Slashdot Mirror
Firefox 44 Deletes Fine-Grained Cookie Management (mozilla.org)
ewhac writes: Among its other desirable features, Firefox included a feature allowing very fine-grained cookie management. When enabled, every time a Web site asked to set a cookie, Firefox would raise a dialog containing information about the cookie requested, which you could then approve or deny. An "exception" list also allowed you to mark selected domains as "Always allow" or "Always deny", so that the dialog would not appear for frequently-visited sites. It was an excellent way to maintain close, custom control over which sites could set cookies, and which specific cookies they could set. It also helped easily identify poorly-coded sites that unnecessarily requested cookies for every single asset, or which would hit the browser with a "cookie storm" — hundreds of concurrent cookie requests.
Mozilla quietly deleted this feature from Firefox 44, with no functional equivalent put in its place. Further, users who had enabled the "Ask before accept" feature have had that preference silently changed to, "Accept normally." The proffered excuse for the removal was that the feature was unmaintained, and that its users were, "probably crashing multiple times a day as a result" (although no evidence was presented to support this assertion). Mozilla's apparent position is that users wishing fine-grained cookie control should be using a third-party add-on instead, and that an "Ask before accept" option was, "not really nice to use on today's Web."
Mozilla quietly deleted this feature from Firefox 44, with no functional equivalent put in its place. Further, users who had enabled the "Ask before accept" feature have had that preference silently changed to, "Accept normally." The proffered excuse for the removal was that the feature was unmaintained, and that its users were, "probably crashing multiple times a day as a result" (although no evidence was presented to support this assertion). Mozilla's apparent position is that users wishing fine-grained cookie control should be using a third-party add-on instead, and that an "Ask before accept" option was, "not really nice to use on today's Web."
Seems to be as fine grained as I need.
Ah, I see they are following the Gnome school of user interface design.
They seem to be really trying to shoot themselves in the foot lately.
I have an add-on that keeps only the cookies I explicitly select, the rest get deleted whenever I close Firefox, or when I manually delete cache and cookies with shift-control-delete. Just get that and have all the 'fine-grained' control you want.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
I leave a site, its cookies explode.
Was Yahoo p***d off about people who don't allow some cookies to be set?
The real "Libtards" are the Libertarians!
Funny, I can now think of something else that's "not really nice to use on today's Web."
...users wishing fine-grained cookie control should be using a third-party add-on instead...
That's a laugh. What third-party add-ons are going to remain after another year or so of breaking them with nearly every damned release?
Mozilla seem absolutely determined to jump the shark.
Il n'y a pas de Planet B.
No browser works the way I want it to "as is." I have to install a handful of 3rd party addons or whatnot before a fresh install is not crazy-making. I'm not sure why this is a big deal. You can still manage cookies however you want with 3rd party extensions so who cares?
Man, you really need that seminar!
Do. We. Question. Mark.
Moreover, the allegation that enabling the feature destabilized the browser is pharmaceutically pure bullshit. I've been using the feature since its inception, and have Firefox windows open and running for days at a time without ill effect.
Contrariwise, I just went to check my cookie store, and found a bunch of new, unapproved, unwelcome, provably unnecessary cookies have appeared in just the week since I moved from v43 to v44. Deleting them after the fact is not a solution. Once set, tracking can take place immediately. The damage has already been done.
The proffered reasons for the change are easily shown to be false, so I do not hold out any hope that Mozilla management will have a change of heart on this matter and reinstate the long-standing feature.
Would anyone care to recommend a cookie management add-on?
Editor, A1-AAA AmeriCaptions
they lose their identity and userbase. It's strange how they fail to understand that.
The Australis UI was the first step. Now this. Soon, a looming XUL deprecation which is an even worse idea -- I wonder what's the point of using Firefox will be then.
In short we had a fantastic web browser, now we have a Chrome wanna-be. Soon, we'll have a Chrome copy with Gecko underneath, but who on earth cares what rendering engine they are running?
Mozilla's apparent position is that users wishing fine-grained cookie control should be using a third-party add-on instead, and that an "Ask before accept" option was, "not really nice to use on today's Web."
The same could be said for Firefox 44, really.
licet differant, aequabitur
When I eyeball the January 2016 browser market share stats, it looks like Firefox is now at or just under 7% of the browser market. That's across all versions on all platforms!
IE 11 alone has almost as many users as Firefox does in total. The same goes for iOS Safari 9.2. Hell, even Opera Mini almost has more users than Firefox does! Desktop Chrome 47 has over 3 times as many users as Firefox does in total. Chrome for Android 47 has 2.5 times as many users.
These numbers should be scaring the living shit out of Mozilla. They should be in a constant state of panic right now. Firefox is getting decimated.
Maybe Mozilla doesn't realize it, but Firefox is the only product they have left that has any sort of a user base. Seamonkey, Thunderbird and Persona have been left to flounder. Firefox OS was a massive disaster, maybe even worse than GNOME 3 was. Rust and Servo are dead end projects. Bugzilla is a relic.
Why the fuck will anyone, especially the big players in the game, give a damn about what Mozilla thinks or wants? Mozilla already has so little influence. Soon enough Firefox will have so few users that nobody will give a fuck about it or its users, which in turn means that Mozilla will lose whatever small amount of influence it does have left.
It's fucking insane how Mozilla isn't reacting to this. It's fucking insane! It's like they're nearing the edge of a cliff, but they're running faster and faster!
I don't want Mozilla as an organization to vanish. They play such an important role in keeping the web free and open. Yet they also seem to be so intent on destroying themselves! Please, Mozilla, wake up! Please, Mozilla! PLEASE! Stop ruining Firefox! Stop making yourself irrelevant! Please, Mozilla! Please stop it!
I built a new Windows image for our workstation PXE deployments, this time without Firefox.
If you're going to be just another trash browser you're no longer getting installed on the systems I'm responsible for.
In true Mozilla fashion, the discussion on the bug tracker has been censored, so people can't even effectively complain about it.
Check the dates in the bug report. The UI and underlying code have been there since it was called Netscape. The "bug" mysteriously appeared over five years ago, but the work to remove the feature was done in late 2015, and was only rolled out in FF44.
Editor, A1-AAA AmeriCaptions
^^^ This
Self-Destructing Cookies was a genuine break-through in cookie privacy.
I wish the idea would be extended to other tracker-enabling downloads like fonts and HTML5 web storage.
Perhaps by the time their servo rewrite is finished, the firefox name will be so unpopular that their best choice would be to release it under a different name.
WaterFox's latest build seems to still have the granularity. For those not familiar, Waterfox is a high performance browser based on the Mozilla platform. Made specifically for 64-Bit systems. It is speedy and all your FF extensions should work. In fact, in upgrading to WF, all of my FF prefs, extensions and addons were in place and working right on first boot. https://www.waterfoxproject.or...
Dear Mozilla developer,
I don't want to search for your fucking unnamed addon, firstly because I don't want cookies to be accepted from certain domains even before I close the browser, secondly, because it's idiotic to remove something that was useful and didn't cause any harm.
Fuck you, fuck whatever advertising company paid Mozilla to remove this useful feature as well as for adding all the anti-privacy bloatware that I regularly have to disable (pocket, peerconnection, etc...), and fuck your gay-friendly CEO.
Regards,
An unsatisfied firefox user, soon looking soon for alternatives
Everything we need to know about the sorry state of Firefox is shown by the new Brave web browser that Brendan Eich is creating.
Look at what Brave's FAQ page says:
For those who don't know, Brendan Eich worked at Netscape, created JavaScript, co-founded the Mozilla project, and was even the CEO of Mozilla as recently as 2014. He has a very long history with the technology behind Gecko and Firefox.
Yet despite having so much experience with Mozilla's technology, his team has gone with Chromium as the basis of their browser. Like their FAQ says, Chromium is better than Firefox "by every measure".
The problem for Mozilla is that while Firefox has become total shit, they have no better alternative to offer. The Servo project is sputtering, at least partially due to it using Rust, which itself is an immature programming language.
I don't know what Mozilla is going to do. The only option available now is to throw away Servo, throw away Rust, and try as hard as they can to get Firefox fixed up. But even that probably won't be enough. Things are looking extremely bleak for Firefox.
I fully agree that functionality that can be provided by add-ons need not be provided by the core program. In fact, this level of extensibility is a great selling point for Firefox.
The problem is what to do with those who set the preference in the past and have yet to install an add-on. I think it would have been better to take the "paranoid" default (deny all), making sure they have at least as much security as they had before. I find it hard to believe that there are many users who were regularly approving each cookie separately but couldn't dealt with the breakage caused by a temporary "deny all" default.
I fucking hate sites that cause cookie storms.
I got hit by one today, at Chandra Observatory, of all places.
Set your cookies to request always and prepare for > 30 of them: http://chandra.si.edu/photo/20...
However, it doesn't seem like this solution of Mozilla's is a great one if one were to take the new default into consideration.
But it's why I'm still on v39.0 - can't keep up to all the changes
Perhaps by the time their servo rewrite is finished, the firefox name will be so unpopular that their best choice would be to release it under a different name.
I'm thinking something like "Chrome"?
If you want news from today, you have to come back tomorrow.
Yes, I "shouted". Obviously to OP has no clue.
Denying the creation of a cookie in the first place has nothing to do with deleting them when Firefox is closed (whoever closes ALL of their FF windows anyway?).
I hope Pale Moon keeps the feature, but, IMO, FF44 is now nearly useless.
For web fonts and similar 3rd party assets you want Smart Referer. Unless the primary website's address or id is encoded in the URL, this stops such tracking.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Firefox records and submits telemetry, by default, without gaining consent. If you're going to abuse your user, why can't the user at least benefit? They have telemetry, so they at least know which users have this feature enabled ("I use this feature"). If their telemetry is thorough, they know which users enabled it, then disabled it and left it off ("I tried this feature. I then stopped using it"). Now you know how popular it is, rather than just using a supposition as one of your major reasons, you have data.
They have Bugzilla. So they can query all bugs that this feature caused or was involved in. They then look at their ~100 lines of code and can decide on how disruptive the codebase is as a result of it being unmaintained and have an idea of how this state detriments the user experience.
It's crashing "multiple times a day"? Where's the data? Firefox records and submits crashes by default. Where's the query you ran that gives you this evidence? Is it the fault of the feature, it's lack of maintainer, or is something breaking it that is the fault of neither?
Fucksake. Spy on us then just ignore the damn science that it does? How very asinine.
How about "Silver Plastic" ?
Firefox has been getting slower and not quite right. But I clung to it for exactly this feature, fine-grained management of cookies. If it's gone in the next version, then I can start looking for faster neater alternatives.
It's cookie option is to delete any new cookies received when shutting down.
Brave is an advertising platform first and foremost.
Brave replaces ads the page / 3rd parties deliver with ads Brave delivers, while promising that the ads Brave delivers are safer and less invasive, as well as better targeted.
However good it may be as a browser it's a non-starter for me. It's core purpose is to put its own ads in front of my eyeballs.
A truly honest browser would refuse to load ANY content from a separate domain by default. That means going to butt.com will not allow you to load up an embedded youtube video, a referenced font, an externally-hosted jquery, or even butt.com's content on a generic CDN. ALL butt.com content should come from butt.com, plain and simple. Otherwise, the user should have to manually allow butt.com to load content from content.butt.com, *.butt.com, or butt.com.cdn.net, or youtube.com, or whatever.
Yes, this would "break" much of the current web and most users would never switch to a browser that enforced these things. And most sites would never respect these things. But the web would be a much better place if connecting to a host meant you received content only from that host by default. We're currently at a point where blocking third-party content breaks a huge chunk of the web, but blocking third-party cookies doesn't. I'm afraid that in a few years I'll be forced to accept cookies from "trackurshit.fucku.lolol.net" before being able to access most sites.
It worked well with MS and Edge.
How about Mozilla Bono?
Better yet, they could constantly change the name the way they did in the early days of Phoenix/Firebird/Firefox.
I haven't tried to use the cookie prompts for quite some time, but the basic functionality still seems to be intact in the preferences under Linux.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
I've used FF since Netscape. I'm done.
This is where I get off the bus. I've used Firefox for years, Netscape before that - gladly so. But the Firefox people have gone from great developers making a useful product, to pretty good but a little squirrelly, to UX weenies and marketing assholes, to evil sellouts actively trying to screw me over. Fuck 'em.
On a completely unrelated note, if you use Linux, chattr +i is your friend. Works on directories as well as files too. Just sayin'.
Do nothing people complain about bloat... Move features into extensions, people complain features are disappearing..
What is the better option?
People also like to bash about bloat in FF... Moving features that aren't used often into extensions is a great solution...
They are easier to maintain, and can be developed independently of FF... Faster iterations, and release of features to end-users, etc..
See Subject.
I have been using Firefox since the early days. Sure there were some releases with problems but 44 for me is the worst ever in my opinion. I have completely wiped it from APPDATA and Programs, reinstalled, yet frequent crashes. Crashes immediately if loading from the taskbar in Windows 7. If I use any plugins like Ad Block Plus or Noscript I get high CPU utilization and it sucks up allot of memory. Occasionally it just disappears in the middle of doing something.
Now with the cookie thing which I use frequently in web development and other plugins that will be borked, that's it I am done. They are forcing me to adopt another default for all my work.
I will check out waterfall listed above. I started to look at Palemoon before this and thought do these alternatives have dev teams or just one guy that will some day will disappear?
Was Yahoo p***d off about people who don't allow some cookies to be set?
That's a serious accusation, did you even care to read the bug before writing that?
:)
:)
FYI, while the deal isn't public, it was rather clear that it was contingent on Yahoo reinventing their search engine as they did.
So you can be confident that it's more likely Mozilla that pressures Yahoo than the other way around.
Besides the bugs, mailing lists, wiki, regular monday meetings, irc channels, etherpads, source code, review notes, commit comments, is all open.
I work at Mozilla there is very little private communication, apart from security bugs, just about everything is completely public.
The notes I make on stuff I work on is in a public etherpad, with links often posted on IRC.. So anyone can could jump in an make a mess of my notes
And you are welcome to participate! (and welcome to ask questions, as well as leaving useful comments, suggestions in my notes)
Also there is no way employees at Mozilla could keep a secret like that - You can be sure someone would blog about it
(Lots of people at Mozilla are in it for the mission)
I hope we still have the option for chunky chocolate chips!
This report is about removing optional user control over which cookies get created. Firefox 44 still allows users to delete individual cookies. Open up Preferences, go to the Privacy tab, click on "remove individual cookies" (a hyperlink) and you will see a list of all your cookies, grouped by domain name. Click on the ">" before a domain name to see the cookies for that domain. Select and delete as desired.
Personally, I prefer to use NoScript but allow websites to create cookies. That way I can whitelist domains in NoScript until a website works, without having to worry about which cookies to allow. Once I've finished with a website, I can always delete all the relevant cookies until next visit. This works well for me; YMMV.
In case Firefox 44 drops the permissions list entirely (does it?): How does one export these cookie settings to a format readable by humans and replacement add-ons / other browsers?
Damn it... *sighs* So, the missus is grumpy. My typing is pretty quiet but that made me laugh loud enough to wake up and give me the hairy eyeball. Usually, I am elsewhere at this time of night - if I'm online. Tonight, she fall asleep on the couch beside me.
Either way, I'm still blaming you. How long have you been waiting to say that?
"So long and thanks for all the fish."
While I don't mind cookies that much I do mind the retarded EU-mandated cookie-warnings that keep popping on every site possible, Fortunately there is an addon for that too!
I don't care about cookies 2.5.3
Available for Firefox, Chrome, Opera, and some other less popular browsers (no version for IE).
So donating $1,000 to some PAC fund 4 years before being named CEO constitutes 'using the business to grind personal political/psycho/sexual axes'?
Well, it does if you're a crazy zealot who's simply repeating what they heard without actually looking into it themselves but, damn it, there's a reason to be outraged and they will be righteously indignant. After all, when you've nothing to be proud of, you can join the braying herd of jackasses and at least get noticed or feel as if you've made some accomplishment.
Lest anyone read anything more into what I said then what I wrote, fuck off. Whilst I personally don't condone artificial limits to rights based on innate traits such as sexuality, I also don't appreciate browbeating people into submission and attempting to force conformity in beliefs and lawful actions. If people can't accept that others may think different than they - then they sit and be quiet while the adults have a discussion.
This condemnation and shame is no different today than it was when it was an actual punishment handed down by the courts and from the pulpit during Puritan times. It's no more acceptable now than it was then. People should be allowed to speak and act lawfully without that impacting their past, present, and future employment - to a reasonable extent. There's such a thing as being unreasonable and extreme. Right now, the people who thrive on public admonishment and retribution are continually demonstrating that they're both unreasonable and zealots. If you want to judge people, and that's a generic you, how about you judge them by their skill at performing the task they're hired to do and not how they donated to a political action committee? I know, that's too much to ask.
Never mind that it turns out that many of these outrages are based on misinformation, lies, and intentional omissions of circumstances. Never mind that some are fabricated from whole cloth. Never mind that they, the actors, have usurped a worthy cause and tarnished the name. It's fucking HARMFUL to society and HARMFUL to people - adding MORE HARM is not a good thing in the vast, vast majority of cases. But no... They'll do it just to inflate our egos and little bit and facts are secondary because, damn it, if nothing else we've opened a dialogue... "Something must be done. Somebody has to say something!" Yup, something has to be done and somebody should say something. However, that something is probably not what they're thinking and that someone almost certainly is not them. Take the outrage and do something actually useful.
When I'm ruler of the galaxy, I'm kicking all of 'em off the planet. And before folks sit there with a smug look, I hold the "MRA" folks in the same light. Yes, some people have a legitimate message and legitimate gripes - they appear to be an infinitesimally small number. There is no "both sides" to this coin. It's one side and on that side is a bunch of people looking for cause to be outraged and willing to manufacture that cause if they have nothing more meaningful in their lives that day. They don't care who gets hurt, so long as they can feel better about themselves for a few minutes and feel like they've accomplished something.
Well, that felt nice to write. Before some dumb ass comes along and says, "You're doing it too!" I'd like to point out that no, no I'm not. No, I'm not singling out anyone, using shame, or trying to destroy someone's life and livelihood. I'm not seeking to get anyone defunded nor am I wanting to harm anyone. Hell, I'm not even trying to silence them. There's a big difference between telling someone that you're sick of their stupid shit and don't want to hear anymore as opposed to preventing them from speaking. Sadly, it's reached the point where that has to be specified.
Yup. I'm gonna post this.
"So long and thanks for all the fish."
Some where back in the dim recent past, Firefox's ESCape key no longer meant abort everything and return control completely to the user. No matter if the base html is incomplete, no matter if some goofy-gumdrop JSON cloud-abortion is in progress, or a 302 redirect is in progress. No matter if you'll have to settle for a blank page because CSS cannot decide what color the text will be. Just ABORT. Now the ESC key means hardly anything.
Now in the face of incomplete loads, packet loss, severely delayed DNS lookups, javascript tumors that are busy metastasizing to grow the page from seeds using repeated lookups to unresponsive and overworked database servers --- all of this results in pages that won't stop loading, tabs that will not close immediately, or even pages with visible readable content that will not respond to scrolling requests or link clicks... until... exactly what I never found out.
The purported reason was to save the poor deep data content providers from aborted transactions caused by unwashed masses hitting reload and ESC. I say, if they're overloaded or vulnerable in any way to aborts or identical re-submits they are vulnerable to script kiddies too and someone has not done their job properly or provisioned their servers adequately. I never considered the ability to abort a web load as anything but an intrinsic RIGHT --- until it was taken away. It was,like, what are they thinking?
I've had to force-close Firefox to regain control. And no we're not talking about Flash or embed delays either, I run NoScript. This is Firefox's native process refusing to abort everything under all conditions.
If content providers bite into some apple of complexity (for example) embedding advertising and load sharing schemes that do little tricks (such as) using gobblegook DNS names with low or zero TTL, they deserve to be sandbagged for their effort by the masses until they re-think their decision and (god forbid) roll back in the general direction of 'static' content.
Unfortunately this is something a third-party addon cannot really fix. If ever I was temped to fork a whole project and create a new subculture to fix one aggravating feature=bug this is it.
<blink>down the rabbit hole</blink>
Sorry to Mrs KGill, it won't happen again!
So, basically Firefox has decided to permanently become a steaming pile of shit, and they focus on interface designs and features nobody cares about, while ignoring the features which made us use it in the first place?
You know, a lean standard compliant browser which allowed us control over our privacy and security? The things we actually want out of it.
Removing that feature is fucking moronic, because it allowed us to say "yes, I trust this site and they can set cookies, but all these sites can piss off, never ask me again".
Basically Firefox is now suffering from the Open Source feature rot ... if nobody is maintaining it, it's because it's not a shiny feature, which means it gets neglected.
I've used this feature for years, and it has NEVER caused a browser crash, not once. Silently saying "sure, go ahead, set all the cookies you want, we don't care" is a bullshit outcome from an organization which has become far too focused on shiny baubles instead of maintaining the good pieces in there.
Over the last bunch of years I'm more or less forced to conclude that the Mozilla foundation has lost the plot of what we wanted out of that browser in the first place.
OK, folks, so what's the best cookie manager plugin for Firefox? Because for those of us who run multiple browsers for multiple purposes with different levels of security and the like, the options seem to keep dwindling.
I have to say, it seems like Mozilla is just running themselves into the ground, and are jumping from one thing to another ... apparently now it's killing off Firefox OS and jumping into IoT.
Sorry Mozilla, you act like you're driven by marketing idiots with ADHD these days. Pathetic.
Lost at C:>. Found at C.
Perhaps they're expecting people to install add-ons? Fine-grained cookie management was why I switched to Firefox on Android, but I actually ended up using the self-destructing cookies add-on, which has exactly the policy that I want: any site can set a cookie, but unless I explicitly opt in (which I can do retroactively with the undelete button) to keeping it, then it's deleted when I navigate away from the site. Everything works as if I had cookies set to automatically accept, but doesn't get to persist any state for me across visits unless I permit it to.
I am TheRaven on Soylent News
The feature that was removed is a basic cookie management option where addons do a much better job with a better UI.
If you really want to do fine-grained cookie management, use an addon. I use Cookie Monster.
I like that Mozilla removes useless limited features that I long ago replaced by a powerful addon. The Firefox core must have good APIs (for example cookie management, cookie filtering) on which extensions can be built.
Unobtrusive may fail to satisfy the requirement that the notice be "conspicuous". And in some places, such as the Netherlands, the law is or recently has been that a site operator must obtain the user's explicit consent before setting a persistent cookie. This leads to "Accept cookies and continue to website" interstitials.
You have chocolate cookies with lemonade flavored bits? Where can I get me some o' dat?
as well as not giving the user a choice, such as a popup with only an OK button.
Then they give the user a choice that may be familiar to long-time users of porn sites: a popup with an Accept button and a Leave button that goes to a popular search engine or the front page of The Walt Disney Company's site.
vast majority of websites do not really have to annoy their visitors with cookies popups, because they work just fine without cookies (and most of the rest could be made to work without them).
On an e-commerce site, how do you implement an "Add to Cart" button without cookies? Users expect one anonymous visitor's cart to be separate from another anonymous visitor's cart, and they don't expect to have to create an account and log in (through a cookie-free method such as RFC 7617 Basic or a TLS client certificate) before adding an item. Or do you instead plan to associate a shopping cart to a query parameter in the URI? That breaks when a user shares a link to a product.
They do seem to have an interesting approach. On that same FAQ page they discuss their philosophy on ad reduction, ad replacement and removal of tracking stuff. There could be a substantial discussion on ad replacement alone.
Ads are something no user wants, but every advertiser and content-hoster wants. Bottom line is ads will always be around in one form or another. And they will always be evolving and changing.
Maybe ad replacement is a potential solution. You can't get rid of them (permanently everywhere that is), and you do want some content to survive (e.g. Slashdot), so maybe an ad vetting/voting/whitelisting system has some merit.
I come here for the love
In short, I've never seen a good, clean, reliable way to link a user to a session that doesn't involve cookies. If you've got the magic solution to that, please...I'm all ears.
Have the user create a username and password and use RFC 7617 basic authentication. Or have the user create a TLS client certificate.
Regarding ad voting, the potential for abuse of this is high (i.e. people hating every ad). One solution would be that your votes are always relative. In other words, do you like this ad more or less than other ads. This way some ads will always bubble to the top. And advertisers can then study/learn from those ads, and/or choose to run those ads more. And when they do that, people grow tired of those ads. So they bubble down the list and force new ads to appear.
This may not sound that great, but right now I am staring at sites that pad with screen after screen of white space, or force gigantic menus to overwrite content or display zero content when I try to ad-block them (via no JS and hosts anyway). Point is that we are already in the middle of an arms race.
I come here for the love
There is an option to "reopen last session" on start. You get all your tabs back :)
When I tried it, I got "Problem loading page: Server not found" as I switched to each tab. Firefox saves the URI, not the entire DOM, and it goes back to the Internet to re-fetch the page after I reopen Firefox. If I'm not connected to the Internet, such as if I'm on the bus to or from work or the grocery store, I get a dozen tabs of fail.
Maybe nobody had done any maintenance on it because it didn't need any. From the sounds of it everyone here found it to be working fine so there doesn't seem to be much need for the code to have been touched.
Seems like we need someone to go in and to small insignificant changes to the parts of Firefox that we want to keep as is.
It says it is a front end for the internal firefox features.
What happens on 44? Have you tried it?
For the record, enabled sites have a type=cookie, permission=1 (Allow) or 8 (Allow for Session), in the moz_hosts and (more recently, clumsily introduced and inconveniently distinguished by leading protocol IDs that hence needed to be set twice, for http and https) moz_perms tables of the respective /home/user/.mozilla/firefox/*.default/permissions.sqlite (readable e.g. by SQLite Database Browser).
Backup while you can.
It has, when you want to do all the breaking changes in the rest of your code and then try to avoid fixing the crashes you introduced.
I don't need that crap, my network already blocks unwanted domains through DNS. This has no relevance to the extensions I use.
Change is certain; progress is not obligatory.
My wife and I login on the same browser all the time without closing tabs. In fact, I do this all the time when paying bills.
Win+L, click your wife's name.
Logout on the 3rd tab, login to my wife's card account at the same bank, setup a payment on her card, log it in my spreadsheet.
If your wife authorizes you to pay her bill, then perhaps instead of you impersonating her, she should add you as an authorized manager of her account. Separate authentication (e.g. you are LordKronos) from authorization (e.g. LordKronos may withdraw from checking account 963852741 and make payments on 4345 6789 3210 6543). Ask your bank how to set this up, or find a bank that allows this.
Beside that, there's just the matter of security. I'm not closing my browser because I need to keep pages open, but I want to logout of websites so that I'm no longer using.
What is the attack model associated with staying logged in as yourself?
You're trying very hard to contrive some arrangement that makes basic authentication look like it's not utterly broken, but sorry...it's utterly broken.
The feature exists. I grant that the feature is broken. But it's possible to unbreak the feature. So instead of starting a web site that requires use of cookies, one can instead build browser extensions or contribute browser patches to unbreak the feature.
And there's no way most banks are going to let me pay her card from my account.
Since when are banks that issue payment cards no longer willing to let a cardmember add a joint account holder?
Hell...Discover, for example, won't even let me manage my own two cards from the same account...I need a separate online account for each card.
Then perhaps that bank needs to Discover some cardmembers that aren't you. Facebook gets a lot of things wrong, but separating auth and auth is one thing it gets right: each person has one account, and that account is connected to resources.
But thanks for clarifying. Now I have a sound bite to use against cookie haters: Basic auth is broken because logout in long-running browsers is broken.
My DNS is not prone to going down, why is that?
Oh no, my router at home has a blacklist of domains, that's a bigger chance than the average that has no blacklist. You talk a lot of shit.
Nah, my solution uses less resources. Less storage, less manual labour (after all, I only have to change the router, nothing else), less CPU (only one system has to deal with filtering, all the other systems spend less CPU than before, because there isn't even a TCP connection attempted to invalid IPs like 0.0.0.0 or 255.255.255.255 etc.
Hosts files are broken by operating system design, they're not meant to block DNS entires, they're not meant to handle large amounts of domains (look how it breaks on Windows), they're not even capable of blacklisting an entire domain without listing all of it's subdomains which goes into multi-terabyte files which Windows cannot load and uses far more memory than a simple wildcard blacklist on DNS server.
A large amount of devices in my home don't even support hosts files in any reasonable way. Tablets, game consoles, television, mobile phones etc. For the home user, this is probably a better and more wholesome way to handle blacklisting of domains because you won't have enterprise-level control of all your devices.
Change is certain; progress is not obligatory.
You failed to answer even the first question in response to your first point:
For someone that claims a lot, you don't really have much to back it up.
You completely ignored all the caveats I pointed out.
Except if you read my post, I stated I use addons and I can't even remember a time when they broke on me during updates. I also stated I don't use them for advertisement blocking which is what your assumption was.
You have to go to each damn computer to set it up.
Why the hell would large networks use hosts file instead of end point security solutions like Lumension?
Change is certain; progress is not obligatory.
But my question was:
My DNS is not prone to going down, why is that?
Your evidence has failed to provide, yet again.
Change is certain; progress is not obligatory.
Oh no, not actual experience in the matter!
If your own home router's DNS server dies constantly, I don't think that's the fault of DNS, APK.
Sock puppet all you want, APK.
Change is certain; progress is not obligatory.
Shh APK.
You just failed to answer the question and your red herrings leads to this crying of yours.
Let's get back on topic:
My DNS is not prone to going down, why is that?
Change is certain; progress is not obligatory.
If I time the amount it takes to restart the DNS server (much like how the daemon is restarted after updating it):
So, I guess as far the rare updates (I think I only ever saw one last year), there might be a downtime of 0.008 seconds, which isn't really long enough to miss all the standard three DNS requests most resolvers send out.
Now, if this wasn't on the same system that provides Internet routing to the rest of my network, I'd probably invest in a Bird setup for reliability of certain network services. Which would be trivial on a couple of Raspberry Pi Zeros to provide the network uninterrupted DNS resolution (among other network services).
As far as the hardware restarts go, according to my router data, it's been rebooted four times last year (I believe two were for system patches, two were due to me physically moving the hardware in the house). I am not seeing the "DNS is prone to going down" problem here.
Change is certain; progress is not obligatory.
My router doesn't suffer from any of the issues you linked. Clearly not a problem for me.
Change is certain; progress is not obligatory.
I said my DNS isn't prone to going down and I stand by that statement. I gave you some statistics to show total downtime, which is next to nothing. Less downtime than waiting for Windows to fail loading multi-terabyte hosts file (which is necessary if you want to block a domain and all it's possible subdomains) that won't load properly regardless to get sorta equivalent blocking (it doesn't block resolution, still has to point to an IP, even if it's an invalid one after all).
I don't have really any reliability issues noted here, as you could tell from my previous post, my router has been reliable.
My blacklist for my DNS server is also just one file. But unlike your 'one' file, I don't have to replicate it across the network to all computers, I literally just change it in one place and done. I don't even have to hack my devices that don't support hosts files to support it and other crazy non-sense.
Change is certain; progress is not obligatory.
No, I said it's not prone to going down and as I said, it's not. It's uptime in the last year, rounded up is 100% and that's with me physically moving hardware around in the house at some point.
I even told you that if I needed further reliability, which I don't because it's sitting on the router that provides Internet connectivity that I could easily use BIRD.
You're just being salty, APK. You're trying so hard to move the goal posts, argue semantics while throwing in red herrings, but it isn't working. It's quite obvious from my descriptions it's working pretty well and not prone to going down. There has been nothing described that even hints at an unacceptable situation that means it's "prone to going down", as you insinuate it to be something far, far worse, considering your previous irrelevant articles on the issue.
Change is certain; progress is not obligatory.
? I never denied there was downtime, I said it wasn't prone to going down.
Change is certain; progress is not obligatory.
As opposed to the operating systems that support hosts files? Eh. Not really.
Change is certain; progress is not obligatory.
APK, I already stated this in a previous post in another way. But, if it's a big concern that you need HA, just use technologies like BIRD with BGP. Problem solved, you can stop being salty now.
Change is certain; progress is not obligatory.
You said it's prone it going down and I asked why mine wasn't, something you still failed to answer. There was nothing that showed my DNS server was particularly prone to going down.
I didn't try, I pointed out that my DNS server runs on my router which would make it pointless for any further resilient design since it was the single point of internet connectivity on my network. There little use for DNS or even hosts on my network without Internet connectivity. You on the otherhand twist it's meaning and some how think I should be setting up a pointless resilient DNS infrastructure or maybe a resilient router infrastructure which I don't really feel I need, since HA is not part of my personal requirements.
Okay, let's put it in your logic. My router goes down because I decide to unplug it. However, I have a resilient DNS infrastructure. Oh great, I can do DNS look ups on hostnames that I can't access because my Internet is down, that's less exploitable than when they both go down. Sorry, it's not really doing much and pointless at this moment in time too.
But they don't. I can't even use a hosts file on the game consoles, the smart television, the digibox, the tablets, the mobiles and I don't particularly want to ask people to let me setup hosts files in their computers so they can immediately benefit from region bypasses and other things on my network.
I had more to post, but the lameness filter kicked in.
Change is certain; progress is not obligatory.
Indeed, but the statistics I shared doesn't reflect my DNS server prone to downtime. Having some down time does not equate to being prone to downtime.
Your problem, not mine.
Not an issue I experience on my DNS server.
If HA is necessary, I've told you the technologies you can use to do it.
I already measured the wattage my router uses, there is no noticeable difference between running a DNS server or not on it, so this is just further non-sense.
Nah, I secure my entire network. Failure to secure certain systems is what leads to compromises. Such as when Target was hacked through HVAC company systems.
I have a backup router I can plugin if this one fails (I don't need HA here, but could set it up if I wanted), I'm not seeing the single point of failure that hurts me here.
Change is certain; progress is not obligatory.
It's funny when you have to sock puppet your own support crowd, APK.
Change is certain; progress is not obligatory.
If the measurement is 9.5 watts without and the measurement is 9.5 watts with, does it really matter if there is some tiny difference beyond what's measured there? Cost wise, I'm just not seeing a problem.
Change is certain; progress is not obligatory.
Cool story.
Change is certain; progress is not obligatory.
You're just salty you can't actually come up with a reasonable counter.
Change is certain; progress is not obligatory.