Making your own passwords is the bane of computer security; as I said on the most recent LastPass vulnerability article on Slashdot, it leads to very weak passwords, password re-use, written down passwords, forgotten passwords (inevitably reset through an insecure, unauthenticated email verification), and lots of other nasty things.
If you use a good password manager (or some similar tool like a hasher), then how often you have to change your passwords is entirely irrelevant, because generating a new one is trivial and you'll never have to remember it.
I recommend KeePassX because it's cross-platform and does not connect to the Internet in any way.
1. You don't have to bribe Mozilla to get your extensions signed.
2. You can disable mandatory signage in Firefox by using a developer build or an unbranded build.
The point of signing the extensions is so that some compromised or malicious developer doesn't put malware into an extension's update stream; which can be (and has been) a huge problem, [... ]
Nobody I knows uses it, nobody I know knows anybody who uses it either. It's bloatware. It might be a perfectly fine extension but it shouldn't be built into the browser.
Please tell me how you're encrypting voice calls over the cell network on your 2G flip phone.
Who said I am? I was responding to the person who denied that any communication could be secure. In contrast, 2G cannot be secured (unless the content of it is encrypted).
1. Windows 10 isn't an open platform because the OS will uninstall your programs if they are not Microsoft's preference. Cf. https://tech.slashdot.org/stor...
2. The telemetry that was backported to Windows 7 can be uninstalled by denying certain updates. Cf. https://gist.github.com/xvital...
3. According to American style, the question mark only goes inside the quotation marks if a question is the substance of what is being quoted. Cf. http://www.grammarbook.com/pun...
You can still use unsigned addons in the Developer and Nightly branches. If you're willing to void any promise for support, you can also use an unbranded version of the stable branch: https://wiki.mozilla.org/Add-o...
They work just like Firefox, with two differences: they will have a setting to disable mandatory signature checks, and they will not have the Firefox name and logo (instead using a generic name and logo). These builds are available in the en-US locale only."
next year, add-ons that circumvent DRM and TOS will no longer be signed due to legal pressure by the bigplayers. so enjoy your "tube" downloaders while you still can.
Well, if that happens, then large swathes of people will flock to other browsers, including myself. Until then, it's not a reason to not use Firefox.
Firefox has the best standards compliance of any browser, its performance nowadays is not too far off from Chrome's, and it's just as extensible as ever. Can you show me any examples of Mozilla refusing to sign a non-malicious extension?
God, I wish I had mod points to give you. This growing issue in the computer world has been a HUGE pet peeve of mine.
How is it a "growing issue"? If you use an open platform like Windows (pre-10) or Android or macOS or Linux, you can install whatever browser you want. If it turns out Mozilla will be nefariously constrictive of their products, you have the freedom to use something else.
The point of signing the extensions is so that some compromised or malicious developer doesn't put malware into an extension's update stream; which can be (and has been) a huge problem, since by default extensions auto-update. So, disallowing unsigned extensions is a security feature. If it turns out Mozilla will be nefarious about it, then you can always recompile Firefox from source with the mandatory signing thing cut out, or go to some fork. Right now I don't think it's a bad move.
That's probably going to drop a bit it they break all the add-ons.
(Again...)
My interpretation of Mozilla's plans is that they plan to gradually deprecate XUL in order to give time for developers to keep their extensions working with every version of Firefox. So it's not as if they're all going to break overnight. Some will break and won't get fixed if they're not maintained, but that happens on every platform.
You can check if e10s is available by going to Options -> General -> "Enable multi-process Firefox". I think what TFA means is that it's off by default (unless you don't use addons) until Firefox 49, but can somebody confirm that?
"Firefox is now also making add-on signing mandatory"
I don't see what the big deal about this is. Everything on addons.mozilla.org is already signed. If you have some legacy thing that hasn't been signed yet, you can use the Extended Support Release until Firefox 52.
Slashdot Mirror
Making your own passwords is the bane of computer security; as I said on the most recent LastPass vulnerability article on Slashdot, it leads to very weak passwords, password re-use, written down passwords, forgotten passwords (inevitably reset through an insecure, unauthenticated email verification), and lots of other nasty things.
If you use a good password manager (or some similar tool like a hasher), then how often you have to change your passwords is entirely irrelevant, because generating a new one is trivial and you'll never have to remember it.
I recommend KeePassX because it's cross-platform and does not connect to the Internet in any way.
There's two important differences.
1. You don't have to bribe Mozilla to get your extensions signed.
2. You can disable mandatory signage in Firefox by using a developer build or an unbranded build.
[ Citation required ]
http://arstechnica.com/securit...
I'm not saying WebRTC is bad. But it should be disabled by default and opt-in for privacy reasons.
Nobody I knows uses it, nobody I know knows anybody who uses it either. It's bloatware. It might be a perfectly fine extension but it shouldn't be built into the browser.
That's odd--right now, they're just using stock iPhone and Galaxy S hardware, with some administrative policies.
D'oh. I read TFS but skipped the headline. You're right and I'm wrong.
Please tell me how you're encrypting voice calls over the cell network on your 2G flip phone.
Who said I am? I was responding to the person who denied that any communication could be secure. In contrast, 2G cannot be secured (unless the content of it is encrypted).
Some corrections to your post:
1. Windows 10 isn't an open platform because the OS will uninstall your programs if they are not Microsoft's preference. Cf. https://tech.slashdot.org/stor...
2. The telemetry that was backported to Windows 7 can be uninstalled by denying certain updates. Cf. https://gist.github.com/xvital...
3. According to American style, the question mark only goes inside the quotation marks if a question is the substance of what is being quoted. Cf. http://www.grammarbook.com/pun...
What if add-ons don't sign? Can we still "force" them in?
See here: https://wiki.mozilla.org/Add-o...
You can still use unsigned addons in the Developer and Nightly branches. If you're willing to void any promise for support, you can also use an unbranded version of the stable branch: https://wiki.mozilla.org/Add-o...
How's it gotten worse in the past three or so releases?
You can turn it off. In Nightly, right now the setting is in Options -> General -> "Enable multi-process Nightly [Firefox]"
Sorry for the double post, but see here: https://wiki.mozilla.org/Add-o...
"How will the unbranded versions of Firefox work?
They work just like Firefox, with two differences: they will have a setting to disable mandatory signature checks, and they will not have the Firefox name and logo (instead using a generic name and logo). These builds are available in the en-US locale only."
next year, add-ons that circumvent DRM and TOS will no longer be signed due to legal pressure by the bigplayers. so enjoy your "tube" downloaders while you still can.
Well, if that happens, then large swathes of people will flock to other browsers, including myself. Until then, it's not a reason to not use Firefox.
Firefox has the best standards compliance of any browser, its performance nowadays is not too far off from Chrome's, and it's just as extensible as ever. Can you show me any examples of Mozilla refusing to sign a non-malicious extension?
God, I wish I had mod points to give you. This growing issue in the computer world has been a HUGE pet peeve of mine.
How is it a "growing issue"? If you use an open platform like Windows (pre-10) or Android or macOS or Linux, you can install whatever browser you want. If it turns out Mozilla will be nefariously constrictive of their products, you have the freedom to use something else.
Have you tried using the Extended Support Release instead of the stable branch?
Telling them to "stop with the useless bells and whistles" and instead "stabilize the code" is exactly what they're doing these days.
The point of signing the extensions is so that some compromised or malicious developer doesn't put malware into an extension's update stream; which can be (and has been) a huge problem, since by default extensions auto-update. So, disallowing unsigned extensions is a security feature. If it turns out Mozilla will be nefarious about it, then you can always recompile Firefox from source with the mandatory signing thing cut out, or go to some fork. Right now I don't think it's a bad move.
That's probably going to drop a bit it they break all the add-ons.
(Again...)
My interpretation of Mozilla's plans is that they plan to gradually deprecate XUL in order to give time for developers to keep their extensions working with every version of Firefox. So it's not as if they're all going to break overnight. Some will break and won't get fixed if they're not maintained, but that happens on every platform.
You can check if e10s is available by going to Options -> General -> "Enable multi-process Firefox". I think what TFA means is that it's off by default (unless you don't use addons) until Firefox 49, but can somebody confirm that?
Not noticeably different for me on Windows 7, but I use different extensions in both browsers, so it's not a fair comparison.
No changes in the UI. And Classic Theme Restorer still works: https://addons.mozilla.org/en-...
I was about to rush and grab it until...
"Firefox is now also making add-on signing mandatory"
I don't see what the big deal about this is. Everything on addons.mozilla.org is already signed. If you have some legacy thing that hasn't been signed yet, you can use the Extended Support Release until Firefox 52.
Firefox has about 10% market share (several studies collected here), which is hundreds of millions of people.