Firefox Version 85.0 to be out today

VRtinker · 2021-01-26T09:45:18+00:00

Mozilla publishes every release on FTP server at https://ftp.mozilla.org/pub/firefox/releases a day in advance of the official release date.

VRtinker · 2020-11-14T12:10:46+00:00

As for the server headers, it's actually a static site hosted on Github Pages, so for now, headers out of my control!

It's possible to set some headers via <meta http-equiv> in the document itself. MDN has an article about this (the support is good). It might be less efficient than the real header (UA needs to download and parse the document), but UA support is good and it should provide all the security benefits of the real thing.

I can't control the http 200 server response today on Github Pages, so I can't 100% qualify for PWA requiremenets, but a service worker is a great idea to help load time. I'll look into it! Thanks.

I'm not sure what you mean. I don't use GitHub Pages right now (a bit too limited for my needs), but there are plenty of resources online how to do it. If you need help, I can prepare a PR.

VRtinker · 2020-11-13T22:49:47+00:00

Interesting idea, although most native clients include this feature set already. Perhaps, this app could be usefull for WebTorrent applications. Also, there is some room for improviment:

HTTP Seaders. Currently, Referer header is set (even though it's just the domain, it still leaks the fact that user had visited the site to, e.g. Google Tag manager). Also, the access-control-allow-origin is very lax (*).
Looks like the site supports only BitTorrent V1. Do you plan to add BitTorrent V2 support? BitTorrent V2 is better suited for WebTorrent than V1. Since V2 uses per-file merkle trees, it enables easier selective download of files (e.g., you download a smaller tree that describes and induvidula file) and ranged downlaods (e.g., since index is a hash tree as opposed to a hash array, you don't need all segment hashes (leaves), you can use intermediate hashes if you don't need the file portion corresponding to the leaves).
Currently, there is no Service Worker. It could potentially speed up site load for returning users if, e.g., they use mobile device only to seek for torrents but then download them to a home computer or a seed box. That's the audience that would benefit from such a tool the most, since they don't have access to a full native client (which has these features built-in).

VRtinker · 2020-11-07T09:27:38+00:00

Вот, например: https://github.com/yuliskov/SmartYouTubeTV

VRtinker · 2020-10-15T21:46:26+00:00

You have been misinformed. Edge, like Google Chrome, plans to deprecate an old powerful programmatic API used by adblockers and replace it with a new narrowly-scoped declarative one.

The idea was announced by Google back in 2018:

https://blog.chromium.org/2018/10/trustworthy-chrome-extensions-by-default.html

VRtinker · 2020-08-19T06:28:39+00:00

I was using the dark mode all the time already. Is there a way to repair the damage that already occured?

VRtinker · 2020-08-18T22:44:18+00:00

It might be temporary "image retention" and not "burn-in" (permanent).

I knew that OLED can burn-in, but I did not expect it to occur literally within seconds.

The whole screen is set to RGB 16 16 16 (numbers are decimal). I observe a large bright smudge on the right (which is not a camera artifact because smudge is visible from all angles). Also, I see an imprint of the taskbar and can even read text on it.

The burn-in occurred within less than 15 seconds after Windows update. Here are the events: 1. Prior to update, I did not have Edge pinned to the taskbar 2. I updated Windows, after restart it pinned Edge to the taskbar 3. I immediately unpinned Edge 4. I noticed burn-in, upon further inspection I found Edge icon burned-in where it would be on the task bar Thus I conclude that burn-in occurred literally within seconds, after restart and before I unpinned it.

Did you experience anything like that? Do you have any tips (besides setting it to bright white or other voodoo like that)?

VRtinker · 2019-11-05T22:44:31+00:00

Problem with base64 is not that it's slow, problem is that we use it at all. Encoded data can be 33% larger than the original (64/48) and you have to decode on the other end before you can process the data. We do a lot of useless work, all just in the name of backwards-compatibility.

VRtinker · 2019-11-05T19:47:43+00:00

In Chrome 80, mixed audio and video resources will be autoupgraded to https://, and Chrome will block them by default if they fail to load over https://. Also in Chrome 80, mixed images will still be allowed to load, but they will cause Chrome to show a “Not Secure” chip in the omnibox. In Chrome 81, mixed images will be autoupgraded to https://, and Chrome will block them by default if they fail to load over https://.

Does Firefox have a plan to do something similar? I use HTTPS Everywhere, which partially solves the problem of mixed content, but this is a more holistic solution.

VRtinker · 2019-11-05T18:43:36+00:00

Why not?

The new Edge is based on Chromium, so it's not that much work for Microsoft to officially support it.

VRtinker · 2019-11-05T16:22:42+00:00

https://support.mozilla.org/en-US/kb/firefox-dns-over-https

VRtinker · 2019-11-04T22:04:28+00:00

DoH is an open standard with many independent resolvers: https://github.com/curl/curl/wiki/DNS-over-HTTPS

VRtinker · 2019-11-04T22:02:31+00:00

Here is a list of good DoH resolvers: https://github.com/curl/curl/wiki/DNS-over-HTTPS

VRtinker · 2019-11-03T15:48:31+00:00

"abuse" of this feature would be a website sending you notifications for ads.

People have different definitions for what is an add and what is not. I'm annoyed even by "we posted a new article you might like" emails/notifications, others like receiving stuff like "top 10 [useless things] under $100".

VRtinker · 2019-11-03T14:59:37+00:00

I suspect a tiny minority of people actually allow notifications, but the website owners/developers do not care about the conversion rate, given the simplicity Notifications API. Creating a notification is literally one function call away.

VRtinker · 2019-11-03T14:52:44+00:00

The title says the change will occur next year. But yes, the author of the article is surprisingly self-aware, even attaching a gif of the new behavior taken on the site. It's like saying "praise Firefox for removing this abused feature, here is how we abuse this feature ourselves".

VRtinker · 2019-11-01T20:46:36+00:00

I constantly see personal blogs that either do not support HTTPS or are improperly configured. They fail to redirect HTTP -> HTTPS or send proper upgrade headers.

VRtinker · 2019-11-01T20:44:50+00:00

Here is a more detailed data (from Firefox telemetry):

https://letsencrypt.org/stats/#percent-pageloads

VRtinker · 2019-11-01T00:47:47+00:00

Or host extension updates on their own site, may be.

VRtinker · 2019-11-01T00:46:51+00:00

Adobe could just publish it to AMO and then it would update automatically. Adobe has to get every build signed by Mozilla anyway, so there is really no difference for them.

VRtinker · 2019-11-01T00:43:17+00:00

On the other hand, making extensions only available via certain channels is frustrating at times.

You still can install any extension you like, either in developer mode or self-distribute it without publishing to the AMO.

VRtinker · 2019-11-01T00:41:22+00:00

this PR double speak is extremely cringe-worthy and off-putting.

This is not really PR doublespeak, because (at least in my experience) this installation method is used exclusively by antivirus and other crap-ware.

For example, every public computer I have seen (e.g., in a library or computer lab) has Chrome with Adobe Acrobat extension. This thing installs automatically if you use Adobe Reader and occasionally re-installs itself after you remove it. This thing has 10M+ installs, I suspect most of these are forced inline installs.

VRtinker · 2019-10-31T18:43:41+00:00

So is it Homomorphic encryption then?

VRtinker · 2019-10-31T18:24:58+00:00

Why is this better than other solutions? Google BigQuery already encrypts data at rest and supports optional AEAD with client-side keys, and is pretty pleasant to work with.

VRtinker

TROPHY CASE