Firefox 83 Arrives With HTTPS-Only Mode and Faster Performance (venturebeat.com) 56
Mozilla today launched Firefox 83 for Windows, Mac, and Linux. An anonymous reader shares a report: Firefox 83's highlight feature is HTTPS-Only Mode, in which the browser attempts to establish fully secure connections to every website (just like the EFF's HTTPS Everywhere). If it can't, Firefox asks for your permission before connecting to a website that doesn't support secure connections. To enable HTTPS-Only Mode, click on Firefox's menu button, hit Preferences, then Privacy & Security, scroll down to HTTPS-Only Mode, and choose "Enable HTTPS-Only Mode in all windows." [...] Firefox 83 also brings performance improvements (improved page load performance by up to 15%, page responsiveness by up to 12%, and reduced memory usage by up to 8%). Firefox 83 is also the penultimate version of the web browser that will run Flash software; Firefox 85 will completely disable it when it arrives on Jan. 12, 2021.
HTTPS-Only Mode.. You can turn off now (Score:3, Funny)
But in the future? Not bloody likely
Re: HTTPS-Only Mode.. You can turn off now (Score:3)
Re: (Score:2)
If they're disabling http traffic, then I hope they're not offering any click-through options for miss-matched site certificates either, or it kind-of defeats the purpose. We all know users will blindly click through anything to get to their websites.
Does it re-enable DoH after updating? (Score:1)
Re:Does it re-enable DoH after updating? (Score:5, Informative)
Firefox annoyance. Every update re-enables DNS over HTTPS, ignoring my setting that has it disabled.
Create a file named "user.js" in your Firefox profile folder and put this in it with a value of 0 or 5:
user_pref("network.trr.mode", 0);
Re: (Score:1)
Google will soon enforce HTTPs only (Score:5, Informative)
Re: (Score:2)
You're assuming everyone upgrades the instant a new version comes out. As difficult as it may be to believe, not all of us want the extra overhead and lack of configurability brought on by this cruft of code.
auto-upgrading (Score:2)
...you are right at leas in one sense : many people, like me, trend to follow the automatic upgrades proposed by their distro. And in that case, the LTS versions are very late compared to the current, latest version...
Re: Google will soon enforce HTTPs only (Score:3)
Okay, Goodbye! Don't let the door hit you on the way out.
Re: (Score:2)
Okay, Goodbye! Don't let the door hit you on the way out.
I'm sure he sees the error of his ways now.
Ever think you'd see the day that you pined for the intellectual stimulation of the 1990s Internet?
Yeah, me either, yet here I am, doing exactly that.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
For most manufacturers for things like printers, EOL is as soon as they feel there's no money in firmware updates, which usually isn't a very long time. So unless you throw out your network printers every 6 months, this is going to a problem. I guess I can keep a suitably outdated browser around like Opera 12 for things like this.
Re: (Score:1)
local subnet? (Score:5, Insightful)
Re:local subnet? (Score:5, Insightful)
Re:local subnet? (Score:5, Insightful)
Or those that DO have a built-in certificate so they can provide an HTTPS connection, until that certificate expires, and the browser refuses to connect because the certificate is no longer valid.
It's already a pain to deal with browsers that won't allow self-signed certificates, and refuse connections for our own safety.
Re: local subnet? (Score:2)
Re: (Score:1)
Re: (Score:1)
Re:local subnet? (Score:5, Insightful)
Re: (Score:2)
I would love to break the face of the retard who decided to do this. As well as the clown who decided to hide the "http://www" url part so you don't know exactly what type of connection is being done.
It's OK, it's Firefox, just wait until the next release and it'll have been changed again. In the meantime add the following to userChrome.css:
Here's what I would like to see (Score:4, Insightful)
When I tell the browser not to provide any "suggestions" when I type in the address bar, it should do just that. It does nothing. No hints, no words, no phrases, no nothing. It sits there and waits until I'm done typing and then goes to the page I typed.
As for going to pages, it does just that. It doesn't harass me with warnings about this or that. I put in the page, it goes there. End of story. No, I do not want to jump through hoops to enable or disable this or that. I want to go to the web site, you go there.
Nor do I want any notifications of any kind about any available updates. I know there are updates out there. I'll get them when I feel like it. It's why I turned off automatic updates or even the ability to download and wait for me.
A web browser should do one thing and one thing only: display web pages. It should not, to use the whining of many on here, be a gatekeeper to where I want to go or what I want to do. It should not think, contemplate or decide it knows better than me. It should do what I tell it to do and that's it.
Re:Here's what I would like to see (Score:4, Insightful)
Which is all well and good and was a perfectly valid opinion to have back in the day when you actually had to know something about computers in order to be able to use them. However in today's world where a computing device running a web-browser is now basically an appliance dumbed down so much that even the mouth breathing masses who refer to an internet connection as "the wifi" that handholding is needed in order to maintain some level of security.
And whilst you may think that the handholding is inconvenient now, it pales into insignificance to what it would be like trying to do anything online with tens of millions of computers, smartphones and tablets riddled with malware spewing terabytes/sec of shite all over the internet.
Re:Here's what I would like to see (Score:4, Informative)
You don't remember back in the day that well do you?
Unless you are going further back where you needed to do a dialup SLIP connection. Even when PPP connection came out for Dialup, most of all the details were abstracted away from you.
After you have connected to the Internet, even early browsers were rather easy to use. Type in the address then go on from there. Most of the people who were not that good with computers had a default webpage setup, Aol, Yahoo, Alta-vista... And avoided the address bar like a plague. If told to say go to www.microsoft.com they would use the search engine and search for www.microsoft.com. It bugged the heck out of me seeing people do this... However after myself having gone to say www.mcrosft.com leading me to a page I didn't expect. Having them use the search engine probable wasn't such a bad idea, as it normally will correct for many mistakes. Even back in the Early/mid 1990's
Newer Computers OS's aren't any more abstracted than the older one. They are more powerful, thus handle the abstraction more easily.
Re: (Score:2)
Well then, you can't complain when Microsoft starts implementing tons of new features to handhold its users since Windows 10 is the dominant OS on the market. Imagine trying to do anything online with hundreds of millions
Re: (Score:2)
The good old days, when Sprint was trying prevent me from signing up for their dial-up service because it "required Windows." I just kept demanding they tell me the various IP-addresses so I could populate the info in my TSR DOS Dialer.
Re: (Score:2)
About the same time the hand-holding started, is when commercialization took over the Internet and even with ad-blockers I have auto-play videos rammed in my face all day. The Internet today is practically intolerable compared to what it was 20 years ago.
Hand-holding isn't about keeping people safe from shite. It's to make sure they can't fight against it.
Re: (Score:2)
If you like, you can just use your HTML rendering engine, then slap a simple UI on it. Then you get a no feature browser.
However over time, these suggestions do help out in terms of security, as there is a less of a chance of me hitting a phishing site. As it will use Google or some other somewhat respectable company to give you the best option.
Re: (Score:3)
Sounds like you're not a standard user. Those are all features I want in my browser.
Auto-complete (suggestions) are very useful to me. I like being able to type the start of a URL for a site I frequent and have it complete and I like when I'm searching for something for it to finish the search terms. I guess most people don't enjoy typing as much as you
When I go to pages, it should definitely alert me if there's a security issue. No other way I'd notice if a website or my connection was compromised.
For u
Disabling Flash (Score:3)
Not sure if this has already made it here - I don't read Slashdot on my phone when I'm travelling - but Microsoft also has a way of killing Flash for their browsers.
It is KB4577586, and if you subsequently change your mind you will need to reinstall Windows or fall back to a previous recovery point.
As to https, some of the sites I use have absolutely no financial or security information on them and are therefore http only. If Firefox tries to prevent me looking at them then they won't have to worry about me browsing them with Firefox. Nuff said.
Re: (Score:2)
https is about much more than just protecting "financial" or "security" information. For example people browsing over http can be redirected to arbitrary destinations as a DDoS attack. See https://en.wikipedia.org/wiki/... [wikipedia.org]
What about retry with http (Score:2)
I need this sometimes
Waterfox (Score:1)
Re: (Score:2)
Is there any reason to be using Waterfox at this point? Use Windfox.
Lots of small sites will break (Score:2)
Flash (Score:2)
Why is it taking so long for them to get rid of the Flash cancer? "Corporations" .. seriously? These corporations can't invest in switching out of it? They should be taken over by a startup.
For 8 years private mode has been detectable (Score:1)
For 8 years sites can sniff to see that you're in private mode - bugzilla.mozilla.org/show_bug.cgi?id=1506680 - and I'd like them to take that security seriously.
Wait, what? (Score:2)
What about Firefox 84, you insensitive clod?
Re: (Score:2)
...it will be the last to run flash? So 83 is penultimate (second last).
How to run flash after 2020 (Score:3)
What would be the best way to run flash after 2020, with least amount of hassle?
There a bunch of places that need flash next year too. With e.g. Cisco UCS-E series servers you cannot even upgrade the firmware to a HTML5-based version since there isn't one available. Yet we still would like to access that CIMC interface.
Setting up a VM to run older browser and last version of Flash seems overkill. Would installing e.g. Firefox portable (with the ESR 78), https://portableapps.com/apps/... [portableapps.com] with the flash plugin alongside the "normal" firefox be a good solution?
We could probably put in application specific firewall so this old version will not allow access anywhere but to those specific hosts that run those old flash interfaces...but has anyone cooked up a solution and tested it yet?
Re: (Score:1)
How to run flash after 2020: you don't.
Either you update your crap to a new version that does not require Flash or you buy something new that does not require Flash.
Optionally, if you live in the USA you can probably try to sue the company that made your crap, for relying on Flash.
Re: (Score:1)
> Setting up a VM to run older browser and last version of Flash seems overkill.
No, that's EXACTLY what you should be doing.
> Would installing e.g. Firefox portable (with the ESR 78) ... with the flash plugin alongside the "normal" firefox be a good solution?
No, it would be a terrible one.
You have the right answer already. You even came up with it yourself. Stop trying to talk yourself into doing something that you KNOW is utterly Stupid And Wrong.
The difference in overhead is about 300MB of RAM and a
Re: (Score:2)
There is the standalone Flash Player projector available for Linux, Windows and Mac that can run locally saved SWF files or from a URL.
It may not work with odd Cisco equipment that may do funky things that need it embedded in a web page but it's worth a shot.
https://www.adobe.com/support/... [adobe.com]
Re: (Score:2)
I don't think there's a single "best" solution, but here's mine:
I run Qubes, so running things into their own VMs is easy and seamless. I created a Flash Qube (VM), and installed the Adobe Flash standalone player (not the browser plugin). To make the player open automatically:
user@flash:~$ cat
application/x-shockwave-flash; ~/apps/flashplayer '%s'; test=test -n "$DISPLAY"
user@flash:~$
I automated things a bit to make it seamless with my normal browser in my Web Qube. First, I created a Desktop entry as a custom handler for .swf:
user@web:~$ cat
[Desktop Entry]
Version=1.0
Terminal=false
Type=Application
Name=Open SWF in flash VM
Exec=qvm-open-in-vm flash
MimeType=application/x-shockwave-flash
user@web:~$
Next time I tried to download a .swf file, Firefox asked me what to do with it, I chos
Re: (Score:2)
This looks like a good approach if it works. Thanks. Better keep that VM as a fallback anyway.
And to "just upgrade", it's not "my" systems, it's my customers. If they want to run such thing and pay for the maintenance work knowing the risks then all I can do is to attempt to mitigate those.
Is the android version usable yet? (Score:3)
I stopped updating it on my phone a while ago (looks like that was v79 in August). Have they update per any user feedback yet?