-
Ive been in conversations online in various places about getting Firefox revenue off ad revenue. One of my ideas was enterprise features licensed at a nice price. Like wigh Open Core, makknv the enterprise features paid has almost no effect on individuals that make up their majority of users.
“a little something extra for everyone who deploys Firefox in an enterprise environment. …”
Then, they start adding that stuff in for free. So much for that idea.
-
They could start with a Windows Server GPO that was easy to install and configure. There’s no bigger Firefox advocate than me, yet I’m forced to use Chrome on my network because it was so easy to configure high-security policies for it, whereas I gave up trying to do the same for Firefox.
-
Bookmarking that idea in case I ever get a chance to talk to their managemeng about this stuff. :)
-
Thanks Nick! I’m no manager but I can take it from here (on Monday, because I’m off for the rest of the week):-))
@jrc: Are you willing to expand on that hardship? AFAIU our project managers have worked with some enterprises to hear about their needs. This is in part because the enterprise mailing list we have doesn’t contain enough vocal enterprises willing to talk about their pain points in the open.
Did you try the GPO features we just released with Firefox 60? What were you trying to do that didn’t work? Is there anything else you were missing?
For everyone else reading this, please answer those questions as well and I’m happy to forward the whole thread.
-
I’m not jrc, and this isn’t specifically related but my biggest problem with Firefox largely boils down to the fact that it’s not portable. It’s one of the few things where I get a new computer, plug in my drive, and it isn’t already working. I just did it again today, and while I use sync, losing my open tabs (on the session I’m using), cookies, extension data, and everything else that goes along with my previous session isn’t great.
-
-
Update! Please read through the policy templates repo and file issues there.
-
-
-
-
Hi! Sorry I didn’t see your reply or I would have commented back sooner. To answer your question, it’s been a couple years since I tried it. However, I’m about to upgrade to Windows Server 2016, so I will give it another go with Firefox and document the experience.
I can say off the top of my head, on my particular network, I’m looking to:
Browse websites and do nothing else. Easily lock out the ability to print, change any configuration settings at all, including visibility of toolbars, Firefox sync, managing search engines, anything like that.
I’d also like to be able to easily (1) install and (2) configure settings for add-ons, to manage mass deployment of updates to those add-ons, etc.
-
-
Update! Please read through the policy templates repo and file issues there.
-
-
-
-
-
I find the “new Microsoft” bittersweet. I’m happy about the embrace of open-source, but these improvements are more than offset by their new lows in user abuse and disrespect.
Windows 10 is loaded with native spyware, comes with ads in the Start Menu and file browser, the privacy settings that are available (which do not shut off all the spyware) use UI dark patterns to cajole users into leaving it on. Am I the only one who remembers that they were going to have the Xbox Kinect camera always-on in peoples’ living rooms until there was a giant public outcry?
I wish things were different but I don’t trust Microsoft whatsoever.
-
Yeah, it’s all a bit rough.
If I have to choose between the Win10 adware and the Win98/XP “crush all things not MSFT” mindset, I go for the adware (I mean I use Facebook)… but it feels so messy for such little gain. If it were just Cortana, sure, but everyone wants to be a marketplace + ad network nowadays.
But I feel like Microsoft is doing a lot of stuff that is well intentioned to making computing better. Some stuff like Edge is reacting to competition. But stuff like WSL is a great replacement to stuff like Cygwin (which has existed for years, WSL was not a necessity). Typescript and other Microsoft Research stuff is all very good. There’s a bit more earnest participation in standards because they want to be on the terrain
And even at the OS level, all the stuff that goes into driver signing/verification, advances in antivirus, etc. Given recent MacOS issues, I would trust new code by Microsoft over new code by Apple for correctness. There’s still legacy issues, ofc
-
-
I haven’t had a smartphone for a few years. I use Google Hangouts/Voice. My email, text, missed calls, and voicemail is all in one place which I like very much. I’m on my laptop nearly all the time so having a Gmail tab open to receive calls isn’t a big deal.
What I cherish is that when my laptop is closed or I’m out walking around, I am with myself. I don’t want to be “jacked in” to this real-time communication network every second I’m awake for the rest of my life. Computer usage and digital communication (including voice) is something I am happy to compartmentalize.
I have an extremely basic Nokia GSM dumb phone with a $4/month T-Mobile plan for situations where I must have mobile or emergency communications, which comes up about once every 4-5 months. At this rate I’ll need to charge it less than once a year.
I am interested in getting a Neo900, if I could ever afford one and it actually shipped. Having a sandboxed baseband makes me more comfortable with having a phone. Also the Dragonbox Pyra+4G, since I can put Debian and an SIP client on it I would feel more in control of the “phone”. Having a baseband with DMA coupled with these largely closed-source walled-garden smartphone OSes that are popular now is not attractive to me at all.
-
jrc
7 months ago
|
link
| on:
List.community - a wrapper on top of the various "awesome" lists on GitHub
Without JavaScript I get a blank page.
-
Yes… I’m also not a fan of simple webpages that need JavaScript for everything. But it was faster for me to implement it this way. Eventually this will be improved.
-
-
Just guessing based on 1990’s era sites since I don’t do web dev. Tiled series of images, descriptions, and links that CSS could probably handle. Clicking one generates a page with a list of stuff on one side and something for exploration on the right similar to frames I used ages ago. There’s delays for the text on the left appearing. Unless the sources change fast, this could be done statically where each source is periodically scraped, results turned into standard HTML/CSS file for each, and main tiles link to that. It would likely load and render faster, esp from caches, with server-side utilization being lower.
Again, it’s just me guessing based on stuff I did in DHTML days combined what this page looks like it’s trying to achieve. Some web dev people I read say they use JS frameworks for things like making it look right across all devices/OS’s. I don’t know how far vanilla CSS or CSS frameworks take you these days.
-
Yes @nickpsecurity, what you say makes perfect sense.
I implemented it this way simply because I didn’t want to have to maintain the jobs necessary to keep the website updated. I also wanted to be able to pick any GitHub link and replace “github.com” with “list.community” and get the page rendered with TOC, search and star/fork counters (which are the features I added).
So for me, the advantage of having this hosted for free on GitHub Pages, not having to maintain a server, and being able to render any GitHub readme, is worth the delay of having to do everything on the client. But I’m sure many people disagree and would prefer a different implementation.
Thanks for your thoughtful response.
-
Those advantages make sense in your position. You’re also not going to see me gripe much since it’s volunteer work on your part. ;)
-
-
-
-
How did you implement this?
-
I used create-react-app, which is a tool that bootstraps the code necessary to use React for static websites. It’s simple but comes with some limitations that they highlight here. For the styling, I used TailwindCSS which is what’s called an utility-first CSS framework. It provides simple CSS classes that you can build upon.
All the content comes from GitHub. The lists are curated by people and each one lives in its own repository. The descriptions and logos come from GitHub Explore which is also open source. The categories come from the “official” metalist.
The client uses the GitHub API directly. I started by getting readmes in markdown and processing them with remark. There’s lot of plugins for it, including to generate TOCs and render using React components. There were some limitations that prevented the output to look 100% equal to GitHub so I ended up fetching already rendered HTML from GitHub instead (the GitHub API provides that option) and using htmr to convert to React components. That way I can for example pass a custom React component for rendering links, so I can easily show the number of stars and forks, convert relative links to absolute, etc.. It’s not the most performant solution for sure, but the code becomes simpler.
That’s basically it, the source is available on GitHub: https://github.com/listcommunity/support
-
-
-
-
I wonder if an attacker could escalate privileges and/or achieve ring0 write access by combining Row Hammer with Meltdown and/or Spectre.
-
It occurs to me that, in a real and practical sense, one of the biggest exploit mitigations we have at our disposal is the inaccessibility of hardware and kernel architecture knowledge due to complexity. The real reason the systems I’m in charge of aren’t compromised right now (to my knowledge) is because it’s complicated and I’m not on the radar of the few people who can do it.
-
-
To be honest, most of my goodwill towards Tim Berners-Lee (which there was a lot of, by the way) went away when he started shilling for web DRM. Requiring w3c compliant browsers to ship closed source BLOBs in order to correctly display w3c compliant web pages is against the very core of the open web; not to mention how the w3c wouldn’t even protect security researchers who want to see if there are security issues with said BLOBs. I know Berners-Lee probably isn’t responsible for every one of those decisions, but he publicly (and probably internally in the w3c) argued for DRM.
For further reading, here’s a great (albeit long) article from the EFF: https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
-
Computers, the Internet, and the web represent some of the greatest innovations in the history of mankind and the fruition of what could have only been a fantasy for billions of our ancestors for thousands of years. To see it so quickly, in the course of a few decades, and thoroughly corrupted by the interests of corporate profits is profoundly sad. I am severely disappointed to have dedicated my life to the pursuit of mastering these technologies which increasingly exist primarily to exploit users. DRM is a thread in a tragic tapestry.
-
At this point my usual plea is, judge what’s spoken, not by whom it’s spoken. TBL’s authority is one thing, and the merit of what he has to say about that “Solid” thing is quite another. The idea feels very sane to me, although I don’t see a clear path of shoving it past the influence of all the silo-oriented companies like Facebook and Google.
-
“At this point my usual plea is, judge what’s spoken, not by whom it’s spoken.”
This sentiment was drummed into me as a child and ordinarily I would strive to do this to a point, but the topic of putting locks on the open web by way of DRM is to me related to the apparently opposed mission of “solid”.
Arguing for decoupling data from applications provided by corporate giants in the interests of user control seems absurd when he just played a major part in removing transparency and control from a user’s web experience.
I’m not quite sure what to make of this.
-
Did you consider the possibility that DRM could also work in reverse? The Digital Rights Management of individuals. I think that is the underlying motivation for allowing DRM: to protect assets and information. Users can not freely copy media to which they have no right of ownership, and conversely, companies can not freely copy user data to which they should have no right of ownership.
-
-
-
-
Someone said in the reviews that it has power management bugs causing it not to standby when closed, which makes me hesitant to buy one.
I would like my “phone” to be as small as possible with a fully-libre desktop OS which I’m happy to use exclusively through earbuds. I think it would also be awesome to get huge battery life by keeping X mostly off and making calls through a CLI SIP client and bash scripts “c john” to call john, and SMS/email through mutt.
It would be a major concession but I’m actually even willing to forgo mobile data and have wifi only. Although I know most have reasoned that it’s taking a theoretical threat too far, having closed source baseband firmware and processor with possible access to main memory just feels very wrong, and all phones but the neo900 ($1200, maybe never coming out) have at best a question mark when it comes to that. There’s OsmocomBB but it’s not FCC-certified so I’m fairly certain would be illegal to use.
My number one candidate is to build this thing https://i.imgur.com/gMa3ost.png (there are a couple newer versions of it too) what this guy that goes by “node” calls the Handheld Linux Terminal, LTE could be done through USB but it’s already pushing the limit of portability so not sure.
Then there’s the hopefully-actually-coming-out Dragonbox Pyra which optionally includes an 3G/LTE modem, I wouldn’t have to build it myself, but it’s $900.
It’s a shame I can’t find a portable computer that works the way I want it to.
-
I’m not aware of any other company that goes to these lengths to make their service so reliable.
I’d be really interested in seeing the lengths that Google goes to.
-
There’s some insight into that in this talk https://www.youtube.com/watch?v=H4vMcD7zKM0
-
-
I fear that for some I’m beating a dead horse here, but after the Windows telemetry “feature” and putting ads in the OS I have lost what respect Microsoft gained from embracing open source. Unless there was a drastic change in Microsoft’s (dis)respect for its users I would never even consider using their OS on principal, I don’t care what the features are.
-
Converting paper-based processes to paperless. Trying to figure out TypeScript and Koa2.
-
Cue the emergence of a new “slc punk” diy/zine/crust subculture as an unintended side-effect of this choice in naming.
-
-
Creating an air-gapped accounting network with KVMs on the terminals http://i.imgur.com/wlDj72I.png
-
Bring back LeechFTP!
WS_FTP!
LLNL XFTP!