Chirael 13 hours ago [-]
Just discovered the same message in the Tor browser, and it seems that NoScript got disabled. So people running Tor are a lot more vulnerable right now.
"Seems like people would rather be angry than understand the underlying issues at hand.
I would have thought better of MetaFilter, to be honest."
You know what browser correctly throws a fit and throws up a giant warning about the certificate being revoked? Firefox.
In what universe is this behaviour correct? The warning is utterly irrelevant to 99% of websites; i.e., the static blogs and private sites whose owners are most likely to mess up their certificate renewals.
I'd like to say to everyone complaining there's no way to turn unsigned extensions "back on" in normal Firefox.
The depth/scale of malware that forced this design was immense. I managed+supported Firefox for a decade, and did IT security. It has to be this way. It's unfortunate
Years ago, Firefox got to a point where it was getting completely, unfixably subverted by malware inserting custom code and extension hooks. Antivirus couldn't handle it. It's basically its own operating system. I've been on the frontlines. It's hard to describe the scale.
At the same time, yes, Mozilla made a mistake in instituting a strict operational process that wasn't fully reliable, as we see today. But do not make the mistake of thinking it was completely on a whim.
Firefox was getting destroyed and millions of users were suffering.
Chrome went through the same journey. They got to the point that to subvert it at all, malware started overwriting Chrome with custom-compiled old versions of the Canary developer builds, set to never update, and allow their injected malicious extensions. It's savage out there.
You've got to remember you are the 1%.
The problems you experience, that I experience, which we see as trivial from our contexts, can ruin the entire computer experience for others. There are just no good answers to this that doesn't involve sacrifices from somebody.
My website, written from my experience fighting browser malware at scale, literally instructs users to ---manually wipe the entire user data directory and program directory of browsers---. That's because of historical issues from malware that just couldn't be fixed any other way.
> "It interesting the amount of anger at a non-profit organization that provides a service you are using absolutely for free (and ad-free)."
"Mozilla on Sunday began distributing new Firefox updates to fix a problem that broke extensions for many browser users on Friday," reports CNET
> "The subsequent process changes would appear to make a similar incident less likely to happen."
“Free software” means software that respects users' freedom and community. Roughly, it means that the users have the freedom to run, copy, distribute, study, change and improve the software. Thus, “free software” is a matter of liberty, not price. ... With these freedoms, the users (both individually and collectively) control the program and what it does for them. When users don't control the program, we call it a “nonfree” or “proprietary” program. The nonfree program controls the users, and the developer controls the program; this makes the program an instrument of unjust power.
I'm seeing a lot more fightiness from the detractors, but helping what? This conversation?
Hopefully slightly more than "Fuck you, I'm downloading Ka-Rome!"
posted by aspersioncast at 12:47 AM on May 8 [2 favorites +] [!]
Finally, we’ll be looking more generally at our add-on security architecture to make sure that it’s enforcing the right security properties at the least risk of breakage.
Warning: Potential Security Risk Ahead
Firefox detected an issue and did not continue to cowbird.com. The website is either misconfigured or your computer clock is set to the wrong time.
It’s likely the website’s certificate is expired, which prevents Firefox from connecting securely. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.
What can you do about it?
Your computer clock is set to 5/14/2019. Make sure your computer is set to the correct date, time, and time zone in your system settings, and then refresh cowbird.com.
If your clock is already set to the right time, the website is likely misconfigured, and there is nothing you can do to resolve the issue. You can notify the website’s administrator about the problem.
☐ Report errors like this to help Mozilla identify and block malicious sites
Websites prove their identity via certificates, which are valid for a set time period. The certificate for cowbird.com appears to be expired.
Error code: SEC_ERROR_EXPIRED_CERTIFICATE
data:text/html,<iframe width="700" height="700" src="https://access.techsmith.com"></iframe>
> "Clicking the Advanced button usually presents a fourth option as well: a button labelled "Add exception..." in a grey bar at the bottom of the same text box containing the three clickables you've already identified."
> "You might not agree with their rationale, but at least they have one."
> "Also worth noting is that ssh… relies completely on trust-on-first-use rather than any kind of centralized trust infrastructure."
Your connection is not secure
The owner of access.techsmith.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
« Older Cite Your Sauce | The rise of conspiracy entrepreneurs and their... Newer »
This thread has been archived and is closed to new comments