Who, and how much?
I want to know who got the bribe and how much they got. At this point, there's no reason to extend it.
Mozilla has postponed its plans to distrust all legacy digital certificates from Symantec, spreading dismay in security circles. The org has put off the disavowal because many well-trafficked websites have not switched – despite the execution notice going up over a year ago. Ordinary surfers will notice it once Chrome 70 lands …
I guess they're trying to hang on to users. Firefox Quantium seems to have made some monthly active users move somewhere else. There was a summer slump that never went back up. Odd that...
I guess they're trying to hang on to users. Firefox Quantium seems to have made some monthly active users move somewhere else. There was a summer slump that never went back up. Odd that...
I'm one of those users. I was involuntarily upgraded to the new Quantum browser from the ESR release of Firefox. The new browser had loads of UI changes somebody probably thought would be a good idea to shove down my throat without a choice or method of reversion, while also deciding that I wouldn't actually want any of the extensions i'd got installed.
I had a quick look around and discovered that nobody had produced an extension to restore the UI of the browser back to how it looked previously. Having had my browser changed with the elimination of my preferences yet again with no way of actually restoring it this time, I decided that after ~14 years it was time to switch browsers since Mozilla has evidently been taking instruction from Microsoft as to how to forcefully cram increasingly broken bloatware down the throats of the users and ignore the feedback (ie. screams of protest)
Deciding that I probably wouldn't be the only person this unhappy with the status quo led me to check for forks of Firefox that keep up with security updates but don't leave me without a working web browser every 6 weeks. After trying a few alternatives I decided I quite like Pale Moon, and have been using it since without any regrets since.
The developers for it port the security updates to their codebase, but leave everything else alone. I'm quite happy with this as are family, friends and it has the benefit of not needing to do such major QA for updates as Firefox did at work. Better all round.
LOL Pale Moon, have you also disabled your anti virus and opened all ports?
If you like Pale Moon I have another web browser you might like, it is called Internet Explorer 6.
"The developers for it port the security updates to their codebase,"
If you believe they actually port security updates then I have a bridge to sell you,
@peter2 That's one of the main reasons that I switched to Pale Moon. It's not getting enough traction in my opinion, but it's a very nice alternative to Firefox that deserves a look.
I'm using Waterfox, which seems to get more effort put into it than PaleMoon. But that's still not workable for my 32bit Acer netbook, and trying to run it on my RHEL7 work machine would have required too many library hacks.
I used Pale Moon for a while but had some problems with some work sites. Also rther concerned that it was an effort, at the time, of just one man...and perhaps his dog too. That's too risky for me, so I moved. Tried Waterfox, but not for me.
I've gone back to FF and I've settled into the new version, not sure what the hoo-ha is all about, other than some add-on developers and their users screaming blue murder. The new FF is a lot safer than the old one, yet still more flexible than Chrome, altough Chrome is more secure with it's sandboxing. I use Chrome for work and financial sites and FF for the rest.
I had a quick look around and discovered that nobody had produced an extension to restore the UI of the browser back to how it looked previously.
Unfortunately it's impossible to do with the fantastic new API.
After trying a few alternatives I decided I quite like Pale Moon, and have been using it since without any regrets since.
I went for Waterfox. It can do all three kinds of Firefox extensions and it's based on Firefox 56 + a few minor UI changes which came later (sidebar, some preferences) + security updates. I figure it can't be worse than ESR 52.9.0 and if the project dies I'll look for another one.
If you like Pale Moon I have another web browser you might like, it is called Internet Explorer 6.
Look mate, most of us were moving people off of IE6 to Firefox in the second browser wars. In the early days, the biggest selling point of Firefox was that you could have it setup the way you wanted it.
All of the people who have fled Firefox will have done so because after 14+ years using the classic UI plus their modifications they know every nook and cranny of the UI and can do what they want to do quickly and efficiently, and frankly can't be assed to relearn how to use their own web browser because somebody thinks they should.
If Firefox wanted to retain or regain it's userbase then it's pretty easy to do. When you make massive changes to the UI just include another theme called "classic" that people can apply if they don't like your changes, and problem perpetually solved. Acting like a spoiled teenager and insulting the people leaving because they don't like the way the product changes tends to convince those people to remain in opposition rather than switch back. It's counterproductive as well as being childish.
I went for Waterfox. It can do all three kinds of Firefox extensions and it's based on Firefox 56 + a few minor UI changes which came later (sidebar, some preferences) + security updates. I figure it can't be worse than ESR 52.9.0 and if the project dies I'll look for another one.
Yeah, I did look at Waterfox. It's a good alternative if you liked that UI, however personally I was quite happy with the original Firefox user interface that i've been using since FF1 and went with Pale Moon on the basis that it's the default. Either work though, i'm just glad we have the option to do this these days!
Acting like a spoiled teenager and insulting the people leaving because they don't like the way the product changes tends to convince those people to remain in opposition rather than switch back. It's counterproductive as well as being childish.
Ah, so they brought in developers from the Pidgin and Gnome projects?
"Acting like a spoiled teenager and insulting the people leaving because they don't like the way the product changes tends to convince those people to remain in opposition rather than switch back. It's counterproductive as well as being childish."
I am not mocking you for leaving Firefox, I am mocking you for choosing the stupidest choice out of all the alternative browsers.
I guess they're trying to hang on to users. Firefox Quantium seems to have made some monthly active users move somewhere else. There was a summer slump that never went back up. Odd that...
And this is the reason why to try and keep your users happy. In the past, firefox has attempted stuff like this only to have the users complain to the website administrators. Now that the users are more wise, they are switching browsers instead. This means administrators may not be getting notified that there is a problem and folks are switching instead. I am one of those people that switched.
It also means that firefox lost their power (their ability to say what I do on the internet by forcing changes) over me and my browser.
Tech folk are deeply conservative and dislike change. The longer they have been doing something in a particular way, the more resistant they become to doing it another way. Young tech folk take to the new ways more easily but over time they too will develop a conservative resistance when some one again tries to introduce some change. It's generational, like pop music - parents always look at their sprogs music with disdain, and those young sprouts will in their turn age and come to deride their own sprogs music. C'est la vie.
And everyone loves to complain. It's a bonding exercise, where folk with similar gripes gather together to point pointy fingers at someone else, to justify and reinforce their own gripes. You can observe it in comments attached to Microsoft articles, especially Windows 10 articles. Fascinating, Captain.
"Tech folk are deeply conservative and dislike change."
I honestly don't think that's accurate. Tech folk tend to be neophiles, not neophobes. The difference between greybeards and young sprouts is not resistance to change, it's that greybeards have more experience to base judgements on what constitutes change for the better and change for the worse.
Tech folk are used to the rule that new stuff is usually shite. And they're not amused by sparkly shiny stuff with less functionality.
But sometimes it's not.
Heck, I just upgraded from Android Marshmallow to Android Oreo and I'm the first to admit it was an enormous improvement. The quick-settings tiles alone obsoleted half a dozen of my own apps. The Bluetooth is markedly better. The power management is insane. My Moto G6 did 5+ days without recharging in normal use, straight out of the box without disabling anything or doing anything special to conserve battery, and running the same apps I used on my Nexus 6P.
I was expecting the browser makers to play hardball: Users can still click through to get to the sites, and the "Not Secure" message being shown to everyone is a nice public incentive to fix it.
Still, as Google's the no. 1 web browser by a large margin, They'll still have to fix it, so Firefox's stance, if done in isolation, is a moot point.
Obviously those sites will switch quicker once nobody can visit them.
However, I have noticed in Firefox that now sometimes when I visit a site with a bad certificate, I can't just click on a button and see the site anyways. If they hadn't changed that, there would be no issue, and they could distrust the certificates right away without causing a negative impact on users who are blocked from sites they need to access that are not infected, just out of date.
Being as Symantec is not issuing serts any longer and so there's no insiders to create certs for dubious purposes, it's all about as much use as a fart in a colander to distrust them now. The max life of a cert is 2 years, this has been going on for over a year, so they go ws soon anyway.
Google's security princess let slip in an interview on BBC click that the whole SSL push is because big isp's in the US are replacing their ads, nothing to do with security, eveything to do with $$$. Don't beleive it, hear for yourself, right near the begining of the progeamme.
Doesn't mean it's not a good idea. Replacing their ads with others is a short walk from China "replacing ads with malware", etc, etc. A good move done out of self-interest is still a good move.
All these sites have to do is replace their SSL cert. If they can't manage that after more than a year, they don't deserve any traffic.
"All these sites have to do is replace their SSL cert. If they can't manage that after more than a year, they don't deserve any traffic."
Whilst that is all they have to do, doing so will not make anything tangibly safer or more secure for anyone. The threat scenario is that Symantec might have erroneously issued a certificate that allows some website to pretend to be something it's not during a man in the middle or in conjunction with a DNS attack. It's ridiculously unlikely for an attacker to wait over a year before utilizing such a fake cert particularly as they would be aware that the trust chain for that cert is going to be removed.