back to article Firefox 52 kills plugins – except Flash – and runs up a red flag for HTTP

The Mozilla Foundation has has given the world the fifty-second version of the Firefox browser, complete with some significant changes. Most notable is the eviction of plug-ins. The browser will now only run Flash. Anything else reliant on the Netscape Plugin API (NPAPI) is now verboten. Which means Silverlight, Java and …

Silver badge

Roll on the end of Flash. Perhaps the BBC will finally stop using it too. I think that's the only thing I have authorised to use it now, anyone else: too bad.

Mind you, perhaps they'll get IPv6 working too. (Although they're not the only laggards here, trying not to look at the vulture in the room.)

25
0
Anonymous Coward

Roll on the end of Flash

.. which is the exact thing they leave in place. I don't like the sound of "the end of plugins" - I have a number that I like very much, thank you, and I prefer to take such a decision myself. I would have been OK with a health dose of "are you sure?" or an expert mode for that, but wholesale killing off things in an arbitrary manner is too much like Microsoft. Thank God they apparently have left extensions alone for now, but I've killed off updates, just in case.

Speaking of expert mode, why the f*ck does everything HAVE to be HTTPS? Anyone who is just running a mom & pop site merely showing stuff has no need for it, and making it all SSL enabled simply means nothing is cached anymore unless they make the biggest security mistake of all and rely on an SSL proxy (the best place *ever* to monitor user behaviour).

I am very much OK with red alarm flashes and even the re-introduction of blinking (umm, no, maybe not) if a website asks for data entry without the appropriate protection, but to just mandate that as a default is IMHO going too far. That's not protecting, that's nannying. Next thing it will hook up to Alexa and tell you that you should wear a thick coat and scarf when you go out if local temperatures drops..

57
1

BBC flash

@Number6:

Go to news.bbc.co.uk, find a vid, right-click, confirm you're on flash.

Go to http://www.bbc.co.uk/html5, opt in to HTML5.

Reload your vid, should now be on ContinuousPlayPluginHTML. Tested of FF 51.

22
0
Silver badge

Re: BBC flash

Thanks for that link to the BBC HTML5. It actually tells you on that page whether you're already using HTML5 or not - and I was, apparently automatically, since I'd never specified it myself.

Good tip - thanks again.

7
0
Silver badge

Re: BBC flash

"Reload your vid, should now be on ContinuousPlayPluginHTML. Tested of FF 51."

Despite having dumped flash a while ago and don't the HTML5 magic at the BBC site, BBC News still often places flash-only video on their site. There appears to be neither rhyme nor reason to their selection, it just seems totally random. Worse, despite having no Flash installed and doing the BBC magic, BBC News still tries to serve up the flash video first, only to fail and then reload the page with the HTML5 version about 5 seconds later if available. So not using flash is probably seen by many as an inconvenience on two levels. Not all video is HTML5 and for those that are, it take longer to load the page.

10
0
Anonymous Coward

Flash left, ad blockers gone?

Flash still there and ad blocking plugins don't work anymore? Pretty clear who's been accepting bribes.

5
4

and making it all SSL enabled simply means nothing is cached anymore

Not entirely correct. Browser caching is not affected by the use of secure connections.

But true, classic proxies are pretty much impossible for SSL connections. That is a tradeoff for security and privacy.

It would theoretically be possible to use a validating proxy that blocks all insecure connections (invalid and self-signed certs etc) and have the browser trust the proxy that it does the right thing... nightmares galore!

I can sort of understand your problem with the traffic volume. But (at least here where i live), this is mostly when you run stuff in expensive clouds like Amazon. I use some colo servers where i have enough monthly traffic included in the colo rent for a fixed price. Currently i could use 50TB a month, and i never reached that limit, not even close.

0
0
Silver badge

Re: BBC flash

In recent weeks BOTH versions have been randomly failing for me.

0
0
Silver badge

Re: BBC flash

Yeah seems video content on the BBC is 50/50 Flash/HTML5.

I opted to HTML5 version ages ago but a lot of stuff I still cant watch.

3
0
Silver badge

Re: Flash left, ad blockers gone?

The Flash team at Adobe doesn't accept bribes. If they did we might know exactly who they are and be able to coat the twenties with arsenic.

2
0

Re: Flash left, ad blockers gone?

Note that plugins are not the same as extensions. Adblock etc are typically extensions which are still allowed.

12
0
Gold badge

"... making it all SSL enabled simply means nothing is cached anymore unless ..."

...unless someone takes the fairly obvious step of allowing "authenticated but not encrypted" connections, thereby delivering content that is both cachable and trustworthy. Such a thing is certainly possible down at the IPsec level, but I've no idea whether it is still possible in the higher layers of the stack. (It's a pretty damn glaring design fault if it isn't, though. Anyone who has ever chosen to deliver a signed file over unsecured FTP or HTTP has understood the requirement.)

1
0
Bronze badge
Facepalm

Not expert, just naive for any kind of insecure network, especially The Internet!

End-to-End Encryption tunnels, like HTTPS and VPN, are the only sane way to use an insecure network, these prevent Man-in-the-Middle sniffing/modification of POSTed content, requests and responses, by any intermediary, including ISPs, routing parties, governments and employers, and this sniffing/modification behaviour has already happened loads! HTTPS certs also make it easier to spot spoof sites e.g. via DNS exploits. HTTPS is especially critical for all links to third party sites e.g. scripts, fonts, media etc.! This is why ALL websites, even seemingly trivial ones, must be moved to HTTPS.

HTTPS certs can be obtained free and there are scripts available to auto-renew short-lived HTTPS certs.

If you really need caching, put HTTP cache(s) between main HTTP server(s) and HTTPS front end(s), all on an isolated network.

0
3
Bronze badge

Re: Flash left, ad blockers gone?

Flash still there and ad blocking plugins don't work anymore?

Mr. Troll, please check your facts first. Plugins ≠ add-ons. Adblockers are add-ons.

3
1
Silver badge

Re: BBC flash

I suspect this is one of those things that relies on cookies to store the preference, in which case I'll have to do it every time I open the browser, given that I have it set to delete such things regularly.

0
0
Anonymous Coward

Re: BBC flash

Yeah, phone me back when I can block automatic playing of HTML5 videos.

2
0
Anonymous Coward

End-to-End Encryption tunnels, like HTTPS and VPN, are the only sane way to use an insecure network, these prevent Man-in-the-Middle sniffing/modification of POSTed content, requests and responses, by any intermediary, including ISPs, routing parties, governments and employers, and this sniffing/modification behaviour has already happened loads!

Sadly not, given that most of the root cert agencies are in the US. If I were an agency seeking to set up a MITM intercept it would not be hard to get a rogue cert issued - there is enough legal leverage available in the US to make companies do almost anything and compel them to keep their mouths shut about it - FCC cases notwithstanding (IMHO that's more window dressing).

1
0
Anonymous Coward

"End-to-End Encryption tunnels, like HTTPS and VPN, are the only sane way to use an insecure network, these prevent Man-in-the-Middle sniffing/modification of POSTed content, requests and responses, by any intermediary, including ISPs, routing parties, governments and employers, and this sniffing/modification behaviour has already happened loads! HTTPS certs also make it easier to spot spoof sites e.g. via DNS exploits. "

Sometimes yes, sometimes no. There are proxies, such as Bluecoat, that perform MITM attacks as part of their designed function. If you are on a network that uses these, you'd best trust the persons administering the proxy with everything you do.

0
0

Re: BBC flash

"Yeah, phone me back when I can block automatic playing of HTML5 videos."

about:config -> media.autoplay.enabled -> false

5
0

Re: Flash left, ad blockers gone?

Plugins =/= Ad-Ons

The ad blockers are still available. You're welcome.

0
0

Cookies...

After they took away the convenient distinction between the site's cookies and third party etc. they should STFU. Now they break the plugin system and the extensions as well, and slowly turn into a bland chrome lookalike. Like Opera. And like Opera it will soon be unusable for me in its current version.

Progress for the f'ing sake of f'ing progress. I am not impressed... Thank you oh so bloody much.

28
2
Silver badge

Re: Cookies...

I'm still annoyed that the menu is gone! And don't get me started on version numbers...

7
0

Re: Cookies...

Did you not know the menus come back if you press Alt? Works in TB too.

1
1
Silver badge

Re: Cookies...

Tools > Options > Privacy still seems to have a third party cookie option?

2
1
Anonymous Coward

Last night my one of my Firefox browsers suddenly announced that Ghostery was no longer supported and no update was available. At this rate I'll be stuck with just Chrome as a browser.

3
1

Really? Funny how I am using nightly build of Firefox 55 with ghostery running just fine. Also, they are not getting rid of extensions. They are getting rid of NPAPI, a huge difference. Vast majority of extensions that people use will carry on just fine.

I don't agree with everything Mozilla do but it is right on this count. And it is still a decent browser and one where I at least have some confidence that their existence is not predicated on stealing all of my information for advertising purposes. (Looking at you Chrome).

19
3

There are alternatives, suck as uBlock and uBlock Origin, rather than the much-criticised Ghostery:

https://en.wikipedia.org/wiki/Ghostery#Criticism

4
2
Silver badge

They haven't gotten rid of addons yet... why, they're not scheduled to do that for another nine months!

4
0

Re: extensions

"Vast majority of extensions that people use will carry on just fine."

Well, good for the vast majority. I like for example tab groups (like in Opera... way back when dirt was invented), and a few other things. One of the developers actually put out a notice that he won't migrate, because he cannot see a way to do it (with a reasonable amount of effort, after doing the migration to whatever their last thing was about a year ago - and the new environment would actually not support things like that any more). All because Firefox wants to be more like Chrome and use the same plugins / extensions (no, it is not the only reason, I followed the discussions a bit - but it breaks the browser for me...).

So... time to look for a new browser. Again. f- them, with extreme prejudice. I'm getting old and averse to change (plus if I cannot get the functionality I want it really sucks - and there is just no alternative but the old and outdated Opera version that still was Opera and not Chrome).

13
0
Anonymous Coward

There are alternatives, suck as uBlock and uBlock Origin, rather than the much-criticised Ghostery

There is criticism, but it's still rather useful. I actually use BOTH uBlock and Ghostery.

8
1
Anonymous Coward

Re: extensions

All because Firefox wants to be more like Chrome and use the same plugins / extensions (no, it is not the only reason, I followed the discussions a bit - but it breaks the browser for me...).

The irony is that people like me use Firefox exactly because it is NOT Chrome, because we still trust something from Mozilla more than from data thief Google. Idiots.

33
1

'I actually use BOTH uBlock and Ghostery.'

Those two plus Privacy Badger - and NoScript

2
0
Linux

Just installed 52.0 on Ubuntu 16.04 Ghostery working fine

1
0

add flagfox - shows the flag of the country the server is located in. It's a simple method for quick risk analysis. Having this installed meant I immediately noticed when my bank started trying to get me to log-on on an American server rather than the expected British one.

2
0
Silver badge

Ditto, stopped my mum from getting her business account emptied when redirected to a dodgy clone of the banking website.

0
0
Silver badge

Running version 52 64bit and all my add-ons etc. are working fine. I must admit I dumped Ghostery a while ago though.

1
0
Silver badge

El Reg is using a yank server. Say it ain't so!

1
0

I'm still using v5.4.11 of Ghostery, prior to all the v6 nastiness. Turn off auto updates, fix the version compatibility if necessary. I have uBlock Origin on one of my machines, and it's much more difficult to work with. For example, say you want to stream a TV show from one of the networks. It's a lot easier to figure out which trackers need to be enabled with the old Ghostery. I'm sure someday Firefox will break the old Ghostery and I'll need to find a new blocker. But it's working fine with v52.

BTW, GMail and Craigslist should be congratulated for using 0 trackers.

0
0
Bronze badge
Meh

Ghostery was tired, because of too coarse controls and useless feedback, uBlock* are also tired now; I un-installed them after uMatrix revealed them as redundant and quite inferior.

uMatrix offers finer control of several types of web stuff, especially for linked sites and uses a indicator button, not crappy popups, which can be clicked to edit site controls on a transient pane.

0
0

I give up!

If you want to pay the advertisers to not advertise to you then, yeah, go ahead.

I'm really not sure why anybody with a mindset like that doesn't just use Chrome or Edge?

0
0

This post has been deleted by its author

Silver badge

Palemoon

Take it for a test drive. It's nice.

16
0
Silver badge

Palemoon

You could try Palemoon. It is a firefox fork with the old firefox UI and seems less intent on making life difficult for its users.

Or there is always Vivaldi ...

6
0
Anonymous Coward

Re: Palemoon

You could try Palemoon. It is a firefox fork with the old firefox UI and seems less intent on making life difficult for its users.

Yes, but that's a less supported codebase and doesn't do an official macOS build. If I change over, it needs to support all of the big three (Windows, macOS, Linux).

3
2

Re: Palemoon

>You could try Palemoon. It is a firefox fork with the old firefox UI and seems less intent on making life difficult for its users.

Must agree. I got sick of Firefox increasingly assuming it was the only thing I run, and taking more and more resource, and getting slower while assuring us that performance was improving. Palemoon resolves all those issues. Just wish it used the usual repository update mechanisms.

While we're talking about Palemoon, their Thunderbird version, Fossamail, similar;y resolves Thunderbird issues, like CPU hogging and constant activity.

5
0
Silver badge

Re: Palemoon

"While we're talking about Palemoon, their Thunderbird version, Fossamail, similar;y resolves Thunderbird issues, like CPU hogging and constant activity."

Now that's a handy thing - I use Palemoon, but didn't know about Fossamail. I'll give it a try.

2
0
Bronze badge
Meh

Re: Palemoon

Fossamail still does not support enough of the Thunderbird Functionality, for extensions, even using their profile migration tool (stupidly copies 'incompatible' Lightning and other 'incompatible' extensions too!), and doesn't even fix the crappy dialog window stalls, oddly with little CPU load *, e.g. for adding/editing mail filters!

* probably some really pointless, chrome GUI Mutex Thrashing.

The lack of critical extension support and no noticeable performance gains is what keeps me on Thunderbird!

Just like Firefox, Thunderbird and Fossamail need to have proper isolated Multi-threaded, and possibly Multi-Process, to prevent stalls, and to stop doing lazy/retarded modal windows for relatively easy stuff like mail filter config. Child GUI stuff like that is easy in Java and should be easy in C++ GUI frameworks too!

0
1

or Opera

0
0
Silver badge
WTF?

"The browser will now only run Flash"

Why? Oh why? I dumped flash about a year ago for being too big a risk.

Java, on the other hand, I need to submit my tax return.

8
0

Re: "The browser will now only run Flash"

I've been submitting tax returns quite happily for years without Java on my system - sure you aren't mixing it up with JavaScript?

3
2

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017