Firefox disabled all add-ons because a certificate expired

[Arlen G. Holder]

Firefox disabled all add-ons because a certificate expired
<https://www.engadget.com/2019/05/03/firefox-extension-add-on-cert/>

The event occurred as the clock rolled over on UTC (Coordinated Universal
Time, aka GMT or Greenwich Mean Time), and impacted users quickly narrowed
it down to "expiration of intermediate signing cert" -- as it's described
on Mozilla's bug tracker.
<https://bugzilla.mozilla.org/show_bug.cgi?id=1548973>

[R.Wieser]

As someone on slashdot mentioned, why are those add-ons even checked
each-and-every time you start your browser ? Are they expected to mutate
somehow (and no, I do not mean updates) ?

All the thats that certificate /should/ be needed for is to make sure that
you get & install the add-on as the developer has created it.

In its current implementation its simply a kill-switch for anything Mozilla
wishes to declare "obsolete". :-(

And by the way: the work around is to go into about:config, find
"xpinstall.signatures.required" and set it to false (which is actually the
first thing I do when installing FF :-) )

Regards,
Rudy Wieser

[David W. Hodgins]

On Sat, 04 May 2019 04:00:21 -0400, R.Wieser <add...@not.available> wrote:

> In its current implementation its simply a kill-switch for anything Mozilla
> wishes to declare "obsolete". :-(

Precisely why they have it. Used properly, it's a good thing.

https://www.zdnet.com/article/mozilla-announces-ban-on-firefox-extensions-containing-obfuscated-code/

Extensions are a security risk. Only those where you decide the risk is
worth the benefit should be installed. Most web browser users don't even
think about it, so it's up to mozilla to decide reasonable defaults for
them.

Regards, Dave Hodgins

--
Change dwho...@nomail.afraid.org to davidw...@teksavvy.com for
email replies.

[R.Wieser]

David,

> Precisely why they have it. Used properly, it's a good thing.

Thats the problem, the "properly" I mean. The "certificate not reachable,
disable everything" (with "not reachable" ment in the broadest sense) is not
my definition of "properly".

> https://www.zdnet.com/article/mozilla-announces-ban-on-firefox-extensions-containing-obfuscated-code/

Yup. And I would be very amused (not!) if I suddenly see a plugin I've
been using for some time (read: the damage, if any, has already been done)
disappear from my browser. Especially when that plugin does some kind of
filtering or protection (privacy, viri, you name it).

> Extensions are a security risk.

True. So, remove them. Make FF a monolithic beast which can only do what
Mozilla allows it to do - and by it make it loose any reason why anyone
would want to install it. :-)

But than again, FF itself has become a security risk. Its insistance to
"call home" for all kinds of stuff as well as its feature creep (including
stuff which only benefits advertisers) means it has to be bridled and tamed
after installation and before allowing it to connect to the 'web.

> Only those where you decide the risk is worth the benefit should be
> installed.

Exactly. Its /the users/ choice. They seem to be forgetting that.
The fact that the plugins are simply disabled instead of throwing security
dialogs + explanations /and giving us a choice/ makes that painfully clear.

> Most web browser users don't even think about it, so it's up to mozilla to
> decide reasonable defaults for them.

Yep. But not giving the user a (clear, and easy to apply) choice is , in
my book, not anywhere near to "reasonable". Than again, I'm sure that a
bunch of lawyers will be able with a 100-page "brief" explaining how its
just that. :-( :-)

Regards,
Rudy Wieser

P.s.
Do you know how I can get, in FF 52.x, disable
"location.services.mozilla.com" and "tiles.services.mozilla.com" access
every time I start the browser ? Without malforming every mentioning in
about:config I mean. I've tried about anything, but it stil keeps doing
it.

And as a bonus: do you know how I can set preferences /automatically/ when I
create a new profile ? Having to unplug the ethernet cable(1) before and
than manually do stuff (even if its just a user.js") after creating one
isn't really user friendly.

(1) First thing FF does after creating a profile and before you've had a
chance to change the default configuration is /ofcourse/ to phone home - to
multiple domains.

[Soviet_Mario]

On 04/05/19 11:43, R.Wieser wrote:
> David,
>
CUT ALL

i happened to read your advice about disabling signature
automatic check via the ABOUT:CONFIG page and ... well,
there's a huge load of settings there, most of them I can't
even guess what use are for

do you know some further manual tuning in order to improve
the user experience ?
Me too I loathe the direction Mozilla took about plugins
management (If i decide I need one shut up and let me run it
:). Just ask me to tic a disclaimer and you're done

and BTW : how to disable that habit of "calling home" you
mentioned ?

--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
Soviet_Mario - (aka Gatto_Vizzato)

[Bit Twister]

On Sat, 4 May 2019 12:25:15 +0200, Soviet_Mario wrote:

>
> and BTW : how to disable that habit of "calling home" you
> mentioned ?
>

You might want to bookmark this url
https://encrypted.google.com/advanced_search

Putting about config descriptions
in the first box at the above url gets me

About 174,000,000 results (0.44 seconds)

You might want to do some research on /prefs.js and /user.js

Rather than dink with prefs.js on each new install, I found it
productive to use about:buildconfig to customize prefs.js and copy
it to user.js. Then crate a link in ~/.mozilla/firefox/*.default/user.js
back to the saved user.js.

That way my customizations do not have to be re-entered.

[R.Wieser]

Soviet_Mario,

> well, there's a huge load of settings there, most of them I can't even
> guess what use are for

Same problem here I'm afraid.

> do you know some further manual tuning in order to improve the user
> experience ?

It depends what you find important. But all I've got has been put together
from other people on usenet and places like https://slashdot.org/ mentioning
this-or-that, and ofcourse by simply stumbling over info while looking for
other, related stuff. Like these :
https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/A_brief_guide_to_Mozilla_preferences
https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/

One other part of my "user experience" is that my brower only visits the
domains I'm telling it to, so I installed a plugin called RequestPolicy. It
blocks all request to third-party resources (trackers, spy pixels, "log in
to {...}" trackers, etc), but can easily be told to allow, for all or just a
single webpage, a request thru.

> and BTW : how to disable that habit of "calling home" you mentioned ?

I went thru the trouble of trying to find the settings by which I could stop
it. Although I can't remember them all - and am not even sure which change
actually did something - I got all but locations and tiles to shut up.

But the easiest is to open about:config, and from all URLs in there changed
the "http://" and "https://" into "http:127.0.0.1/". By doing it that way
it allows me to start a program monitoring 127.0.0.1:80 and see what FF
itself all tries to talk to. And boy, its quite a list. :-(

Mind you, you have to do that for /every/ profile (user) you have or will
create.

I've also got GreaseMonkey installed to enhance my user experience (by
scrubbing webpages, removing all kinds of cruft), but that has got nothing
to do with FF itself.

Regards,
Rudy Wieser

[David W. Hodgins]

On Sat, 04 May 2019 05:43:01 -0400, R.Wieser <add...@not.available> wrote:

>> Precisely why they have it. Used properly, it's a good thing.

> Thats the problem, the "properly" I mean. The "certificate not reachable,
> disable everything" (with "not reachable" ment in the broadest sense) is not
> my definition of "properly".

Agreed. This is a major screwup on their part. People make mistakes. We'll
have to wait and see how the handle letting people know they have to
re-enable their desired extensions, once the cert is updated.

> But than again, FF itself has become a security risk. Its insistance to
> "call home" for all kinds of stuff as well as its feature creep (including
> stuff which only benefits advertisers) means it has to be bridled and tamed
> after installation and before allowing it to connect to the 'web.

Use lynx. :-)

>> Most web browser users don't even think about it, so it's up to mozilla to
>> decide reasonable defaults for them.

> Yep. But not giving the user a (clear, and easy to apply) choice is , in
> my book, not anywhere near to "reasonable". Than again, I'm sure that a
> bunch of lawyers will be able with a 100-page "brief" explaining how its
> just that. :-( :-)

As they are the publisher of the extensions, it their choice to un-publish
them. I don't know if there is a way to override that though.

> Do you know how I can get, in FF 52.x, disable
> "location.services.mozilla.com" and "tiles.services.mozilla.com" access
> every time I start the browser ? Without malforming every mentioning in
> about:config I mean. I've tried about anything, but it stil keeps doing
> it.

https://hide.me/en/knowledgebase/how-to-disable-location-services-on-web-browser/
will stop it from sharing your location. It doesn't seem to stop it from
checking to see what your location is though.

> And as a bonus: do you know how I can set preferences /automatically/ when I
> create a new profile ? Having to unplug the ethernet cable(1) before and
> than manually do stuff (even if its just a user.js") after creating one
> isn't really user friendly.

I think that requires creating a file in the appropriate directory under
/usr/lib64/firefox/browser/defaults/

[The Real Bev]

On 05/04/2019 01:52 AM, David W. Hodgins wrote:
> On Sat, 04 May 2019 04:00:21 -0400, R.Wieser <add...@not.available> wrote:
>
>> In its current implementation its simply a kill-switch for anything Mozilla
>> wishes to declare "obsolete". :-(
>
> Precisely why they have it. Used properly, it's a good thing.

The downside, of course, is fuckups like this.

I was happy with FF before the Quantum Invasion. Since then it's been
one annoyance after another. If I were a more suspicious person, I
might suspect google of having had a hand in the race to the bottom.

> https://www.zdnet.com/article/mozilla-announces-ban-on-firefox-extensions-containing-obfuscated-code/
>
> Extensions are a security risk. Only those where you decide the risk is
> worth the benefit should be installed. Most web browser users don't even
> think about it, so it's up to mozilla to decide reasonable defaults for
> them.

Most users don't even change their fonts. I don't understand how people
can live like that.

--
Cheers, Bev
"It's too bad stupidity isn't painful." - A. S. LaVey

[R.Wieser]

David,

> Agreed. This is a major screwup on their part. People make mistakes.

They do. And to be honest, most certificates are used as a /temporary/
seal-of-approval for /usage/ (as in, not a once-off certificate to unlock),
so applying it in the same way onto plugins is imaginable (rule: do not
attribute to malice what can be attributed to stupidity)

... than again, creating plugins with amn expiry date at their choice is a
very commercial thing to do (addendum: do not easily attribute to "a stupid
mistake" when only the maker of the mistake benefits from it).

> Use lynx. :-)

Some time ago I downloaded another, simpler browser. And threw it out the
moment it /told/ me that it needed to update, and to press (the only
avalable) "OK" button (I just killed the process). Should have been
gratefull it mentioned what it was going to do I suppose - but somehow I
wasn't. :-(

> As they are the publisher of the extensions,

Do developpers have much say in that ? If they do not agree almost no
user will see their plugins, and when they do they will have to jump thru
hoops to get them accepted by the browser. Where is /my/ free choice gone
?

And by the way: On my old FF browser I've written a few plugins myself (for
my own use). As far as I've understood the only way I can do that with the
newer browsers is to sign up as a developper, after which I get an - again
time-limited - certificate to get my own product working. I don't know
about you, but to me that feels like Damocles Sword hanging permanently
above my head ...

> As they are the publisher of the extensions, it their choice to un-publish
> them.

You started with "Used properly". I don't think that "at their discretion"
falls under that in /any/ dictionary.

> https://hide.me/en/knowledgebase/how-to-disable-location-services-on-web-browser/
> will stop it from sharing your location. It doesn't seem to stop it from
> checking to see what your location is though.

:-) Explain to me: Why should a browser go and get what it promisses me it
doesn't use ? Something smells fishy there, and it aint my socks.

And anything about how to stop that tiles home-calling ? Everything other
than malforming the URL has failed.

> I think that requires creating a file in the appropriate directory under
> /usr/lib64/firefox/browser/defaults/

Thanks.

Regards,
Rudy Wieser

[The Real Bev]

When I create a new profile (generally when I do an install of a new FF
version) I just copy over ALL the contents of the old one into the new
one. So far, so good.

To the best of my knowledge, the only problems are an inability to play
facebook (and some other) videos (I've tried disabling addons, but that
gets really old really fast and I get thoroughly fed up before
identifying the problem; I finally just got rid of the add-ons that
weren't essential, and I'm unwilling to give up the rest) and the
occasional impossibility of filling in an on-line form. For those I
hold my nose and use chrome.

[The Real Bev]

On 05/04/2019 08:05 AM, R.Wieser wrote:
> David,
>
>> Agreed. This is a major screwup on their part. People make mistakes.
>
> They do. And to be honest, most certificates are used as a /temporary/
> seal-of-approval for /usage/ (as in, not a once-off certificate to unlock),
> so applying it in the same way onto plugins is imaginable (rule: do not
> attribute to malice what can be attributed to stupidity)
>
> ... than again, creating plugins with amn expiry date at their choice is a
> very commercial thing to do (addendum: do not easily attribute to "a stupid
> mistake" when only the maker of the mistake benefits from it).

A temp fix is provided by Chris Ilias in the firefox support group:

=============================
Mozilla has rolled-out a fix for this. The fix will be automatically
applied in the background within the next few hours, you don’t need to
take active steps.

In order to be able to provide this fix on short notice, they are using
the Studies system. You can check if you have studies enabled
1. Go to [=] > Options > Privacy & Security.
2. Make sure "Allow Firefox to install and run studies" is check marked.

I you had it disabled, you can disable studies again after your add-ons
have been re-enabled.

They are working on a general fix that doesn't need to rely on this and
will keep you updated.

<https://ilias.ca/links>
Mailing list/Newsgroup moderator
===============================

[The Real Bev]

BUT it didn't work. I restarted several times. Posted into the
mozilla.support.firefox group (I'm on permanent "moderation" status, so
it may not show up) but no response yet.

[RonB]

On 2019-05-04, David W. Hodgins <dwho...@nomail.afraid.org> wrote:
> On Sat, 04 May 2019 04:00:21 -0400, R.Wieser <add...@not.available> wrote:
>
>> In its current implementation its simply a kill-switch for anything Mozilla
>> wishes to declare "obsolete". :-(
>
> Precisely why they have it. Used properly, it's a good thing.
>
> https://www.zdnet.com/article/mozilla-announces-ban-on-firefox-extensions-containing-obfuscated-code/
>
> Extensions are a security risk. Only those where you decide the risk is
> worth the benefit should be installed. Most web browser users don't even
> think about it, so it's up to mozilla to decide reasonable defaults for
> them.
>
> Regards, Dave Hodgins

It's a "risk" to block adds and potential "drive-by" malware bots with
uBlock Origin? I think that's a "risk" I'm willing to take.

--
The more I see of Windows, the more I like Linux.

[RonB]

I already found the "xpinstall.signatures.required" fix in the Linux Mint
forums. uBlock Origin is the only add-on I currently use. Without it, the
Internet is a cesspool. Is there any reason to turn this signature required
"feature" back on after Firefox gets their certificate screw-up fixed?

[R.Wieser]

Bev,

>> 2. Make sure "Allow Firefox to install and run studies" is check marked.

And ? Do you know if any "studies" have been installed and if so how to
remove them ?

I'm not really trusting them ? Why ever would you say that ... :-)

Regards,
Rudy Wieser

[R.Wieser]

Ron,

> Is there any reason to turn this signature required
> "feature" back on after Firefox gets their certificate
> screw-up fixed?

Yes, there is. It will block you from /mistakingly/ installing possibly
rogue plugins onto your browser. If you than decide that you do not agree
with Mozilla's assessment you can always turn the setting off again.

Too bad that that can't be set/unset for a single plugin though. 'Cause
its quite a choice to make: allow others to dictate what you install, or
decide for yourself and lose the "early warning" system altogether.

I can imagine that it has been done on purpose though, as a FUD incentive
not even to try (to decide for yourself).

Regards,
Rudy Wieser

[Carlos E. R.]

On 04/05/2019 16.59, The Real Bev wrote:
> Most users don't even change their fonts.  I don't understand how people
> can live like that.

Why should we waste time doing that? We have more interesting things to do.

--
Cheers,
Carlos E.R.

[The Real Bev]

On 05/04/2019 10:26 AM, R.Wieser wrote:
> Ron,
>
>> Is there any reason to turn this signature required
>> "feature" back on after Firefox gets their certificate
>> screw-up fixed?
>
> Yes, there is. It will block you from /mistakingly/ installing possibly
> rogue plugins onto your browser. If you than decide that you do not agree
> with Mozilla's assessment you can always turn the setting off again.

Does this mean that we can install the old pre-Quantum version of Tab
Mix Plus and other extensions that were either forbidden or badly crippled?

That's EASILY a benefit worth whatever risk they're worried about.

> Too bad that that can't be set/unset for a single plugin though. 'Cause
> its quite a choice to make: allow others to dictate what you install, or
> decide for yourself and lose the "early warning" system altogether.
>
> I can imagine that it has been done on purpose though, as a FUD incentive
> not even to try (to decide for yourself).

--
Cheers, Bev
"Don't force it, use a bigger hammer!"
--M. Irving

[The Real Bev]

On 05/04/2019 10:59 AM, Carlos E. R. wrote:
> On 04/05/2019 16.59, The Real Bev wrote:
>> Most users don't even change their fonts. I don't understand how people
>> can live like that.
>
> Why should we waste time doing that? We have more interesting things to do.

How can people NOT configure something they use a lot on a daily basis
and will probably use for the rest of their lives? Especially when the
generic version is both ugly and difficult to use...

Perhaps casual users don't give a shit. I am not a casual user.

[The Real Bev]

Eventually it worked. Just after I posted that it didn't, in fact. The
usual way things happen :-(

[Carlos E. R.]

On 04/05/2019 20.30, The Real Bev wrote:
> On 05/04/2019 10:59 AM, Carlos E. R. wrote:
>> On 04/05/2019 16.59, The Real Bev wrote:
>>> Most users don't even change their fonts.  I don't understand how people
>>> can live like that.
>>
>> Why should we waste time doing that? We have more interesting things
>> to do.
>
> How can people NOT configure something they use a lot on a daily basis
> and will probably use for the rest of their lives?  Especially when the
> generic version is both ugly and difficult to use...

But I don't find them either ugly nor difficult to see... :-)

--
Cheers,
Carlos E.R.

[Arlen G. Holder]

On Sat, 4 May 2019 19:15:32 +0200, R.Wieser wrote:

> And ? Do you know if any "studies" have been installed and if so how to
> remove them ?

Hi Rudy Wieser,

To answer that question, please see this screenshot I just made for you:
<https://i.postimg.cc/D0w9msK1/firefox01.jpgOuOOki>

You can check with a simple command, which was explained in the canonical
blog by Mozilla on the topic, which appears to be here:

o Add-ons disabled or fail to install on Firefox
<https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox>

"It may take up to six hours for the study to be applied to Firefox. To
check if the fix has been applied, you can enter about:studies in the
address bar. If the fix is active, you¢ll see
hotfix-reset-xpi-verification-timestampe-1548973"

My main question, perhaps born of my sophomoric ignorance, is why can't
they just re-compile Firefox with a built-in known good certificate?

[R.Wieser]

Bev,

> Does this mean that we can install the old pre-Quantum version of Tab Mix
> Plus and other extensions that were either forbidden or badly crippled?

That fully depends on the plugin itself. It isn't some kind of magical
"every plugin will work and behave" setting I'm afraid. :-)

But it /does/ mean that you can instal plugins without needing Mozillas
permission for it (at least, that is how it works on my (old) version of the
browser). Which is good if you know what you're doing (or write your own
plugins), but not that good for the regular "just press 'OK' " crowd.

In short, if you think you trust the plugin than go ahead and try. Nothing
will break if it doesn't work.

> That's EASILY a benefit worth whatever risk they're worried about.

For /you/ (and a plenty of others here and otherwise) that might be true.
For the above-mentioned 'OK' crowd ? not so much. Just guess who will be
blamed when one of those makes a wrong choice, installs a rogue plugin and
gets in trouble because of it. Yep, Mozilla. In other words, they are in
a bit of a tight spot there.

Regards,
Rudy Wieser

[Arlen G. Holder]

On Sat, 4 May 2019 19:39:21 -0000 (UTC), Arlen G. Holder wrote:

> To answer that question, please see this screenshot I just made for you:
> <https://i.postimg.cc/D0w9msK1/firefox01.jpgOuOOki>

Dunno why that URL of the screenshot I made for you had those ending
characters after the "jpg" (it still worked); but this is perhaps a better
URL in that it's more direct that it points to a JPEG file.

<https://i.postimg.cc/D0w9msK1/firefox01.jpg>

[RonB]

On 2019-05-04, R.Wieser <add...@not.available> wrote:

Okay, thanks. This is the first time I've ever run into an issue like this
on Firefox. Normally I run Pale Moon or Waterfox for most things (because I
like the older interface better) and Firefox for watching Netflix, TubiTV,
MLB.com, etc. But when I installed Linux Mint 19.1 on this 19" "square"
monitor the Firefox interface was acceptable (as I had plenty of room
anyhow). I guess it's time to add Vivaldi and Waterfox (Vivaldi because some
sites, like my cell phone site, need a Chrome-based browser for paying the
bill). Besides, I can see now where only having one browser installed is
probably not a good idea.

[RonB]

On 2019-05-04, R.Wieser <add...@not.available> wrote:

BTW, I forgot to mention it in the last response, but thanks for the
information.

[RonB]

On 2019-05-04, The Real Bev <bashl...@gmail.com> wrote:
> On 05/04/2019 10:59 AM, Carlos E. R. wrote:
>> On 04/05/2019 16.59, The Real Bev wrote:
>>> Most users don't even change their fonts. I don't understand how people
>>> can live like that.
>>
>> Why should we waste time doing that? We have more interesting things to do.
>
> How can people NOT configure something they use a lot on a daily basis
> and will probably use for the rest of their lives? Especially when the
> generic version is both ugly and difficult to use...
>
> Perhaps casual users don't give a shit. I am not a casual user.

The good thing about choice is that everyone can make their own decisions
about priorities. Casual users as well as non-casual users have different
priorities.

[RonB]

Heresy! :)

[RonB]

On 2019-05-04, The Real Bev <bashl...@gmail.com> wrote:

I guess I'll try switching the "xpinstall.signatures.required" setting back
and see if mine works.

Thanks for the update.

[RonB]

Yep. Working now. It's good to know how to disable this feature if necessary
in the future.

[R.Wieser]

Ron,

> Besides, I can see now where only having one browser
> installed is probably not a good idea.

Having a backup handy is /never/ a bad idea.

> BTW, I forgot to mention it in the last response, but thanks
> for the information.

You're welcome. :-)

Regards,
Rudy Wieser

[Carlos E. R.]

:-D

We are talking of fonts used by Firefox, right?

That only applies to the tittle bar, the menu bar, and little more.
These I can change, I believe, by choosing a different theme for the
desktop, which in my case it is XFCE which uses GTK, same as Firefox.

As to the fonts used inside the pages, I never would dream of touching
them, no matter how ugly they may be: it is the choice of the web page
designer, and I want to see the page as it was designed.


Searching on preferences, I see that it is using the default which
happens to be Arial 16. In advanced I can choose the fonts for latin and
a lot more, for proportional, serif, sans-serif and monospace. That's
possibly hundreds of choices. I also see a tick for "allow pages to
choose their own fonts, instead of your selections above", and it is ticked.

I'm not gonna change that!

--
Cheers,
Carlos E.R.

[The Real Bev]

Then you are fortunate!

This is roughly how I want to see firefox. It used to be better. I
used to have my bookmarks running down the left side of the page with
the most recently used on top, but some FF update killed that -- there's
a sort of half-assed replacement which is NOT what I wanted.

https://i.postimg.cc/P55qnLFT/fftest.jpg

I hate hierarchical menus -- I want to see ALL the stuff I use
frequently ALL the time.

--
Cheers, Bev
"I've learned that you can keep puking long
after you think you're finished." -- SL

[The Real Bev]

On 05/04/2019 12:41 PM, R.Wieser wrote:
> Bev,
>
>> Does this mean that we can install the old pre-Quantum version of Tab Mix
>> Plus and other extensions that were either forbidden or badly crippled?

I've been trying at the TMP site. Even though I also set
xpinstall.whitelist.required to false, some sort of NO YOU CAN'T message
flashes up, too fast to read. Feh. Old TMP did just what I want in
combination with Tree Style Tabs, but the new versions are unpleasantly
different.

> That fully depends on the plugin itself. It isn't some kind of magical
> "every plugin will work and behave" setting I'm afraid. :-)
>
> But it /does/ mean that you can instal plugins without needing Mozillas
> permission for it (at least, that is how it works on my (old) version of the
> browser). Which is good if you know what you're doing (or write your own
> plugins), but not that good for the regular "just press 'OK' " crowd.
>
> In short, if you think you trust the plugin than go ahead and try. Nothing
> will break if it doesn't work.

I tried programming. Basic, Fortran and dBaseII. Wordstar macros don't
really count. I could do crude stuff, but it really hurt. Anything
clever was totally beyond me.

>> That's EASILY a benefit worth whatever risk they're worried about.
>
> For /you/ (and a plenty of others here and otherwise) that might be true.
> For the above-mentioned 'OK' crowd ? not so much. Just guess who will be
> blamed when one of those makes a wrong choice, installs a rogue plugin and
> gets in trouble because of it. Yep, Mozilla. In other words, they are in
> a bit of a tight spot there.

Then perhaps there should be some sort of "If I fuck up it's all my
fault and I won't whine" checkbox hidden somewhere that those people
won't find it.

[Fenris]

On Sat, 4 May 2019, The Real Bev wrote:
> A temp fix is provided by Chris Ilias in the firefox support group:
>
> =============================
> Mozilla has rolled-out a fix for this. The fix will be automatically
> applied in the background within the next few hours, you don’t need to
> take active steps.
>
> In order to be able to provide this fix on short notice, they are using
> the Studies system. You can check if you have studies enabled
> 1. Go to [=] > Options > Privacy & Security.
> 2. Make sure "Allow Firefox to install and run studies" is check marked.
>
> I you had it disabled, you can disable studies again after your add-ons
> have been re-enabled.

Thanks a lot, enabling the studies fixed it within an hour or so.
Disabling it again didn't harmed the addons after restarting the browser
as well.

[Carlos E. R.]

On 04/05/2019 23.44, The Real Bev wrote:
> On 05/04/2019 11:48 AM, Carlos E. R. wrote:
>> On 04/05/2019 20.30, The Real Bev wrote:
>>> On 05/04/2019 10:59 AM, Carlos E. R. wrote:
>>>> On 04/05/2019 16.59, The Real Bev wrote:
>>>>> Most users don't even change their fonts.  I don't understand how
>>>>> people
>>>>> can live like that.
>>>>
>>>> Why should we waste time doing that? We have more interesting things
>>>> to do.
>>>
>>> How can people NOT configure something they use a lot on a daily basis
>>> and will probably use for the rest of their lives?  Especially when the
>>> generic version is both ugly and difficult to use...
>>
>> But I don't find them either ugly nor difficult to see... :-)
>
> Then you are fortunate!
>
> This is roughly how I want to see firefox.  It used to be better.  I
> used to have my bookmarks running down the left side of the page with
> the most recently used on top, but some FF update killed that -- there's
> a sort of half-assed replacement which is NOT what I wanted.
>
> https://i.postimg.cc/P55qnLFT/fftest.jpg

I see similar (except the panel on the right).

But that's what that page designer chose. I will not interfere. Yes, the
page is ugly.

> I hate hierarchical menus -- I want to see ALL the stuff I use
> frequently ALL the time.

I prefer hierarchical menus. Combined with a search feature it is better.



--
Cheers,
Carlos E.R.

[Arlen G. Holder]

On Sat, 4 May 2019 05:32:39 -0000 (UTC), Arlen G. Holder wrote:

> Firefox disabled all add-ons because a certificate expired

UPDATE:
o Bug report 1549129: <https://bugzilla.mozilla.org/show_bug.cgi?id=1549129>
o 66.0.4 release notes: <https://www.mozilla.org/firefox/66.0.4/releasenotes/>
o Full offline installer: <https://www.mozilla.org/en-US/firefox/all/>

I haven't been watching this closely simply because I strategically load a
dozen different browsers to tactically set up each browser specifically for
a web site (or similar set of web sites), such that I don't need addons
(except some browsers, like the TBB need their addons to be working).

However, they recently updated the canonical web page Zag kindly provided:
<https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox>

Which now reports:
"*A fix has been released in Firefox version 66.0.4*
An update will be rolled out automatically with the latest fixes
or you can download a new version. Please see the 66.0.4 release
notes for more information. We are also working on a fix for
Firefox for Android."
o 66.0.4 Download: <https://www.mozilla.org/firefox/new/>

No specific mention of iOS.

[Arlen G. Holder]

On Mon, 6 May 2019 01:05:42 -0000 (UTC), Arlen G. Holder wrote:

> "*A fix has been released in Firefox version 66.0.4*

Here is the updated original article quoted in this thread:
<https://www.engadget.com/2019/05/03/firefox-extension-add-on-cert/>
"As of 7 AM ET on Saturday morning, a fix is now rolling out."

I'm not sure the status of the Tor Browser though, which requires
extensions such as "noscript", I believe, where mine doesn't seem to have
an update when I just checked moments ago.

Googling, I found this on the Tor Browser Bundle:
o Mozilla bug throws Tor Browser users into chaos
"We haven┤ yet received notification of an update to the
Tor Browser, but we expect to see one soon. [2019-05-05T22:15Z]"

There's apparently a workaround for the Tor Browswer Bundle:
o Fix for Tor Browser NoScript Addon Being Disabled
<https://www.bleepingcomputer.com/news/security/fix-for-tor-browser-noscript-addon-being-disabled/>

But how many TBB users knew to apply that?

I'm not sure of the implications, so I ask a basic question of you:
o Does this mean native Tor Browsers have been less secure all weekend?

[Arlen G. Holder]

The Tor Browser Bundle appears to have been updated today:
<https://www.torproject.org/download/>

Tor Browser 8.0.9 -- May 7 2019
o Bug 30388: *Make sure the updated intermediate certificate keeps working*

Since they say "all platforms", that suggests all platforms but iOS
(since iOS, as we know, lacks this key privacy functionality), where
Android on Firefox has, belatedly, just been updated on Google Play:
o <https://play.google.com/store/apps/details?id=org.mozilla.firefox>

While we all knew iOS lacks privacy functionality (despite Apple scdreaming
to the contrary of their imaginary privacy), what's super interesting is
that the Firefox canonical page makes absolutely no mention of iOS.
<https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox>
o My iPad Firefox was currently version 10.6 (8836)
o The iPad won't let me update the Firefox (likely because I don't pick up
the latest iOS releases since they break connectivity in the real world,
e.g., to Apple, the real world, e.g., Linux, is "not supported").

Just to be sure, I hit the "install & update" on Mozilla's iOS web page
<https://support.mozilla.org/en-US/products/ios>
It says the iOS Firefox was last updated a week ago to version 16.2
with no mention of anything but an app crash bug being fixed at that time.

So it seems that everything has been updated on all five platforms
o Except the Tor Browser Bundle (this key privacy doesn't exist on iOS)
o Except Firefox on iOS (no mention of why)

[Arlen G. Holder]

Mozilla to wipe data collected by fix that tackled recent Firefox add-on blunder
<https://www.neowin.net/news/mozilla-to-wipe-data-collected-by-fix-that-tackled-recent-firefox-add-on-blunder/>

Taking advantage of Studies as a deployment channel for such fixes also saw
telemetry sent from browsers back to Mozilla for the duration of the study.
While this may be cause for concern for the privacy concerned out there,
Joe Hildebrand has outlined Mozilla's plans to discard collected data in an
announcement on its blog:

"In order to respect our users¢ potential intentions as much as possible,
based on our current set up, we will be deleting all of our source
Telemetry and Studies data for our entire user population collected between
2019-05-04T11:00:00Z and 2019-05-11T11:00:00Z."

Hildebrand also encouraged users to "please check that your settings match
your personal preferences before we re-enable Studies" which is set to take
place in roughly three days.

[Arlen G. Holder]

On Fri, 10 May 2019 19:06:43 -0000 (UTC), Arlen G. Holder wrote:

> Mozilla to wipe data collected by fix that tackled recent Firefox add-on blunder
> <https://www.neowin.net/news/mozilla-to-wipe-data-collected-by-fix-that-tackled-recent-firefox-add-on-blunder/>

The Mozilla CTO, today explained the details of what actually happened...

o Technical Details on the Recent Firefox Add-on Outage
<https://hacks.mozilla.org/2019/05/technical-details-on-the-recent-firefox-add-on-outage/>

[Soviet_Mario]

On 04/05/19 20:30, The Real Bev wrote:
> On 05/04/2019 10:59 AM, Carlos E. R. wrote:
>> On 04/05/2019 16.59, The Real Bev wrote:
>>> Most users don't even change their fonts.  I don't
>>> understand how people
>>> can live like that.
>>
>> Why should we waste time doing that? We have more
>> interesting things to do.
>
> How can people NOT configure something they use a lot on a
> daily basis and will probably use for the rest of their
> lives?  Especially when the generic version is both ugly and
> difficult to use...
>
> Perhaps casual users don't give a shit.  I am not a casual
> user.

standing ovation +1


>
>


--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
Soviet_Mario - (aka Gatto_Vizzato)

[Soviet_Mario]

I not gonna talk about ugliness (personal view) but for
example I find it really disfunctional to take up space on
the bottleneck, limiting vertical coordinate of a LARGE
screen, instead of letting me free where the heck to place
the TABS bar !

But umpteen further examples are at hand.

[The Real Bev]

On 05/12/2019 11:35 AM, Soviet_Mario wrote:
> On 04/05/19 20:48, Carlos E. R. wrote:
>> On 04/05/2019 20.30, The Real Bev wrote:
>>> On 05/04/2019 10:59 AM, Carlos E. R. wrote:
>>>> On 04/05/2019 16.59, The Real Bev wrote:
>>>>> Most users don't even change their fonts. I don't understand how people
>>>>> can live like that.
>>>>
>>>> Why should we waste time doing that? We have more interesting things
>>>> to do.
>>>
>>> How can people NOT configure something they use a lot on a daily basis
>>> and will probably use for the rest of their lives? Especially when the
>>> generic version is both ugly and difficult to use...
>>
>> But I don't find them either ugly nor difficult to see... :-)
>
> I not gonna talk about ugliness (personal view) but for
> example I find it really disfunctional to take up space on
> the bottleneck, limiting vertical coordinate of a LARGE
> screen, instead of letting me free where the heck to place
> the TABS bar !
>
> But umpteen further examples are at hand.

Screens are wide now. It's insane to place the tab bar at the top or
bottom rather than the side.

--
Cheers, Bev
"The last thing you want is for somebody to commit suicide
before executing them."
-Gary Deland, former Utah director for corrections

[RonB]

On 2019-05-12, Soviet_Mario <Sovie...@CCCP.MIR> wrote:
> On 04/05/19 20:30, The Real Bev wrote:
>> On 05/04/2019 10:59 AM, Carlos E. R. wrote:
>>> On 04/05/2019 16.59, The Real Bev wrote:
>>>> Most users don't even change their fonts.  I don't
>>>> understand how people
>>>> can live like that.
>>>
>>> Why should we waste time doing that? We have more
>>> interesting things to do.
>>
>> How can people NOT configure something they use a lot on a
>> daily basis and will probably use for the rest of their
>> lives?  Especially when the generic version is both ugly and
>> difficult to use...
>>
>> Perhaps casual users don't give a shit.  I am not a casual
>> user.
>
> standing ovation +1

Why is the concept that different people have different priorities so
difficult to grasp?

[RonB]

On 2019-05-12, Soviet_Mario <Sovie...@CCCP.MIR> wrote:

> On 04/05/19 20:48, Carlos E. R. wrote:
>> On 04/05/2019 20.30, The Real Bev wrote:
>>> On 05/04/2019 10:59 AM, Carlos E. R. wrote:
>>>> On 04/05/2019 16.59, The Real Bev wrote:
>>>>> Most users don't even change their fonts.  I don't understand how people
>>>>> can live like that.
>>>>
>>>> Why should we waste time doing that? We have more interesting things
>>>> to do.
>>>
>>> How can people NOT configure something they use a lot on a daily basis
>>> and will probably use for the rest of their lives?  Especially when the
>>> generic version is both ugly and difficult to use...
>>
>> But I don't find them either ugly nor difficult to see... :-)
>>
>
> I not gonna talk about ugliness (personal view) but for
> example I find it really disfunctional to take up space on
> the bottleneck, limiting vertical coordinate of a LARGE
> screen, instead of letting me free where the heck to place
> the TABS bar !
>
> But umpteen further examples are at hand.

I just use Pale Moon and get rid of tab bar (when only one tab is open) and
remove the extra search window — and hide the Menu bar. Gives me lots more
space at the top than does Firefox (with any configuration). Even the "URL"
window is narrower with Pale Moon (like Firefox used to be). I don't see why
they decided the modern Firefox interface should be so bulky. I don't like
it, but I do use Firefox for watching Netflix or Amazon Prime.

[RonB]

On 2019-05-12, The Real Bev <bashl...@gmail.com> wrote:
> On 05/12/2019 11:35 AM, Soviet_Mario wrote:
>> On 04/05/19 20:48, Carlos E. R. wrote:
>>> On 04/05/2019 20.30, The Real Bev wrote:
>>>> On 05/04/2019 10:59 AM, Carlos E. R. wrote:
>>>>> On 04/05/2019 16.59, The Real Bev wrote:
>>>>>> Most users don't even change their fonts. I don't understand how people
>>>>>> can live like that.
>>>>>
>>>>> Why should we waste time doing that? We have more interesting things
>>>>> to do.
>>>>
>>>> How can people NOT configure something they use a lot on a daily basis
>>>> and will probably use for the rest of their lives? Especially when the
>>>> generic version is both ugly and difficult to use...
>>>
>>> But I don't find them either ugly nor difficult to see... :-)
>>
>> I not gonna talk about ugliness (personal view) but for
>> example I find it really disfunctional to take up space on
>> the bottleneck, limiting vertical coordinate of a LARGE
>> screen, instead of letting me free where the heck to place
>> the TABS bar !
>>
>> But umpteen further examples are at hand.
>
> Screens are wide now. It's insane to place the tab bar at the top or
> bottom rather than the side.

I don't care how wide the screen is, I expect (and want) the tab bar on top.
But, if there is only one window open, I don't want the tab bar at all.

Choice, it's a wonderful thing.