Firefox 52 kills plugins – except Flash – and runs up a red flag for HTTP The Mozilla Foundation has has given the world the fifty-second version of the Firefox browser, complete with some significant changes. Most notable is the eviction of plug-ins. The browser will now only run Flash. Anything else reliant on the Netscape Plugin API (NPAPI) is now verboten. Which means Silverlight, Java and …
Roll on the end of Flash. Perhaps the BBC will finally stop using it too. I think that's the only thing I have authorised to use it now, anyone else: too bad.
Mind you, perhaps they'll get IPv6 working too. (Although they're not the only laggards here, trying not to look at the vulture in the room.)
Roll on the end of Flash
.. which is the exact thing they leave in place. I don't like the sound of "the end of plugins" - I have a number that I like very much, thank you, and I prefer to take such a decision myself. I would have been OK with a health dose of "are you sure?" or an expert mode for that, but wholesale killing off things in an arbitrary manner is too much like Microsoft. Thank God they apparently have left extensions alone for now, but I've killed off updates, just in case.
Speaking of expert mode, why the f*ck does everything HAVE to be HTTPS? Anyone who is just running a mom & pop site merely showing stuff has no need for it, and making it all SSL enabled simply means nothing is cached anymore unless they make the biggest security mistake of all and rely on an SSL proxy (the best place *ever* to monitor user behaviour).
I am very much OK with red alarm flashes and even the re-introduction of blinking (umm, no, maybe not) if a website asks for data entry without the appropriate protection, but to just mandate that as a default is IMHO going too far. That's not protecting, that's nannying. Next thing it will hook up to Alexa and tell you that you should wear a thick coat and scarf when you go out if local temperatures drops..
and making it all SSL enabled simply means nothing is cached anymore
Not entirely correct. Browser caching is not affected by the use of secure connections.
But true, classic proxies are pretty much impossible for SSL connections. That is a tradeoff for security and privacy.
It would theoretically be possible to use a validating proxy that blocks all insecure connections (invalid and self-signed certs etc) and have the browser trust the proxy that it does the right thing... nightmares galore!
I can sort of understand your problem with the traffic volume. But (at least here where i live), this is mostly when you run stuff in expensive clouds like Amazon. I use some colo servers where i have enough monthly traffic included in the colo rent for a fixed price. Currently i could use 50TB a month, and i never reached that limit, not even close.
"... making it all SSL enabled simply means nothing is cached anymore unless ..."
...unless someone takes the fairly obvious step of allowing "authenticated but not encrypted" connections, thereby delivering content that is both cachable and trustworthy. Such a thing is certainly possible down at the IPsec level, but I've no idea whether it is still possible in the higher layers of the stack. (It's a pretty damn glaring design fault if it isn't, though. Anyone who has ever chosen to deliver a signed file over unsecured FTP or HTTP has understood the requirement.)
Not expert, just naive for any kind of insecure network, especially The Internet!
End-to-End Encryption tunnels, like HTTPS and VPN, are the only sane way to use an insecure network, these prevent Man-in-the-Middle sniffing/modification of POSTed content, requests and responses, by any intermediary, including ISPs, routing parties, governments and employers, and this sniffing/modification behaviour has already happened loads! HTTPS certs also make it easier to spot spoof sites e.g. via DNS exploits. HTTPS is especially critical for all links to third party sites e.g. scripts, fonts, media etc.! This is why ALL websites, even seemingly trivial ones, must be moved to HTTPS.
HTTPS certs can be obtained free and there are scripts available to auto-renew short-lived HTTPS certs.
If you really need caching, put HTTP cache(s) between main HTTP server(s) and HTTPS front end(s), all on an isolated network.
End-to-End Encryption tunnels, like HTTPS and VPN, are the only sane way to use an insecure network, these prevent Man-in-the-Middle sniffing/modification of POSTed content, requests and responses, by any intermediary, including ISPs, routing parties, governments and employers, and this sniffing/modification behaviour has already happened loads!
Sadly not, given that most of the root cert agencies are in the US. If I were an agency seeking to set up a MITM intercept it would not be hard to get a rogue cert issued - there is enough legal leverage available in the US to make companies do almost anything and compel them to keep their mouths shut about it - FCC cases notwithstanding (IMHO that's more window dressing).
"End-to-End Encryption tunnels, like HTTPS and VPN, are the only sane way to use an insecure network, these prevent Man-in-the-Middle sniffing/modification of POSTed content, requests and responses, by any intermediary, including ISPs, routing parties, governments and employers, and this sniffing/modification behaviour has already happened loads! HTTPS certs also make it easier to spot spoof sites e.g. via DNS exploits. "
Sometimes yes, sometimes no. There are proxies, such as Bluecoat, that perform MITM attacks as part of their designed function. If you are on a network that uses these, you'd best trust the persons administering the proxy with everything you do.
"Reload your vid, should now be on ContinuousPlayPluginHTML. Tested of FF 51."
Despite having dumped flash a while ago and don't the HTML5 magic at the BBC site, BBC News still often places flash-only video on their site. There appears to be neither rhyme nor reason to their selection, it just seems totally random. Worse, despite having no Flash installed and doing the BBC magic, BBC News still tries to serve up the flash video first, only to fail and then reload the page with the HTML5 version about 5 seconds later if available. So not using flash is probably seen by many as an inconvenience on two levels. Not all video is HTML5 and for those that are, it take longer to load the page.
After they took away the convenient distinction between the site's cookies and third party etc. they should STFU. Now they break the plugin system and the extensions as well, and slowly turn into a bland chrome lookalike. Like Opera. And like Opera it will soon be unusable for me in its current version.
Progress for the f'ing sake of f'ing progress. I am not impressed... Thank you oh so bloody much.
Really? Funny how I am using nightly build of Firefox 55 with ghostery running just fine. Also, they are not getting rid of extensions. They are getting rid of NPAPI, a huge difference. Vast majority of extensions that people use will carry on just fine.
I don't agree with everything Mozilla do but it is right on this count. And it is still a decent browser and one where I at least have some confidence that their existence is not predicated on stealing all of my information for advertising purposes. (Looking at you Chrome).
"Vast majority of extensions that people use will carry on just fine."
Well, good for the vast majority. I like for example tab groups (like in Opera... way back when dirt was invented), and a few other things. One of the developers actually put out a notice that he won't migrate, because he cannot see a way to do it (with a reasonable amount of effort, after doing the migration to whatever their last thing was about a year ago - and the new environment would actually not support things like that any more). All because Firefox wants to be more like Chrome and use the same plugins / extensions (no, it is not the only reason, I followed the discussions a bit - but it breaks the browser for me...).
So... time to look for a new browser. Again. f- them, with extreme prejudice. I'm getting old and averse to change (plus if I cannot get the functionality I want it really sucks - and there is just no alternative but the old and outdated Opera version that still was Opera and not Chrome).
All because Firefox wants to be more like Chrome and use the same plugins / extensions (no, it is not the only reason, I followed the discussions a bit - but it breaks the browser for me...).
The irony is that people like me use Firefox exactly because it is NOT Chrome, because we still trust something from Mozilla more than from data thief Google. Idiots.
I'm still using v5.4.11 of Ghostery, prior to all the v6 nastiness. Turn off auto updates, fix the version compatibility if necessary. I have uBlock Origin on one of my machines, and it's much more difficult to work with. For example, say you want to stream a TV show from one of the networks. It's a lot easier to figure out which trackers need to be enabled with the old Ghostery. I'm sure someday Firefox will break the old Ghostery and I'll need to find a new blocker. But it's working fine with v52.
BTW, GMail and Craigslist should be congratulated for using 0 trackers.
Ghostery was tired, because of too coarse controls and useless feedback, uBlock* are also tired now; I un-installed them after uMatrix revealed them as redundant and quite inferior.
uMatrix offers finer control of several types of web stuff, especially for linked sites and uses a indicator button, not crappy popups, which can be clicked to edit site controls on a transient pane.
This post has been deleted by its author
You could try Palemoon. It is a firefox fork with the old firefox UI and seems less intent on making life difficult for its users.
Yes, but that's a less supported codebase and doesn't do an official macOS build. If I change over, it needs to support all of the big three (Windows, macOS, Linux).
>You could try Palemoon. It is a firefox fork with the old firefox UI and seems less intent on making life difficult for its users.
Must agree. I got sick of Firefox increasingly assuming it was the only thing I run, and taking more and more resource, and getting slower while assuring us that performance was improving. Palemoon resolves all those issues. Just wish it used the usual repository update mechanisms.
While we're talking about Palemoon, their Thunderbird version, Fossamail, similar;y resolves Thunderbird issues, like CPU hogging and constant activity.
Fossamail still does not support enough of the Thunderbird Functionality, for extensions, even using their profile migration tool (stupidly copies 'incompatible' Lightning and other 'incompatible' extensions too!), and doesn't even fix the crappy dialog window stalls, oddly with little CPU load *, e.g. for adding/editing mail filters!
* probably some really pointless, chrome GUI Mutex Thrashing.
The lack of critical extension support and no noticeable performance gains is what keeps me on Thunderbird!
Just like Firefox, Thunderbird and Fossamail need to have proper isolated Multi-threaded, and possibly Multi-Process, to prevent stalls, and to stop doing lazy/retarded modal windows for relatively easy stuff like mail filter config. Child GUI stuff like that is easy in Java and should be easy in C++ GUI frameworks too!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
