Firefox 44 Arrives With Push Notifications (mozilla.org) 182
An anonymous reader writes: Mozilla today launched Firefox 44 for Windows, Mac, Linux, and Android. Notable additions to the browser include push notifications, the removal of RC4 encryption, and new powerful developer tools. Mozilla made three promises for push notifications: "1. To prevent cross-site correlations, every website receives a different, anonymous Web Push identifier for your browser. 2. To thwart eavesdropping, payloads are encrypted to a public / private keypair held only by your browser. 3. Firefox only connects to the Push Service if you have an active Web Push subscription. This could be to a website, or to a browser feature like Firefox Hello or Firefox Sync." Here are the full changelogs: Desktop and Android.
Great! (Score:5, Insightful)
Who has a list of which configuration options I need to go into about:config and disable this time?
Re: (Score:3, Informative)
Just don't subscribe to anything -- every page requires you to grant it permission.
Re:Great! (Score:4, Insightful)
Just don't subscribe to anything -- every page requires you to grant it permission.
No, it requires more than that. According to Mozilla themselves [mozilla.org], "Firefox maintains an active connection to a push service in order to receive push messages as long as it is open." Supposedly the connection is encrypted and anonymized, but you'll have to take their word on it and anyway, it's another potentially-vulnerable service running in the background. So it's not just a matter of "don't subscribe and you'll be safe"; there needs to be a way to disable this service entirely.
Oh wait... there is [palemoon.org].
Re:Great! (Score:5, Insightful)
but you'll have to take their word on it
No, you can view the source... All of it... Both client and server side.
https://github.com/mozilla-ser... [github.com]
If I'm not mistaken... There a lot of mozilla projects, but this one seems recent.
there needs to be a way to disable this service entirely.
At least look up about.config before complaining, it's right in there under "dom.push.enabled".
But really, I don't see the point...
Re:Great! (Score:4, Insightful)
No, it requires more than that.
More? Or do you mean less? It does require permission to establish a push connection, as far as I can tell.
According to Mozilla themselves [mozilla.org], "Firefox maintains an active connection to a push service in order to receive push messages as long as it is open."
"Firefox maintains..." - that particular quote says nothing about whether permission is required to establish such a connection in the first place.
There's something a bit non-sequitur-ish about your first two sentences.
Re: (Score:2)
I mean, with Gnome you talk about about desktop Linux and that has benefited from systemd.
I support your dislike of Gnome (2, 3, x), that's why there is KDE, XFE etc.
Oh yes, and I needed to undo a wrong moderation.
Re: (Score:2)
Those using FreeBSD basically have to use Chrome
Google doesn't ship Chrome for FreeBSD. Chromium is in packages, but Chrome and Chromium are not the same thing - Chrome includes things like the Netflix DRM. Updates to the Chromium port also take a while because Google refuses to accept patches for FreeBSD (closing the submitted issues as 'FreeBSD is not a supported platform') and so the port needs to maintain a large set of patches.
Re: (Score:1)
Not that you've ever browsed any of the source code in Linux but, if you're willing to sign an NDA and provide a reason (I've used "I'm curious" as a reason) then you can see Windows source code, at least quite a bit of it. It's called the Shares Source Initiative. It has been a policy for like ten years now - maybe longer.
You can use Google to find it. Or Bing, I suppose. Just search for Microsoft Shared Source Initiative. Hell, I use Lubuntu and I know this. So, you've got good luck browsing the source co
Re:Great! (Score:5, Informative)
Who has a list of which configuration options I need to go into about:config and disable this time?
As buchner.johannes noted, just don't subscribe to anything, but from what I have read, set:
Re:Great! (Score:5, Informative)
Who has a list of which configuration options I need to go into about:config and disable this time?
As buchner.johannes noted, just don't subscribe to anything, but from what I have read, set:
Other candidates seem to also be:
Re: (Score:2)
You may also want to set dom.push.serverURL to 127.0.0.1 as extra insurance.
Great to think that anything that can spoof or MITM that site can push whatever crap they want into your browser...
Re: (Score:3, Funny)
Old timers don't bother to learn the simple things (Score:5, Funny)
Who has a list of which configuration options I need to go into about:config and disable this time?
You must be an old timer!
Programs are configurable! Just go through all the apps and programs that you use on a daily basis and change whatever you want to make the system work to your liking.
All these features are easy to change, and learning a mere handful of methods will get you anywhere you want to go.
1) Go to about.config, click on the "I understand", type in "this.obscure.value", double click it to change value. The "this.obscure.value" is named in a transparent, easily understandable way such as "browser.cache.disk.smart_size.enabled". This enables the "smart size" feature of the caching system. It's obvious what it does, because it's name says it all.
2) Go to start->run->regedit, navigate to "this obscure value", type in "add new value" in DWORD format and set it's value to 1. For instance, to disable the new volume control and go back to the old style, just navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, create a new key MTCUVC, create a new DWORD EnableMtcUvc, and set its value to 0.
Only old folks think that's not simple, and I don't for the life of me know why!
3) Pick a random number, put "KB" in front of it, and do what's described there. For example, KB3035583 tells you how Microsoft has helpfully introduced "additional capabilities for Windows Update notifications when new updates are available to the user". It's just telling you how Windows 10 is now available. If you want to customize this behaviour, you can use task manager to stop the GWX.exe process. Or, you can go to programs and then click or tap on View installed updates, then scroll down until you see the KB3035583 update, select it, press "uninstall", and then confirm that you want to uninstall it.
Nothing could be simpler, I just *don't get* where these old folks are coming from!
4) Changing things in linux it's even easier! Just go to /etc as root and vi "some-random-file", and change the configuration manually. It's easy to do, because all the configuration files are in one place! For example, remote disks are called "shares", and the process that manages this is called samba, and the file to edit is thus /etc/samba/smb.conf.
What could be easier? The .conf ending lets you know that it's a configuration file!
If you don't know how to use vi, simply type "man vi" and you'll find all the information you need!
Really, I don't understand why old folks don't understand these things - everything is so simple!
Re: Old timers don't bother to learn the simple th (Score:1)
Re:Old timers don't bother to learn the simple thi (Score:4, Interesting)
Yet, mind bogglingly enough it is still way simpler than trying to fix windows registry. Mind you fuck up about:config and the browser stops working, Windows registry fucks itself up and you computer stops working. Want to keep a computer working, always dual boot and that way you can boot to Linux to fix your gaming and browsing machine. I have managed to keep windows 7 going since getting this computer without a reinstall by that very method. Damn being able to edit a text file makes like so much easier when it comes to fixing a broken OS or broken program. Having to reinstall a program or and entire OS and every program you have because you couldn't edit a text file is fucking nuts. One five minute edit versus hours and hours of reinstall, oh, yeah that edit is so very, very hard.
Re: (Score:2)
You are doing it wrong. The registry is just a database of settings, a simple hierarchy. It stores access control information too, on a much finer grained level than Linux allows. On Linux you have simple file permissions, and that's it.
The registry is periodically backed up. If you someone screw it up, which with the default permissions is hard to do, you can just revert back to an older version. Windows can do this automatically most of the time, or you can do it manually by booting the install media, goi
Re: (Score:1)
Where can I borrow a cup of mod points? This post deserves more on several dimensions...
Re: (Score:1, Funny)
You must be an old timer!
Only old folks think that's not simple, and I don't for the life of me know why!
Nothing could be simpler, I just *don't get* where these old folks are coming from!
Really, I don't understand why old folks don't understand these things - everything is so simple!
There is a fine line between being funny and being an ASSHOLE and you definitely are not funny.
My first computer course was at Rice University, programming PL/1 on an IBM mainframe with punch cards. I programmed COBOL and FORTRAN on VMS on a VAX at the University of Houston. I used UNIX before Torvalds ever thought of making Linux.
I used OS/2 Warp when everybody was suffering through Windows 95. I started using Linux when IBM killed off OS/2. I ran WebCT on Solaris for over 6,000 professors and st
Re: (Score:2)
4) no troll is complete without mentioning systemd has replaced much of traditional configuration :)
Re: (Score:3, Funny)
1. Go to palemoon.org
2. Click the Download Browser button.
3. Click "Confirm" at install prompt.
4. Profit!
Prediction: FF at 2% of the market by Dec 2016 (Score:3, Interesting)
So based on last month's stats, Firefox is down to about 7% of the browser market [caniuse.com]. That's across all versions, on all desktop and mobile (where Firefox for Android has a massive 0.05% of the market) platforms.
At this point, Firefox as a whole is nearly below iOS Safari 9.2, IE 11, and UC Browser for Android. It almost has fewer users than Opera Mini, even! Hell, even Chrome 46 still has almost as many users as Firefox has in total, and Chrome is up to version 48 now!
It's now clear that Firefox 44 introduces
Re: (Score:2)
I'd wager that most of the firefox use now is by IT personnel who use it for its extensions, and Mozilla has been alienating us by breaking functionality at every step - breaking flash, breaking java, and of course, completely excluding code for low-bit cryptography, which forces us to use multiple browser versions to get to out of band management on older boxes and appliances. I can see disabling older crypo algorithms by default, but don't exclude it from the project.
Same with unsigned or self-signed exte
Re: (Score:2)
I'd wager that most of the firefox use now is by IT personnel who use it for its extensions,
Yup, that is the sole reason I still use Firefox.
Fortunately, Mozilla has come up with a means of dealing with that when they break extension support in the near future. At that point there'll be no more reason to keep using it.
Re: (Score:2)
And before anyone harps in with "fuck flash" - vmcenter (vmware) utilises flash heavily, as do quite a few load balancers. It's fucktarded, I know.. but that's the reality of it.
Re: (Score:3)
For me, the final straw was when Firefox started calling Google "untrusted", then refused to let me make an exception and go about my usually-seamless search business. I don't know why the behaviour started. I don't care. They were already on thin ice after switching off my Garmin GPS update and map extensions, disabling my Kaspersky special functions like virtual keyboard, and other stuff I won't bore you with.
I'm almost completely switched over to Pale Moon now. It's faster, and it actually works. Fu
In Soviet Russia (Score:2)
Re:Great! (Score:5, Informative)
Its called Chrome.
Chrome has had push notifications for quite a while.
Re: (Score:1)
I think the people complaining about Firefox feature creep are like the people who complain that they're moving to Canada if the US institutes single payer health care (or whatever other policy that Canada already has).
Re: (Score:2)
So the usual complaint about Mozilla adding bloat that no one would ever want is only implementing cross-browser 'standards'! :)
(I'll give them Pocket - that should be an add-on but even Hello is just a shiny UI around webrtc)
Re:Great! (Score:5, Insightful)
Find me evidence of unwanted behavior in Chrome.
GoogleUpdate.exe
Also the on by default "OK Google" eavesdropping, desktop notifications and search prediction crap.
Re:Great! (Score:4, Interesting)
Anyone know where to find old versions of chrome?
Or a way to disable chrome's auto update function so it doesn't later decide you forgot to re-enable it and update anyway?
Auto updates are nice until they decide when I want to update for me.
Re: (Score:2)
Go to control panel and services and disable the service. Or on Linux go into System... oh boy I won't go there :-)
Chrome updates every 6 weeks since well 2009! Only a few times has it ever caused problems. Twice I am aware of with certificates and the other with some unused feature people enabled by default.
Unlike Windows and Firefox, Chrome is designed to be updated frequently architectural wise. It is why the add-ons are more limited than Firefox too.
Re: (Score:1)
With Linux? Just install whatever version you want (I'm guessing you can find 'em somewhere). Then don't enable (or disable it if they add it) the repository - don't install it from your distro's repository so it won't automatically update. If you install it from your repo it will be a bit of a bitch. If you just install it manually then it might add Google's own repo - so disable that. You can edit it, comment it out, delete it, whatever. 'Snot hard, really - at least I don't imagine it is. You'll just nee
Re: (Score:2)
Its called Chrome..
It's called Firefox ESR.
Re: (Score:2)
Ever hear of uBlock or Disconnect?
Re: (Score:2)
What plugin does one need this time to install in order to maintain the functionality from previous FF?
As other posters have noted, the 'plugin' you require is Pale Moon. Install it into your OS, not into Firefox. Once that's done, Firefox becomes entirely irrelevant.
The next RSS (Score:3)
"a website could notify you when something important happened, even if you [don’t] have the site open"
Cool!
Is RSS dead now, like web onthologies?
Re: (Score:3)
Re:The next RSS (Score:5, Insightful)
And will be used for "One Weird Trick to a Titanic Penis" and "Firefox has detected a CRITICAL security problem. Click on _this link_ to eliminate the malware from your system"
Re: (Score:2)
Of course, all the sites that will want you to sign up for push services are going to be whiter-than-white, squeaky clean upright organizations that would never allow their push servers to be used to send out notifications that attempt to bugger your system or trick you into loading malware. After all, we've all seen how excellently advertising providers work to provide tasteful, subtle, ads that don't distract you from the page you're reading, and would never deliver ads that try to trick you into installi
Re: (Score:2)
whatever is intended, it will be used for ads, malware, and tracking
Why do you think Mozilla has been paid hundreds of millions of dollars, first by Google, now by Bing.
Re: (Score:2)
Re: (Score:1)
Yes there is. Get the benefits of Chrome without the garbage, install Opera. I did take a break from it but, for the most part, I've been using Opera since back when you had to pay for it. It works pretty well. When they converted their code to Chromium, well, it kind of sucked for a while. It's stopped sucking and is starting to even have a robust ecosystem of its own - even though you can just as easily use Chrome's extensions. They took the suck out of Chrome and have even gotten the code squared away en
Re:The next RSS (Score:4, Interesting)
RSS is dying because sites don't like it. People use it as a shortcut to see whether anything on their list of favorite blogs is worth navigating to the site to read. If not, then they won't visit the site, taking page hits (and ad revenue) from the site. I love RSS, but it seems like sites are dropping support for it left and right.
Re: (Score:2)
RSS support started dropping from browsers before it started dropping from sites. In the end, now that I don't have a handy list of RSS feeds I just don't visit most of the webcomics that I used to read. I can't see how that's a real win for them.
Re: (Score:2)
I never settled on a native RSS client but use theoldreader on both desktop and mobile.
I agree if sites don't have feed I tend to forget about them rather than reloading a series of bookmarks in case they have something interesting on them.
Re: (Score:2)
What's nice is that most sites just run wordpress or similar anyway, so you can just mess with the url a bit and get a feed link to plug in your reader.
And stupidly enforced mandatory extension signing (Score:3, Insightful)
This version is also the first to require signed extensions with no way to:
1) Disable the signature check at all
2) Use any signature other than Mozilla's
3) Install a extension built and packaged by your distribution repository (unless Mozilla signs each build)
4) Forcefully install a extension that you built yourself
I don't understand why Mozilla gets away with this type of hidden DRM. At least in Secure Boot you could enroll your own signatures.
Here, the only option you have is to switch to an unbranded fork of Firefox.
Re: (Score:1)
"Installation of unsigned extensions will still be possible on Nightly and Developer Edition, as well as special, unbranded builds of Release and Beta that will be available mainly for developers testing their extensions."
Is this not the case?
Here, the only option you have is to switch to an unbranded fork of Firefox.
Oh... it IS the case; but you made it sound like a FORK; when its really a proper release channel for developers.
At this point you sound like someone whining that the LTS release doesn't have the cutting edge features you want.
That said, the problem with your options 1
Re: (Score:2)
Oh... it IS the case; but you made it sound like a FORK; when its really a proper release channel for developers.
Is that what Ubuntu users are called now?
Re: (Score:2)
Is that what Ubuntu users are called now?
Only if they want to get their Mozilla Firefox extensions from a source *other* than Mozilla; or did I miss something?
Re: (Score:2)
did I miss something?
I think so, since "build from source" is what Linux distros do.
Re: (Score:2)
I think so, since "build from source" is what Linux distros do.
Then what is the problem? Have the distro modify the source going into the repo to remove any non-OSS friendly stuff... isn't that what iceweasel is?
Re: (Score:2)
Have the distro modify the source going into the repo to remove any non-OSS friendly stuff
They already only distribute OSS extensions.
Re: (Score:2)
At this point you sound like someone whining that the LTS release doesn't have the cutting edge features you want.
Sounds to me like he's "whining" about an LTS that has added overly restrictive features that he doesn't want.
Do you call it "whining" when you do it, or is it only for other people?
Re: (Score:1)
Sounds to me like he's "whining" about an LTS that has added overly restrictive features that he doesn't want.
Not really. If it really was a distinction between rolling and LTS then I'd see a problem. But its really two different rolling releases, once aimed to be safe as possible for neophytes and one with fewer restrictions and more options to hang yourself. He's on the safety release now, but wants to do more advanced stuff... which is fine. He can switch to one of the more advanced releases... but he apparent doesn't want to for no reason given.
Further, he wants the rolling release software that he's currently
Re: (Score:2)
Re: (Score:2)
Of course, all you have to do to fix that is replace one line of code with
if (true)
Re:And stupidly enforced mandatory extension signi (Score:5, Interesting)
I'm confused. We are delaying the removal of this preference to Firefox 46 [mozilla.org]
Re: (Score:3)
That doesn't really fix any of the problems with signing.
Re: (Score:2)
Yes, you are confused. Delaying something instead of cancelling it means I know before it pissed me off. Posted via chrome.
And chrome sucks for dashslot, so I'm not real happy about it either.
Re: (Score:1)
This version is also the first to require signed extensions with no way to:
1) Disable the signature check at all
That is incorrect. They pushed it back again to FF46. [mozilla.org]
But more generally, I agree it is total bullshit. And what's worse is that the answer is super fucking easy. All they need to do is let the user specify a white-list of extensions that do not need signatures. Require that the white-list be kept in an admin-only writeable location, like the system-wide firefox install directory where there is already some config data. If an attacker can write to admin-only files then the whole system is already compr
Re: (Score:2)
Because the alternative is easy malware installs?
Careful, your cluelessness is showing. If someone's computer is compromised a rogue browser extension is the least of their worries.
Re: (Score:2)
Pull my finger
<pulled>
</pulled>
FTFY
The Description of this is Scary (Score:5, Insightful)
A website registers a Service Worker with the browser. Service Workers are small JavaScript programs with super powers like intercepting network requests or running even when their parent website is closed.
What could possibly go wrong?
Re:The Description of this is Scary (Score:4, Insightful)
"or running even when their parent website is closed."
This is all for ads and tracking you.
Firefox is dead.
Re:The Description of this is Scary (Score:4, Informative)
Chrome already has push notifications. In both browsers a user action is required to subscribe to push notifications for a site so this can't be done behind your back.
iOS and Android have push notifications too. Hope you don't use a smartphone.
Re: (Score:2)
Re: (Score:2, Informative)
Well *don't fucking register* you fucktard.
Re: (Score:3)
Well *don't fucking register* you fucktard.
I'd rather this feature be a separate program. I'd want to be notified at times when the browser is not open. And I don't want the websites for which I register to know every time I have my browser open.
.
This just looks more and more like Mozilla continuing to add non-browser-related bloat to an already bloated Firefox.
Don't worry (Score:5, Funny)
Give Pottering a week and we'll have some spaghetti code that does the same thing in kernel.
Re: The Description of this is Scary (Score:1)
Fingerprinting (Score:2)
To assist law enforcement by fingerprinting your browser payloads are encrypted to a public / private keypair held only by your browser
FTFY.
Re: (Score:1)
That said I use FF as
payloads are encrypted (Score:2)
Yeah, to keep your antivirus and ad blockers out of the way.
Oh well, at least there's still Netscape.
Re: (Score:2)
Sad, really. Firefox has gone from the older days of being a wonderful alternative to IE, to whatever it is today ... losing market share rapidly and deservedly.
Maybe I will have a look at Pale Moon.
Confused. Is that like when you (Score:1, Troll)
let someone know they're being Pushed out the door [wikipedia.org] for not toeing the party line on some Social Justice issue unrelated to javascript compiler speed? Cause Mozilla clearly already had that feature
Re: (Score:2)
Why do people keep trying to drag what they call "social justice" into every sodding thread? Are you one of those so-called "social justice warriors" I keep hearing so much about?
Re: (Score:2)
Re: (Score:1)
Brendan Eich donated money to support California Proposition 8, i.e.: to make it the law to discriminate against people of the same sex who want to marry.
Proposition 8 was intended to do nothing except codify the status quo: the term "marriage" refers to a union between a single man and a single woman. Progressives' manifest intent to try to change the situation on the ground before it was voted on is irrelevant to the intent of the Initiative.
Drop it. (Score:1, Interesting)
Re: (Score:3, Informative)
If you haven't already, rather than messing around with settings and installing extensions, just drop it. Uninstall and don't look back. There are other browsers.
Sadly, all the "other browsers" suck just as much as Firefox, they just suck in different ways.
Re: (Score:1)
What about WebSockets? (Score:4, Informative)
Spell check (Score:2)
Re: (Score:2)
"mine keeps loosing the spellcheck"
I see what you did there.
security.tls.insecure_fallback_hosts (Score:3)
Does anyone know if security.tls.insecure_fallback_hosts is now deprecated? I have an old device that will never get its SSL certificates reissued and I cannot create a new certificate with better algorithms. I use an old portable version of Firefox that I use to sometimes login. I noticed with Firefox 44 if I now go to the IP address, which I have added in the above preference name, I am greeted with the Advanced button and expanding it gives me a link to "(Not secure) try loading 'ip address' using outdated security." If I click on it it does nothing and gives redirects back to the "Your connection is not secure" page.
The latest version of ssh allows one to whitelist hosts with deprecated encryption so I have access that way, too. It would be nice to not have Firefox 44 and another just to access this device.
about:config (Score:1)
Re: (Score:1)
Firefox hates privacy? (Score:1)
My reaction (sent to Mozilla) to the inclusion of the Amazon plug-in:
[Firefox has made me] very, VERY sad indeed. Amazon? Why don't you just shoot my privacy in the head? It would be a kinder solution. More to the point, sucking up to Amazon is NOT going to fix your terrible financial model. Amazon does NOT share any of Mozilla's laudable goals, but "partnering" with those vicious privacy-destroying monsters will destroy you, too. How can ANYONE possibly trust an Amazon partner? Amazon will share a few pennies with you--but Amazon will laugh when you go bankrupt anyway.
Now I've suggested an alternative business model of project-oriented charity shares. I'm already getting blue in the face from repeating that solution, but you are ABSOLUTELY NOT offering a better alternative. Amazon is EVIL, and now I regard Firefox as EVIL, too. My chief regret is that there are no alternatives that are significantly less evil--and it always comes back to stupid financial models.
Longer version with more about the alternative financial model I favor: https://ello.co/shanen0/post/8... [ello.co]
BLOAT (Score:1)
Push notifications - no thanks (Score:1)
The mozilla devs have destroyed firefox. Citing 'stability', 'maintainability', 'unused features', etc. they have removed most of what firefox was known for and reduced it to a chrome knockoff. The new firefox is pathetically crippled, lacks a decent interface and configuration options, and looks out of place in the major linux desktop environments. Push notifications should have been implemented as an add-on for those who want it and not implemented in such a way as to create new problems for users who don