0 users browsing Discussion. | 2 guests | 36 bots  
    Main » Discussion » Mozilla, *sigh*
    Pages: First Previous 13 14 15 16 17 18 19 20 21 22 23 Next Last
    Posted on 19-09-02, 21:05 (revision 1)
    Dinosaur

    Post: #522 of 1316
    Since: 10-30-18

    Last post: 2 hours
    Last view: 2 hours
    Moz://a is about to release its latest improvement to its JavaScript engine: the Baseline interpreter.
    https://hacks.mozilla.org/2019/08/the-baseline-interpreter-a-faster-js-interpreter-in-firefox-70/

    How long until the JS frat boys figure out how to bring its performance to 486 levels with their newest "instant messaging" browser bloat? I'm all for squeezing extra performance out of our browsers, but sadly noone is doing anything to address the big elephant in the room: massive scripting abuse for everything because the web browser is the new OS :/ Seriously, the solution that those guys are proposing to address performance concerns on their JIT engine is to actually reinforce it with a better interpreter, because modern webapps are so bloated that the JIT performance gains are decimated by excessive compilation times!

    Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™
    Posted on 19-09-02, 21:51 (revision 1)
    Custom title here

    Post: #669 of 1164
    Since: 10-30-18

    Last post: 63 days
    Last view: 14 hours
    Yeah, JavaScript is a huge problem at this point, but it would take a concerted multi-vendor effort to kill it like Flash. And that won't happen because Google is an offender.

    ...
    Maybe Oracle will kick it off by suing everyone because Java is a registered trademark? It'd be nice if they did SOMETHING good.

    --- In UTF-16, where available. ---
    Posted on 19-09-04, 08:45 (revision 2)
    Post: #265 of 426
    Since: 10-30-18

    Last post: 499 days
    Last view: 14 days
    Version 69 (heh) re-introduced the ability to block automated playback of media that starts off muted. That's how the feature originally worked, then they changed it to only block automated playback of muted videos... and now we've come full circle.

    Wouldn't surprise me if there are media players that can bypass the mechanism.

    AMD Ryzen 3700X | MSI Gamer Geforce 1070Ti 8GB | 16GB 3600MHz DDR4 RAM | ASUS Crosshair VIII Hero (WiFi) Motherboard | Windows 10 x64
    Posted on 19-09-04, 09:33
    Custom title here

    Post: #671 of 1164
    Since: 10-30-18

    Last post: 63 days
    Last view: 14 hours
    AT LONG LAST! Seamonkey 2.49.5 is out.
    https://www.seamonkey-project.org/

    Also comments about the future.
    They aren't sure what they're going to do after 2.57(based on Firefox ESR 60), because Gecko's been shredded and gutted by Team Firefox in their ongoing crusade to make sure Gecko isn't usable by anyone that isn't Firefox.
    "The current Mozilla Gecko codebase has seen a flow of constant major changes and api removals in the last 2 years and is no longer really usable for our needs." as they more diplomatically put it.

    --- In UTF-16, where available. ---
    Posted on 19-09-04, 09:37
    Dinosaur

    Post: #523 of 1316
    Since: 10-30-18

    Last post: 2 hours
    Last view: 2 hours
    Win64 is now official? Same as Lin64?!


    OOOOOOOOOOHHHH YEAH!


    Upgrading now!

    Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™
    Posted on 19-09-04, 11:59
    Stirrer of Shit
    Post: #615 of 717
    Since: 01-26-19

    Last post: 1763 days
    Last view: 1761 days
    What would they even replace it with? Even if they were to start writing all their code in WebAssembly, web developers would just pile additional layers of abstraction on top until it got too slow for their machines again. There's nothing intrinsically wrong with JavaScript, more than it being too easy to write.

    Also, what's with Mozilla's favicon?

    There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
    Posted on 19-09-07, 17:01 (revision 3)
    Dinosaur

    Post: #526 of 1316
    Since: 10-30-18

    Last post: 2 hours
    Last view: 2 hours
    After another CANTV outage, I managed to start deploying SM2.49.5 across my machines.

    It still works on WinXP!

    The Win64 version seems to work as smoothly as the Win32 one.

    Huh, the English dictionary is now missing - looks like I need to reinstall it.
    Also, the email client now greets you with the integrated calendar extension (Lightning) which is completely useless to me. But then the Seamonkey guys knew that, and on the first run you get asked if you want to keep or disable it. A restart later, my email client is right exactly where I left it.

    No addons broke this time.
    Dictionaries are now broken after updating/installing them! The English one was missing because I'm now using a localized 64-bit build (they're now official!) instead of the contrib en-US build (which shipped with the dictionary). The Spanish one was there, but after updating it it no longer appears... Needs research...
    UPDATE: Turns out that the new Thunderbird addons site (to which Seamonkey now redirects) offers the WebExtensions versions of the dictionaries by default. But then, Seamonkey isn't infected (yet!) by the Webextensions crap, and those addons will install... but not work at all. The release notes have the following to say:
    SeaMonkey does not currently support the WebExtensions add-on api. Some popular add-ons like NoScript and uBlock Origin are no longer shown because of this on the SeaMonkey add-ons website. You can usually get them from the manufacturers site. WebExtensions support is a planned feature for 2.57. For dictionaries please install the latest non webext version.

    All you need is to scroll down on the dictionary addon page you're going to install, find the version history, and pick the most recent version that does NOT say "webext" at the end. Install, done, have fabulous spellar and grammer.

    > There's nothing intrinsically wrong with JavaScript, more than it being too easy to write.
    Like PHP and Visual Basic. The languages are not exactly the best ones in the bunch, but indeed you can Get Shit Done without too much effort, and there are thriving communities for support and plenty of documentation. The problem is that easy tools tend to attract crapcoders just like shit attract flies, and that's a undeniable fact. Then, there is no effort applied to get those crapcoders turned into decent coders, even more when your language have significative flaws. When you fix the flaws and your language becomes a first (or second) class citizen, it's already too late: noone wants to use your language anymore, and the files have fled away to a fresher cow dung.

    Sure, crapcoders abound in pretty much every programming language under the sun (except maybe for the most esoteric ones), but you know how this goes: the easier the language, the more it's prone to get people without the proper knowledge to churn out bloated, unsafe, and unusable pieces of garbage AKA "social apps" and "line-of-business solutions".

    FWIW, I don't find Javascript a "easy" language by any means (from questionable semantics to the lack of a standard library for pretty much anything useful). And I say this as a Java developer by trade! If I'm forced to pick at gunpoint, I would pick PHP over JS any day of the week.

    Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™
    Posted on 19-09-08, 18:08 (revision 1)
    Dinosaur

    Post: #529 of 1316
    Since: 10-30-18

    Last post: 2 hours
    Last view: 2 hours
    Moz://a is making D'OH the default for DNS queries for you USAians in late September:
    https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
    https://news.slashdot.org/story/19/09/08/0318237/firefox-will-soon-encrypt-dns-requests-by-default

    This implies that if your adblocking solution relies on a DNS service under your control, it means Firefox (with the help of Cloudflare) is going to neuter it. Supposedly latest FF releases now block tracking junk, but still, you will still get ads unless you install more clientside bloat to block them. Yes, D'OH is opt-out... for now.

    Thaaaaaaaaaaanks Moz://a!

    Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™
    Posted on 19-09-08, 21:38
    Stirrer of Shit
    Post: #618 of 717
    Since: 01-26-19

    Last post: 1763 days
    Last view: 1761 days
    What's wrong with DNS over HTTPS? Fixing ISP MITM attacks once and for all is a commendable idea. Not allowing hosts file blockers is a shame, but it really would not be a problem if you did your ad blocking like everyone else.

    >Then, there is no effort applied to get those crapcoders turned into decent coders, even more when your language have significative flaws. When you fix the flaws and your language becomes a first (or second) class citizen, it's already too late: noone wants to use your language anymore, and the files have fled away to a fresher cow dung.

    But 'fixing the crapcoders' is never even a goal. If you give them more training, they cost more money for no good reason. Likewise for them, they want to be done with it so they can start making money instead of going to school. And since the apps generally have a best-before date of a few months, long-term maintenance stuff doesn't tend to pay off.

    The financial incentives simply aren't there to make anything better. If you make the language easier, then that will just cause a corresponding decrease in hours of training the average coder has.

    Java is 'harder' than JS in the sense that producing a MVP is more expensive: an error in Java will probably give you a compile error or runtime exception, whereas in JS it will just give an odd result somewhere which isn't really the end of the world.

    You could argue languages should be harder, but then the code gets more expensive and it's also a politically controversial move. Thus the current state of affairs will continue indefinitely, since it's driven by demographic changes which will never be reversed.

    There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
    Posted on 19-09-09, 02:52
    Full mod

    Post: #338 of 443
    Since: 10-30-18

    Last post: 1101 days
    Last view: 172 days
    Posted by tomman
    This implies that if your adblocking solution relies on a DNS service under your control, it means Firefox (with the help of Cloudflare) is going to neuter it.


    From the article you linked:

    At a high level, our plan is to [...] Fall back to operating system defaults for DNS when split horizon configuration or other DNS issues cause lookup failures.


    So Firefox will initially query both the local DNS and DNS-over-HTTPS providers, and only stick with DNS-over-HTTPS if it's generally giving the same results. Presumably, DNS-based adblocking will trigger pretty often on the modern Internet, automatically preventing DNS-over-HTTPS from being used.

    Of course, if you *really* want to disable DNS-over-HTTPS, if the domain-name "use-application-dns.net" returns NXDOMAIN instead of its real address, Firefox will disable DNS-over-HTTPS in order to respect local DNS filtering.

    The ending of the words is ALMSIVI.
    Posted on 19-09-09, 04:46
    Custom title here

    Post: #683 of 1164
    Since: 10-30-18

    Last post: 63 days
    Last view: 14 hours
    Posted by sureanem
    What's wrong with DNS over HTTPS? Fixing ISP MITM attacks once and for all is a commendable idea. Not allowing hosts file blockers is a shame, but it really would not be a problem if you did your ad blocking like everyone else.

    As an option, sure.
    As a mandatory thing... ugh. I ALREADY can't use large portions of the internet with older computers solely because modern HTTPS servers require recent encryption standards that old browsers don't support(because Google punishes them for being back-compatible), and those same sites often don't offer an HTTP alternative(because Google punishes them for being back-compatible).

    What is even the point of owning an Ultra 10 and a PowerBook 190 if I can't fuck about on the internet with them?

    --- In UTF-16, where available. ---
    Posted on 19-09-09, 11:48 (revision 5)
    Dinosaur

    Post: #530 of 1316
    Since: 10-30-18

    Last post: 2 hours
    Last view: 2 hours
    Posted by Screwtape
    Posted by tomman
    This implies that if your adblocking solution relies on a DNS service under your control, it means Firefox (with the help of Cloudflare) is going to neuter it.


    From the article you linked:

    At a high level, our plan is to [...] Fall back to operating system defaults for DNS when split horizon configuration or other DNS issues cause lookup failures.


    So Firefox will initially query both the local DNS and DNS-over-HTTPS providers, and only stick with DNS-over-HTTPS if it's generally giving the same results. Presumably, DNS-based adblocking will trigger pretty often on the modern Internet, automatically preventing DNS-over-HTTPS from being used.

    This implies trusting Mozilla and its partners, something I'm not going to do. I don't trust my ISP (communist after all, and it's because of them that I run my own caching BIND server at home), but certainly Mozilla's track is not stellar. And then, Google is also going to do the same crap, and we can't trust them either.

    Posted by Screwtape
    Of course, if you *really* want to disable DNS-over-HTTPS, if the domain-name "use-application-dns.net" returns NXDOMAIN instead of its real address, Firefox will disable DNS-over-HTTPS in order to respect local DNS filtering.

    ...and that's exactly what I'm doing here. Thankfully it's just matter to add another RPZ zone to BIND.
    Then, if you want to go nuclear, you can also blackhole all known D'OH servers too.


    Posted by sureanem
    What's wrong with DNS over HTTPS? Fixing ISP MITM attacks once and for all is a commendable idea. Not allowing hosts file blockers is a shame, but it really would not be a problem if you did your ad blocking like everyone else.

    (emphasis mine)
    Sorry, I'm not installing extra bloatware on my clients. It's DNS or bust, and that's also set in stone for me. I also want every visitor to my network to benefit without forcing him/her to also install extra bloatware on their clients (particularly on cellphones, where not everybody is a phone nerd)
    Then there is the fact that people don't consider advertising evil/a nuisance/a waste over here where I live, which is expected from a society where people is becoming more and more sadomasochist every day.

    If you also wish, you can roll your own D'OH server - here is a way:
    https://docs.pi-hole.net/guides/dns-over-https/

    Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™
    Posted on 19-09-09, 22:47
    Stirrer of Shit
    Post: #619 of 717
    Since: 01-26-19

    Last post: 1763 days
    Last view: 1761 days
    Posted by CaptainJistuce
    As an option, sure.
    As a mandatory thing... ugh. I ALREADY can't use large portions of the internet with older computers solely because modern HTTPS servers require recent encryption standards that old browsers don't support(because Google punishes them for being back-compatible), and those same sites often don't offer an HTTP alternative(because Google punishes them for being back-compatible).

    What is even the point of owning an Ultra 10 and a PowerBook 190 if I can't fuck about on the internet with them?

    HTTPS is also a mistake which ought to be thrown out and redone with modern technology.

    The whole deal is that it has to be violently killed off - if DNS is allowed to coexist peacefully, what will happen is just that malicious actors will NXDOMAIN the use-application-dns.net record and then filter as usual. This is a golden opportunity in which the financial incentives for once line up with freedom, and it should not be squandered!
    Posted by tomman
    This implies trusting Mozilla and its partners, something I'm not going to do. I don't trust my ISP (communist after all, and it's because of them that I run my own caching BIND server at home), but certainly Mozilla's track is not stellar. And then, Google is also going to do the same crap, and we can't trust them either.

    In what threat model is "Mozilla refuses to switch over my DNS" an issue but "Mozilla does all sorts of malicious stuff with the code" A-OK?

    Running it through CloudFlare is not ideal, but it's the best you can get. ISPs can be compelled to censor websites, for instance. CloudFlare only rarely engages in censorship.

    DNS is also a bit disgusting and it's a shame they didn't take the opportunity to introduce some kind of cryptographic proof of integrity while they were at it, but you can't have it all here in life.

    Sorry, I'm not installing extra bloatware on my clients. It's DNS or bust, and that's also set in stone for me. I also want every visitor to my network to benefit without forcing him/her to also install extra bloatware on their clients (particularly on cellphones, where not everybody is a phone nerd)
    Then there is the fact that people don't consider advertising evil/a nuisance/a waste over here where I live, which is expected from a society where people is becoming more and more sadomasochist every day.

    If you also wish, you can roll your own D'OH server - here is a way:
    https://docs.pi-hole.net/guides/dns-over-https/

    But this is a completely ham-fisted way of going at things which should never be supported. How is Firefox to know you're using a trusted DNS server? The model of "because I tell it so" has clearly been shown to fail. The matter of fact remains: whether you like it or not, googleads.g.doubleclick.net does resolve to an ad domain, and this is not up to you to decide. There is such a thing as an objective truth, and this should not be interfered with - rather the filtering ought to be done on the level of the user-agent - that which represents the user, unlike the other components. When you bring a device to somewhere which does not implement your censorship, or the regulator decides to DNS block politically sensitive websites, what then?

    Treating filtering of content as a supported behavior is a "good intention," and such should fail as violently as possibly.

    There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
    Posted on 19-09-10, 00:02
    Custom title here

    Post: #684 of 1164
    Since: 10-30-18

    Last post: 63 days
    Last view: 14 hours
    Posted by sureanem
    Posted by CaptainJistuce
    As an option, sure.
    As a mandatory thing... ugh. I ALREADY can't use large portions of the internet with older computers solely because modern HTTPS servers require recent encryption standards that old browsers don't support(because Google punishes them for being back-compatible), and those same sites often don't offer an HTTP alternative(because Google punishes them for being back-compatible).

    What is even the point of owning an Ultra 10 and a PowerBook 190 if I can't fuck about on the internet with them?

    HTTPS is also a mistake which ought to be thrown out and redone with modern technology.

    The whole deal is that it has to be violently killed off - if DNS is allowed to coexist peacefully, what will happen is just that malicious actors will NXDOMAIN the use-application-dns.net record and then filter as usual. This is a golden opportunity in which the financial incentives for once line up with freedom, and it should not be squandered!

    Backwards-compatibility is of value.
    I don't think that "if someone can't afford a new computer, they should be banned from the internet" is a good attitude, and that's where we're headed. Current versions of Firefox and Chrome won't run on anything older than Windows 7. That ALREADY leaves a lot of people out in the cold. There is nothing wrong with their Vista and XP machines, but browser vendors said we can't use them anymore and websites said we can't use old browsers.
    If you want to tell me privacy needs to be aggressively pursued at the cost of breaking existing browsers, you need to make sure that new browsers are available for older systems.


    Also, there's a financial incentive to NOT change the DNS infrastructure. ISPs use their status as "your DNS server" to serve ads on failed lookups instead of returning an error. Commercial filter software relies on DNS being transparent.
    Hell, commercial interests are trying to sabotage TLS 1.3, because enterprise software relies on flaws in TLS1.2 to do things that were easier to implement without abusing TLS1.2 in the first place.



    But this is a completely ham-fisted way of going at things which should never be supported. How is Firefox to know you're using a trusted DNS server? The model of "because I tell it so" has clearly been shown to fail. The matter of fact remains: whether you like it or not, googleads.g.doubleclick.net does resolve to an ad domain, and this is not up to you to decide. There is such a thing as an objective truth, and this should not be interfered with - rather the filtering ought to be done on the level of the user-agent - that which represents the user, unlike the other components. When you bring a device to somewhere which does not implement your censorship, or the regulator decides to DNS block politically sensitive websites, what then?

    Treating filtering of content as a supported behavior is a "good intention," and such should fail as violently as possibly.

    Sorry, but nope. There ought to exist a mechanism right now to tell my network "this domain is untrusted and nothing on my network should be allowed to connect to it", and... oh, wait, such a mechanism does exist, and it is local DNS entries.

    Instead, Firefox and Chrome want to block websites based solely on Google's "dangerous website" list. And we've already seen how THAT works. How much worse will it be when Google has the power to be overtly malicious instead of overtly inept and subtly malicious?

    --- In UTF-16, where available. ---
    Posted on 19-09-10, 00:56
    Dinosaur

    Post: #531 of 1316
    Since: 10-30-18

    Last post: 2 hours
    Last view: 2 hours
    Posted by sureanem
    The matter of fact remains: whether you like it or not, googleads.g.doubleclick.net does resolve to an ad domain, and this is not up to you to decide. There is such a thing as an objective truth, and this should not be interfered with - rather the filtering ought to be done on the level of the user-agent - that which represents the user, unlike the other components. When you bring a device to somewhere which does not implement your censorship, or the regulator decides to DNS block politically sensitive websites, what then?


    Dude, please, GIVE UP.

    My network, my hardware, MY RULES.
    If you web browser makers and advertising companies of the world do not agree, I'm free from not using your garbage anymore. It isn't like I could be banned from the Internet. The current model is broken, sure, but the proposed replacements are so terrible I can't even consider those as "upgrades" but more like as "hostile action from the enemy".

    I AM NOT INSTALLING CLIENT-SIDE ADBLOCKING SOLUTIONS, EVER.


    ...just for fun, I fired up my Esware VM, which contains whatever versions of Mozilla and Konqueror were available in 2002.

    No HTTPS site would load on those - Konqueror simply sat there displaying a blank page. Mozilla refused to proceed with a "we don't share common crypto algorithms" error message. The only sites I was able to open were this board (over HTTP) and n-gate (which does not need HTTPS).

    Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™
    Posted on 19-09-10, 03:03 (revision 2)
    Custom title here

    Post: #685 of 1164
    Since: 10-30-18

    Last post: 63 days
    Last view: 14 hours
    Posted by tomman
    The only sites I was able to open were this board (over HTTP) and n-gate (which does not need HTTPS).


    Speaking of!
    From a diffrent page on the same site...


    "DNS over HTTPS - the good, the bad and the ugly
    Why, how, when and who gets to control how names are resolved
    A webshit will try to convince the audience that replacing other protocols with webshit is healthy and good. "Why" will be answered with "because we want to track you more closely," "how" will be answered with "extremely poorly," "when" will be answered with "as soon as the Chrome team tells you to" and "who gets to control how names are resolved" will of course be "Google." "



    Edit: Ah yes. On my main computer now, and am reminded this is the site designed to use Comic Sans if at all possible, just to annoy anyone with Comic Sans installed.
    *le sigh*
    Also, was his about page ALWAYS that terrible?

    --- In UTF-16, where available. ---
    Posted on 19-09-10, 07:49 (revision 2)
    Post: #270 of 426
    Since: 10-30-18

    Last post: 499 days
    Last view: 14 days
    Anybody else notice that you arbitrarily can't add Cookie exceptions for various websites?



    AMD Ryzen 3700X | MSI Gamer Geforce 1070Ti 8GB | 16GB 3600MHz DDR4 RAM | ASUS Crosshair VIII Hero (WiFi) Motherboard | Windows 10 x64
    Posted on 19-09-10, 08:07
    Post: #88 of 202
    Since: 11-01-18

    Last post: 660 days
    Last view: 16 days
    that got nuked in ff60
    Posted on 19-09-10, 09:24
    Full mod

    Post: #339 of 443
    Since: 10-30-18

    Last post: 1101 days
    Last view: 172 days
    Nightly 71 already has a slightly different UI from that. So far as I can tell, Firefox generally won't let you grant a site special permissions unless the site has tried to do something. If a site doesn't set any weird cookies that Firefox blocks, Firefox won't let you grant weird-cookie permissions to that site.

    In particular, if you're using an ad-blocker, Firefox probably won't ever see any weird stuff, so it will never let you grant permissions.

    The ending of the words is ALMSIVI.
    Posted on 19-09-10, 09:50
    Custom title here

    Post: #687 of 1164
    Since: 10-30-18

    Last post: 63 days
    Last view: 14 hours
    "It's easy to disable blocking for sites you trust."

    *laughs*

    --- In UTF-16, where available. ---
    Pages: First Previous 13 14 15 16 17 18 19 20 21 22 23 Next Last
      Main » Discussion » Mozilla, *sigh*
      This does not actually go there and I regret nothing.