 17 ESR.
CacheViewer got broken by the upgrade from 17 to 18, and I don't want any more automatic updates that will break extensions, so I'll just stop automatic updates, and keep a browser that works, and will get updates only for security fixes. -
Old bug
Heh, they surely fixed an old bug in this release.
-
Re:Quit whining
And your complaining about the mainstream version of Firefox while ignoring the existence of the enterprise version of Firefox makes your argument disingenuous.
I'm well aware of it. It has support for all of... 1 year. Also, to quote directly from the same page: "Backports of any functional enhancements and/or stability fixes are not in scope."
So, who's being more disingenuous here... the person who makes the argument that "release early, release often" may not be suitable for all applications, or the guy that handwaves the argument, claims a lie of omission, and then makes a lie of omission of his own? Stupid facts, getting in the way of a good internet roasting...
-
Bug Fix/New Feature 12 years in the making
They've landed the solution to this issue, first submitted in 2000. Clinton was still president.
-
Re:Quit whining
And your narrow-mindedness is annoying. Do you know why Microsoft only releases patches once a month for its operating systems?
And your complaining about the mainstream version of Firefox while ignoring the existence of the enterprise version of Firefox makes your argument disingenuous.
Here let me get you started: http://www.mozilla.org/en-US/firefox/organizations/
-
PDF.js
The PDF viewer in Firefox, PDF.js is an amazing piece of software. It is written entirely in JavaScript and runs in the same sandbox in which a webpage runs. So it is very safe. The layout accuracy and speed of PDF.js are simply amazing. Text selection happens just like it does in the browser. Some PDF viewers only allow you to draw a rectangle on which to do OCR. PDF.js simply lets you select the glyphs.
This viewer has been available as an add-on for a while already.
-
Re:Honestly?
http://www.mozilla.org/en-US/firefox/organizations/all.html
ESR versions are yearly if you care so much about fast releases.
-
Re:I don't..
inability to manipulate object prototypes
Uhh, what? Care to elaborate? I'm not saying JS is perfect, far from it; strict mode helps a bit to get rid of some of the retardness. But once you wrap your head around scoping/hoisting (which is odd, granted, if coming from a language with a C-like syntax) it's not that bad, quite expressive at times even.
-
Google offered Native Client to Mozilla
Google will soon be announcing Chrome's support for ActiveG plugins. This will make excluding Safari, Firefox and Internet Explorer even easier.
Google offered Native Client to Mozilla; Mozilla didn't want it.
-
Re:Still not working...
I run the Firefox plugin SixOrNot. Google - a green 6. Youtube and Facebook ditto. Slashdot, a red 4. There are major sites out there running IPv6.
I have a free tunnel from Hurricane Electric. The only issue is that Google thinks I'm in the USA, which can't be a bad thing.
Now that there are no more IPv4 addresses available in Europe, it's in the interests of the established players to suppress IPv6 and lock out disruptive new startups: e.g. ISP's or Co-Lo's.
-
Restrict CA signing capacity
Until there's a good replacement for the CA system, we need a way of restricting the span of control many of these authorities have so that any damage they cause can be contained, using the principle of least privilege.
Why should a Turkish or US Government Certificate Authority have the ability to sign
It looks like Mozilla has a couple of bugs open to address this. Vote or work on them if you agree!
-
Restrict CA signing capacity
Until there's a good replacement for the CA system, we need a way of restricting the span of control many of these authorities have so that any damage they cause can be contained, using the principle of least privilege.
Why should a Turkish or US Government Certificate Authority have the ability to sign
It looks like Mozilla has a couple of bugs open to address this. Vote or work on them if you agree!
-
Re:Why should I have trusted these people?
They shouldn't automatically trust them.
I'm pretty sure the NSA and a couple of other agencies can request that CAs emit certificates to them and force them to keep their mouth shut about it.
I use Certificate Patrol: https://addons.mozilla.org/en-us/firefox/addon/certificate-patrol/
Makes that attack a bit harder. -
Re:What will be the wider response to this?
-
Not an Update Patch
Obligatory: Get the update patch here: http://www.mozilla.org/en-US/firefox/new/
Its a work around.
-
Obligatory update patch
Obligatory: Get the update patch here: http://www.mozilla.org/en-US/firefox/new/
