Firefox's plugin-blocker slams into beta - but don't jump for joy, Flash haters With its latest beta release, the Mozilla Foundation has taken a step further toward making click-to-run the default behavior for all plugins in Firefox. "Outdated plugins are a big source of security vulnerabilities so this feature will ensure users are safe and Firefox runs smoothly," the Firefox team said in a blog post on …
This post has been deleted by its author
Riiight, because Mozilla have a track record of giving a toss what advertisers think. They partly created the proposed Do Not Track header, have had click-to-run for outdated Flash versions for a long time, opposed DRM in web standards, etc, etc. I think you're thinking of Chrome.
If you read it from the top, you'll see that the originator wanted to prevent java from running in Firefox because of its rather glorious bug history. Of course the originator didn't stop to think about the glorious bug history of Microsoft Windows (or any other O/S) and after a couple hundred comments sanity (or what seems to pass as sanity) returned, they decided that preventing a large part of the corporate world from working was not a really good idea.
Read it for yourself, and if you disagree with me, well, that's not necessarily a bad thing.
Why the hell should there be any exception?
In 24.0 my installed plugins offer "Always Activate", and "Never Activate", or "Ask to activate" if the plugin is considered vulnerable.
I want "Ask to activate" if the plugin is considered a pain in the ass - and that is my consideration not theirs.
I use a number of plugins, such as flagfox, which displays the flag of the country in which the server I am connecting to is displayed (if it's a USA flag just close the tab - ha ha!).
I also use Ghostery. Will I have to explicitly give permission for my plugins to run with each page I load? Surely not?? Curious about this...
This will merely be perceived as another "auto-next" thingie to click on by most users. Their first question will be whether it can be disabled and how. I really wonder when will IT-types finally get it that requiring the users to perpetually keep clicking just to get stuff to work normally only ever trains them to do just that, while continually reenforcing the perception that it's all totally useless since nothing bad ever follows (until it does...).
I get it the computer can't decide these things automatically for you. Boffins need to get it that the vast majority of users (myself included) can't / won't do that either. UAC much, Mozilla...?
In part I agree.
From what i can see it blocks all content, even up to date, except flash.
So wht not a happy medium, block it and say "this content is running on out of date software, click here to....Upgrade, Block, Allow"
Then when it up to date, it doesn't block it, or says "Allow this time / Always alllow if up to date"
Whilst I have several blockers running, my wife has trouble with just No-Script. She runs out of patience really quickly, and then fires up another browser (I caught her browsing the university server on IE the other day, ffs!) If Mozilla take the route they propose, they are certainly going to show that FF is more secure, but only because users like Mrs P will abandon it because of the nag-boxes.
I don't know what the answer is, but it isn't this.
Why can it not download the latest version of the plugin automatically and install it for me, this used to work in Mozilla 1.7, iirc .... nooooo, lets moan at the user, train him/her to simply click "Allow" and move on .... how hard can it be to download the flash plugin and put it into ~/.mozilla/plugins ? Should be just as easy for Java except on Windows as you do want to install the trojan with careful reading as you want to avoid the piece of crap it tries to force down your throat, I think it was "ask" toolbar last time I tried.
And the "we'll just disable all Java" fiasco really was brain-dead - the guy who took that call should be hanged.
I already got two popups for Java plugin, one from Firefox and one from the Java plugin - no I do not want to disable either because it is actually pretty handy for testing purposes, which may be why they do that in the first place ... devs != users.
Could they not just have a Firefox setting: "I know what I am doing so cut the crap" hidden deep down in about:config.
The other thing with browsers that drives me nuts, well on Windows at least, is the toolbar/search provider hijacking bullshit. How hard can it be to just have a button like chrome does to reset everything to default? I mean, shit, I hate having to go through "about:config" all the bloody time - is there some easier way ? In 99.99% of cases, you choose your search provider the first 5 minutes you use the program if it is not the default one (google).
Man, the other day I had a Windows laptop for repair that had a total of 11 toolbars ... can you imagine on a 15" screen ? Not much real-estate to navigate the intertubes. Note that I have to wander through the registry to fix some of this shit ... I used to use Ad-Aware, but since the scammers/spammers bought it, I do all by hand. I use VBS and cmd.exe to find root kits (Simply have them both print out the directory structure of drive c:, then you diff the files).
"a decision that was eventually rescinded amid widespread uproar from the Java-using community."
The block was reverted because there was a UI issue:
"[...] we should revert this block (the R45 block) until we can make that experience work correctly."
...in edge-cases, where the CtP interface wasn't being displayed. See comments #65 and #80 on the Bugzilla.
I realise it sounds less sexy in a news article, but a revert from a code branch does not mean a feature has been dropped because 'omg rabble rabble'.
If installing the latest version no longer activates the blocker, then that is equivalent to semi-permanently "allowing" the content -- though in addition to "allow once" there should probably be an "ignore" setting for users who may have a good reason for wanting to keep an earlier version.
Personally I run with flashblock and except for a few sites that are permanently allowed I rarely need to look at flash content on web sites. There are exceptions, but flash is often a distraction that contributes nothing essential to the site. Mostly I'm there to read the words, not to look at the pictures. And in any case, that unwanted content is possibly taking more from my monthly bandwidth allowance than the page content, so its better if it can be blocked unless I *choose* to enable it.
What we now want -- well, what *I* want anyway, but I'm sure I'm not alone -- is a flashblock-like blocker for those nauseus, distracting and pointless slideshows and animations that are on many web sites. They are just as irritating as flash, but are now implemented by other means and they equally need blocking.
.deb packages The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
