Tag Archives: Firefox

Firefox adds more problems with version 106. Profile Guided Optimization doesn’t work with GCC. Changes settings/themes without asking.

Firefox adds more problems with version 106. Profile Guided Optimization doesn’t work with GCC.

This is the second time they’ve done this. The first time, they used it as an excuse to spout anti-GCC propaganda and start building with Clang.

Fedora’s fesco tried to pass “Firefox builds with Clang” before they could find out what was in it, and ended up having to reverse themselves.

At the time, the reasoning was given, primarily, that Clang doesn’t make good debuginfos, and it claims to support GCC security hardening features so that the build keeps going, but then quietly disables them without informing the user.

So imagine my (not) surprise this morning when I looked on Fedora Koji and found that Firefox 106 is built, but they had to turn off Profile Guided Optimization again, because Mozilla broke it and doesn’t care because they’re happy shipping buggy official binaries that do not have sufficient security hardening done at compile time.

However, the only way to get security vulnerability patches on the rapid release branch (Fedora doesn’t package the Enterprise Support Release, sadly) is to bump to the latest version, so I brought 106 in anyway.

Honestly, I can’t tell the difference anyway between PGO and Non-PGO builds. I’ve heard accusation in the past that what most browser vendors optimize for is synthetic benchmarks anyway.

(Rather like proprietary graphics drivers cheating by changing settings in the background that they know certain games don’t get along with instead of fixing the driver to run better in general.)

Also, I had Firefox’s “welcome” screen pop up again and change my theme without asking. Also, they added a “special” pinned tab called “Firefox View” for all of their in-browser SPAM that you now have to disable to free up clutter.

Each new version, they just make themselves right at home and piss all over your settings any way they want to. Even Vivaldi doesn’t do this.

I’ve said for some time that Firefox behaves worse than most proprietary programs with its in-your-face attitude about your settings and preferences, and the actual malware that’s built-in and running by default (ads, keyloggers, etc.).

Maybe that’s why I’m not using it much these days. Maybe that’s why I’m more upset that I have to go “deal” with things over a tertiary Web browser.

T-Mobile joins growing number of sites blocking Firefox in Private Browsing Mode.

T-Mobile joins growing number of sites blocking Firefox in Private Browsing Mode.

When you attempt to log in to the T-Mobile Web site using Firefox in Private Browsing Mode, you’ll now be greeted by this message.

Firefox is no longer supported in private mode

The Firefox browser is no longer supported in private mode on our site. To continue, please take Firefox out of private mode or choose another browser. We recommend Chrome, Safari or Edge.

It turns out that what’s going on is there’s a way to detect Firefox is in Private Browsing Mode and Mozilla is not fixing it. Apparently, a number of news sites, including the New York Times, use this to determine if you’re trying to use the Private Browsing Mode to avoid their paywall, which counts how many articles you’re reading using cookies and local storage, and then demands that you pay to continue reading.

They do it by looking to see if Indexed Database API is available, and if it’s not, blocking your browser.

Fortunately, there’s a Firefox extension called Hide Private Mode that fakes support for this. I tested this (by installing it and giving it permission to work in Private Browsing Mode, of course), and found that T-Mobile is no longer able to detect the Private Browsing session, and allows me to log in.

Mozilla has apparently known about the problem since at least ten years ago, but two years ago, they closed this bug to replace it with another bug that describes the same problem and still isn’t fixed.

Too busy adding “Colorways” that expire on January 16th?

I saw the release notes for Firefox 106, and it’s no wonder people are leaving. There’s been pretty much no work on the browser at all, and in this 6 week release, the only improvements have been an updated PDF reader. There weren’t even any Web Platform changes for developers in those notes.

So much for Mozilla.

Web engines that are still free of Rust as of September 2022. Bonus: Cascade of Attention Deficit Web Developers

In September 2022, I only know of two Web engines that have any hope of dealing with anything modern that are still entirely free of Rust.

Webkit (also WebkitGTK, which powers GNOME Web), and Goanna, which Pale Moon runs on top of.

This is it folks. They’re going away fast.

I thought that Python was a disease because major versions broke compatibility and required major code rewrites/refactoring, but Rust does that within a “stable” series, all the time.

Rust seems to be Cascade of Attention Deficit Teenagers the Programming Language.

Here I was giving all the credit to Python for making people do this “everything is broken, stop the world” song and dance once every decade or so and forcing users to suffer through version breakages and deprecation and removal even though not everything is ever going to be ported. I’m actually impressed.

Rust is so much worse and there’s a cult forming around it.

I wonder which of the two languages will ultimately beat the other one out for shit programmers that make applications leak enormous amounts of RAM and crash.

Note that while Zawinski wrote the “CADT” joke to express his anger with GNOME for just closing all of the bugs and saying version 2 was out (Apple later did the same thing to him.), it seems like in the transition to GNOME 3, the maintainer of the window manager actually went through hundreds of open bugs and attempted to see whether they applied to Mutter or not.

In some ways, GNOME has actually improved a lot since then.

It is nice to see that, at a minimum, developers are going through figuring out whether bugs still exist instead of closing them and hoping they can make the reporter give up and go away.

Apple is allegedly worth trillions of dollars and gave JWZ the CADT middle-finger just a few years ago, so it is odd to say the least, that they would be the people holding out on the opportunity to create a total mess out of Webkit by adding Rust dependencies on it and chasing their own tail due to compiler versioning problems.

The CADT people have gone off to “develop” a buggy browser for Google, Chrome, and its clone, Mozilla Firefox.

Their goal is apparently to see how much shit you can actually shovel into a Web browser engine before it explodes.

Their position is that if you’re using a piece of software with a rendering engine that was state-of-the-art in 2020 or 2021 and it’s supposed to render Web sites, that 40% of them should break now if you don’t update. In fact, rarely can you even get through the lifetime of a Firefox ESR before the ShitHubs and the Fakebooks start breaking down and your bank starts screaming and you can’t pay your electric bill.


Unfortunately, since Pale Moon has site compatibility problems and the developers are a bag of dicks, that pretty much leaves us with GNOME Web if you want a Fully Free browser entirely devoid of Rust.

Plans are on the table to eventually bring WebExtensions to GNOME Web, but the GTK port will still need “blocking” WebRequest for things like NoScript to function correctly.

Probably the only thing Pale Moon/Unified XUL Platform/Goanna has going for it is their stance that “Rust will never be allowed in UXP.”.

I haven’t seen any promises that Webkit will stay clean.

Will JPEG-XL be the JPEG replacement we’ve been waiting 30 years for?

The JPEG standard we all use today is old. Really old.

The reason we still use it, of course, is because software patents have made it dangerous to try replacing it with anything else, even though it’s comically inefficient and poorly designed.

The standard caught on, all software supports it, the patents are dead.

Like most obsolete technologies, everyone agrees in principle that JPEG should be replaced with something better, but that’s been very hard to do, mainly because of obstacles such as Apple and Microsoft, who have tried creating their own replacements and then threatening to sue anyone who supports them.

I ran into this problem with photos from my spouses iPhone in the HEIC format, and blogged about it, and had to go get a HEIC library with conversion tools out of RPM Fusion and convert them to PNG for print upload, because the patents for HEIC are from HEVC and as such are not fit for inclusion into Fedora GNU/Linux.

However, when I was skimming the Pale Moon development repository, I noticed a mention of adding “JPEG-XL” support, and it seems most browsers are doing this now.

JPEG-XL is said to be a royalty-free “improved JPEG”, and this time Google’s giving it a go. Compression efficiency is said to be “at least 60% better” than JPEG. The reference software is available under a simple 3-clause BSD license. Which is good. Anything that promotes rapid uptake of a royalty-free file interchange format is good.

Of course, in some ways, Google’s ability to dictate standards may have some minor positive benefits. For example, if Mozilla and Chromium adopt JPEG-XL, then regardless of what Apple finally decides, nearly 9 in 10 Web and smartphone users will have JPEG-XL support.

Hopefully, these One Hour Photo centers are quick to support it after it lands in Android.

At this point I’m in favor of anything that’s a big improvement over JPEG that kills HEIC and which we in the Free World can open and use without going through some ridiculous process that involves restricted software and waiting on command lines to re-encode files that should already work, damn it.

The entire point of HEIC/HEVC is to be a huge licensing trap with like 2,752,524,525 patents that you have to go to ~4,732 places to license, so there’s fat chance that Walmart will ever accept prints.

How are iPhone customers handling this mess?

If I did switch to an iPhone, I’d just have two annoying manipulative pieces of shit in this house outputting files that literally nobody uses or can even open. Oy vey!

Pale Moon scares people away from the NoScript extension to protect “MoonChild’s” profits. Bonus: Corrosive people (boosted by Microsoft) in “FOSS” “Communities”.

NoScript’s legacy XUL version supports Pale Moon.

It works fine, but by default, “MoonChild” has set it to disable NoScript and warn the user that the extension may “cause issues”.

I went to install NoScript, the legacy XUL version, which works fine in SeaMonkey.

Pale Moon immediately disabled it and told me it was dangerous to use that extension because it might break Web sites.

Then when I clicked to know more about this issue, I was led to a page on Pale Moon Forums where “MoonChild”, the main developer, explains that he doesn’t want people coming to bitch to him if an extension that disables JavaShit breaks a Web site.

So it just turns it off and makes it sound like the extension is sketchy, and then you have to read that and say “Oh bullshit!” and turn the extension back on.

The cynic in me would say that since it breaks Pale Moon’s default start.me page full of ads and shit, he’s worried he may lose money if you don’t see that every time you load the browser.

So he is scaring people away from NoScript to keep the spice flowing.

It’s understandable that people who spend significant time and effort to create a program deserve to be compensated for it, but scaring the users of an extension that enhances Web browser security by reducing the Active Content attack surface (which is present in all Web browsers) is not the right way to handle this.

“MoonChild” doesn’t need to deal with his revenue problem by implying that NoScript is malicious software, which is dishonest to say the least. He should, rather, put a one time notice in the browser explaining that he needs revenue and that blocking the start.me page harms his ability to fund Pale Moon development, and then asking the user or offering to the user to whitelist that page, and ultimately respecting the user’s decision.

Free Software (as defined by the Free Software Definition in “The Freedom to run the program as you wish.”) is about respecting user choices.

If your program doesn’t respect what the user wants, it may technically fall under a Free Software license as source code, but it violates the spirit of the Free Software Definition.

When I went to learn more about the issue that Pale Moon causes for NoScript, I came to a different forum where I learned that after “MoonChild” made the childish decision about overriding the user’s clearly expressed intention of installing NoScript to protect them from Active Content, users flooded the Pale Moon forums to complain, and the result of the complaining was that NoScript is declared a “banned subject” on their forums, and threats of being banned from the Pale Moon forums by “MoonChild”.

I’m starting to seriously wonder about “MoonChild’s” version of the events that led to former Pale Moon developer Matt Tobin being expelled from the project. Tobin hangs out at the #SeaMonkey IRC room on Libera Chat, and he doesn’t seem like a bad/mean person to me. The description of a developer as a Prima Donna and a “Hitler”-like figure sounds more to me like “MoonChild” because of the ongoing NoScript debacle.

I would generally like to have another browser to recommend to people.

I’m going to hold off on Pale Moon. It does seem to have fewer Web compatibility issues than SeaMonkey, but there are still quite a few.

I noticed that the Palefills extension to fix some of these up also works in SeaMonkey (it’s in the manifest and makes GitHub and Gitlab and dozens of other sites work again in both browsers).

Typically, both browsers should appeal to people who don’t like the “Modern Web” very much and who think Firefox has gone completely off the rails, who are willing to deal with “Modern Web” breakage by deploying clever hacks and workarounds where needed (or just opening some Modern browser to pay their electric bill and close it again for a month), but the developers of Pale Moon seem to be difficult people, to put it mildly.

I’ve noticed that “MoonChild” has made Matt Tobin another “graylisted” subject on his forums. Either you say Tobin is Hitler or you disappear too.

“Communities” such as this are impossible and ultimately fail due to attrition.

They can be fun to make fun of, though, but you have to find your own platform to do it on.

For example, when MinceR in #Techrights IRC said, “Has he heard of the ability to change home pages?”, I said, “ALERT: Changing your home page is dangerous and may cause Pale Moon to become unstable, resulting in profile corruption. We cannot support this if you proceed. -M.C. Hitler”.

Gone are the days where we can have mild disagreements, or disagreements that aren’t even about Free Software, or even an off beat sense of humor, without the Cancel Mob trying to hijack everything and kill us with fire.

Recently, Matthew J. Garrett, or Matt GULAG as I call him on #Techrights IRC has been petitioning Roy to Cancel me over some personal beliefs that I have expressed that aren’t even that unusual. Roy hasn’t acted on that.

Matt GULAG’s career in software development is on a jack stand provided by Microsoft and other companies that are hostile to software freedom.

Unfortunately, when Freenode turned into The Pretender’s “Freenode Autonomous Zone”, people who are bad in other ways, like Matt GULAG and “MoonChild” (*cough* M.C. Hitler) (which MinceR refers to as “ManChild”) forked it and created Libera.Chat. Libera.Chat is awful because it’s been politicized by the Cancel Mob.

Freenode, before The Pretender took it over, had almost 100,000 users and was the place to discuss Free Software.

Libera.Chat only has about 49,000 users at peak hours, and it’s because they Cancel anyone who isn’t some total leftist freak-of-nature or at least a Microsoft toady that supports their sabotage efforts of GNU/Linux.

Libera.Chat has banned me like 7 times (sort of like Matrix.org has), but K-Lines don’t mean much of anything to me like they did in the days of dial-up or direct connect over my real IP which only changed every several months or so.

I change IP addresses and VPN providers every so often so good luck making any of that stick. I’m on Libera.Chat in several different ways all at once right now.

Eventually the bans don’t happen as often because you know which rooms (such as #linux and #libera) which have asshole moderators in them.

Microsoft has virtually succeeded in planting moles in every high profile place where “Linux” is up for discussion, and they’ve made sure that people who don’t like Microsoft and say why get banned. Even if it’s like, a one-liner and you’re not up on a soap box. Or you make a joke about something that really happened.

(Like the time Microsoft did the BIG BOOBIES debacle with the Linux kernel in their HyperV driver and then says all the perverts are in open source.)

The bans happened to me on Reddit and Libera, and whether the ban itself sticks or not, they know that you know that if you come back and criticize them again, the ban will just happen again.

This is part of their strategy to make it seem like everyone “loves” Microsoft or are at least indifferent.

When communities fall apart, and the center cannot hold, due to people like Matt GULAG re-defining “community” into something that creates proprietary “standards” that people have no control over, which lock them out of their computer (e.g., “secure boot community”), then projects like GNU/Linux become little more than another crappy “vendor UNIX”, which everyone hated due to the lock-in and incompatibilities.

Oh, you want to go make something else?

It won’t be compatible, it’ll probably have bugs if you try, but “you have every right to do that”, says Matt GULAG on his Twitter blog.

(In reference to IBM’s systemd. The creator of systemd now works for Microsoft. I’m assuming that Mr. GULAG was trying to bring his manure spreader of FUD to bear on Devuan GNU/Linux.)

Mr. GULAG has repeatedly defended Microsoft “Secure” Boot even though he himself admits that their Platinum-level OEM partner, Lenovo, has now sabotaged it to prevent Linux kernels from booting, either nearly entirely, on a laptop that was hard coded to only boot if the OS entry was Windows Boot Manager, or Red Hat Enterprise Linux, or on a very recent one that doesn’t enable the third-party certificate that his Linux implementation of “Secure” Boot needs to start up, and in which case Windows screws up your Bitlocker and potentially causes data loss on your Windows partition if you try to re-configure this.

I had another system, the Yoga 900-ISK2 that was sabotaged so badly that I filed a lawsuit against Lenovo in Illinois before they agreed to change it.

My reward? Mr. GULAG’s white glove character assassination, as usual. He only ever attacks defenders of Free Software, and people who write Free Software. He never attacks the rapists, stranglers, and pedophiles of Microsoft and their affiliates.

Peter Bright of Ars Technica? Posted pro-Microsoft articles constantly. Silence. (Tried to rape a 9 year old. Now in prison.)

Jeremy Soule of Microsoft Bethesda? Silence. (Raped a woman in the office, sent her a video of himself masturbating. Tried to force himself on an immigrant and threaten her immigration status if she refused. Quietly slinked away with no punishment.)

Alex Gravely of Microsoft GitHub? Silence. (Strangled an immigrant Latina woman and raped her. Court gave him a pre-trial diversion as pretend punishment.)

Rick Allen Jones? Silence. (Personal engineer of Bill Gates. Arrested in the Gates mansion after police found a Child Pornography dungeon in his house.) Silence from Mr. GULAG again.

I’ve never actually gotten him to offer me his opinion of those people or why we’re letting them form “communities”. The only community most Microsoft toadies should be in is that one under the bridge in Florida, obviously.

He only attacks defenders and writers of Free Software. He himself seems to be currently employed writing some proprietary software for these self-driving cars. Which don’t have a very good safety record. Many brands of these cars run over people and the company goes “Welp, thought she was a shopping bag! How little can we get the family to settle for?!”.

I’ve been driving for decades and haven’t managed to injure anyone. But money talks, and pretty soon we’ll all be forced onto the road with buggy/dodgy software and we all get to hope it doesn’t get in front of us and randomly slam the brakes or mistake us for shopping bags, because it will be the law.

But back to Microsoft… Microsoft has regrouped and changed its strategy, but the clear endgame is still against Free Software, and they have an army of useful idiots to help them.

Using difficult people as pawns to manipulate and pull apart communities is one of the center pieces of this strategy.

But as Robert Reich would say, “Don’t believe it!”.

If it seems like all you hear is good things about the corporate takeover of FOSS, it’s because they’re taking out all of their critics by any means necessary.

Illinois electric company, ComEd, changes to Microsoft Azure hosting, and now I can’t pay my power bill in SeaMonkey. Lots of Microsoft corruption in Illinois state government.

The Illinois electric company, ComEd, changed to Microsoft Azure hosting, and now I can’t pay my power bill in SeaMonkey.

In Firefox, I had to whitelist a bunch of Microsoft domains to run JavaScript to pay my power bill, but in SeaMonkey, it won’t even load. Just a permanent spinny beachball of death.

The old site worked fine.

That’s on top of something that Roy Schestowitz mentioned for me in passing the other day on Techrights, that is the Illinois state court system leans on people to use Microsoft garbage. In that case, they implied that you need Microsoft Edge to view/edit PDFs and if you edit them with anything but Microsoft Edge, an unnamed (but presumably bad) type of thing could happen to your case.

In reality, you could view, edit, save, and “flatten” (print to a non-fillable form) when you were done with other PDF editors. I tried it out in Okular (KDE but runs fine in GNOME via Flatpak), GNOME’s Evince document viewer, and Firefox, at the least. So the court is simply putting up Microsoft spam.

The United States Customs and Immigration “Services” makes you fill out an insane number of confusing forms, but I managed to file a case with them using only KDE’s Okular in 2021, and it was approved.

Microsoft in government is unfortunate.

Illinois is considered by many to be the most corrupt state in America. It’s no secret.

There’s practically no layer of our state and local government that hasn’t been the subject of arrests and indictments by the federal government.

However when one of those corrupt officials goes to prison, someone just as bad comes and takes their place. At one point, we had two Illinois governors in prison for corruption at the same time. But it also happens constantly on the Chicago City Council, the state House and Senate, and elsewhere.

Bribery is just “how things get done in Illinois”.

In fact, it took 40 years, but bribery finally caught up with our former House Speaker, Michael Madigan, who resigned and is facing criminal charges, related to accepting bribes from ComEd, the electric company. They paid him bribes, and this ensured that bailout bills from tax and ratepayers worth billions of dollars and favorable regulations came their way.

One thing that Madigan demanded from ComEd was hand-picking the executives who sit on their Board of Directors, many of which are still there and will be for years.

This is the power company which is now using Microsoft Azure and demanding to load JavaScripts from Microsoft domains (like windows.net and visualstudio.com) to pay your power bill.

They also try to load active content from Oracle and Google YouTube and all kinds of other places. It’s super nasty. (To pay your power bill, you need JavaScript from YouTube?)

And now the site is not working at all in Web browsers that don’t support the latest GAFAM-dictated standards.

Is there a connection with their Microsoft contracts and all of the rest of their corruption?

It’s hard to say, but I’d turn to the old saying that where there’s smoke, there’s normally a fire.

At the very least, it’s a very crummy, bloated, and malicious Web site full of tons of garbage and trackers, and surprise surprise, it’s another one you have to use or else they turn off your lights.

Roy was talking about paying more to keep a “dumb meter” at his house. We live in an apartment and so don’t have a choice, and as soon as the “smart” meter goes in, they can do all kinds of horrible stuff.

Everything from tracking when you use power to reaching in and changing your voltage, which makes your lights flicker.

They advertise “voltage optimization” as a feature which “saves money and CO2 emissions”. It’s incredibly annoying and they can’t do it if you don’t have a “smart” meter. Not that it matters what you want, they got a law passed that requires everyone to have a “smart” meter in a few years whether they want it or not.

Mainly the reason they like “smart” meters though is because they can fire all the meter readers and then increase your power bill another 15% this year to reflect their savings.

I hate the power company. I hate Microsoft.

I didn’t think it was possible to hate them both more than I did already, until I tried to pay my bill with a Web browser (SeaMonkey) that doesn’t make me feel like I’m using some demented child’s toy with DRM plug-ins, adware, and political crap in my face every time I update it.

(Which would be Firefox.)

You give Mitchell Baker another few years, Firefox will stop existing anyway. I wonder if SeaMonkey could switch to the Goanna engine. It’s got more in common with Pale Moon than Firefox at this point anyway.

Your bank and other Web sites are running creepy JavaScript that records your every action. NoScript can block that from running. Bonus: “Web Rot”

Your bank and other Web sites are running creepy “Session-Replay” JavaScript that follows you around the site recording your every movement.

You’re not “supposed to know” about this, but NoScript can block that from running.

I had a conversation with Matthew Garrett (alleged security person, actual drama bomb thrower) on IRC the other day about the “security” of JavaScript.

He had previously promoted it as a “great way of running untrusted code”.

Unfortunately, there’s just nothing secure about JavaScript. It’s the most widely abused platform in all of computing because almost everyone ends up running it without thinking of the consequences, and browsers which are instructed to do so, do it without bothering to allow any user control over the process in their default state.

If you can’t trust code, it’s better to not have it running at all.

Especially if it’s not doing anything to help you, and is proprietary.

Garrett said that “total sandbox escapes” where the program gets out of your browser sandbox and starts interfering with another tab or running arbitrary malicious code outside of any sort of confinement is “rare” to the point where someone would need to be “targeting you” and willing to blow a Zero Day exploit to do it.

That’s not exactly true as we see time and time again in the real world. But let us not hang ourselves up too long on what the Dalek of Social Justice has said.

If you drop a copy of O’Reilly’s book on Sixth Edition JavaScript from the kitchen counter, you’ll be walking with a limp for a while. Far from something that adds a little bit of “interactivity” to a Web page, JavaScript is a full blown computer programming language, Turing-complete, that can be used to write and run almost anything.

(I laughed the other day when I noted that someone had ported all of the LAME MP3 Encoder to JavaScript. It’s like, you could. But why? This is even dumber than online Office suites. People have spent years and lots of effort writing high performance encoding routines in C. Let’s make things worse and shove it to a Web server!)

Very little of what I do on the Web calls for something like JavaScript.

Nobody asked me if I wanted applications that run best on my computer, where I control them, where Big Brother is not looking over my shoulder replaced by some online version on someone else’s computer that I may or may not be able to access, and if I can, it’s watching what I do with it.

I don’t use Services as a Software Substitute where I can avoid it, and the ones I do use tend to be licensed under the GNU Affero General Public License, which makes them Free and Open Source Software.

If I don’t like someone’s Searx search engine, I can use someone else’s. If I don’t like a Matrix (protocol) chat server’s moderation, I can go use another one. If anyone wants to know what the source code does, or make their instance work differently, they can!

Web applications don’t have to be malicious. It’s just that many of them are.

In general, every way that Microsoft’s proprietary software could hurt you before is wrong with their Web applications, and then they’ve invented new ways of being nasty as well. So thanks, no thanks.

The people who invented the Web and the earliest browsers (such as Marc Andreeson, who said as much in 1994) wanted to keep it lightweight. The idea of JavaScript and even Cascading Style Sheets were controversial.

They knew that if these “features” were added, the consequences would be severe. And they are severe!

The Web has basically become Microsoft Windows. Bloated, fat, slow, and requiring a new computer every 4-5 years because of how painful things get. Features that are only useful to advertisers and marketers and spyware and other parasites being bolted on with no debate by Google and Microsoft, and tossed in by Mozilla and Apple “for compatibility”. Worse, it’s all impossible to secure and it’s rather embarrassing how complicated the standards are to get it to do much at this point. (There are starting to be chat servers implemented in GeminiSpace. But on the Web, you need to run a 600 MB tab for that!).

Worse, the Web rots. It’s become mostly a spam farm. Things disappear. Domain squatters come in. All your links go to a scam now. The entire thing has become so balkanized by megacorporations that come and go that if you use those “services”, every 10 years you have to figure out where all the people you used to talk to are.

We have to start backing away from standards that are hacked together by companies that won’t exist in a few years based on speculative business plans, many of which ought to be criminal.

Attackers take advantage of whatever they can.

They take advantage of poorly coded applications, gaps in security policy whether deliberate or accidental (some Windows malware includes the calculator from Windows 7 to get past User Account Control and evade virus scanners, for example), or software distributors like Apple which do not ship Web browser security updates quickly (giving the attackers time to study the fix and start exploiting a long time before most users are patched), or users who do not apply fixes.

Recently, Apple had to rush two emergency fixes for the kernel in Mac and iOS and for Webkit (Safari) for zero day vulnerabilities, and it’s hardly even like it’s rare for in-the-wild attack code to be targeting these platforms.

A while back, China attacked and targeted Uyghurs using a Safari vulnerability in the JavaScript engine. They’re not the only nation state that hoards software vulnerabilities. The US FBI and NSA are known to do it.

But aside from the sandbox escapes and arbitrary code execution are privacy problems that Tracking and Session-Replay scripts cause.

According to an article from VICE from 2017 (compacted with NewsWaffle and archived), at that time, 482 of the top 50,000 Web sites had JavaScript programs that followed the user around and recorded things that can even include keystrokes that aren’t “submitted” yet, and mouse movement patterns, and some even tie your activity to your real identity.

This is….super creepy and super sketchy!

Richard Stallman’s JavaScript Trap essay pointed out that many users end up running non-Free JavaScript programs without thinking much about it. I pointed out in an earlier post about how much I like the add-on NoScript.

In many cases, JavaScript is bloated, it’s spyware, it’s proprietary, and at the very least, it does something unwanted and aggravating, such as powering news site paywalls.

Firefox, some time ago, joined the majority of Web browsers in removing the user’s ability to turn off JavaScript globally, but NoScript can add this back. You can do whatever you want to. You can whitelist domains that are “Just Enough” to make the site work.

Even browsing in the non-default mode of “Temporarily Allow All Top-Level Domains” would provide a lot of protection from malicious, annoying, and bloated third-party scripts without forcing you to do too much manual intervention.

But it isn’t even like JavaScript engines really are that secure. By the time Mozilla finally does declassify security hole fixes for a Firefox release, you can go back and easily see that the majority of really nasty ones involved JavaScript, so the more domains you have it coming in and executing from, the more likely one is to come in and do _something_ nasty.

Odds approach 100% very quickly that your browser is running some kind of malware without telling you.

It’s bad enough when programs are “legitimate” in the sense that they are what they say they are, do something useful, and just won’t tell you how they do it. That’s what Stallman’s complaints were in The JavaScript Trap.

Unfortunately, there’s never been a more useful language to abuse the user with, or a better place to run it, than JavaScript in a Web browser.

Admitting defeat and turning it all on out of laziness simply ensures that you will be encountering serious malware at some point.

Unfortunately, the JavaScipt Problem is bigger yet than proprietary software and malware running behind-the-scenes. Some site owners set their Web sites to simply lock out people who are using Tor Browser, a VPN, or just simply have JavaScript turned off.

CloudFlare, a Web cancer that just keeps growing bigger, now hosts about 1/5th of major Web sites and about as many smaller ones too, and has convinced site owners to set “security” settings high to bounce people who fit these categories. I’m a VPN and Tor user with NoScript, so I run into problems with those “Checking your browser” pages somewhat frequently.

The other day, I was trying to look at an article on Bleeping Computer, and CloudFlare blocked me for using my VPN. So I opened up Opera, which I only occasionally use because CloudFlare blocks their Opera “VPN” (proxy) except in the EU for some reason, so I had to view the article in Opera and then close Opera.

JavaScript is a major annoyance on banking Web sites. One of the advantages of running NoScript and just whitelisting the top domain for the bank is that I use 6 banks, and they all work with just first party scripting turned on. The rest is Session-Replay, data analytics, and other crap and garbage.

Why do I want some creepy third-party script looking over my shoulder while I’m banking or using any Web site for that matter?

When I went to the United States Social Security Administration and the Internal Revenue Service, I even found Session-Replay scripts that they were attempting to load from third-party domains!

Once again, with these scripts excised from the site, the functionality I wanted to use still worked. With your Web browser’s default settings, spyware companies are recording your actions even on government Web sites that you have to use!

I counted at least six tracking companies monitoring your usage of the Social Security Administration’s site. They’ve even outsourced compliance with the Americans With Disabilities Act to a tracking company that records your session!

On top of the security and privacy concerns are more practical ones.

Some JavaScript malware is designed to commit theft of utilities. Some sites resort to “mining” cryptocurrency with JavaScript and WebAssembly (which NoScript also handles). This runs your CPU hard and causes your power bills to rise as your battery life falls.

Firefox, indeed most major Web browsers, now have some sort of anti-cryptomining feature, but nothing’s perfect. The less sites even have the permission the less chance they’ll get one of these loaded.

Tracking scripts also take resources to run. They slow down page loads and instruct your computer to do things. That’s not “free”.

The Web site owners don’t want to make a big fuss about all of this crap that they load, because when you investigate what the companies are telling them, it’s usually like, “We can help you monetize your site and optimize your search engine results and tell you all of these things about your visitors and what they do.”. Stealing your resources to benefit themselves is what they do.

How does this compare with ad blocking, or running add-ons such as Decentraleyes?

Ad blocking and Decentraleyes (which hosts commonly used Web frameworks locally to avoid Content Delivery Network requests) compliment NoScript and add to the privacy you can expect to gain from it.

uBlock-Origin (an ad and tracking blocker) is already a pretty big hammer. It will block ads and tracker lookups completely if they’re in your blacklists.

Unfortunately, many things are not included for whatever reason. They tend to give priority to not breaking anything on a site you could conceivably want to use, and there have been cases where tracking companies used the US DMCA to be removed from ad blocking lists. So it’s not bulletproof. There are too many things that slip past them, and that’s where NoScript comes in.

Between these things, you should be able to reduce your browsing data usage by about half.

There are a few other extensions I really like, such as Google Container. I don’t use Google very much (preferring the Free and Open Source Searx instances) and I’d like to stay logged in, but not outside that container (so Google can’t easily track me in general across the Web).

As I’ve increasingly focused on Gemini (such as Chilly Weather and the NewsWaffle on Gemi.dev) instead of the Web, I’ve found few cases where I actually need JavaScript to run to power something I want or need to do on the Web.

Ironically, writing this blog post about JavaScript requires me to run some JavaScript.

Even then, not all of the domains that the WordPress.com editor wants to load are necessary, and when I go to read blogs, I don’t need JavaScript at all. You don’t even need a graphical Web browser to read this. You can load it in text browsers that don’t even support JavaScript, with cookies turned off.

You should block most of WordPress’s JavaScript. I think most of it comes from analytics sites.

As I continue looking into an escape from the Web for most activities, I still occasionally need to watch a video or refill a prescription or make appointments with my doctor, or use some dumb banking site, and pay my taxes. Unfortunately, thanks to JavaScript being as widely abused as it now is, you need NoScript to make sure that these creepy programs can’t run.

I’m considering moving to a Gemlog instead of WordPress, but I’m going to have to learn how to do that so it may be a while. Eventually, I would like to leave an “I’m not here anymore. Use Gemini.” message on WordPress.

We’ll see when I manage to get around to this.

Until then, turn off your JavaScript, mostly. The Web is more pleasant when there’s less of it.

Although I mostly read news in the NewsWaffle, most of the annoyances and slowdowns (bloated JavaScripts, annoying videos, tracking) are gone from news sites with NoScript. Even when I load a CNN article with uBlock-Origin and NoScript, it comes up instantly. CNN is infamous for its terrible page load performance.

You can get NoScript here:

Firefox Add-Ons / Homepage

License: GNU General Public License Version 2

There is also a port of the extension available for Firefox on Android.

Unfortunately, iOS users will just have to live with JavaScript. The version of Firefox on iOS isn’t the real Firefox with Gecko. It’s a neutered version that has to use the same engine as Safari by diktat of Apple.

Unfortunately, this means Web browsers on iOS are insecure and impossible to fix, and issues such as the one Apple rushed an emergency fix for cannot be user-mitigated by blocking active content.

Firefox has DRM even if you turn off DRM.

Today I learned that Firefox has DRM even if you turn off DRM.

Even if you hide it in the GUI and stop sites from asking you to turn it on.

The MPEG-DASH standard has a form of DRM called ClearKey.

You can read about it here. (Warning: Microsoft GitHub)

In fact, when I went checking, Firefox, LibreWolf, and Ungoogled-Chromium all work with Clearkey, at least this demonstration.

I noticed that Clearkey exists because people on Reddit using Firefox ESR 91 have complained about Firefox popping up a dialog box saying the “Clearkey plugin has crashed”, on various Web sites.

It seems that the Web is getting so nasty that the purveyors of DRM want you to think you can turn it off when a different version goes ahead and runs instead.

The only browser I have on my computer that refuses to play it, is GNOME Web (version 42, latest WebkitGTK).

SeaMonkey also didn’t play it. It may be because Gecko (the rendering engine) is too old.

This does explain some things. The test video is not detected by Video Download Helper.

Whether this means Clearkey works or if the author of Video Download Helper just doesn’t want to get sued for helping people bypass DRM is unknown to me.

The US DMCA says any form of DRM is illegal to bypass, even something laughable or trivial.

Just telling someone to turn off a site’s JavaScript or to read the New York Times using the Lynx browser may even qualify.

Advertising companies have used the DMCA to get removed from the EasyList adblocking filters.

So they may just be relying on something like that.

The program, yt-dlp apparently works around “ClearKey” saying it’s not DRM.

However, they are stupid enough to host it on Microsoft GitHub where youtube-dl (the program they forked) had already been taken down for less, and where many other projects get deleted in the middle of the night.

Recently, even a port of DOOM to the processor in an IKEA smart lamp was taken down after IKEA sent threatening legal garbage. I haven’t been to an IKEA store since that happened.

If porting a program to a CPU is all you need to do to get threatened, then I wonder what IKEA’s lawyers do to sites that tell people how to make unintended recipes out of their frozen Swedish meatballs.

Mozilla continues to disappoint me. They had an opportunity to fight the people who are hijacking and corrupting the Web. They instead signed the Web’s death warrant on the dotted line, alongside Microsoft, Google, and Apple.

ClearKey apparently won’t stop people from copying. Why would it?

Stronger DRM doesn’t stop copying either.

All it does do is waste the user’s computer’s resources trying to play back a stupid video. Potentially one that they didn’t even want running on that Web page.

One of the most disappointing things about turning off DRM in Firefox and having ClearKey continue functioning, is it means that Mozilla is basically lying about what that switch does. Six years ago, they made it so you can’t even drop to about:config and disable ClearKey there.

Real sites are starting to use ClearKey, and it’s just one more aggravation that people on the modern Web will have to face.

I think I should be able to right-click and copy and paste anything I want from my Web browser, or click “Save Video”. If we had the people running Mozilla today in the 1990s, Web browsers wouldn’t even allow you to save an Image.

If a Web site uses JavaScript to try to block me from reading it or copying text, I simply revoke that site’s permission to use JavaScript.

That takes an Extension now, which is nuts.

More and more, I use Web to Gemini proxies to deal with Web content because it’s clean, it’s fast, and it’s readable.

Grabbing news articles and Wikipedia articles over Gemini on my Android phone is very easy using the Buran program from F-Droid.

On my laptop with Fedora, I use Lagrange.

They work like simple Web browser in the 90s did, where if there is an image, you can load it if you want to. Modern browsers just shove those in without asking even if it’s some stupid stock image.

This is what happens when presentation is more important than content quality.

There are simply too many Web problems to deal with and it’s only getting worse, and I no longer expect Mozilla to push back on any of them.

Comcast tells couple they’ll need to pay $27,119 to get Home Internet even though the rest of their block is wired for it.

In the United States, high speed Internet service providers are like drug dealers that agree not to operate in each other’s territory.

That way they can set prices as high as they want.

Comcast is getting even fatter off of the FCC’s “Emergency Broadband Benefit” which gives out “free” (taxpayer-subsidized) Internet to people on government benefits or below 200% of the Federal Poverty Line.

They also cut their Customer Support to the bone, making people spend hours dealing with “chat robots” and Interactive Voice Response systems before they can get through to an agent, which is often in another country, and can’t do anything except schedule a lineman.

Every time they do that, no matter how much they insist they won’t bill for it, I have never NOT had them try to add $100 to my next bill, which I again had to spend about two or three hours getting them to take back off.

Comcast has been losing their butts on people canceling pay TV because the only thing on cable is commercials and crap programming so they can move everything else over to Pay Per View. Why would anyone spend money on equipment rentals and “packages” like that unless they’re some sort of “sports fan” with lots of money.

So the result is that Comcast has been steadily jacking up the cost of their broadband service and equipment fees. It’s not even worth renting a modem from them unless you’re on the EBB and don’t pay for it, because in 5-6 months you could have bought your own.

But even I was shocked when I read about this couple in Seattle that Comcast said would have to pay $27,119 for wiring even though their entire block is wired for Comcast anyway.

Ars Technica: Couple bought home in Seattle, then learned Comcast Internet would cost $27,000

Web / Gemini (NewsWaffle) / “WebWaffle”

Comcast makes so much money off of monopolies, shaking down streaming companies, and government contracts and welfare programs, and yet they still get to jerk people around like this and the Democrats set this EBB thing up that turned into “Affordable Community Broadband” without demanding Title II regulation (as a utility) back in exchange for ISPs taking the money.

The couple is limping by on a “4G Hotspot”. I don’t know what that means.

I tried to escape Comcast for a while with T-Mobile 5G Home Internet and that was amazingly shittier. About the only upside was that the landlord couldn’t run over anything with a lawnmower while I was on vacation and knock me offline again.

The downside was that T-Mobile’s Home Internet modems can hardly ever lock on to a decent signal and mostly just overheat and crash and die completely every few months and make you perform effort to send one back to the T-Mobile shit bin like it was a launch XBOX 360.

Maybe this couple can file some sort of complaint with the state Attorney General simply due to how egregious this is, but I wouldn’t hold my breath. Bad customer service was one of the reasons why Comcast changed their name to XFinity. Bad companies change their names to get away from scandals and bad press and stuff, but in Comcast’s case they just got worse and worse as “XFinity” and they still brand stuff under both names like they gave up halfway through.

Sounds like this couple had better get used to the 4G unless they want to pay Comcast half of a house in Indiana for 186 feet of coaxial cable.

Mostly the reason why the federal government wants everyone to access the Web somehow, especially on “smart” phones, preferably on “smart” phones, and why they waited so long to do that, is because they had to turn it into a centralized Corporate Sewer full of DRM and spyware first.

Thanks to “modern” Web browsers like Firefox and Chrome, they even get to see what’s on your mind if you change your mind before you finish typing it. “Awesome” bars and “Omni” boxes and “Firefox Suggest”.

It’s literally the thought police unless you opt out for a browser that’s still Free Software, such as LibreWolf, SeaMonkey, or GNOME Web. Or use Tor for more privacy.

Then, they know most people will dive right in to “social media” and tell them openly what’s on their mind. They like that too.

Apps are, of course, much worse. At the bottom of it all, they have Comcast and Cloudflare logging stuff and helping them compile dossiers about citizens.

They waited for things to finally get this bad and then declared the Internet to be “essential” to daily life. That was not a mistake.

Some people will push back a little, most people won’t.

The SeaMonkey Internet Suite is still developed. Is it right for you?

The SeaMonkey Web Browser and Internet Suite (Web page editor, Mail and News client, and ChatZilla for IRC) is still producing releases.

I installed version 2.53.13 as packaged in Fedora GNU/Linux 36.

The program is based on a forked version of the Gecko Web engine that Firefox uses.

Ironically, it was Firefox that was forked from SeaMonkey.

It was also SeaMonkey that caused AOL’s iteration of Netscape Corporation to go ahead and collapse.

(It was not on solid footing following Microsoft’s attack on the original company, which is what made AOL decide to buy it out as a distressed asset.)

This is because many people, myself included, saw no point at all in using Netscape’s version of “Mozilla Suite” (SeaMonkey’s original name) and started following Mozilla Suite instead, because the browser was open source, highly Web Standards compliant, and packed full of features.

AOL turned these releases into “Netscape 6/7” by adding proprietary software (useless) and a bunch of garbage bookmarks to shopping sites, and having their setup program put icons for “Free AOL Trial” on your desktop.

(Which seemed to be their only concrete business plan for anything they took over, including another of my favorite programs, Winamp.)

The “done thing” by people like me was to just grab a new nightly build and install it every once in a while manually to get at the latest new features in “Mozilla” as the Suite was commonly referred to, happily ignoring the “This is just for testing. End users should go to Netscape.” warning.

We knew that “Mozilla” was a fully functional browser sans AOL crap, so why use something from AOL?

Meanwhile, AOL made a series of unforced errors, including pressuring Mozilla to declare something “stable” and then finally giving up and basing Netscape “6” on something that was clearly not ready for average users and throwing a multi-million dollar advertising budget behind it. This, only to get booed in the tech media as a “bloated program that crashes all the time”.

Microsoft Windows, especially in the 1990s, was really really ugly to look at. Honestly, it’s the ugliest operating system of its time in any decade, but that’s an aside.

One of the things AOL pressured Mozilla to do was create a “theming engine” that had performance problems on everything it ran on, especially the “Modern” theme (which Netscape made their default), and especially on Windows, where the majority of reviewers would be evaluating it.

(Mozilla with the default theme usually ran fine on my old AMD K6/2 system, so I mean…..they clearly weren’t the only problem here.)

By the time Microsoft had a theming engine in Windows XP, running Netscape 6/7 on it looked even worse, because they looked like two clown cars with a different paint job crashed into each other.

After AOL divested itself of Mozilla, Blake Ross (who left to work at Facebook) and David Hyatt (who left for Apple, to work on Safari) spun off the far less capable Firefox browser, whose selling point was ease-of-use for people who couldn’t figure out how to use an Internet Suite.

They also claimed Firefox was “less bloated”, however most of the bloat was in the engine and loaded with Firefox anyway, so it did not consume significantly fewer resources than the Suite. In fact, if you used ThunderBird as a separate program, you’d load everything twice instead of opening Mail and News and observing a ~1% increase of RAM consumption.

Over the years, since the fork, Firefox has continued to bloat up to the point where people used to complain that the entire program was using 1 GB of RAM, and now it often uses almost that much per tab. So, we should begin by dispelling this revisionist history that led to the forking of Firefox.

At the time, I was one of the people who kept on using the Suite and pooh-poohed Firefox for being “dumbed down”, but clearly the Suite’s days were numbered. And even I began using Firefox as fewer people used or developed for the Suite anymore, and you could add most of the missing features back to Firefox with extensions.

SeaMonkey 2.53.13 (released July 11th, 2022) uses Gecko 60.8 “with backports and fixes” and advertises itself as Firefox 78.

For the most part, I was able to browse the Web just fine in SeaMonkey.

However, it had problems dealing with certain Web sites, including the Element chat software (incorrect rendering) and the WordPress Editor (malformed rendering, but usable).

I also had a problem when I went to log in to Facebook, which I barely use except to occasionally message distant relations about something.

(I don’t even use my real name and always load it in a private window, but relatives know it’s me.) Facebook text entry boxes do not function, which is also a problem I had near the end with Firefox 78 ESR.

I also had problems with some video sites not playing videos.

I ended up having to drop to about:config and set site-specific user-agent overrides sometimes, identifying it as mobile Safari for some video sites, or desktop Safari for some others.

Why Safari? Well, it’s pretty much the least Web Standards compliant browser, but it has too many users for Web developers to ignore completely.

Since Apple has so much of the Web platform missing from Safari, that leads to a situation where developers have to make changes and not use those features to get a site to work, which means your chances of having it work (or at least work better) in an old version of Gecko should improve.

In most cases, lying to a particular domain to get the Mobile Safari version at least got the site to work, even if it looked odd on my laptop computer.

This is exactly the same approach that Cameron Kaiser used in Clasilla, a long-lived fork of the Mozilla Application Suite 1.3.1 for old version of Mac OS, which couldn’t run anything else.

Mobile Web sites assume that your computer has less resources, a partially functional Web browser like Safari, and tend to foist less code for the browser to figure out what to do with.

While the current state of the Web on SeaMonkey is almost certainly nowhere near as bad as a fork of a browser from 2003 (Clasilla) that was maintained mostly by one guy, a browser core rooted in 2018, even with modifications, is going to start having some trouble in 2022.

As GNOME Web, which is actually based on Webkit (like Safari, although with improvements) found out, even if you use the same rendering engine, lying globally and identifying as Safari turns out to be radically destructive. Sites start trying to send you files meant for Mac OS, for example. Or, with the mobile version, pressuring you to use an Apple store, which doesn’t exist on a real computer.

Still, for a Web engine from 2018 (plus some enhancements), I was still somewhat surprised at how quickly things have managed to degrade.

In some cases, such as YouTube or the News Web sites, which are far too bloated anyway, I was able to bypass them using an instance of Invidious (for YouTube), or double converting news Web sites to Gemtext (meant for Gemini browsers), then back to a simplified version of HTML that SeaMonkey fared better with. I bookmarked the Gemini NewsWaffle through a proxy that sends it back to Web format, and SeaMonkey now has a fast and efficient way to get at the news without bloated JavaScripts, crap formatting, in-page pop-ups, and paywalls.

You can try out the NewsWaffle without a Gemini browser (such as LaGrange) by clicking this link.

Most news sites that are unbearable on a modern PC could be loaded this way even on a computer from the 90s with a dial-up modem.

(I tested it out, including the “enter any news site” feature, and found it to work about as I expected.)

Certainly nothing important must have been added to the Web platform in the last few years that could account for all of these problems. Sites are just getting morbidly obese to the point where you have to find some way of “tricking” them. Even in browsers like Firefox that can handle them better, they’re still far too annoying.

All of those sites and apps that are now giving SeaMonkey so many problems existed in 2018 and all of them did pretty much what they do now without trouble. That proves that this is all gratuitous bloat.

I found the process of installing Extensions (Add-Ons) to be somewhat annoying and indirect in SeaMonkey.

For starters, I absolutely need an ad blocker. The Web is totally unusable without one, unless you use Lynx, which can’t load ads in the first place. (No images, no scripts.)

When I went to SeaMonkey’s Add-Ons Manager and tried to look for ublock-origin, nothing showed up. Same when I went looking for anything to block ads with. Okay, that’s irritating.

Not to be discouraged, however, I remembered something about a “legacy” version which Raymond Hill maintained for Pale Moon, which might work in SeaMonkey. Sure enough, it still exists and still works. Problem solved.

(I found this page and installed the “Firefox Legacy” version, and then set up my usual block lists.)

For e-mail, the SeaMonkey documentation says it shares code with Mozilla Thunderbird’s back-end.

It seems to do this while preserving the classic Mail and News GUI layout and features. These will be immediately recognizable to people who were around in the Netscape Communicator days.

The problem is, while you will get it working eventually, there’s too much trial and error, especially if you want to set up Microsoft or Google IMAP account. Both of them make it incredibly difficult, and for my Outlook Mail, for example, I did not get the settings correct on my first try.

Once I found the IMAP and SMTP servers, and the non-standard ports that Microsoft and Google use, and the security protocols to use, I also had to create an App Passwords, which both also made hard to find. Google is actually worse than Microsoft, in that you additionally have to find a setting hidden in your GMail account to enable IMAP, or else the server will refuse to deliver mail.

When I tried to simply use OAuth with Microsoft, it told me that I couldn’t use it with a personal account and they only let you use it with a work or student account. However, GNOME Online Accounts and Thunderbird get to use OAuth. Do they have some sort of Microsoft deal?

I set up GMail to. Google is apparently threatening to cut off anything that doesn’t support XOAuth2 in the near future. So far, I have K9 Mail on my phone set up to check GMail and my Outlook to avoid their official application.

(I wonder how long that will keep working. Bark Bark.)

Other than Microsoft and Google deliberately making their IMAP settings hard to get at and use to drive people onto their terrible 500 MB per tab WebMail with built-in spam, which is not SeaMonkey’s fault, I found the Mail and News client to be quite enjoyable to use, once properly set up. I don’t understand why people with many e-mail accounts don’t insist on a Mail client running on their local machine. It’s gotten to the point that even many GNU/Linux distributions don’t offer a Mail client because people have been trained to roll over, fetch, and play dead by megacorporations with “free” WebMail.

The good usability of SeaMonkey’s Mail and News client comes from the fact that it hasn’t really changed much at all since AOL/Netscape paid to have Netscape Mail re-written as part of the Suite. I knew of people continuing to use Netscape 4 in a limited capacity into the mid and late 2000s just because it could open Netscape Mail, and that still worked.

AOL was the butt of a lot of jokes, but they always did e-mail really well, and you even still see a few @aol addresses out there in use today.

Due to the “If it’s not broken, don’t ‘fix’ it.” mentality, Mail and News works! This was always the strongest part of Mozilla/Netscape/SeaMonkey line in my opinion.

To give an example of how badly “WebMail” has devolved under Microsoft, one of my attorneys PAYS them for Microsoft “365”. It crashes all the time, it loses attachments. It’s a complete disaster. I had to resort to uploading sensitive documents onto a Google Drive and then deleting them as soon as she told me she had it(!) to get around Microsoft’s shit that people actually pay for!

SeaMonkey allows the user, of course, to customize their interface.

The GUI works much like Netscape Communicator did by default, because that’s what it was modeled on, but the user can customize it, even to resemble Firefox.

Unfortunately, in all of these years, nobody has added per-tab close buttons as an option. So, you need to either right-click and close the tabs, or middle click on them. Which is a little annoying. First there was an extension called SeaTab to add close buttons, then it was abandoned, then forked into SeaTab-X, and then SeaTab-X-2.

What’s frustrating is that this extension was listed as incompatible with my version of SeaMonkey, but then I told it to install anyway, and it works as it’s supposed to.

As SeaMonkey is an Internet Suite and designed for power users, expect a lot of advanced preferences.

If you don’t like them, then this program is probably not for you.

One thing that greatly annoys me about GNU/Linux is that the traditional behavior of pressing the middle mouse button is to paste whatever is in the clipboard into the application. I have never been able to get used to this. You can change that behavior in “GNOME Tweaks”, which is good, because middle mouse paste is bizarre for a modern GUI. Actually, any GUI in my opinion. Maybe it’s because I started out as a DOS/Windows users years ago?

SeaMonkey/Gecko, however, ignore your system-wide preference. To stop that, and to change it so the middle mouse button “auto-scrolls” when you press it, you have to drop to about:config and look for “general.autoscroll” and double-click it to “true” and “middlemouse.paste” and double-click it to false.

To be fair, Chromium browsers (Chrome, etc.) don’t allow for auto-scrolling in GNU/Linux, it seems. I don’t use them much. I have ungoogled-chromium for emergencies when a site is being difficult, but I don’t open it much.

SeaMonkey has some potential security pitfalls even if they are properly backporting fixes for security issues.

For example, I noticed that TLS 1.0 and 1.1 are still allowed in SeaMonkey, even though you’re unlikely to run into a site that uses it and other browsers disabled them years ago.

If you leave them enabled, you could be the victim of a protocol downgrade attack if an attacker finds a vulnerability in them and uses it to intercept your communications with the “secure” Web site you are visiting.

This could allow them to record everything you’re doing, or to insert tampered pages or files into your connection.

ChatZilla has returned! With IRCv3 features!

The only other Web browser I’ve known about that had a built-in IRC client was Opera, before the Chromium version (which was widely panned by Classic Opera users).

With many younger people moving to Matrix or Discord, they may have never even heard of Internet Relay Chat. IRC still exists, and some networks are very popular.

Matrix.org has “bridged” some of these IRC servers in to pressure people to use Matrix.org. The unfortunate thing about “centralizing” something like this is you get to deal with arbitrary moderators.

Matrix.org banned me four times in the middle of the night, and with no explanation. They didn’t tell me why. It didn’t even say I was banned or who did it. Just BAM and my account “didn’t exist” on the server anymore. I’ve watched their “moderators” at work. They designed the protocol to just say “people log out” and “won’t be active anymore” when it happens. No hint that they were kicked, banned, anything. Being black-bagged anonymously is baked into the software.

Being taken out back and knifed caused a major upheaval for me. While I eventually created an account they haven’t banned, yet, I don’t trust Matrix.org to handle my chats anymore.

Especially not bridging them into IRC servers that also have their own moderation and policies. I only use IRC clients to handle IRC now so there is no middleman that can censor me and cause me to lose everything, even on other networks.

Many people are fleeing Matrix.org and causing the protocol to fragment, as servers that supposedly “decentralize and federate” mutually ban each other and the whole thing falls apart into an incoherent mess where you need to run multiple tabs of Element, each one consuming hundreds and hundreds of MB of RAM, to deal with the servers warring against each other. It’s completely stupid. Someone told me that Matrix.org is just another way to say “Reddit”, but it’s much worse.

IRC is a “social network” by definition, but the benefit of it being more “mature” is that the leftist hate groups don’t tend to hang out there and abuse their power to run people off the network. I mean, Libera Chat might, but the older established networks don’t. It also doesn’t demand gobs of system resources and use it to drive advertising and clickbait, like Facebook or Twitter, which are a waste of time.

Hopefully, some people that fell for the “Social Network” trap and get tired of the absolute parasitism that is unfolding there will re-discover IRC and allow the Reddits, the Matrix.orgs, the Discords, Facebooks, and Twitters to rot in Hell.

~20 years ago, I used ChatZilla to save system resources. Computers didn’t have much memory and ChatZilla was a way to free some up since you already had a Web browser running anyway. Today, resources don’t matter as much, but the relative simplicity is nice. For outright minimalism, you’d probably use ircii or something. Right now I have ChatZilla set up to do all of the things I have HexChat configured for. Maybe using ChatZilla makes me a hipster or something. I don’t know.

Probably so would using SeaMonkey, or not subscribing to a million streaming sites so I can play song files that I already possess.

Another positive thing to note about SeaMonkey is they don’t seem to even offer the user DRM (Widevine).

This is a plus. I hate the entire idea of Web DRM on so many levels. It’s dangerous (software that can be used by malware), it restricts what I can do with my own computer, and it’s proprietary. It was specified and dictated by entities that are hell bent on ruining the Interoperability of the Web.

When Tim Berners-Lee envisaged the Web, he specified document formats for the easy exchange of information. Formats that nearly anyone could learn to write and use. DRM is one prong of an attack on the Web, designed to turn it into some idiotic “content delivery pipe” for outfits like Disney and the other streaming disservices.

Since they have specified it, the only thing that seems to stop smaller video sites from deploying it is, ironically, that Apple specifies competing DRM for Safari.

For many years, YouTube has been resorting to nastier and nastier tricks to prevent people from getting at the videos and saving a copy. Microsoft has collaborated to knock projects like YouTube-DL off of “GitHub”.

I’m surprised YouTube hasn’t just pulled the trigger and gone DRM-only. Who would be left to fight them? Mozilla capitulated anyway with nothing but a “sorry/not sorry” letter about it.

The fact that SeaMonkey doesn’t support Widevine may be due to SeaMonkey being a separate organization from Mozilla (registered in Germany, since 2012) and being unable to obtain a license to Widevine, but I don’t care why it’s gone, I’m just glad that it is gone.

It’s always such a nuisance to have to turn off DRM and hide the prompts in Firefox browsers. It is actually something that requires dropping to about:config, because Mozilla doesn’t respect your choice to leave it off and stop asking.

While SeaMonkey is a browser that has quirks, doesn’t handle some “Web apps” particularly well, and needs some fine tuning to customize it for your use, I can’t say that I hate it.

As weird as it may sound, given some of the troubles I found with it, I found it overall surprisingly pleasant to browse in, most of the time.

For stubborn Web sites, GNOME has a browser called GNOME Web that is roughly comparable to Safari. So anyone with GNOME has a GAFAM-compatible browser engine anyway, all they have to do is install the user-interface shell.

Theoretically, SeaMonkey could just jump to a more recent release of Gecko and it would solve almost all of these rendering problems. I spoke with one of the developers on IRC, who told me that the reason they use “Gecko 60.8 plus backports” for now is because Mozilla keeps removing APIs that SeaMonkey developers don’t want to lose access to.

In fact, I already knew that Mozilla quit viewing Gecko as anything other than a Firefox component many years ago, and SeaMonkey is one of the few surviving independent organizations that is trying to make something useful out of it, and that’s commendable.

Mozilla has made numerous “breaking” changes to Gecko over the years, that many of their users disagree with. The end result has been Firefox turning into a badly performing clone of Google Chrome instead of having the vibrant third-party application ecosystem that it once did, which is Mozilla’s loss. More applications needing Gecko, using Gecko, would make Gecko more important. Instead, they have chosen to isolate themselves and die in silence. Bleeding users. Negotiating for Google stipends that get smaller and smaller. Pissing off users with advertising and spam every time Firefox opens.

While Firefox still has some clout and there was sort of a recovery in the number of browser extensions after “quantum” brought in Chrome-style and did away with XUL-based extensions, they aren’t as high quality as they used to be.

One of the reasons I used to recommend Firefox or Mozilla Suite to anyone who would listen to me is that the extensions were nothing short of revolutionary. If the browser or Suite could run on a platform, an extension could too. If the browser could do something, an extension could do it too. This opened up a world of opportunity that Mozilla threw in the trash by adopting Google Chrome’s vastly inferior extension model.

Gone are the days where Mozilla’s platform was an “operating system that runs on an operating system”, where entire applications could be developed and you could point people at them as long as they had a computer because the browser engine abstracted away differences between operating systems.

Some of the other browser vendors have tried to hash out a “public specification” of what a Google Chrome extension is, and Mozilla’s term for them is a “WebExtension”, but like Sun Microsystem’s effort to “standardize” Win32 (the Windows programming interface) in the 1990s, Google (as Microsoft) has absolutely no reason to want to help out and every reason to want to kill the standardization effort.

They dictate what a browser extension is, and everyone else just has to copy it and tell developers that this is what we have now. Nobody is adding APIs and removing limitations. They just copy Chrome.

One reason this system is so terrible is that Google is an advertising company. They’ve never allowed ad blockers in Chrome in Android, and they’ve released an update to “Manifest” (the specification for Chrome extensions) that will neuter ad blockers in much the same way that Safari’s Content Blocking scheme did.

Many of the people who made the best ad blockers for Safari gave up, quit, and left, because they couldn’t make it do what they wanted it to anymore.

Raymond Hill, maintainer of ublock-origin, responded to Google’s Manifest V3 by saying he’d rather quit developing ublock-origin than to make it “less than it is now”.

For years, Adblock Plus had been the only game in town, until Google and other major parasites started paying into a protection racket set up by Wladimir Palant.

Point is, unless something changes drastically, I’m just simply not sure where the future of the Web is going. Nowhere good, I’m sure.

You can already just barely get an ad blocker for SeaMonkey, and it’s because Raymond Hill still cares that there are users who find it useful.

(I guess you might be able to rig up a filtering local proxy like Privoxy.)

As for other extension developers, they don’t seem to be paying SeaMonkey any attention. If they did, they’d also have to keep a version of a Firefox “WebExtension” around that’s old enough to work in SeaMonkey, which would essentially mean checking how things are going in a browser with less users than Firefox.

It’s not like SeaMonkey got to retain its powerful “XUL” extensions. It gave that up when it brought in the “Firefox Quantum” version of Gecko. Yet, usually what will happen when you try to install a WebExtension meant for Firefox into SeaMonkey is it will not function at all, or will malfunction.

Again, aggravating, but entirely Mozilla’s fault.

While it is ironic that the browser that essentially invented extensions (Mozilla Suite) is the browser that only has a few left that you can use, in some ways it’s for the better.

Why? Many Firefox extensions are proprietary software. That means you don’t have unconditional rights to use them or improve or share them with others. Furthermore, since Mozilla doesn’t monitor most of them for code quality or to see if they have malicious software in them, they can destabilize the browser, or even spy on you, when you run them.

Firefox itself is spyware (telemetry+the Firefox Suggest keylogger) and has remote backdoors, such as Normandy, which allows Mozilla to run experiments without your consent, even if you’ve disabled the preference that allows them to install extensions behind your back!.

Adding extensions, many of which are from large corporations, is a guaranteed way of having your browser send off more data to be spied on by more people.

I keep getting Capital One badgering me to install an extension that applies coupons. What else is it collecting? Well, SeaMonkey can’t even run it. Same goes for all of those Avast! and AVG “anti-virus” extensions that flout their own alleged privacy policies.

Extensions aren’t necessarily always a good thing, and Mozilla doesn’t always make it obvious what license you’re even agreeing to when you run them.

Since probably all you’re installing into SeaMonkey is ublock-origin, which is under the GPLv3, and the most important browser extension anyway, you’re at less of a security risk than Firefox users.

While the LibreWolf developers have gutted Firefox of a lot of non-Free software, spyware, and the keylogger, and have done a lot of good work, you still need to be very very careful which extensions you install. The vast majority are “not monitored by Mozilla” and “you install them at your own risk”, says Mozilla’s own site.

The big problem SeaMonkey really has is that Firefox is an ongoing disaster with SeaMonkey in tow.

I can only imagine how the developers of SeaMonkey must feel about this. From the outside looking in, I’d compare it to being in the car with a drunk driver.

So, do I recommend SeaMonkey?

That’s a qualified yes. If you’re like me and you’re fond of the way Internet Suites used to work, it’s really your only option. Many people who stuck to Opera 12 ended up with an experience that degraded until it couldn’t render Web sites and couldn’t even connect securely to others over TLS. If you appreciated “real” Opera, SeaMonkey might be for you.

You’ll need to hack your way around some limitations, mainly due to the fact that “Web developers” are a bunch of idiots, being given too much to work with, by a captured W3C that’s at the beck and call of two advertising companies, who dictate what the “standards” are.

Long term, we need to overthrow the Web and go back to something with largely static content. Or developing small programs such as the NewsWaffle that take bloated Web sites and strip them down and feed them to our browsers. As Anthony Hopkins (as Dr. Ford) put it in WestWorld, “The Earth does not want to move. We will move it, regardless.”. It’s time to beat uncooperative sites into something more…..manageable…..more rational.

What’s really important with the Internet is what people choose to do with it, and what people want and what big corporations want are two entirely different animals.

Take news sites, for example. They set out like 10 KiloBytes of text and haul in 300 MegaBytes of garbage to read it. The news text is like the cheese in a mousetrap. What’s the garbage? Oh, don’t mind them. It’s just autoplay videos, scripts that spy on you that you’re not even supposed to know about. Crazy video streaming specifications that only exist to obfuscate how to download the video or to call DRM so you can’t save a copy even if you have an extension that could figure out where it’s at. Advertising. Formatting junk to “make it look pretty” (who cares?) often by pulling in Web Fonts that spy on you.

You know, “important stuff”. 😉

The focus away from Internet Suites like (Classic) Opera and SeaMonkey, mostly-static content, and local computing, towards badly-written Web applications that chow down on all of your system resources while controlling you was a hit job that Richard Stallman warned about repeatedly in various essays, ranging from “What Does That Server Really Serve?” to “The JavaScript Trap”.

You’re always better off running local applications on a computer that you control, and only backing up your data, which those local applications create in formats that are well understood, to storage that you control.

For starters, we know that every “Cloud Storage” site has a backdoor. Your files are accessible to governments. Maybe not even your government. Do they need a warrant? Probably not.

Just as bad, creeps, weirdos, and perverts that work at companies like Google can get into all of your files. This isn’t hypothetical. They had a child sex predator working there doing it to people, to stalk children.

If that wasn’t enough, they fired dozens of employees over the years for inappropriately accessing user data, leaked documents say. What did they do with the data? How many copies did they make?

In return for this, you’re supposed to pay them by the month to store your files.

How convenient is that? If one of their hard disks crashes, you can still lose data. If they have a security misconfiguration, you can’t fix it. You won’t even know about it. If there’s a data breach, they’ll hide it from you. If they can’t hide it and get sued, it’ll go to a class action and you’ll get a year’s worth of identity monitoring and coupons to Bennigan’s while the class attorney gets $500 million dollars. 🙂

Some people encrypt their laptop in case it gets stolen, then upload all of these files to OneDrive and Google Drive and Apple iCloud, where they are at much more risk.

When you really consider the situation as a whole, which is the only logical way to consider any situation in life, is SeaMonkey perhaps maybe not working too well with this shit really a loss?

If it pulls up your recipes, sends and receives e-mail, and lets you browse 99.9% of the Web, bank, and use IRC, it’s probably fine. Isn’t it?

I’m unaware of anything I’m doing that SeaMonkey can’t do. Buy some thumb drives for crying out loud. Use an office suite on your computer.

(When thumb drives were new, they held 32, 64, or 128 MB. I don’t remember what my ex paid for one when he was in college, but he was amazed by them, and it was a lot of money. Today you can get a 512 GB model for $45.)

People say Richard Stallman can be a bit abrasive. Can you blame the guy, sometimes? Look what he has to deal with.

He goes to give a speech and is surrounded by people who think that loading a word processor in a Web browser on someone else’s server, puts out files in secret undocumented formats that are not well specified (and change), which can change in ways they don’t like, or lock them out, charge an unlimited amount of money, crash, and any combination of these things…. is a good idea. Every time someone interviews him, they make the same mistakes the last interviewer did and you have to skip past minutes of the interview while they’re asking stupid and obvious questions like why they should care about local computing and use weak language like “open source”.

When you’re surrounded by these people, you probably get tired of it.

To Recap:

SeaMonkey, it’s a browser which has its roots in the before time, from the long long ago. Before everyone took leave of their sanity and stopped demanding to do their own computing.

If you’re a heavy user of “Web Apps” it’s probably not right for you, but if you use the Web like I do, it generally does work fine.

If you’re looking for a browser to handle “Clown” computing and lots of heavy “Web apps” with that wonderful Digital Restrictions Malware, go use Google Chrome. I hear you’ll like it much better. You’ll have nothing good to say about SeaMonkey once you’ve seen it. If you’re a “Web 3.0” basket case, just give into Chrome. You know you want it.

You can use Google Chrome or one of the “Also-Google Chromes”, like Vivaldi, Opera, and Edge.

Or you can go to Firefox, for whatever that’s worth, as Mitchell Baker turned the program into something that’s just a damned pest. It’s why they’re losing their users. At the same time, several years ago, Mitchell Baker attacked the entire concept of supporting other use cases involving Gecko, essentially accusing them of parasitism (“why should we pay a tax blah blah blah”). This is, of course, back before Mozilla itself stopped “dogfooding”, using their own technologies, conducting development in the open, where people could participate. A lot of the development now goes on in proprietary malicious platforms, like Discord (they shut down their IRC server) and GitHub (instead of NNTP newsgroups and BugZilla). They’ve been closing out what’s left of the community, firing people, and outsourcing to Microsoft and Google.

One more reason why SeaMonkey deserves consideration is because they conduct development and discussion openly. You can just open ChatZilla and point it to Libera Chat and join #SeaMonkey and you’re talking to the developers and community, and you don’t need to create some sort of Microsoft account and participate in this major fraud and parody of “open source” that Mozilla has created.

Baker also said they would be “laser focused” on Firefox. Instead, they fire engineers and keep “Diversity and Inclusion” people, and the Mozilla Foundation has turned into a political party calling for more Web censorship and Cancel Culture. So much “Free and Open Source” software today is endangered by letting in people who should have never been there in the first place. Mitchell Baker is “Exhibit A”.

What’s going wrong is that the far-left crowd, which is a hate group, has commandeered these communities, thrown in with the enemies like Microsoft and Google (who want FOSS to be in turmoil so that they can sit back, laugh, and watch us destroy each other), and the idea of people of good conscience being able to have disagreements isn’t tolerated. This is why Mozilla and Matrix.org are a match made in Hell and deserve each other.

20 years ago, FOSS was a different beast entirely. It was fun. It was novel. You could make tasteful jokes. In #techrights IRC yesterday, I pointed out that there is a program, now called GNOME Planner, that used to be called MrProject. The joke was that Microsoft had a MS Project. Today, this sort of thing is considered “inappropriate” and gets censored out as “offensive”. It’s offensive for some on the left that there are men and women, so they have to stop you from referencing that, even in a joke. It’s not offensive, so these people create “offense”, then they’re offended on behalf of other people. Then if you tell them to chill out, they’ll attack you by lashing out in bizarre ways. Using tactics like these, they’ve ran off, or tried to run off, people who are actually doing something important for the community. Such as how Matthew Garrett, who participated in Microsoft’s attacks on GNU/Linux (including Security Theater Boot, which he now hypocritically complains of as an anti-user lockout mechanism…duh), goes after Richard Stallman and Ted T’so using trumped up allegations which are bullshit.

Firefox isn’t fun anymore because Mozilla has gone to the dark side.

After the Firefox fork, Mozilla never cared much for the Suite continuing to exist, but there was enough interest to keep it around.

Eventually, they forced it to spin off into an unofficial program called SeaMonkey, which they never gave warm regards to. Then they forced SeaMonkey out of Mozilla completely.

But like Dick Van Dyke continuing to bring a little bit of decency into a new world mostly devoid of such, SeaMonkey is still there with us.

It reminds us of a more civilized time.