"... and user-set values will be reset to the default" according to http://www.mozilla.org/en-US/firefox/23.0/releasenotes/
Thank you Mozilla Foundation, you have just made my netbook unusable.
What do people suggest? The NoScript addon? A different browser? I don't believe I'm the only one who hates JS and only switches it on for websites that absolutely require it.
Andras
On Sat, 10 Aug 2013 01:34:24 +0200 Andras Simon szajmi@gmail.com wrote:
"... and user-set values will be reset to the default" according to http://www.mozilla.org/en-US/firefox/23.0/releasenotes/
Thank you Mozilla Foundation, you have just made my netbook unusable.
What do people suggest? The NoScript addon? A different browser? I don't believe I'm the only one who hates JS and only switches it on for websites that absolutely require it.
Andras
Yes, I'd just use noscript. It gives you much finer grained control than a simple manual on/off option any way.
Ananda
Andras Simon <szajmi <at> gmail.com> writes:
"... and user-set values will be reset to the default" according to http://www.mozilla.org/en-US/firefox/23.0/releasenotes/
Thank you Mozilla Foundation, you have just made my netbook unusable.
Under about:config , set javascript.enabled to "false" .
2013/8/10, আনন্দ কুমার সমাদ্দার asamaddar@myopera.com:
Yes, I'd just use noscript. It gives you much finer grained control than a simple manual on/off option any way.
Last time I tried it, I concluded that manual on/off was much better for me. But that was years ago, noscript may have improved, and I don't seem to have a choice anyway...
Thanks,
Andras
On Fri, Aug 9, 2013 at 4:34 PM, Andras Simon szajmi@gmail.com wrote:
"... and user-set values will be reset to the default" according to http://www.mozilla.org/en-US/firefox/23.0/releasenotes/
Thank you Mozilla Foundation, you have just made my netbook unusable.
What do people suggest? The NoScript addon? A different browser? I don't believe I'm the only one who hates JS and only switches it on for websites that absolutely require it.
Yeah, just use NoScript. They probably killed it because that's what anyone who used that checkbox really wants. Makes sense to me.
The real tragedy in Firefox 23 is the death of the <blink> tag. [1] It's almost not really "Mozilla" [2] anymore. :-(
-T.C.
[1] http://www.jwz.org/blog/2013/08/a-light-has-gone-out-on-the-web/ [2] http://www.jwz.org/gruntle/nscpdorm.html
2013/8/10, Andre Robatino robatino@fedoraproject.org:
Andras Simon <szajmi <at> gmail.com> writes:
"... and user-set values will be reset to the default" according to http://www.mozilla.org/en-US/firefox/23.0/releasenotes/
Thank you Mozilla Foundation, you have just made my netbook unusable.
Under about:config , set javascript.enabled to "false" .
Thanks a lot for saving my sanity!
Andras
2013/8/10, T.C. Hollingsworth tchollingsworth@gmail.com:
Yeah, just use NoScript. They probably killed it because that's what anyone who used that checkbox really wants.
I'm not sure I do. But thanks for the suggestion anyway!
Andras
On Sat 10 August 2013 01:44:45 Andras Simon wrote:
2013/8/10, আনন্দ কুমার সমাদ্দার asamaddar@myopera.com:
Yes, I'd just use noscript. It gives you much finer grained control than a simple manual on/off option any way.
Last time I tried it, I concluded that manual on/off was much better for me. But that was years ago, noscript may have improved, and I don't seem to have a choice anyway...
Noscript works well these days, however you can disable JS in about:config
Set javascript.enabled to "false"
HTH
Colin
On Friday, August 9, 2013, Andras Simon szajmi@gmail.com wrote:
2013/8/10, T.C. Hollingsworth tchollingsworth@gmail.com:
Yeah, just use NoScript. They probably killed it because that's what anyone who used that checkbox really wants.
I'm not sure I do. But thanks for the suggestion anyway!
Well, in addition to the per-site configuration it's famous for, it also has a turn on just for this site right now mode, so you can temporarily turn it on when you need it and just close the tab when you're done, without having to go into about:config to turn it off. That also means you can turn it on for one tab without affecting others.
So you still might. ;-)
-T.C.
2013/8/10, T.C. Hollingsworth tchollingsworth@gmail.com:
On Friday, August 9, 2013, Andras Simon szajmi@gmail.com wrote:
2013/8/10, T.C. Hollingsworth tchollingsworth@gmail.com:
Yeah, just use NoScript. They probably killed it because that's what anyone who used that checkbox really wants.
I'm not sure I do. But thanks for the suggestion anyway!
Well, in addition to the per-site configuration it's famous for, it also has a turn on just for this site right now mode, so you can temporarily turn it on when you need it and just close the tab when you're done, without having to go into about:config to turn it off. That also means you can turn it on for one tab without affecting others.
So you still might. ;-)
"turn on just for this site right now mode"? Sounds great! You're right, I very well might :-)
Thanks,
Andras
-T.C.
On Fri, Aug 9, 2013 at 8:34 PM, Andras Simon szajmi@gmail.com wrote:
What do people suggest? The NoScript addon? A different browser? I don't believe I'm the only one who hates JS and only switches it on for websites that absolutely require it.
Prefbar http://prefbar.mozdev.org F8 to show/hide, there's a checkbox to enable/disable JS
FC
2013/8/10, Fernando Cassia fcassia@gmail.com:
On Fri, Aug 9, 2013 at 8:34 PM, Andras Simon szajmi@gmail.com wrote:
What do people suggest? The NoScript addon? A different browser? I don't believe I'm the only one who hates JS and only switches it on for websites that absolutely require it.
Prefbar http://prefbar.mozdev.org F8 to show/hide, there's a checkbox to enable/disable JS
Thanks for yet another promising option!
Andras
Am 10.08.2013 01:34, schrieb Andras Simon:
"... and user-set values will be reset to the default" according to http://www.mozilla.org/en-US/firefox/23.0/releasenotes/
Thank you Mozilla Foundation, you have just made my netbook unusable.
What do people suggest? The NoScript addon? A different browser? I don't believe I'm the only one who hates JS and only switches it on for websites that absolutely require it
noscript
what makes me much more angry is that the idiotic tab-bar is now always present and "browser.tabs.autoHide;true" is ignored, this absolutely braindead for web-applications opening dialogs which should have no bars at all
but more frustrating is the general attitude all over the software wold to hide any options because the developers thinking all their users are idiots and finally the next generation of users *will* be idiots because they never had a chance to see and learn anything
On Fri, Aug 9, 2013 at 8:42 PM, Reindl Harald h.reindl@thelounge.net wrote:
but more frustrating is the general attitude all over the software wold to hide any options because the developers thinking all their users are idiots and finally the next generation of users *will* be idiots because they never had a chance to see and learn anything
Exactly my thoughts.
Thats why I use SeaMonkey, the browser suite that used to be Mozilla instead of the evermore crippled Firefox
FC
On 10 August 2013 01:34, Andras Simon szajmi@gmail.com wrote:
"... and user-set values will be reset to the default" according to http://www.mozilla.org/en-US/firefox/23.0/releasenotes/
Thank you Mozilla Foundation, you have just made my netbook unusable.
What do people suggest? The NoScript addon? A different browser? I don't believe I'm the only one who hates JS and only switches it on for websites that absolutely require it.
Andras
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Personally, I am not with or against this change, but here's their rationale http://limi.net/checkboxes-that-kill
On Sat, Aug 10, 2013 at 01:44:45 +0200, Andras Simon szajmi@gmail.com wrote:
2013/8/10, আনন্দ কুমার সমাদ্দার asamaddar@myopera.com:
Yes, I'd just use noscript. It gives you much finer grained control than a simple manual on/off option any way.
Last time I tried it, I concluded that manual on/off was much better for me. But that was years ago, noscript may have improved, and I don't seem to have a choice anyway...
You can use about:config to control this, although it's significantly less convenient. You could switch to using seamonkey, which is similar, but lets you control more stuff through preferences. I have heard mentions of other extensions for turning javascript on and off easily.
Note also that they have also removed the ability to disable loading of images. As far as I know you can't even do this with about:config.
On Fri, Aug 09, 2013 at 16:45:02 -0700, "T.C. Hollingsworth" tchollingsworth@gmail.com wrote:
Yeah, just use NoScript. They probably killed it because that's what anyone who used that checkbox really wants. Makes sense to me.
NoScript isn't as safe in at least some regards. There are some places that javascript is interpreted that noscript doesn't (or at least didn't) control and that javascript attacks could succeed in spite of noscript. (The particular example was using javascript in a url after a redirect to compromise firefox.)
However, manualling switching between allowing and blocking javascript is risky, as it is easy to make a mistake.
On Sat, Aug 10, 2013 at 07:33:27 +0200, Ahmad Samir ahmadsamir3891@gmail.com wrote:
Personally, I am not with or against this change, but here's their rationale http://limi.net/checkboxes-that-kill
They really downplay the extra security risk of enabling javascript. And they really are placing the blame in the wrong place, very few web sites really need to require javascript. It would have been nicer to see Mozilla push back against sites requiring javascript to function rather than to make it harder for people to reduce their risk of getting owned.
The images block is even stranger. Many sites look a lot better without images. And it needs to be a really badly designed web page to break when images are not loaded.
On 10.08.2013, Ahmad Samir wrote:
Personally, I am not with or against this change, but here's their rationale http://limi.net/checkboxes-that-kill
To me, the argumentation presented on this site seems somehow grounded, but is *not* relevant. Javascript and showing pictures could simply be the default, with the possibility to switch it off. Maybe with a simple pop-up window which explains the drawbacks, if this seems neccessary.
In mye eyes, "We just broke the internet" translates into "one size fits all ("640k ought to be enough for anybody...")", silently accepting that malware now has significantly better chances to damage your system.
On 08/10/2013 12:34 AM, Andras Simon wrote:
"... and user-set values will be reset to the default" according to http://www.mozilla.org/en-US/firefox/23.0/releasenotes/
Thank you Mozilla Foundation, you have just made my netbook unusable.
What do people suggest? The NoScript addon? A different browser? I don't believe I'm the only one who hates JS and only switches it on for websites that absolutely require it.
I suppose the problem is that we're hamstrung by the fact that the Firefox trademark cannot be used on modified versions of Firefox. But how much do we care about that?
Andrew.
On 10.08.2013 07:44, Bruno Wolff III wrote: …
Note also that they have also removed the ability to disable loading of images. As far as I know you can't even do this with about:config.
permissions.default.image;1 - ON
$HOME/.mozilla/firefox/<PROFILE>/prefs.js user_pref("permissions.default.image", 2); - OFF
poma
On Sat, Aug 10, 2013 at 12:57:15AM -0500, Bruno Wolff III wrote:
They really downplay the extra security risk of enabling javascript. And they really are placing the blame in the wrong place, very few web sites really need to require javascript. It would have been nicer to see Mozilla push back against sites requiring javascript to function rather than to make it harder for people to reduce their risk of getting owned.
This ship has sailed. In fact, it has sailed out of the harbor, across the ocean, to the remote isles, and brought back a collection of valuable trade goods. The web today depends on Javascript, and client-side scripting brings so much of what makes it actually useful that the idea of going back to entirely server-based scripting is a non-starter.
The security answer here isn't going back to the web of the 90s. It's using modern container and security policy systems to contain the risk.
On Fri, 9 Aug 2013, T.C. Hollingsworth wrote:
The real tragedy in Firefox 23 is the death of the <blink> tag. [1]
I'll miss it like a retinal tear.
On Sat, Aug 10, 2013 at 14:13:27 +0200, poma pomidorabelisima@gmail.com wrote:
On 10.08.2013 07:44, Bruno Wolff III wrote: …
Note also that they have also removed the ability to disable loading of images. As far as I know you can't even do this with about:config.
permissions.default.image;1 - ON
$HOME/.mozilla/firefox/<PROFILE>/prefs.js user_pref("permissions.default.image", 2); - OFF
Thanks!
On Sat, Aug 10, 2013 at 1:57 AM, Bruno Wolff III bruno@wolff.to wrote:
they really are placing the blame in the wrong place, very few web sites really need to require javascript. It would have been nicer to see Mozilla push back against sites requiring javascript to function rather than to make it harder for people to reduce their risk of getting owned.
Oh really? what about AJAX apps?. GMail? Twitter?
1. You miss the point: the Mozarella Foundation's Grand Plan includes pushing for HTML5 apps... "web pages" -static text content- is an endagered species, more and more web sites require JS for user validation, log-in, dynamic content, dynamic menus, etc.
That's why also they are on a crusade against plug-ins, they want everything to be HTML5...
2. Can you cite some examples of "getting owned via Javascript"?
The images block is even stranger. Many sites look a lot better without images. And it needs to be a really badly designed web page to break when images are not loaded.
Oh really? Thanks you saved my life. Now that you mention it, I prefer to read news without images, and shop amazon.com without pictures! You get a lot of exciting surprises that way!
I also put a blanket in front of the TV. And I plan to put a bonsai tree in front of my netbook screen. Makes writing emails much more exciting.
FC
On Sat, Aug 10, 2013 at 09:43:03 -0400, Matthew Miller mattdm@fedoraproject.org wrote:
This ship has sailed. In fact, it has sailed out of the harbor, across the ocean, to the remote isles, and brought back a collection of valuable trade goods. The web today depends on Javascript, and client-side scripting brings so much of what makes it actually useful that the idea of going back to entirely server-based scripting is a non-starter.
The security answer here isn't going back to the web of the 90s. It's using modern container and security policy systems to contain the risk.
It is a very hard problem to get right, particularly if you want to share some, but not all, data between remote applications. So far this approach hasn't worked all that well. JS has way too much access. Even java, which was designed as a sandbox from the start, has had a lot of bugs letting hostile code reach out of the sandbox.
My feeling is the reason JS is popular is precisely because it is so easy to violate users' privacy and commercial sites have a lot of incentive to abuse that ability. So most likely things won't go back.
A better for the users solution, would be to have complex applications like games run in a sandbox (such as java) and web sites just providing or collecting information just use html and css. And it should be made obvious when web sites are delivering an application so that people can decide whether or not they want to risk that.
Just because a lot of people are doing something one feels is wrong, doesn't mean you have to silently accept it. (Though you do need to decide which battles are worth fighting.)
On Sat, Aug 10, 2013 at 12:47:16 -0400, Fernando Cassia fcassia@gmail.com wrote:
On Sat, Aug 10, 2013 at 1:57 AM, Bruno Wolff III bruno@wolff.to wrote:
they really are placing the blame in the wrong place, very few web sites really need to require javascript. It would have been nicer to see Mozilla push back against sites requiring javascript to function rather than to make it harder for people to reduce their risk of getting owned.
Oh really? what about AJAX apps?. GMail? Twitter?
GMail and Twitter are a very small percentage of web sites. You are already trusting Google a lot if you are using them to handle your email. Much of what GMail provides can be accessed using a standard imap client and doesn't need to be used via a web application.
- You miss the point: the Mozarella Foundation's Grand Plan includes
pushing for HTML5 apps... "web pages" -static text content- is an endagered species, more and more web sites require JS for user validation, log-in, dynamic content, dynamic menus, etc.
That's why also they are on a crusade against plug-ins, they want everything to be HTML5...
Right, because giving remote people direct access to GPUs is a good idea.
- Can you cite some examples of "getting owned via Javascript"?
That's not my field, so I don't specifically track them. I do see reports of them from time to time. And was given a description of one in a SANS class.
The images block is even stranger. Many sites look a lot better without images. And it needs to be a really badly designed web page to break when images are not loaded.
Oh really? Thanks you saved my life. Now that you mention it, I prefer to read news without images, and shop amazon.com without pictures! You get a lot of exciting surprises that way!
Most of the news I read actually is better without pictures. As the pictures are almost all ads and have nothing to do with the stories. For shopping, it probably is useful and can be turned on for that.
On Sat, Aug 10, 2013 at 12:47:16PM -0400, Fernando Cassia wrote:
Oh really? Thanks you saved my life. Now that you mention it, I prefer to read news without images, and shop amazon.com without pictures! You get a lot of exciting surprises that way!
Could we please try to keep the level of sarcasm down a little bit? There's no reason this discussion can't stay constructive. Thanks!
sarcasm does get a bit much at times! lowest form of wit?
BTW I notice your sig says you are a cloud architect? can we have some more of those that look like bunnies please?
On 10/08/2013 18:55, Matthew Miller wrote:
On Sat, Aug 10, 2013 at 12:47:16PM -0400, Fernando Cassia wrote:
Oh really? Thanks you saved my life. Now that you mention it, I prefer to read news without images, and shop amazon.com without pictures! You get a lot of exciting surprises that way!
Could we please try to keep the level of sarcasm down a little bit? There's no reason this discussion can't stay constructive. Thanks!
On Sat, Aug 10, 2013 at 09:17:26PM +0100, laurence orchard wrote:
sarcasm does get a bit much at times! lowest form of wit?
Well, sometimes it doesn't translate well into a non-face-to-face conversation.
BTW I notice your sig says you are a cloud architect? can we have some more of those that look like bunnies please?
Well, you can install RabbitMQ into the cloud image if you like. :)
Am 10.08.2013 15:43, schrieb Matthew Miller:
On Sat, Aug 10, 2013 at 12:57:15AM -0500, Bruno Wolff III wrote:
They really downplay the extra security risk of enabling javascript. And they really are placing the blame in the wrong place, very few web sites really need to require javascript. It would have been nicer to see Mozilla push back against sites requiring javascript to function rather than to make it harder for people to reduce their risk of getting owned.
This ship has sailed. In fact, it has sailed out of the harbor, across the ocean, to the remote isles, and brought back a collection of valuable trade goods. The web today depends on Javascript, and client-side scripting brings so much of what makes it actually useful that the idea of going back to entirely server-based scripting is a non-starter.
who needs to going back?
smart people never built websites which are unuseable without JS JS is nice for additional features and comfort but only a fool builds a ordinary website which doe snot work without JS
The security answer here isn't going back to the web of the 90s. It's using modern container and security policy systems to contain the risk
no policy will help you in case of a hacked server blowing exploits to visitors and this happens all day somewhere else
as well as you missed the point that the question is not what is useful or not because this is not your or mine decision - it is always the *endusers* decision and making it each day harder because all the new shiny developers seems to having nothing to do as remove options and hide settings because they thinhk all users are idiots
cause and effect: because these attitude most users starting in a few years from scratch to use computers will be idiots in case of how to handle computers because they never got the chance to learn - hence with this attitude i would never became the poweruser i am now and never had done the switch to work as IT professional while my whole knowledge is from learning by doing
this attitude is understandable in case of Apple/Microsoft which try to reduce their support but it is *unacepptable* in the context of free and open software
On Sat, Aug 10, 2013 at 03:53:03PM +0200, Reindl Harald wrote:
......snip......
smart people never built websites which are unuseable without JS JS is nice for additional features and comfort but only a fool builds a ordinary website which doe snot work without JS
Don't try counting the number of web site dev fools out there. You won't live long enough to finish.
The security answer here isn't going back to the web of the 90s. It's using modern container and security policy systems to contain the risk
no policy will help you in case of a hacked server blowing exploits to visitors and this happens all day somewhere else
.....snip....
cause and effect: because these attitude most users starting in a few years from scratch to use computers will be idiots in case of how to handle computers because they never got the chance to learn - hence with this attitude i would never became the poweruser i am now and never had done the switch to work as IT professional while my whole knowledge is from learning by doing
+1
this attitude is understandable in case of Apple/Microsoft which try to reduce their support but it is *unacepptable* in the context of free and open software
+10
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On Sat, Aug 10, 2013 at 1:55 PM, Matthew Miller mattdm@fedoraproject.org wrote:
Could we please try to keep the level of sarcasm down a little bit? There's no reason this discussion can't stay constructive. Thanks!
OK OK ;-) But I thought the idea of a bonsai tree in front of the netbook screen was a bit funny and would be interpreted tongue in cheeck. :-P FC
On Mon, Aug 12, 2013 at 06:19:12PM -0400, Fernando Cassia wrote:
Could we please try to keep the level of sarcasm down a little bit? There's no reason this discussion can't stay constructive. Thanks!
OK OK ;-) But I thought the idea of a bonsai tree in front of the netbook screen was a bit funny and would be interpreted tongue in cheeck. :-P
Yeah; it's just hard to read tone, and I'd really like this to be a warm and welcoming place. It's good to have a sense of humor, but sometimes a little softener helps to go along with it.