
Remind me again...
Just what is the point of a browser in which one cannot prohibit adverts and scripts?
Mozilla on Wednesday launched a Developer Preview program to solicit feedback on Firefox extensions that implement Manifest v3, a Google-backed revision of browser extension architecture. Mozilla last year said it intended to support MV3 in Firefox extensions, though with some differences. Its implementation of the …
Since they aren't fully dropping the older stuff (webRequest) like Google is, because they don't have a financial interest in making it harder for users to block ads on the web.
I imagine support of MV3 at all is a nod to the reality that Chrome is the IE6 of today, and there will be more extensions available if there is less work for developers to port them to multiple browsers. In the case of ad/script blockers, it will be Chrome/Edge users who get the inferior hobbled extension, of course.
> time to consider alternative browsers
???
Chrome, or Chrome? Unless of course you buy a iPuter and use Safari.
It's not like there is any choice out there. It's Chrome or the highway, and since they increasingly own the web they'll make sure it only works in their own browser (and Safari, if it behaves).
Literally from the article:
"Mozilla will maintain support for blocking webRequest (emphasis mine) in MV3," said Wu. "To maximize compatibility with other browsers, we will also ship support for declarativeNetRequest. We will continue to work with content blockers and other key consumers of this API to identify current and future alternatives where appropriate. Content blocking is one of the most important use cases for extensions, and we are committed to ensuring that Firefox users have access to the best privacy tools available."
I swear people's complaints about changes in Firefox are the "but her emails" of the browser wars.
> Mozilla will maintain support
First of all, we're in the era of removing support/features, second Mozilla does what its sugar daddy Google tells it. That been said, I definitely hope you're right, but I will only believe it if I see it (and for as long as I see it).
(Didn't downvote you BTW.)
As per my understanding the sole purpose of theactual existence of Firefox is for Google to be able to say, Look, we're not a monopoly, there's Firefox. That is why Google pays for the development of and the whole politics around Firefox. No-one who doesn't understand how the Web actually works will go to the lengths of installing FF and all requisite add-ons to enable the actual passable browsing experience*. So there is still a bit of hope that Google will let Firefox keep keep the blocking API in order to keep our collective mouth shut about what it is doing to the general populus.
> according to Google. "Our goal is not to break extensions,"
... but to make them disappear altogether. We can't have those pesky hippy extensions meddle with our making a honest buck now can we.
I definitely hope that some people will try to fight back, since the whole browser engine industry (that would be Google and Apple*) is hellbent on preventing any loss of snooping income.
* Firefox (I'm using to post this) is controlled by Google and way too busy shooting it's own feet.
If Ublock Origin is crippled by Firefox implementing Manifest v3 then ill definitely be looking to switch to an alternative browser to where it carries on working like it does at present, which will be sad as I have been using Firefox since it was still in beta.
Although i do have chrome installed for those few website that require it, such as Oracle Cloud which refuses to accept a password change when you try to do in on FF.
I would personally much rather use a browser that would restrict me to only using manifest v2 compatible extensions going forward even if that mean less choice, as I only use a few broswer add on with Ublock Origin being the most useful
My main 2 requirements for any browser in this order of priority:
- Ublock Origin or a blocker of equal functionality
- No-Script or a scriptblocker of equal or better functionality
- functionally rendering web-pages
- correctly/fully rendering web-pages as intended
I've tried browsing without ublock and no-script. It's a no-go.
So long as you don't use Chrome or Edge, you will continue to be able to have the full functionality of those extensions.
Whether you consider Firefox, Safari or Brave to "functionally rendering web pages" and "correctly/fully rendering web pages as intended" depends on whether you are browsing sites with lazy web devs who figure "I'll test it on Chrome and if it works then it is done" like too many did back in the IE6 days.
About once or twice a month I'll run across a page that doesn't seem to work right in Firefox, and be forced to fire up Chrome. I don't seem to have that issue with Safari on my iPhone, probably only because the large installed base of iPhones (especially in western countries which are where almost all the sites I browse are based) won't let pages be broken in Safari for long.
I dread the day if Apple is forced to allow the Chrome app to use its own rendering engine - lazy web devs may start ignoring Safari support and put in a "best viewed in Chrome" banner on their sites...
Dunno what it's worth but I use Vivaldi (which I know is based on Chromium), and then the extension ScriptBlock. I don't see any ads. Scripts are blocked unless I allow them on the site I want. I don't need anything else to have that ad free experience. Pages render correctly for me.
I rarely, on occasion, encounter a browser without any blocking and good grief... it's a totally different world that I'm glad I don't live in.
Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.
Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.
The anticipated result will be fewer extensions and less innovation, according to several extension developers.
Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances.
The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.
This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come.
The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel's Advanced Vector Extensions 512 (AVX512).
OpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability (CVE-2022-2068) that was not fully addressed with a previous patch (CVE-2022-1292).
But this release itself needs further fixing. OpenSSL 3.0.4 "is susceptible to remote memory corruption which can be triggered trivially by an attacker," according to security researcher Guido Vranken. We're imagining two devices establishing a secure connection between themselves using OpenSSL and this flaw being exploited to run arbitrary malicious code on one of them.
1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.
Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.
"We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.
Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong.
The Horizon Ethereum Bridge, one of the firm's ostensibly secure bridges, was compromised on Thursday, resulting in the loss of 85,867 ETH tokens optimistically worth more than $100 million, the organization said via Twitter.
"Our secure bridges offer cross-chain transfers with Ethereum, Binance and three other chains," the cryptocurrency entity explained on its website. Not so, it seems.
Slowly but surely, software package registries are adopting multi-factor authentication (MFA) to reduce the risk of hijacked accounts, a source of potential software supply chain attacks.
This week, RubyGems, the package registry serving the Ruby development community, said it has begun showing warnings through its command line tool to those maintainers of the hundred most popular RubyGems packages who have failed to adopt MFA.
"Account takeovers are the second most common attack on software supply chains," explained Betty Li, a member of the Ruby community and senior front end developer at Shopify, in a blog post. "The countermeasure against this type of attack is simple: enabling MFA. Doing so can prevent 99.9 percent of account takeover attacks."
Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can only be accessed by customers, even if its main system is taken over by law enforcement or others.
The design of the service, however, falls short of that promise thanks to poorly implemented encryption. Cryptography experts at ETH Zurich in Switzerland on Tuesday published a paper describing five possible attacks that can compromise the confidentiality of users' files.
The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "significant shortcomings in Mega’s cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files.
In brief A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis's 460,000 residents.
Broadcom has made its first public comment in weeks about its plans for VMware, should the surprise $61 billion acquisition proceed as planned, and has prioritized retaining VMware's engineers to preserve the virtualization giant's innovation capabilities.
The outline of Broadcom's plans appeared in a Wednesday blog post by Broadcom Software president Tom Krause.
Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.
Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.
Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.
Biting the hand that feeds IT © 1998–2022