Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Firefox disabled all add-ons because a certificate expired

16 views
Skip to first unread message

Arlen G. Holder

unread,
May 4, 2019, 1:32:42 AM5/4/19
to
Firefox disabled all add-ons because a certificate expired
<https://www.engadget.com/2019/05/03/firefox-extension-add-on-cert/>

The event occurred as the clock rolled over on UTC (Coordinated Universal
Time, aka GMT or Greenwich Mean Time), and impacted users quickly narrowed
it down to "expiration of intermediate signing cert" -- as it's described
on Mozilla's bug tracker.
<https://bugzilla.mozilla.org/show_bug.cgi?id=1548973>

R.Wieser

unread,
May 4, 2019, 4:05:18 AM5/4/19
to
(This is a repost of the the response I gave to the same post in the
alt.os.linux newsgroup)

As someone on slashdot mentioned, why are those add-ons even checked
each-and-every time you start your browser ? Are they expected to mutate
somehow (and no, I do not mean updates) ?

All the thats that certificate /should/ be needed for is to make sure that
you get & install the add-on as the developer has created it.

In its current implementation its simply a kill-switch for anything Mozilla
wishes to declare "obsolete". :-(

And by the way: the work around is to go into about:config, find
"xpinstall.signatures.required" and set it to false (which is actually the
first thing I do when installing FF :-) )

Regards,
Rudy Wieser


Mayayana

unread,
May 4, 2019, 9:08:38 AM5/4/19
to
"R.Wieser" <add...@not.available> wrote

| As someone on slashdot mentioned, why are those add-ons even checked
| each-and-every time you start your browser ? Are they expected to
mutate
| somehow (and no, I do not mean updates) ?
|

It's a bug.

https://techcrunch.com/2019/05/03/a-glitch-is-breaking-all-firefox-extensions/

The lesson here is yet one more example of why you
shouldn't allow software companies onto your system
to do unreliable and intrusive dripfeed updates. If your
extensions were disabled you simply don't have adequate
security.



Mayayana

unread,
May 4, 2019, 9:23:26 AM5/4/19
to
Woops. The news says it's a cert that's built in.

I have signature requirement disabled, but I still see
a warning with unsigned extensions in the add-ons window.
FF today is not warning me about all extensions. Yet
according to the story it should have as of 4AM today
EST. I've got FF 52.9. Maybe it's only a problem with
particular recent versions.

I'm curious whether xpinstall.signatures.required works
in all versions. I was under the impression that it could
only be used in ESR versions.

Last year they removed access to "legacy" extensions.
Last week they announced they're going to block all
extensions with "obfuscated code". They seem to be trying
to increase their own control of the product in the
interest of consistency and security.

I installed FF66 recently
on my Win7 box to see what it's like. Not great. I can't
get rid of tabs and while many extensions still exist they
seem to have been crippled in order to accommodate
Mozilla's new system.



Big Al

unread,
May 4, 2019, 9:29:10 AM5/4/19
to
You can reload them by doing the following:
about:debugging > enable add-on debugging > Load Temporary Add-On >
Browse to your Firefox profile > In the extensions folder choose the
.xpi file of your extension

You can use about:support to find your profile directory

I've reloaded 6 of mine now and they work great.
Linux Mint, FF 66.0.3

J. P. Gilliver (John)

unread,
May 4, 2019, 9:32:29 AM5/4/19
to
In message <qajh3p$1v0v$1...@gioia.aioe.org>, R.Wieser
Does the "xp" in its name mean it's only for Windows XP versions? (If
not, what _does_ it mean?)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

The web is a blank slate; you can't design technology that is 'good'. You can't
design paper that you can only write good things on. There are no good or evil
tools. You can put an engine in an ambulance or a tank. - Sir Tim Berners-Lee,
Radio Times 2009-Jan-30 to -Feb-5.

Big Al

unread,
May 4, 2019, 9:59:16 AM5/4/19
to
On 5/4/19 9:31 AM, J. P. Gilliver (John) wrote:
> In message <qajh3p$1v0v$1...@gioia.aioe.org>, R.Wieser
> <add...@not.available> writes:
>> (This is a repost of the the response I gave to the same post in the
>> alt.os.linux newsgroup)
>>
>> As someone on slashdot mentioned, why are those add-ons even checked
>> each-and-every time you start your browser ?     Are they expected to
>> mutate
>> somehow (and no, I do not mean updates) ?
>>
>> All the thats that certificate /should/ be needed for is to make sure
>> that
>> you get & install the add-on as the developer has created it.
>>
>> In its current implementation its simply a kill-switch for anything
>> Mozilla
>> wishes to declare "obsolete".  :-(
>>
>> And by the way: the work around is to go into about:config, find
>> "xpinstall.signatures.required" and set it to false (which is actually
>> the
>> first thing I do when installing FF :-) )
>>
>> Regards,
>> Rudy Wieser
>>
>>
> Does the "xp" in its name mean it's only for Windows XP versions? (If
> not, what _does_ it mean?)
Since extensions are .xpi files, I would guess the XP comes from that.
The setting is in all versions of FF.
Al

Mayayana

unread,
May 4, 2019, 10:09:31 AM5/4/19
to
"J. P. Gilliver (John)" <G6JP...@255soft.uk> wrote

| Does the "xp" in its name mean it's only for Windows XP versions? (If
| not, what _does_ it mean?)

Extension package install. It's just a ZIP with
a different extension, holding javascript files,
images, language options, GUI specs, etc.


R.Wieser

unread,
May 4, 2019, 11:22:02 AM5/4/19
to
Mayayana,


"Mayayana" <maya...@invalid.nospam> wrote in message
news:qak2sj$1o3$1...@dont-email.me...
> "R.Wieser" <add...@not.available> wrote
>
> | As someone on slashdot mentioned, why are those add-ons even
> | checked each-and-every time you start your browser ? Are they
> | expected to mutate somehow (and no, I do not mean updates) ?
>
> It's a bug.

From the page you linked to "and suggests the sudden failure is due to a
code signing certificate built into the browser that expired just after 5
PM". So no, not even they consider it to be a bug.

But, try to come up with rational explanation how such a bug could hit /all/
plugins for /all/ users at /the same time/. Good luck. :-)

> The lesson here is yet one more example of why you
> shouldn't allow software companies onto your system
> to do unreliable and intrusive dripfeed updates.

Agreed.

> If your extensions were disabled you simply don't have
> adequate security.

Bullshit. This is not some hacker that tries to gain entrance and create
havock, or a virus that tries to "do it's thang", this is a program which
does exactly what its designed for. There is /no/ security measure you can
have implemented to ward it off. And no, restoring a backup would not
have helped either - the certificate would still be expired.

Regards,
Rudy Wieser


R.Wieser

unread,
May 4, 2019, 11:26:44 AM5/4/19
to
John,

> Does the "xp" in its name mean it's only for Windows XP versions?

I wondered the same thing. I cannot check it though (am on XP, FF 52).

> (If not, what _does_ it mean?)

eXtra Plugin ? eXperience Points ? :-) Sorry, no idea.

Regards,
Rudy Wieser


R.Wieser

unread,
May 4, 2019, 11:30:29 AM5/4/19
to
Big Al,

> Since extensions are .xpi files, I would guess the XP comes from that.

Shucks, ofcourse. Thanks.

Regards,
Rudy Wieser


R.Wieser

unread,
May 4, 2019, 11:32:54 AM5/4/19
to
Mayayana,

> Extension package install.

Nope: https://developer.mozilla.org/en-US/docs/Mozilla/XPI

> It's just a ZIP with a different extension, holding javascript
> files, images, language options, GUI specs, etc.

That is an answer to a question that has not been asked.

Regards,
Rudy Wieser


Mayayana

unread,
May 4, 2019, 12:34:55 PM5/4/19
to
"R.Wieser" <add...@not.available> wrote

>> Does the "xp" in its name mean it's only for Windows XP versions? (If
>> not, what _does_ it mean?)

> Extension package install.

| That is an answer to a question that has not been asked.

I wonder if you're getting enough sleep, Rudy.
You seem to argue with virtually everything
these days.


R.Wieser

unread,
May 4, 2019, 1:43:21 PM5/4/19
to
Mayayana,

> I wonder if you're getting enough sleep, Rudy.

I wonder if you get enough yourself.

Pointing to websites that supposedly classifies this whole debacle as a
"bug", only to need to be told that if you actually read-and-absorbed the
(rather small bit of) info there it says quite a different thing. Whoops!

Regards,
Rudy Wieser


R.Wieser

unread,
May 4, 2019, 2:03:23 PM5/4/19
to
Mayayana,

And I ofcourse forgot to to mention the obvious: that you focus on something
you find "wrong" with the other, in the hope they won't notice that you drop
everything else what has been said but do not like to talk about (it almost
worked).

Like your bullshit about your "don't have adequate security". Even if you
would try - which you have no intention of - to come up with a/any kind of
"security" /by the user/ that could have prevented this than I'm pretty sure
that anyone can poke a few holes in it. Like I already did (backups don't
work).

Kiddo, you think that you are /much/ smarter than that you are, or simply do
not think long enough about the implications of what you suggest. Which,
too bad for you, results in getting called out for it. Which you than
forcefully ignore in the hope it will go away.

... which it doesn't.

"The biggest mistake you can make is thinking that you cannot make any. An
even bigger one is to, when you made one, deny you made it." (and yes,
there is a joke in there).

Regards,
Rudy Wieser


Zaghadka

unread,
May 4, 2019, 2:08:03 PM5/4/19
to
On Sat, 4 May 2019 10:05:04 +0200, in alt.comp.os.windows-10, R.Wieser
wrote:
That does not work in Windows 64-bit, after the extensions have failed.

--
Zag

No one ever said on their deathbed, 'Gee, I wish I had
spent more time alone with my computer.' ~Dan(i) Bunten

R.Wieser

unread,
May 4, 2019, 2:13:28 PM5/4/19
to
Zaghadka,

> That does not work in Windows 64-bit, after the extensions have failed.

I've seen a number of responses, some saying it does, others saying it
doesn't. No idea if its a 32 vs 64 bit thing or not. Might even have to
do with version differences.

Regards,
Rudy Wieser


Zaghadka

unread,
May 4, 2019, 2:14:52 PM5/4/19
to
On Sat, 4 May 2019 17:21:49 +0200, in alt.comp.os.windows-10, R.Wieser
wrote:
Maybe they'll wise up and fix this with a 3-day waiting period where the
browser warns you that extension verification has failed. "Run at your
own risk," but it'll run at least. Gives them time to fix it.

A bad, built-in cert. At the least, they're going to have to start
mandatory clock set tests for nightly and beta to ward this off in the
future.

And surprise, surprise, Persona (light) themes are also signed. There is
no reason for that other than the desire to centrally control themes in
case one is found to be offensive, or in support of civil unions, or
violates copyright. SMH.

More info at:

https://support.mozilla.org/en-US/kb/add-ons-failing-install-firefox

They'd better fix this in less than a day or so or people will be
switching to Chrome in droves.

Zaghadka

unread,
May 4, 2019, 2:18:07 PM5/4/19
to
On Sat, 4 May 2019 20:13:15 +0200, in alt.comp.os.windows-10, R.Wieser
wrote:
It's 66.0.3, Win 10 1809, 64-bit, and I guess the answer is "software is
complicated."

Thanks for sharing, at least. It was worth a shot.

Paul

unread,
May 4, 2019, 2:23:39 PM5/4/19
to
https://en.wikipedia.org/wiki/XPCOM

Cross Platform Component Object Model (XPCOM)

So the XP stands for "Cross Platform".

https://en.wikipedia.org/wiki/XUL

XML User (Interface) Language

They're quite creative with their TLAs.

Paul

Arlen G. Holder

unread,
May 4, 2019, 2:45:08 PM5/4/19
to
On Sat, 04 May 2019 13:14:49 -0500, Zaghadka wrote:

> https://support.mozilla.org/en-US/kb/add-ons-failing-install-firefox
>
> They'd better fix this in less than a day or so or people will be
> switching to Chrome in droves.

Thanks for that link which says that "studies" is used for the "temporary"
fix, apparently, but not on all platforms (apparently).

Firefox: Options > Privacy & Security > Firefox Data Collection and Use
[x]Allow Firefox to install and run studies

I do not claim to understand either the problem or the permanent solution,
so, given that, what I wonder, perhaps too innocently, is why don't they
just compile a new Firefox binary that contains a new built-in certificate
that is known to be good?

Then we could all download that new binary, and be done with it.

What's wrong with my assumption (bearing in mind I admit I don't fully
understand the problem set yet).

Zaghadka

unread,
May 4, 2019, 3:04:32 PM5/4/19
to
IMO, Nothing. It's a good question.

Mayayana

unread,
May 4, 2019, 3:35:28 PM5/4/19
to
"Paul" <nos...@needed.invalid> wrote

| So the XP stands for "Cross Platform".
|
| https://en.wikipedia.org/wiki/XUL
|

It looks like that's right. I'd seen the phrase "Extension
package" and assumed that must be it. To complicate
things, the XPInstall method is apparently phased out,
but it's still XPI.


Mayayana

unread,
May 4, 2019, 3:42:24 PM5/4/19
to
"Zaghadka" <zagh...@hotmail.com> wrote

| It's 66.0.3, Win 10 1809, 64-bit, and I guess the answer is "software is
| complicated."
|

I have 66 on Win7-64. It seems to be fine.
NoScript and DownloadHelper are installed. Neither
is malfunctioning. I also have xpinstall.whitelist.required
set to false, but I don't have any reason to think that's
an issue. And I always disable all calling home, so it's
possible that's related.


Arlen G. Holder

unread,
May 4, 2019, 3:48:40 PM5/4/19
to
On Sat, 4 May 2019 15:40:19 -0400, Mayayana wrote:

> I have 66 on Win7-64. It seems to be fine.
> NoScript and DownloadHelper are installed. Neither
> is malfunctioning. I also have xpinstall.whitelist.required
> set to false, but I don't have any reason to think that's
> an issue. And I always disable all calling home, so it's
> possible that's related.

It looks like _some_ fixes have been rolled out, for example, on my desktop
I just snapped this screenshot showing Mozilla applied the fix to my
Firefox browser (which didn't have any extensions by design anyway):
<https://i.postimg.cc/D0w9msK1/firefox01.jpgOuOOki>

That check above was explained here, in what appears to be the canonical
Mozilla blog on the topic (thanks to Zaghadka):

o Add-ons disabled or fail to install on Firefox
<https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox>

"It may take up to six hours for the study to be applied to Firefox. To
check if the fix has been applied, you can enter about:studies in the
address bar. If the fix is active, you¢ll see
hotfix-reset-xpi-verification-timestampe-1548973"

My main question is why can't they just re-compile Firefox with a built-in
known good certificate?

Mayayana

unread,
May 4, 2019, 4:07:37 PM5/4/19
to
"Zaghadka" <zagh...@hotmail.com> wrote

| It's 66.0.3, Win 10 1809, 64-bit, and I guess the answer is "software is
| complicated."
|

I spoke too soon. It was fine until I actually
used an extension. Then the disabling kicked in.
I've gone back to FF52.9 on Win7 and now it
all works fine.


R.Wieser

unread,
May 4, 2019, 4:27:20 PM5/4/19
to
Paul,

> Cross Platform Component Object Model (XPCOM)
>
> So the XP stands for "Cross Platform".

I think you came to the right conclusion (cross platform), but taken from
the wrong source. Just ask yourself how you can transform "xpcom" to
"xpinstal".

I already gave the link I found for it to Mayayana
(https://developer.mozilla.org/en-US/docs/Mozilla/XPI), but somehow he even
refused to acknowledge it (but did acknowledge yours) ...

Worse, I just noticed that what you responded to from Mayayana is a
frankenstein of creative quoting, murdering context in the process. :-(

Regards,
Rudy Wieser


Arlen G. Holder

unread,
May 5, 2019, 9:04:40 PM5/5/19
to
On Sat, 4 May 2019 05:32:39 -0000 (UTC), Arlen G. Holder wrote:

> Firefox disabled all add-ons because a certificate expired

UPDATE:
o Bug report 1549129: <https://bugzilla.mozilla.org/show_bug.cgi?id=1549129>
o 66.0.4 release notes: <https://www.mozilla.org/firefox/66.0.4/releasenotes/>
o Full offline installer: <https://www.mozilla.org/en-US/firefox/all/>

I haven't been watching this closely simply because I strategically load a
dozen different browsers to set up each browser specifically for a web site
(or similar set of web sites), such that I don't need addons (except some
browsers, like the TBB need their addons to be working).

However, they recently updated the canonical web page Zag kindly provided:
<https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox>

Which now reports:
"*A fix has been released in Firefox version 66.0.4*
An update will be rolled out automatically with the latest fixes
or you can download a new version. Please see the 66.0.4 release
notes for more information. We are also working on a fix for
Firefox for Android."
o 66.0.4 Download: <https://www.mozilla.org/firefox/new/>

No specific mention of iOS.

Arlen G. Holder

unread,
May 5, 2019, 9:20:29 PM5/5/19
to
On Mon, 6 May 2019 01:04:38 -0000 (UTC), Arlen G. Holder wrote:

> No specific mention of iOS.

I don't see that there are any updates to the Tor Browser Bundle.
Anyone know the scoop on the TBB updates?

Jess Fertudei

unread,
May 5, 2019, 9:59:58 PM5/5/19
to
R.Wieser wrote on 5/4/2019 :
> (This is a repost of the the response I gave to the same post in the
> alt.os.linux newsgroup)
>
> As someone on slashdot mentioned, why are those add-ons even checked
> each-and-every time you start your browser ? Are they expected to mutate
> somehow (and no, I do not mean updates) ?
>
> All the thats that certificate /should/ be needed for is to make sure that
> you get & install the add-on as the developer has created it.
>
> In its current implementation its simply a kill-switch for anything Mozilla
> wishes to declare "obsolete". :-(
>
> And by the way: the work around is to go into about:config, find
> "xpinstall.signatures.required" and set it to false (which is actually the
> first thing I do when installing FF :-) )
>
> Regards,
> Rudy Wieser

v53 on Win7

I just finally got sick of waiting and did the
xpinstall.signatures.required false. Closed the tab, closed FF (telling
it ok to multiple tabs). Opened again and did the restore last session,
and...
Nothing. Didn't help a bit. Adblock still a no go and even my setpoint
is disabled.
Any other sure fixes on this deal, yet?
Wonder if they'll ever do anything for the old versions?
Interesting that just last weekend, my various newspapers all started
to not work unless I disabled adblock (which I did not do) at the very
same moment. It had to be contrived among the competitors... no way
just dumb luck. If FF has been lying about the no update switch, how am
I to believe that they're trashing of adblocks doesn't have too much
coincidence to follow days behind.
I am new to tinfoil, well, except the google colored stuff, so I don't
know what to think here.
Just finally got a new ssd in the mail yesterday, but there's no way I
want to clone the mess that is FF right now.

Mayayana

unread,
May 5, 2019, 10:35:24 PM5/5/19
to
"Jess Fertudei" <n...@this.juncture.com> wrote

| v53 on Win7
|
| I just finally got sick of waiting and did the
| xpinstall.signatures.required false. Closed the tab, closed FF (telling
| it ok to multiple tabs). Opened again and did the restore last session,
| and...
| Nothing. Didn't help a bit. Adblock still a no go and even my setpoint
| is disabled.

I'm using 52.9, the last version that works on XP.
I also put it on Win7-64. Works fine. Fully-functioning,
pre-crippled extensions work fine. With that setting
they just show a warning that they might be risky
when opening the add-ons window.
Since you only have 1 point newer anyway, you
might want to just go back to 52.9. That number might
seem old, but it's less than a year old and as far as
I can tell, things have only got worse since then. I
wa using 66 for awhile, out of curiosity, but it had
less settings control than ever without actually
working better.

http://archive.mozilla.org/pub/firefox/releases/

Adblockers: Have you considered a HOSTS file? I use
a HOSTS that blocks the major ad companies and
trackers. I haven't seen ad for years, but I've never
used an adblocker.
Also, if a site works without script then there's no way
for them to test for adblockers. Though some sites
malfunction without script and I have to view them with
no style.

Unfortunately, a lot of the problems are due more
to incompetence than restrictions. Most webmasters
just don't know what they're doing and they're catering
more to phones. Webmasters also keep changing their
code, at a crazy rate. Very few commercial sites stay
stable for more than a couple of months at a time.
I visit BBC news and WashPo without script. But Boston
globe just recently broke and I have to view it with no
style because otherwise there's a menu covering 1/3 of
the page. TheRegister.co.uk is fine without script, though
recently it was broken. wired.com works fine... this month.
Atlantic Monthly looks great, though it used to have
headlines that ran together.... And so on.


Keith Nuttle

unread,
May 5, 2019, 10:39:59 PM5/5/19
to
The the bug in Firefox was corrected and 66.0.4 allowed ALL of my addons
to be become active. This included Clippings Adblock, Google Translate
and a half dozen other addons.

--
2018: The year we learn to play the great game of Euchre

Jess Fertudei

unread,
May 5, 2019, 10:56:25 PM5/5/19
to
would 52.9 install over top of 53.03 or do I have to go through all of
the backups of everything uninstall and reinstall and such? 53 was
working just fine.

Jess Fertudei

unread,
May 5, 2019, 10:56:25 PM5/5/19
to
Why would I want to install 66 when it is crippled compared to 53?
Really wondering if I can even trust Mozilla at all, anymore...

Mayayana

unread,
May 5, 2019, 11:03:54 PM5/5/19
to
"Jess Fertudei" <n...@this.juncture.com> wrote

| would 52.9 install over top of 53.03 or do I have to go through all of
| the backups of everything uninstall and reinstall and such? 53 was
| working just fine.

In my experience the default is to leave the profile
folder, so you can just uninstall one and install the other.
I tried leaving 66 when I went back to 52.9, but 66 tried
to take over, so I just removed it and still have my settings.


Mayayana

unread,
May 5, 2019, 11:09:00 PM5/5/19
to
"Keith Nuttle" <Keith_...@sbcglobal.net> wrote

| The the bug in Firefox was corrected and 66.0.4 allowed ALL of my addons
| to be become active. This included Clippings Adblock, Google Translate
| and a half dozen other addons.
|
Good to know, but in the time I was using 66 I didn't
much like it compared to 52.9. I had to give up a lot
of extension functionality and didn't find any way to remove
tabs. There were also various minor irritations. For instance,
the update options no longer include not checking for
updates. And that was just with occasional use. I only
tried it on my test machine that I use on an occasional
basis.
The addons I use are mainly NoScript, DownloadHelper,
and various things for privacy and GUI repair. (Bringing
back the status bar, removing the tab bar, etc.) I have
a nice one called Secret Agent that offers lots of
privacy options but never came out as a signed version or
as a new-style crippled version. I think a lot of the
functionality in those older style extensions is just blocked
now in later versions.


Arlen G. Holder

unread,
May 5, 2019, 11:15:42 PM5/5/19
to
On Sun, 5 May 2019 23:01:51 -0400, Mayayana wrote:

> In my experience the default is to leave the profile
> folder, so you can just uninstall one and install the other.
> I tried leaving 66 when I went back to 52.9, but 66 tried
> to take over, so I just removed it and still have my settings.

*This is the umpteenth time I've seen Mayayana ignore obvious facts.*
o In doing so, he _consistently_ gives very bad (usually wrong) advice.

I've often seen Mayayana offer such advice where I have to wonder why he
consistently gives very bad advice, simply because he doesn't even _read_
or perhaps comprehend the facts in the very thread he's responding to

Why bother with older FF versions when I reported a while ago in this very
thread that the fix occurred something like a dozen hours ago?

This is a common trait of Mayayana to miss obvious facts, where it happens
so often that I have to wonder about his motives in giving such bad advice
to others when he is clearly ignorant of the facts in the very thread he's
posting to.

Sigh. You can't fix willful ignorance sometimes.

Arlen G. Holder

unread,
May 5, 2019, 11:35:55 PM5/5/19
to
On Sun, 5 May 2019 22:39:57 -0400, Keith Nuttle wrote:

> The the bug in Firefox was corrected and 66.0.4 allowed ALL of my addons
> to be become active. This included Clippings Adblock, Google Translate
> and a half dozen other addons.

Hi Keith,
I'm not sure why others haven't seen it, but I already reported on this fix
a while ago, over in this post to this very thread:
<https://groups.google.com/d/msg/microsoft.public.windowsxp.general/YH8RMeKLVQg/Ws7miQKyAAAJ>

Where there are still a couple of things open, such as
o Android (no mention of iOS either), and,
o Tor Browser Bundle

I provided in the alt.os.linux thread my results with Tor
and a few cites backing up the workaround for Tor Browsers over here:
<https://groups.google.com/d/msg/alt.os.linux/Au1JwnKCz5c/fB6yrKtLBAAJ>

And here...
<https://groups.google.com/d/msg/alt.os.linux/Au1JwnKCz5c/RB-pphlNBAAJ>

The key technical question that I'm wondering about is how insecure did
this problem make Tor Browsing for the past few days for the millions of
people who aren't as well informed as we are on this problem (and who
therefore were clueless while they were browsing with the TBB this
weekend).

Does anyone have an idea of how this affected Tor Browsers' privacy?

nospam

unread,
May 5, 2019, 11:47:41 PM5/5/19
to
In article <qao8sr$u9f$1...@news.mixmin.net>, Arlen G. Holder
<arling...@nospam.net> wrote:

> Sigh. You can't fix willful ignorance sometimes.

something you demonstrate time and time again.

T

unread,
May 6, 2019, 1:15:20 AM5/6/19
to
On 5/3/19 10:32 PM, Arlen G. Holder wrote:
> Firefox disabled all add-ons because a certificate expired
> <https://www.engadget.com/2019/05/03/firefox-extension-add-on-cert/>
>
> The event occurred as the clock rolled over on UTC (Coordinated Universal
> Time, aka GMT or Greenwich Mean Time), and impacted users quickly narrowed
> it down to "expiration of intermediate signing cert" -- as it's described
> on Mozilla's bug tracker.
> <https://bugzilla.mozilla.org/show_bug.cgi?id=1548973>
>



Whilst we all (im)patiently wait for Firefox to rush out
a patch, install Brave from http://brave.com. It is very
fast and has built in ad blocking. On first run it will
give you a shot at importing all your settings from a
browser of your choice (pick Firefox).


Arlen G. Holder

unread,
May 6, 2019, 2:27:20 AM5/6/19
to
On Sun, 05 May 2019 23:48:12 -0400, nospam wrote:

> something you demonstrate time and time again.

Someday nospam, you're not going to post your drivel which is that of a child
o Apparently not today though.

Arlen G. Holder

unread,
May 6, 2019, 2:28:59 AM5/6/19
to
On Sun, 5 May 2019 22:15:17 -0700, T wrote:

> Whilst we all (im)patiently wait for Firefox to rush out
> a patch,

It's already long ago fixed on all but Android & the Tor Browser.
o No word on iOS though (AFAIK)

J. P. Gilliver (John)

unread,
May 6, 2019, 5:13:11 AM5/6/19
to
In message <k9mdnZt1-eGLCFLB...@giganews.com>, Jess
Fertudei <n...@this.juncture.com> writes:
[]
>v53 on Win7
>
>I just finally got sick of waiting and did the
>xpinstall.signatures.required false. Closed the tab, closed FF (telling
>it ok to multiple tabs). Opened again and did the restore last session,
>and...
>Nothing. Didn't help a bit. Adblock still a no go and even my setpoint
>is disabled.
>Any other sure fixes on this deal, yet?

Apparently they have done a proper fix now, for those on the bleeding
edge.

>Wonder if they'll ever do anything for the old versions?

FWIW, I'm not aware that my 27.0.1 ever stopped working over the last
few days, which is when I assume this hiccup happened - and I'm not
aware of any of my addons not working, either: certainly not tab mix
plus, downloadhelper, adblock plus (though like mayayana I use a hosts
file for most of my adblocking), and several others.

>Interesting that just last weekend, my various newspapers all started
>to not work unless I disabled adblock (which I did not do) at the very
>same moment. It had to be contrived among the competitors... no way
>just dumb luck. If FF has been lying about the no update switch, how am
>I to believe that they're trashing of adblocks doesn't have too much
>coincidence to follow days behind.

Again like Mayayana, I find View | No Style is needed more and more
these days. Mainly to stop popovers covering the viewing window from top
_and_ bottom; I wish page designers would realise we don't all run our
browsers full screen, let alone on the 3k-pixels-wide systems they
obviously design on. (And of course another of my bugbears - they also
design for fixed width, so horizontal scrolling is something we have to
do all the time now. HTML is not PDF!)

>I am new to tinfoil, well, except the google colored stuff, so I don't
>know what to think here.
>Just finally got a new ssd in the mail yesterday, but there's no way I
>want to clone the mess that is FF right now.
[]
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

What's awful about weird views is not the views. It's the intolerance. If
someone wants to worship the Duke of Edinburgh or a pineapple, fine. But don't
kill me if I don't agree. - Tim Rice, Radio Times 15-21 October 2011.

T

unread,
May 6, 2019, 5:18:39 AM5/6/19
to
I am on 66.0.3 for Linux and have not noticed a problem.

I got an eMail today from a customer that suddenly started
getting inundated with adds (uBlock Orgin stopped working).
I told him to go to help and look for an update

Keith Nuttle

unread,
May 6, 2019, 9:10:17 AM5/6/19
to
Because it is the latest version with all of the known security holes
fixed. Most of the common addons now work with FF version 66.0.4.

Mayayana

unread,
May 6, 2019, 9:18:54 AM5/6/19
to
"J. P. Gilliver (John)" <G6JP...@255soft.uk> wrote

| No Style is needed more and more
| these days. Mainly to stop popovers covering the viewing window from top
| _and_ bottom;

Lately I'm seeing a menu on the left a lot. I think it's
probably designed for phones, to slide out when you
touch the left side. But I see it stuck open, covering
part of the page.
Someone comes up with a gimmick and
they all pass around the code snippet, without realizing
they don't have wide compatibility. That lack of compatibility
testing seems to be the main problem. I also see a lot of
pages that are almost entirely covered with a blank overlay.
But many are simply too big, designed for phones with big
text and big spaces. That's also affected popular designs.
The template du jour involves big headings over short
paragraphs of giant text, either one big header or in threes
horizontally. Typically there are testimonials. Nothing of
substance. Just a simple salespitch meant to hook distracted
phone addicts. A lot of software companies now use that
layout. Where's the download link? Who knows?!

Here's a use of that template that's actually fairly functional,
though sparse and not very informative:

http://www.pdfshaper.com/

Here's a more typical use that's just pointless fluff
trying to sell memberships to a "meditation gym" to
phone addicts, with the salespitch that you can help
to wake up the world by giving them your money:

https://www.thepeaceroom.com/

All purple. There's so much white space that I see more than
a full browser height of white at the top. Their halfwit
salespitch could easily fit in half a page view. Instead, the page
is about 4-5 times the height of the window. I have to switch
to no style, and scroll down past gigantic vector icons, or get
used to reading billboards.

Here's one from the Brits that seems to be deliberate:

http://www.bbc.com/future/story/20150819-a-dream-travellers-guide-to-the-sleeping-mind

In general I find BBC news pages work. Their site falls
into the silliness trap by posting "top 10" stories and
not putting so much attention into news. So they may
report the latest tsunami. But if an article about a woman
in York who saw Elton John's face in her McNugget sells
better then I might not hear about the tsunami.... But
at least I can usually read the page.

The page above is an example of a secondary layout
they use often, which seems to be designed to force script.
What I see is a bad but functional layout. But the entire
article has a medium gray background. #474747. It's
readable, but not easily so. I have to switch to no style
if I actually want to read the whole article.

But it's often difficult to tell what's intentional and
what's incompetence. Do they intend to make their
interesting articles dysfunctional without script? Or
is it that the web design "team" consists of 3 24-year-olds,
pasting content into some kind of webpage-o-matic
software, with no idea how it actually looks?


Mayayana

unread,
May 6, 2019, 9:35:51 AM5/6/19
to
"T" <T...@invalid.invalid> wrote

| Whilst we all (im)patiently wait for Firefox to rush out
| a patch, install Brave from http://brave.com. It is very
| fast and has built in ad blocking. On first run it will
| give you a shot at importing all your settings from a
| browser of your choice (pick Firefox).
|

Pay to browse by watching ads sold by them instead
of ads sold by Google.... All set up on Google's spyware
browser. What have you been smoking?

The basic idea is part of a trend of anemic geek
reasoning: People don't like a commercialized, spyware
Internet. Let's take it back and let people choose the
ads and spyware they prefer.... Huh? Did you ever
see Sophie's Choice? Remember what her choice was?

There's a central
set of bad assumptions there: That websites must
make money, ads with spyware are the only way
to do it, and the commercial Web *is* the Web. If you're
a geek living on game sites and Facebook that makes
some sense. But it lacks vision, to put it mildly. Brave
is nothing more than an extra layer of sleaze added
into the mix. Like your cable company deciding to
partner with TV networks. "Tired of seeing ads for
hemmorhoid cream and vaginal mesh lawsuits? Pay
a little extra and you can see ads for Pepsi or
Toyota instead. You're in control." Great. I don't
watch any ads on TV and don't see any online. If
a website puts up an honest ad -- an ad that's actually
an image on their website -- I'll see it. So far that
hasn't happened. At least, not since about 2001.
So why would I switch to a browser that lets Google
spy on me, lets Brendan Eich spy on me, and charges
me to see webpages?


nospam

unread,
May 6, 2019, 9:42:29 AM5/6/19
to
In article <qapd7i$dj9$1...@dont-email.me>, Mayayana
<maya...@invalid.nospam> wrote:

> | Whilst we all (im)patiently wait for Firefox to rush out
> | a patch, install Brave from http://brave.com. It is very
> | fast and has built in ad blocking. On first run it will
> | give you a shot at importing all your settings from a
> | browser of your choice (pick Firefox).
>
> Pay to browse by watching ads sold by them instead
> of ads sold by Google.... All set up on Google's spyware
> browser. What have you been smoking?

that's not how it works.

J. P. Gilliver (John)

unread,
May 6, 2019, 10:24:54 AM5/6/19
to
In message <qapc7m$7th$1...@dont-email.me>, Mayayana
<maya...@invalid.nospam> writes:
>"J. P. Gilliver (John)" <G6JP...@255soft.uk> wrote
>
>| No Style is needed more and more
>| these days. Mainly to stop popovers covering the viewing window from top
>| _and_ bottom;
>
> Lately I'm seeing a menu on the left a lot. I think it's
>probably designed for phones, to slide out when you
>touch the left side. But I see it stuck open, covering
>part of the page.

I'm probably not seeing it as it's covered by the bits coming from the
bottom and the top.
[]
>All purple. There's so much white space that I see more than
>a full browser height of white at the top. Their halfwit

If I see a blank page, I tend to leave it, rather than try to do battle
with it.

>salespitch could easily fit in half a page view. Instead, the page
>is about 4-5 times the height of the window. I have to switch
>to no style, and scroll down past gigantic vector icons, or get
>used to reading billboards.

Yes, usually the Twitter (and other social media) icons.

>
> Here's one from the Brits that seems to be deliberate:
>
>http://www.bbc.com/future/story/20150819-a-dream-travellers-guide-to-
>the-sleeping-mind
>
> In general I find BBC news pages work. Their site falls
>into the silliness trap by posting "top 10" stories and
>not putting so much attention into news. So they may
>report the latest tsunami. But if an article about a woman
>in York who saw Elton John's face in her McNugget sells
>better then I might not hear about the tsunami.... But

Currently, they've gone into extreme mode: I turned on to the BBC news
channel at 1400 (BST), to see if there was any more on the Russian
'plane crash and generally get news from around the world. The headline
was that a young woman had gone into labour; I thought fair enough,
we're going to get a few minutes' coverage of that binary fact before we
get any other news. It's now 1517, and no sign that we're going to get
ANY other news story.

It's not even as if the coverage tells us anything new! There's just the
binary bit about the labour, then 38 minutes in the father came out to
tell us it's a boy and mother and baby are doing well. So that's two (or
three) pieces of information (oh, we got the baby weight - though not in
kg - so I suppose that makes 4). Which could be delivered, in an
unhurried voice, in about half a minute; let's be generous and give them
two or even five minutes. Eighty-one (so far!) is a teeny bit excessive
...

>at least I can usually read the page.

I generally find bbc.co.uk pages are script-heavy and don't read
properly (often having text that's in a one-character-wide column) in my
default Firefox.
[]
> But it's often difficult to tell what's intentional and
>what's incompetence. Do they intend to make their
>interesting articles dysfunctional without script? Or
>is it that the web design "team" consists of 3 24-year-olds,
>pasting content into some kind of webpage-o-matic
>software, with no idea how it actually looks?
>
I very much fear that the second option is the commoner one, with
intentional malfeasance very much in the minority.
>
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"He who will not reason is a bigot;
he who cannot is a fool;
he who dares not is a slave."
- Sir William Drummond

Above all things, use your mind.
Don't be that bigot, fool, or slave.

default

unread,
May 6, 2019, 11:35:29 AM5/6/19
to
On Sat, 4 May 2019 10:05:04 +0200, "R.Wieser" <add...@not.available>
wrote:

>(This is a repost of the the response I gave to the same post in the
>alt.os.linux newsgroup)
>
>As someone on slashdot mentioned, why are those add-ons even checked
>each-and-every time you start your browser ? Are they expected to mutate
>somehow (and no, I do not mean updates) ?
>
>All the thats that certificate /should/ be needed for is to make sure that
>you get & install the add-on as the developer has created it.
>
>In its current implementation its simply a kill-switch for anything Mozilla
>wishes to declare "obsolete". :-(
>
>And by the way: the work around is to go into about:config, find
>"xpinstall.signatures.required" and set it to false (which is actually the
>first thing I do when installing FF :-) )
>
>Regards,
>Rudy Wieser
>
Thanks

Mayayana

unread,
May 6, 2019, 12:01:46 PM5/6/19
to
"J. P. Gilliver (John)" <G6JP...@255soft.uk> wrote

| Currently, they've gone into extreme mode: I turned on to the BBC news
| channel at 1400 (BST), to see if there was any more on the Russian
| 'plane crash and generally get news from around the world. The headline
| was that a young woman had gone into labour; I thought fair enough,
| we're going to get a few minutes' coverage of that binary fact before we
| get any other news. It's now 1517, and no sign that we're going to get
| ANY other news story.
|
| It's not even as if the coverage tells us anything new! There's just the
| binary bit about the labour, then 38 minutes in the father came out to
| tell us it's a boy and mother and baby are doing well. So that's two (or
| three) pieces of information (oh, we got the baby weight - though not in
| kg - so I suppose that makes 4). Which could be delivered, in an
| unhurried voice, in about half a minute; let's be generous and give them
| two or even five minutes. Eighty-one (so far!) is a teeny bit excessive

I think that's a different issue. You've turn monarchy
into an entertainment industry. Though I should think
there could just be a station for that. Just as C-SPAN
constantly shows what's happening in Congress, you
could have Rube-Tube, so the peasantry can watch
what the queen is having for breakfast. Then *that*
could be interrupted for the special report from the
maternity ward.

So, what percentage black is the kid? Isn't that the
big question? Or maybe we have to say African-American
rather than black. That's interesting. If he's part African
American does that mean the royal line is now partly
American? Good heavens!


J. P. Gilliver (John)

unread,
May 6, 2019, 12:27:06 PM5/6/19
to
In message <qaplp4$2m4$1...@dont-email.me>, Mayayana
<maya...@invalid.nospam> writes:
>"J. P. Gilliver (John)" <G6JP...@255soft.uk> wrote
>
>| Currently, they've gone into extreme mode: I turned on to the BBC news
>| channel at 1400 (BST), to see if there was any more on the Russian
>| 'plane crash and generally get news from around the world. The headline
>| was that a young woman had gone into labour; I thought fair enough,
>| we're going to get a few minutes' coverage of that binary fact before we
>| get any other news. It's now 1517, and no sign that we're going to get
>| ANY other news story.

(Now 195 minutes and counting. Sky News too. I had to go to RT to get
any other news; they're covering the 'plane crash as you might expect.)
>|
>| It's not even as if the coverage tells us anything new! There's just the
[]
> I think that's a different issue. You've turn monarchy
>into an entertainment industry. Though I should think
>there could just be a station for that. Just as C-SPAN

I would very much prefer that! But even if I were to accept it as an
entertainment industry, I don't see why it should dominate the so-called
news channel *to the exclusion of all other news*. I can't think of any
other entertainment industry event that has had so much saturation
coverage with so little information actually being conveyed (it's a boy;
7 lb 3 oz; mother and baby doing well. Those are the ONLY facts so
far!), and with the total exclusion of headlines. For example,
Oscar/Emmy/BAFTA/Grammy, which do go on for several hours, would not get
this level of coverage, and certainly would not squeeze out any other
headlines.

>constantly shows what's happening in Congress, you

We _do_ have such a channel - BBC parliament. (FreeView 232, also on
FreeSat, Sky, and cable.)

>could have Rube-Tube, so the peasantry can watch
>what the queen is having for breakfast. Then *that*
>could be interrupted for the special report from the
>maternity ward.
>
> So, what percentage black is the kid? Isn't that the
>big question?

Not here; I don't think the majority of Brits are as obsessed with that
particular subject. (I don't think most Brits even think of Megan as
other than white, unless reminded.)

> Or maybe we have to say African-American
>rather than black. That's interesting. If he's part African
>American does that mean the royal line is now partly
>American? Good heavens!
>
The media are telling me he does have American citizenship. (And
unlikely to be part of the royal line: he's seventh in line, so unlikely
ever to be king. [Would be interesting if he became president though!])
>
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"Bother," said Pooh, as he fell off the bridge with his stick.

Arlen G. Holder

unread,
May 6, 2019, 12:36:32 PM5/6/19
to
On Mon, 6 May 2019 10:11:59 +0100, J. P. Gilliver (John) wrote:

> Apparently they have done a proper fix now

Hi JP Gilliver,

They even put a "download firefox" button in the canonical page Zag pointed
us to a few days ago, so now there's only one location to go to in order to
ascertain the current status:
<https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox>

They're apparently still working on Android, where, interestingly, and
rather oddly, they don't even _mention_ iOS, as if iOS doesn't even exist.

The Tor Browser Bundle is still, apparently, stuck at version 8.0.8
<https://dist.torproject.org/torbrowser/8.0.8/torbrowser-install-win64-8.0.8_en-US.exe>

Luckily, there's a TBB workaround which I explained prior.

Mayayana

unread,
May 6, 2019, 12:47:56 PM5/6/19
to
"J. P. Gilliver (John)" <G6JP...@255soft.uk> wrote

|I can't think of any
| other entertainment industry event that has had so much saturation
| coverage with so little information actually being conveyed (it's a boy;
| 7 lb 3 oz; mother and baby doing well. Those are the ONLY facts so
| far!)

Be glad you're not here when a blizzard doesn't
quite hit us but the local news has planned on
"Breaking News" headlines and created graphics
saying something like "The Mega Blizzard of 2018"...

"We're going live now to Framingham, where Amaka
Ubaka (Real name. Everyone has to be ethnic to work
in news here.) is weathering the storm. Amaka?...."

"Hi, Ted. As you can see, there are long lines at the
stores here to buy batteries. We're going outside now...
Wow! That breeze is only 10 mph now but it's deceptive.
There's no reason it couldn't gust to 60. And if you
look at the sidwalk here.... I'll have the cameraman
zoom in.... you can see there are a few flakes already.

We're here for the long haul so that our viewers will
know what's happening outside, throughout this Mega
Blizzard... this dramatic warning from Mother Nature.
Reporting on the Mega Blizzard of 2018, this is Amaka
Ubaka in Framingham. Back to you Ted."

It goes on like that for hours, replacing planned
programming, even though there's no storm!


Arlen G. Holder

unread,
May 7, 2019, 10:21:09 AM5/7/19
to
The Tor Browser Bundle appears to have been updated today:
<https://www.torproject.org/download/>

Tor Browser 8.0.9 -- May 7 2019
o Bug 30388: *Make sure the updated intermediate certificate keeps working*

Since they say "all platforms", that suggests all platforms but iOS
(since iOS, as we know, lacks this key privacy functionality), where
Android on Firefox has, belatedly, just been updated on Google Play:
o <https://play.google.com/store/apps/details?id=org.mozilla.firefox>

While we all knew iOS lacks privacy functionality (despite Apple scdreaming
to the contrary of their imaginary privacy), what's super interesting is
that the Firefox canonical page makes absolutely no mention of iOS.
<https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox>
o My iPad Firefox was currently version 10.6 (8836)
o The iPad won't let me update the Firefox (likely because I don't pick up
the latest iOS releases since they break connectivity in the real world,
e.g., to Apple, the real world, e.g., Linux, is "not supported").

Just to be sure, I hit the "install & update" on Mozilla's iOS web page
<https://support.mozilla.org/en-US/products/ios>
It says the iOS Firefox was last updated a week ago to version 16.2
with no mention of anything but an app crash bug being fixed at that time.

So it seems that everything has been updated on all five platforms
o Except the Tor Browser Bundle (this key privacy doesn't exist on iOS)
o Except Firefox on iOS (no mention of why)

Jess Fertudei

unread,
May 8, 2019, 6:49:29 AM5/8/19
to
Arlen G. Holder wrote on 5/4/2019 :
> Firefox disabled all add-ons because a certificate expired
> <https://www.engadget.com/2019/05/03/firefox-extension-add-on-cert/>
>
> The event occurred as the clock rolled over on UTC (Coordinated Universal
> Time, aka GMT or Greenwich Mean Time), and impacted users quickly narrowed
> it down to "expiration of intermediate signing cert" -- as it's described
> on Mozilla's bug tracker.
> <https://bugzilla.mozilla.org/show_bug.cgi?id=1548973>

So... is this it? No patch for old versions other than an unwanted
upgrade to the newest?
Need to decide between uninstalling FF and reinstalling 53.03 (or 52.9)
or just moving on to something else. This has been hosed since
Saturday and nothing I try seems to work on v53 Win7. There are other
things to do in life beside mess with FF... it is why I came to FF and
then became why I would not upgrade... and now it looks as though it
might be why I leave.
How is WaterFox or whatever it is called?

Arlen G. Holder

unread,
May 8, 2019, 2:19:09 PM5/8/19
to
On Wed, 08 May 2019 06:49:32 -0400, Jess Fertudei wrote:

> How is WaterFox or whatever it is called?

I agree with those who are starting to believe that Firefox is going the
way of ES File Explorer or CCleaner, over time.

Luckily, there are _plenty_ of Mozilla-based browsers, Chromium-based
browsers, and even a few Microsoft-based browsers.

My suggestion?

Instead of dealing with extensions which allow you to treat sites
differently, simply set up any or each of the dozen or more main browsers
specifically to a single web site or type of web site or type of task (your
choice depending on your needs).

I'm sure there are times you _may_ still need extensions even after doing
so, but you'd have to give me a logical argument as to why.

For example, ad blockers aren't needed, IMHO, at least not in my
experience. Script blockers aren't needed either, AFAICT.

Having said that, it could be that you do, with extensions, something that
browsers can't do, alone perhaps?

What does an extension do that you can't find a browser to do if you
limited that browser to one type of web site?

lonelydad

unread,
May 8, 2019, 2:57:35 PM5/8/19
to
"Arlen G. Holder" <arling...@nospam.net> wrote in
news:qav6ip$uga$6...@news.mixmin.net:
I have used IE, Chrome, and Firefox (my preferred) browsers. Sitting at
the end of a low bandwidth internet connection, ad blockers DO make a
difference, and following all the current recommendations LastPass is a
must as well.

Outside of the PITB aspects of the current debacle, I don't understand
what all the continued fuss is about. Someone FUBARed a certificate. It
happens - rarely - but it happens. They could have easily FUBARed the
main certificate for Firefox, ore someone could have done the same for
any of the available browsers. It is just a fact of life and a
vulnerability of the current infrastructure. Until the Internet is
redesigned with security and privacy baked in at the most basic level, it
is a possibility we are going to have to live with.

Arlen G. Holder

unread,
May 9, 2019, 1:37:12 AM5/9/19
to
On Wed, 08 May 2019 18:57:31 GMT, lonelydad wrote:

> I have used IE, Chrome, and Firefox (my preferred) browsers. Sitting at
> the end of a low bandwidth internet connection, ad blockers DO make a
> difference, and following all the current recommendations LastPass is a
> must as well.

Do browser-based ad blockers work any better than a good MVP Hosts' file?

> Outside of the PITB aspects of the current debacle, I don't understand
> what all the continued fuss is about. Someone FUBARed a certificate. It
> happens - rarely - but it happens.

I like to think strategically, about good strategic use models.

There are TWO possible high-level strategic use models when it comes to
what "extensions" do.
1. You could try to make one browser do everything, or,
2. You could set up each browser to do what it does best.

Each strategic method has pros and cons, where, for example:
A. A con of making one browser do it all, is you have to deal with
extensions and exceptions (e.g., whitelists, blacklists, etc.).
B. A con of setting up separate browsers is that you have to THINK more,
about how to properly set up a browser to do what you want it to do.

Each has pro's also:
a. A pro of having one browser do it all is that you only have to learn the
intricacies of one browser, for example.
b. A pro of having the best browser do the job you need done is that you
set it up once and it works without having to deal with extensions.

These are just examples, as there are multiple pro's and con's to each
strategy, but I don't know of any other high-level strategy that doesn't
really, in the end, fit into the "more browsers" versus "fewer browsers"
strategic breakdown.

> They could have easily FUBARed the
> main certificate for Firefox, ore someone could have done the same for
> any of the available browsers. It is just a fact of life and a
> vulnerability of the current infrastructure. Until the Internet is
> redesigned with security and privacy baked in at the most basic level, it
> is a possibility we are going to have to live with.

While the certificate issue didn't greatly affect me, I think it affects
others because they don't use the strategy I use, which is zero additional
addons to make a browser do what I need it to do.

The question is still open as to whether there is _anything_ that an
extension actually does that you can't get a browser to do all by its itty
bitty self.

Is there?

Jess Fertudei

unread,
May 9, 2019, 6:23:40 AM5/9/19
to
The 'Mozilla Add-ons Blog' has an update published last night that
says:
"For users who cannot update to the latest version of Firefox or
Firefox ESR, we plan to distribute an update that automatically applies
the fix to versions 52 through 60. This fix will also be available as a
user-installable extension. For anyone still experiencing issues in
versions 61 through 65, we plan to distribute a fix through a
user-installable extension. These extensions will not require users to
enable Studies, and we’ll provide an update when they are available.
(May 8. 19:28 EDT)"
We've waited nearly a week for them to at least say they are working on
a direct fix for older versions... wonder how long it will be until it
actually appears. I have been avoiding the affected machine for
browsing purposes but can't keep doing that for long. Once this is
straightened out, I guess it is time to test-drive some other browsers.
Shame, though, 53 pretty much fit my needs exactly. This is no longer
any better than the problems that MS used to create with IE... forced
and coreced updates, unauthorized access to my software, fixes that
don't just unfix things but that cripple functionality. Ah, well... ..
.
Cue Tom Petty 'The Waiting is the Hardest Part'.

Mayayana

unread,
May 9, 2019, 8:40:26 AM5/9/19
to
"Jess Fertudei" <n...@this.juncture.com> wrote

|
| The 'Mozilla Add-ons Blog' has an update published last night that
| says:

Very informative. Thanks. I don't have any further problems
with 52.9 and I like the old extensions better, but apparently some
extensions are still broken.

This is the first I've heard of
"Studies". It seems the Mozillians just can't resist being as
intrusive and beta-crazed as Microsoft. It reminds me of
the old saying that mothers use: "If Microsoft decided to
jump off a cliff, would you do that, too?!"


J. P. Gilliver (John)

unread,
May 9, 2019, 10:02:08 AM5/9/19
to
In message <qb173m$v01$1...@dont-email.me>, Mayayana
It's not quite the same: just by going _onto_ Microsoft's clifftop,
you've accepted that it is riddled with fault lines preloaded with
blasting explosive (some of which _they've_ forgotten about). Looks like
Mozilla going same way ... (-:
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"Address the chair!" "There isn't a chair, there's only a rock!" "Well, call
it a chair!" "Why not call it a rock?" (First series, fit the sixth.)

nospam

unread,
May 9, 2019, 10:25:07 AM5/9/19
to
In article <qb0ea5$dum$3...@news.mixmin.net>, Arlen G. Holder
<arling...@nospam.net> wrote:

>
> > I have used IE, Chrome, and Firefox (my preferred) browsers. Sitting at
> > the end of a low bandwidth internet connection, ad blockers DO make a
> > difference, and following all the current recommendations LastPass is a
> > must as well.
>
> Do browser-based ad blockers work any better than a good MVP Hosts' file?

yes

Paul

unread,
May 9, 2019, 11:41:53 AM5/9/19
to
J. P. Gilliver (John) wrote:
> In message <qb173m$v01$1...@dont-email.me>, Mayayana
> <maya...@invalid.nospam> writes:
>> "Jess Fertudei" <n...@this.juncture.com> wrote
>>
>> |
>> | The 'Mozilla Add-ons Blog' has an update published last night that
>> | says:
>>
>> Very informative. Thanks. I don't have any further problems
>> with 52.9 and I like the old extensions better, but apparently some
>> extensions are still broken.
>>
>> This is the first I've heard of
>> "Studies". It seems the Mozillians just can't resist being as
>> intrusive and beta-crazed as Microsoft. It reminds me of
>> the old saying that mothers use: "If Microsoft decided to
>> jump off a cliff, would you do that, too?!"
>>
>>
> It's not quite the same: just by going _onto_ Microsoft's clifftop,
> you've accepted that it is riddled with fault lines preloaded with
> blasting explosive (some of which _they've_ forgotten about). Looks like
> Mozilla going same way ... (-:

I find it hard to say anything witty about the Mozilla project.
I can't visualize what would make me jump in the car in the
morning, and drive to work, and write code for their stuff.

So instead, I decided to read this article.

https://en.wikipedia.org/wiki/Netscape_Communications_Corporation

"In 1998, an informal group called the Mozilla Organization was formed
and largely funded by Netscape (the vast majority of programmers working
on the code were paid by Netscape) to coordinate the development of
Netscape 5 (codenamed "Gromit"), which would be based on the
Communicator source code.

However, the aging Communicator

code proved difficult to work with

and the decision was taken to

scrap Netscape 5 and re-write the source code

The re-written source code was in the form of the Mozilla web browser,
on which, with a few additions, Netscape 6 was based.
"

And here we are today, with a code base which is obviously,
easy to maintain. How ironic is this!

I shouldn't be worried then, about "what they're doing",
what their motivation might be -- instead I should
marvel that "they survived". And that they're still going.

Another thought that crosses my mind, is you'll notice that
a Chinese firm expressed interest in acquiring Opera. Has
anyone ever heard of a company expressing an interest in
buying Mozilla ? :-) Lots of deals happen in the tech world,
where some munchkin "buys high and sells low" and there is a
record writeoff. Why has nobody tried that with Mozilla ?
If Yahoo was worth bidding $40 billion on, shirely Mozilla
must be worth a buck ninety five.

Some law of physics is being violated here. But which one ?

Paul

J. P. Gilliver (John)

unread,
May 9, 2019, 11:50:25 AM5/9/19
to
In message <qb1hnu$3ve$1...@dont-email.me>, Paul <nos...@needed.invalid>
writes:
[]
>I find it hard to say anything witty about the Mozilla project.
>I can't visualize what would make me jump in the car in the
>morning, and drive to work, and write code for their stuff.
>
>So instead, I decided to read this article.
>
>https://en.wikipedia.org/wiki/Netscape_Communications_Corporation
>
> "In 1998, an informal group called the Mozilla Organization was formed
> and largely funded by Netscape (the vast majority of programmers working
> on the code were paid by Netscape) to coordinate the development of
> Netscape 5 (codenamed "Gromit"), which would be based on the
> Communicator source code.
>
> However, the aging Communicator
>
> code proved difficult to work with
>
> and the decision was taken to
>
> scrap Netscape 5 and re-write the source code

5 wasn't bad ...
>
> The re-written source code was in the form of the Mozilla web browser,
> on which, with a few additions, Netscape 6 was based.
> "

... and 7 was good. (I don't remember much about 6, though I do remember
it existing.)
>
>And here we are today, with a code base which is obviously,
>easy to maintain. How ironic is this!

Easy to maintain, because they've removed lots and blocked lots else (-:
>
>I shouldn't be worried then, about "what they're doing",
>what their motivation might be -- instead I should
>marvel that "they survived". And that they're still going.
>
>Another thought that crosses my mind, is you'll notice that
>a Chinese firm expressed interest in acquiring Opera. Has

(I hadn't.)

>anyone ever heard of a company expressing an interest in
>buying Mozilla ? :-) Lots of deals happen in the tech world,
>where some munchkin "buys high and sells low" and there is a
>record writeoff. Why has nobody tried that with Mozilla ?
>If Yahoo was worth bidding $40 billion on, shirely Mozilla
>must be worth a buck ninety five.

(-: - I thought it was mostly funded by Google anyway? Or am I a few
iterations out of date (regarding the funding - I know I am with the
software)?
>
>Some law of physics is being violated here. But which one ?
>
> Paul
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

DOS means never having to live hand-to-mouse.

Arlen G. Holder

unread,
May 9, 2019, 1:49:24 PM5/9/19
to
On Thu, 09 May 2019 10:25:04 -0400, nospam wrote:

>> Do browser-based ad blockers work any better than a good MVP Hosts' file?
>
> yes

Someday nospam, you'll post with purposefully helpful intent.
o And, you'll post will prove to _not_ be that from a child's brain.

Apparently not today.

Arlen G. Holder

unread,
May 10, 2019, 3:07:24 PM5/10/19
to
Mozilla, laudably, came out today with actual details suitable for adults
to ponder as to what actually happened...signed, bravely, by their CTO
himself.

o Technical Details on the Recent Firefox Add-on Outage
<https://hacks.mozilla.org/2019/05/technical-details-on-the-recent-firefox-add-on-outage/>

With respect to the temporary fixes many of us implemented...
o *Notice that you still need to consider making changes within 3 days!*

Mozilla to wipe data collected by fix that tackled recent Firefox add-on blunder
<https://www.neowin.net/news/mozilla-to-wipe-data-collected-by-fix-that-tackled-recent-firefox-add-on-blunder/>

Hildebrand encouraged users to "please check that your settings match your
personal preferences before we re-enable Studies" which is set to take
place in roughly three days.
0 new messages