Fortunately, until it is patched, I can just turn it off in about:config with image.webp.enabled to false.
It’s a bad vulnerability and I spent a few days sort of ignoring SeaMonkey except to deal with my E-Mail, since that doesn’t open remote content by default anyway, then I found this.
To test it, I took a WebP file and dropped it on SeaMonkey before and after. After turning WebP off, it offered to “download” the file somewhere instead of opening the image with its native WebP support.
This is a really terrible image format.
I decided to turn it off in LibreWolf (Firefox fork) too and see if it breaks anything I use terribly. Already, I see an improvement. With WebP and AVIF turned off in LibreWolf, Reddit has gone back to sending me real JPEG files!
In Firefox/LibreWolf you can also turn off AVIF (which SeaMonkey doesn’t support yet) with image.avif.enabled to false.
The way Google writes bad code, if it doesn’t end up breaking the Web for me it’ll just be more Web browser junk I turn off now.
I’ve done a reverse dependency lookup, and it seems that the only desktop meta-package in Debian 12 that doesn’t “depend” on Firefox -or- Chromium is KDE.
Last time I tried using Debian (11) and removing Firefox, I had GNOME. I was somewhat angry that the dependency sprawl of GNOME’s desktop meta-packages on Debian force the user to have either Firefox or Chromium.
KDE’s, however, do not, so you may remove Firefox without worrying that it will demand that you install Chromium or risk damaging other parts of the OS.
On Debian’s part, this is just not the best dependency management on most desktop environments, with KDE seemingly the only one where removing Firefox doesn’t mean accepting an even worse browser or damaging the system.
I say bad dependency handling because forcing a user to install Web browsers, much less a specific one, to have a desktop environment, is a layering violation.
It makes Debian more like Windows, where there’s basically no concept of separation and topology, where the user is not free to customize it to his or her own liking and needs, and must have Internet Explorer and Edge.
In Windows, their idea of “topology” in the Server product is you can install the “Desktop Experience” or not install it. And if you don’t, you don’t get any GUI stuff really at all. Just enough to start a command prompt or “PowerShell”.
This should not be the situation we aim for on GNU/Linux desktops by making Firefox mandatory software.
The user should be able to install or remove any desktop software, freely. Putting things like office programs and Web browsers in as mandatory components to run GNOME takes us away from perfection, and makes a system more like one from a proprietary software vendor which demands to throw in everything they think you should have.
Why would you uninstall Firefox? (A counterblaste to Mozilla.)
Mozilla has essentially turned Firefox into malware. They started going bad years ago, and consistently find ways to be worse.
It has keylogging spyware, ads, and plugs for other Mozilla “services” that most people have no interest in. It has contextual advertising driven by the keylogger, and it leaks your personal information like a sieve by empowering random malicious Web sites to run anything they want on your computer.
(Sarcasm: Also, some of the enabling malware is “open source” on Microsoft GitHub, so it’s fine! There is also, apparently, an enormous difference in semantics about whether some of your information happens to be “sold” vs. “shared” with said partners, who are paying Mozilla to run ads in the browser.)
Aside from this, Mozilla can and does install Windows 11-like “studies”, which are extensions that can change the browser so that they can perform A/B testing.
Therefore, your copy of Firefox might have completely different settings than if I installed it. Even if they are identical to begin with, if I installed it for you (or it came with Debian), and I walk away, Mozilla can “reach in” later and change that, and then I wouldn’t know how to help you, because mine doesn’t work like yours does.
If they, for example, want to change some code related to the handling of graphics output and see that happens with different video drivers, they can.
This can mean that even if you and I have the same video card, my copy of Firefox may run fine, while yours starts crashing, and you can’t figure out why, but it’s reporting it to Mozilla along with everything in main memory at the time of the crash.
These are just some examples of power that they shouldn’t have. There are thousands of settings in the browser (swept under the rug in “about:config soup”), that the user is not even supposed to know about, but are there for Mozilla to change willy nilly, f***ing with the s**t until you have no idea what your browser is even doing.
Also, as a band-aid because “hamburger menus” that boil the system down to only a few preferences, do not work for programs as complex and vast as a Web browser.
This is sort-of related to something that Facebook actually did on purpose. They A/B tested by deliberately introducing crashes into the Android app to see how many users would uninstall it vs. how many would just restart the program and go on to get a feel for how “hooked” on Facebook they were.
Programs should absolutely never have the power to make one person’s copy of the software behave differently than another person’s copy. No matter why they want to do it, it will not serve the user.
A/B testing is basically a cop-out for not doing internal testing because the company making the software is too cheap to do anything but see if it compiled. This is how Windows updates roll out.
Mozilla almost never says no to anything Google wants.
Why would Mozilla say anything that could damage Google and remove 9/10ths of their revenue? Mozilla will be very careful about what it says on the stand. You don’t shit where you sleep.
Mozilla not only includes DRM software, as almost all Web browsers do, but unlike other browsers, they make it almost impossible for a casual user to turn off and disable the nag screen to turn it back on. (Which Brave at least accepts if you uncheck the box.)
To fully remove Widevine in a Mozilla browser you have to change three settingsin about:config, regarding eme and widevine CDM.
browser.eme.ui.enabled false
media.gmp-widevinecdm.enabled false
media.gmp-widevinecdm.visible false
If you don’t set all of this, then the only thing unchecking “Play DRM Content” does is set Firefox to nag you about it every time a page wants it until you break down or accidentally click yes.
The Widevine DRM module from Google is something that malware and fingerprinting scripts test for and try to load to figure out what browser you have.
When I caught a script on Reddit (nasty site) that was probing the browser, it asked to enable Widevine, so I figured out what was doing it and got it added to EasyPrivacy as a content blocker rule for uBlock-Origin.
This is like playing whack-a-mole. You always have to add another one because these creeps take out “random” character Web sites and try to load the script from dozens or hundreds of them, or even IP addresses.
This is one reason to use NoScript so you’ll know exactly which domains are loading scripts!
Mozilla does, essentially, nothing for your privacy.
This is the company that rage quit Facebook and wrote an extension called “Facebook Container” to keep “Meta” isolated from your other Web activity (good), only to go on and announce that they are present on TikTok.
(That’s like saying you quit your dependency on cocaine by moving up to methamphetamine.)
By defaulting to deleting cookies, history, and local storage, every time you exit the browser and encouraging the user to make few exceptions, and not keeping a disk cache, LibreWolf limits the data that anyone can store about you using your own computer, rather than try to play whack-a-mole with Facebook (while hiring people from Facebook and the CIA), as Mozilla does. There are only about an unlimited amount of hostile domains on the Web. What about Google? What about TikTok? What about Microsoft? What about Porn sites? These are just a few. Mozilla Firefox has no “containers” for them. Even if they did, “containers” only interfere with third-party tracking, at best.
Mozilla Firefox is an improper choice for default Web browser in a Free and Open Source Operating System.
At this point, it is so bad, so rotten, that it is dishonest to even include Mozilla Firefox.
They have made it clear that they don’t care about GNU/Linux users even though it is the only place they still usually are the default Web browser. They consistently sabotage or de-prioritize the Linux browsing experience, and force the user to set environment variables and about:config hacks to get a comparable browsing experience to Windows and Mac. It’s no wonder that people give up and switch to Brave vs. resorting to hacks to make Firefox faster.
Mozilla Firefox is really turning into “another Windows”, where there’s so much adware and telemetry garbage, that without it, you see how fast the thing can actually run.
LibreWolf is Firefox the way it could be without all of the adware and spyware Mozilla is tossing in, trying to make money for Mitchell Baker’s paycheck (which is growing every year while they lay waste to the developers). (The story fails to mention that an earlier round of layoffs sacked 70, for a total of 320 in 2020-21 alone. Then they went on a hiring freeze.)
In 2020, after returning to the position of CEO, [Mitchell Baker’s] salary had risen to over $3 million (in 2021, her salary rose again to over $5 million). In the same year the Mozilla Corporation laid off approximately 250 employees due to shrinking revenues. Baker blamed this on the COVID-19 pandemic.
How many jobs could have been saved if one CEO froze her salary at $3 million instead of $5 million to avoid handing out layoff notices? How is this company still soliciting donations from the public? Do you want to donate to Mitchell’s heated driveway for another Ferrari?
If you give LibreWolf or Brave a chance, it’s really like a glass of ice water after you’ve been in Hell.
Of course, if you would like to install and run LibreWolf and demote Firefox to “backup browser” for when you need something more “normal” to deal with a pesky site or something, then close it you can do this. The two will run side-by-side and not conflict, but I can use Brave for this case.
As Brave has the Chromium engine, it also renders sites that are becoming quite hostile even to Firefox.
I would say that the Biden Administration’s censorship and de-platforming campaign compares to McCarthyism, albeit for somewhat different ends. Instead of suppressing Communism, they suppress anything that could get in the way of this vegetable “winning” another election. Their tactics are basically just updates to McCarthyism.
I don’t want software compiled by a company, Mozilla, that supports this authoritarianism, this censorship, and this un-American activity, on my computer.
The modern Web is really just the enforcement arm to this phenomenon.
It’s a culture of mass surveillance and censorship, and chilling effects (letting people know they’re watched so they’ll behave), and giving people enough rope to hang themselves (letting them upload crime evidence to Cloud storage and Social Media), and Mozilla is complicit with this.
I believe that this is probably the scariest time to be an American citizen since the Cuban Missile Crisis, and a lot of this isn’t just the geopolitics of an administration that is egging on World War III, it is the domestic spying, the feeling that you’re being watched.
And it’s not just about the mass surveillance, it’s not just about corporations censoring us, the US government is under a court order to stop going to tech companies and implying bad things will happen unless they de-platform users. It’s the Hollywood Blacklist on steroids!
These algorithms, tragically, work. It’s turned the brains of so many of my fellow Americans into Swiss cheese. You can’t even have a discussion anymore because they go straight to the “talking points” the regime handed them.
Isn’t the LibreWolf fork pointless? You could just change all of the settings in Firefox and get the same thing! Why would I use this, or Brave?
For the millionth time, no, the LibreWolf fork is not pointless. You couldn’t ever get them all and even if you did, Mozilla changes things, and you have no idea what’s actually in the binary.
They demand that it is built a certain way approved by their lawyers to be called Firefox, so it’s impossible for your operating system vendor to help you out of this mess and still call it “Firefox”, due to trademark issues. It must do all the same nasty things a binary compiled by Mozilla themselves would do to you, or it can’t be branded Firefox.
Debian used to keep Firefox’s version “stable” throughout a release by backporting security fixes to it, then Mozilla’s lawyers came calling. So Debian called the package “IceWeasel” and kept right on doing it.
Then eventually this rapid release nonsense came about and Debian gave up and installed “Firefox ESR” to at least keep the incessant version proliferation at bay, but it has all of the nastiness like DRM and Mozilla’s adware and spyware.
There are so many things that LibreWolf changes or compiles out that it’s got to be in the hundreds or thousands by now. So a fork is warranted, because the other option is allow every user who wants to make Firefox better end up compiling it themselves and apply profile hardening.
Whether you choose LibreWolf, or Brave, you can be assured that your Web browser is not a piece of malware from the Biden Administration’s “political office”.
You do not get this from Mozilla. Firefox is a terrible browser, and the reason it is terrible is more political than technical at this point, but the same junk that spies on you to sell ads can also sell more of your private information to government.
Installing Brave.
Brave basically invents new ways of screwing around with Web tracking technology and makes them part of the browser, even substituting tracking libraries from many Web sites with substitutes (Sugarcoat) which implement the minimal API for the site to function while removing the functionality that spies on the user.
This option (as of this writing) works for Debian 11 and 12, as well as recent releases of Ubuntu, and Linux Mint. (Possibly Linux Mint Debian Edition, as that one is built atop Debian Testing? I’m not sure. You may need to mess around with the apt sources or just use the Flatpak.)
The Apt option is superior to Flatpak if you don’t want Flatpaks or don’t want the Flatpak “Sandbox” to prevent the Video Download Helper CoApp from functioning properly.
The Apt (DEB) version also appears to have been mostly built with bundles (Mozilla’s copies) of the libraries that *could* technically be “system” as an option. My guess is that this keeps it as “universal” as possible so there don’t have to be as many builds.
The Debian package also appears to start a bit faster and, of course, it will use the system’s copy of certain libraries whereas the Flatpak version needs all sorts of “platforms” which may not be properly maintained by Flathub.
Can you use Firefox Sync in LibreWolf?
You can if you want. You would need to enable it and restart the browser.
It would be smart, were you to go this route, if you made a new Firefox Sync account that you only use for LibreWolf and possibly Fennec F-Droid, so that Mozilla doesn’t end up stomping your LibreWolf settings with ones from Firefox which are less private or secure.
To help start over, you could go to about:config and enable password import from a CSV file by setting signon.management.page.fileImport.enabled to true and then exporting your password from Firefox or another browser as CSV, and then importing them to LibreWolf’s password manager. LibreWolf also supports moving bookmarks over as an HTML file you exported from another browser.
If you don’t need to sync with Fennec F-Droid on your phone, it would be advisable to leave Sync turned off and just stomp your passwords and bookmarks files on your backup drive now and then to make sure you don’t lose them.
While your data is apparently encrypted on your device before it’s sent to Mozilla, it is still stored on a Mozilla server, in the US (a jurisdiction hostile to privacy and where the government does what it wants), and your Firefox Sync password is also the password to decrypt the data. Ouch. Be advised that it is NOT safe to rely on Mozilla’s sync server.
I’ve been using Privacy Browser more often on my phone anyway. It’s Chromium-based, but more secure as it defaults to not even turning on JavaScript.
Short of disabling JavaScript and other active content, all you can really do is patch it over and over again. Google and Mozilla stuff their browsers with unnecessary security holes to give the Web sites more power over the users that they shouldn’t have.
The fix was an emergency, as malware was already utilizing the flaw.
SeaMonkey can be installed on Debian 12 KDE.
They removed it from the software repository a long time ago, as did Ubuntu. But there’s nothing stopping you from installing it manually and running it.
I like SeaMonkey as I’ve configured it (NoScript, uBlock-Origin, no WASM, etc.) for quiet Web browsing. Occasionally, I need a more “full fat” browser to run a site that just will not let me in, and Brave fits the bill nicely.
I especially appreciate SeaMonkey Mail and News because I hate WebMail and SeaMonkey’s interface has not changed in years.
WebMail is horrid and full of advertising. If you open GMail with their official app on Android, you get phishing messages from Google that look like they’re E-Mail, but they aren’t.
Go to the SeaMonkey Web site and download the tarball (compressed archive) for 64-bit Linux. (“Linux x64”) Choose the one that is in your preferred language. In my case, English (US).
Once downloaded, unpack the “seamonkey” directory from the archive using Ark. You should now have a “seamonkey” directory in your “Downloads” directory.
Optional: Install SeaMonkey for all users on the system.
In the Downloads directory, right-click on a blank space in Dolphin (the file manager) and choose “Open Terminal Here”.
In the terminal, Konsole, enter the command.
sudo mv seamonkey /opt/seamonkey
To make shortcuts for the desktop in KDE:
Right click the “Application Launcher” icon on the far left side of the taskbar. Choose “Edit Applications”, click on “Internet” then press “New Item”.
Name: SeaMonkey Web Browser
Description: Web Browser
Program: /opt/seamonkey/seamonkey
Command-Line Arguments: %U
To make an icon click the icon placeholder “Select Icon”, “Browse”, then make your way to /opt/seamonkey/chrome/icons/default and choose “default32.png”.
To create an icon for Mail/News:
Highlight the “Internet” category again. Press “New Item”.
Name: SeaMonkey Mail
Description: E-Mail Client
Program: /opt/seamonkey/seamonkey
(Note: WordPress changes two dashes to a single long one. This should be two dashes before mail.)
Command-Line Arguments: –mail
To make an icon click the icon placeholder “Select Icon”, “Browse”, then make your way to /opt/seamonkey/chrome/icons/default and choose “messengerWindow48.png”.
Click “Save”.
Then click “Sort” and “Sort all by Name” and click “Save”.
Then, if you want to, you can pin the icons to your taskbar, or make them default handlers for Web Browser and E-Mail in the Applications area in System Settings.
SeaMonkey will occasionally check for updates when you are running the program and offer to install the latest version.
How to backup your passwords and bookmarks, import them to Brave, LibreWolf, and SeaMonkey, and COMPLETELY UNINSTALL FIREFOX from Debian 12 KDE.
Firs off, you may which to delete your FIrefox Sync account if you don’t plan to use that again. Why leave it dangling?
You have no idea if it really does get deleted because “Cloud”, but you should at least hit the delete button on your way out.
First, make sure you have exported your bookmarks and passwords to HTML and CSV files, and backed them up multiple places to storage you control.
(I suggest putting the Bookmarks and Logins CSVs and a backup of the actual key4.db and logins.json in a ZIP file, dating the file, and backing that up, periodically.)
Then we can begin the process of moving the data to other browsers.
In Firefox, open the “hamburger menu”, click “Bookmarks”, “Manage Bookmarks”, “Import and Backup”, “Export Bookmarks to HTML”. Pick a name and a place to put them, and make sure they got saved.
Then “hamburger menu”, “Passwords”, in the password manager, press the button “…” and select “Export Logins”. A warning will pop-up saying your passwords will be saved as readable text.
Click Export (the red button). Name the file and select where you want to put it, and verify that it got saved there.
(CSV extension can open with LibreOffice Calc as a Spreadsheet. You can verify that the data was saved properly by looking at this and closing Calc.)
Go to LibreWolf and enter about:config and change signon.management.page.fileImport.enabled to true to enable CSV password import, then go to the Password Manager and Bookmark Manager (which will be the same place as they were in, in FIrefox), and import the Bookmark HTML and the Passwords CSV files you backed up.
If you installed Brave, then on first opening, have it import your data from “Firefox” or “Firefox ESR” (ESR should be shown if you’re migrating from Debian’s Firefox), and verify that everything made it over. Firefox will need to be closed for the migration process to be successful.
If you want your passwords and bookmarks from Firefox moved to SeaMonkey, you can import the bookmarks HTML file, but SeaMonkey’s password manager cannot import from CSV.
Luckily, SeaMonkey uses the same, directly compatible, key4.db and logins.json files that Firefox (and LibreWolf) use, so you will need to open your profile directory for Firefox or LibreWolf (they’re hidden, so press Ctrl+H to unhide them in the file manager…for Firefox, it should be under .mozilla/firefox/(a bunch of random letters)firefox-esr on Debian.
Copy the key4.db and logins.json over to the SeaMonkey profile (if you need to create a SeaMonkey profile, just open the SeaMonkey browser and then close it), and it will now be under .mozilla/seamonkey/(bunch of random letters).default and then just paste in the files you stole from Firefox and then restart SeaMonkey and open the password manager. You should see all your site logins there.
For importing Bookmarks, just click Bookmarks/Manage Bookmarks/Tools/Import Bookmarks from HTML, and point it at the backup file for the exported bookmarks from Firefox.
Finally, to delete Firefox Sync.
In Firefox, open the “hamburger menu”, and click on the e-mail address that should be the first item in the menu. Click “Manage Account” and log-in if prompted.
Scroll down and press “Delete Account.” On the next page, agree to all the “Facebook-like account deletion page” warnings, and click “Continue”. Your Firefox Sync account should now be deleted.
Warning! Read what Apt actually proposes before you agree to run any commands I’ve given you. These are for informational purposes only, and “worked for me”.
To fully remove Firefox ESR from your Debian 12 KDE system, open Konsole and issue the command:
sudo apt purge *firefox*
You should see a long list of packages that will be removed, along with ones that will be leftovers as automatically installed with Apt telling you to “run apt autoremove” to remove these leftover packages.
If all you see is a bunch of Firefox and Firefox internationalization packages, maybe some Firefox extensions, *and* it does not propose ripping out anything important/unrelated, you might choose to continue.
Then you can remove leftover orphan dependencies with:
sudo apt autoremove
This will delete the remaining dependencies that nothing else on the system requires.
Now that Firefox is gone, you may want to remove the profile data. This uses a ton of disk space.
WARNING! Make sure you have BACKED UP any of your passwords, bookmarks, and other data before proceeding.
Also, be advised that it is YOUR RESPONSIBILITY to make sure these commands actually refer to the proper directories to be deleted. As a safer alternative, you can open your file manager (Dolphin in KDE) and go to your /home directory and press Ctrl+H to unhide hidden directories, and simply follow the path to move them to the trash.
To remove the Firefox profile and cache directories:
Google Chrome has enabled Federated Learning of Cohorts, or FLoC.
As Ars Technica describes it, Google implemented this “ad topics” feature as a “solution” to third-party tracking cookies. But Apple Safari, and Mozilla Firefox, have blocked these cookies for years. It’s only Chrome that isn’t blocking them now. Google hasn’t even turned off third-party cookies and says they won’t for at least another year.
Might be a good idea to mention that Brave (which uses the Chromium rendering engine) doesn’t have FLoC or third-party cookies, and is one of the few browsers that actually has an ad and tracking blocker (a real one) built-in.
This is really just the latest reason to leave Google Chrome. There’s really no special rendering capabilities that it has that Brave doesn’t. It just has a lot of spyware in it.
Google has been doing a lot of sketchy things, at the browser level, in Chrome, to circle the wagons around its ad and tracking business.
Brendan Eich, CEO of Brave, correctly said that they are not just a skin for Chromium, they are a fork and always have been, and that they “disable lots of junk already”, and that includes FLoC.
Their “Shields” mean that Google’s ManifestV3 neutering of privacy-based extensions matters less to Brave because it has full support for uBlock-Origin style content blocking lists anyway, built-in, at a level where Google is powerless to stop you.
Mozilla-based browsing engines have other implementations than Firefox that do a lot more for the user’s privacy, such as LibreWolf and GNU IceCat.
There’s nothing preventing people from grabbing IceCat and turning off the extensions like LibreJS and the others if they don’t want them.
What makes Brave, LibreWolf, IceCat, or the SeaMonkey Internet Suite possible is that with open source software, if the upstream “Goes bad.” then anyone is free to take the code and alter it to remove that malicious feature and create an alternative version which doesn’t do that.
Fundamentally, Google FLoC is just another way that Chromium has “gone bad” and has been fixed by the forks. Users deserve privacy, which turning off third-party tracking cookies helps with.
What they do not need is some “Google alternative” which preserves the worst aspects and makes third-party tracking even more powerful than it already was.
With third-party cookies, only the server that set them could read them back and figure out who you were and which domains you’d been on that this server had loaded resources into.
That alone was bad enough, but with Google FLoC, the browser itself tracks which ads you “might be interested in”, and this fundamentally creates a huge “fingerprint” that is not quite unique, but is broadly available to any site that asks for your FLoC data, and can be mixed in with other data that your browser is leaking to create a strong fingerprinting vector.
In other words, in isolation it’s not globally unique, to you, in the world, but when sites start logging FLoC plus your time zone, language preferences, features your browser exposes, Canvas readout data, etc., suddenly all this data is unique to one person in the entire world. Plus, for at least one year, they have third-party cookies as well.
Google has continued making your online privacy worse than it has ever been, basically every year. Sometimes more than once a year. They didn’t even wait for Europe to decide if FLoC is even legal there under the GDPR and other laws. They just put it in.
Google is not a solution. They are a disease.
Brave and LibreWolf are already fighting fingerprinting vectors to make you less identifiable while keeping the Web platform working. We do not need Google rowing us towards the waterfall.
What about Microsoft Edge?
LOL!
Oh wait, well, I guess this merits explaining.
Microsoft has a “tracking protection” feature, but it’s a lie. Theirs is basically designed to screw up everyone’s ad and tracking servers but Microsoft’s, and when I tried Microsoft Edge on Windows, I found that Microsoft (at least with the EdgeHTML version) was neutering uBlock-Origin for Edge so that it couldn’t block any ads on Bing even if you installed an ad blocker.
This sort of “exempt yourself” thing is exactly what Google is trying to achieve by abusing the fact that they have an ad network, and a browser. Same shit, different assholes.
Except that Microsoft Edge is even more rapacious than Google Chrome. Hard to believe anything could be even more of a privacy invasion than Chrome, I know.
Google is at least subtle about their abuses. Microsoft Edge is very in your face about it.
You can barely open a new tab without it screaming about some online shopping thing or demanding you get Microsoft Office 365.
Fleeing Windows, which hectors its users to come back to Edge or demands that they change the search engine in their other browsers to Bing, and ignores the default browser, only to install it on Linux, where it can act this bad, but only when you have Edge open, is a lot like successfully escaping state prison so that you can break into a cell in the country jail.
But on a strictly “privacy” level, Edge is worse than Chrome. It’s another step in the wrong direction.
Nevertheless, Flathub “claims” it’s been downloaded over a million times.
Who uses this nonsense on Linux? Really? The number one feature Windows users wish for is an uninstaller program for it.
Personally, I think that even having a Linux version of Microsoft Edge that almost nobody uses (even counting Windows and Mac users, they can only get to 3.37% of Web browser market share) is sort of like the North Korean propaganda village that nobody lives in, in the demilitarized zone.
The entire point of the thing is they plant a really big flag and have a huge bullhorn blaring propaganda at the other side, and the officials claim it’s a modern city with people living in it, but then you look through the binoculars and all you see are empty concrete slabs, and a few caretakers walking around at night to flip the lights on and off.
People need to be mindful that the Web is only getting worse.
Yesterday, in Techrights IRC, I said,
“Everything that makes the Web browser “better” is something that takes away from the Web platform something that the Web browser allowed it to do to begin with,”.
“Ad blockers, JavaScript blockers, Brave putting in “random garbage” in an API readout so the site can’t follow you around everywhere. Overriding cookie and local storage handling…”
“In the 90s, they called it the “World Wide Wait”, because it was over a phone line and you had to wait minutes sometimes for a site to load. And now it’s because you go to read the news and they want to pull in 600 MB of data, and part of that is a video you didn’t want to see. Pretty much the only thing you can do with the Web is turn a bunch of crap off and use it in a partially-working state. Otherwise there’s just going to be too much junk loading.”
“Gemini pods [sic] aren’t like Web sites because they don’t have a way to FORCE the user to do anything, even load an image if they don’t want to. This Fediverse thing is sort of a lie. Because ideally there wouldn’t be a way to run a server for tons of users. Every user would be in a Peer-to-Peer system. There would be no way to block a user at a server level, only on a user-to-user basis. Then it would be up to the users to decide who they want to see. The Fediverse is federated between clusters of users on someone else’s server. So it’s like “FEDRA Colonies” from The Last of Us. Maybe it would be humorous to call it the FEDRAverse. Small groups of people living under the control of a local tyranny. In the game/TV show, pockets of the former United States government, forcing starving people to “earn their keep” incinerating plague victims and digging latrines.
“The Fediverse lie is that because it’s a lot of tyrants [each] in control of a small cluster, that’s better somehow than one great big tyrant running Twitter. You run into more interesting stuff on Mastodon by looking at the public list of servers that the administrator decided to ban. A lot of times they don’t even give a reason. It’s just that nobody using his server can see that other server because the administrator didn’t like it and won’t tell you why.”
The Open Web is basically dead. The one where people sat down and wrote documents for you to read is dead. This one is just, grrrrrrr.
I’ll finish by giving you an example of the liberties that modern Web sites take.
I was looking in my Brave browser on my phone this morning, and I visited Ace Hardware’s Web site once months ago, and it left 97 MB of Local Storage data in my browser. 97 MB for Ace Hardware while I was looking for a tool a couple of months ago.
They all think they can just dump an unlimited amount of crap on your phone and walk away, and in a way they’re right. Nobody making a browser will put in a feature that lets you stop them. (Unless you only browse in Private Mode.)
The Mobile version of Brave appears to have had less effort put into it than the desktop version, which is sadly still true on Mobile Web browsers in general, although it is better than Chrome.
Mastodon: A Community So Vile They Even Eat Their Own.
Today in Techrights IRC, Roy Schestowitz posted a link to a Gemini Pod:
gemini://bbs.geminispace.org/s/Fediverse/4960
For those without a Gemini client (emphasis mine):
Why I don’t use the Fediverse
The technology sucks. Activity Pub is half baked, and was rolled out prematurely to create Mastadon.
Mastadon is a Twitter clone and Lemmy is a Reddit clone. I hate the originals. Why would the clones be better?
Mastadon doesn’t work at all without Javascript. Lemmy barely works without it. Puke!
The people there are not nicer than Twitter or Reddit. Their mobs just have different political motivations. Never forget how Wil Wheaton fled Mastadon after getting bullied.
No account freedom. You are stuck on your instance, and if they boot you, you have to start over. In this limited respect Nostr is superior.
Like most tree hugging liberal hippies, Wheaton is sufficiently vile, that he attacks his own mother and father, in public, which is something that in decent cultures, like Japan, you would NEVER do.
(Parents suffer and sacrifice for their children, only to be publicly impugned by the little snot as soon as they’re old enough to get on the Web.)
Wil Wheaton is vile.
It’s basically,
“Mah parents abused me! They’re the only reason people know who I am and I have money now!”, “Did you know my Dad is such an evil man he saved millions of infants with ECMO?” (Including my brother, btw.) “But he watches Bill O’Reilly!”.
I mean, Wheaton is an idiot. A vile idiot. So vile that he should have fit right in with the rest of the leftist troll mob on Mastodon.
Humorously, The Verge quoted Eugen Rochko, the creator of Mastodon and the Admin of Mastodon dot social which banned me, as saying he was unhappy with how the situation regarding Wil Wheaton was handled.
Fundamentally, these “Social Control Networks” are just infuriating.
On the off chance they have information you sought, you need to back it up, LOCALLY, in case it ever gets deleted.
In fact, when I was looking for a source about the Wil Wheaton Incident, one link was to Reddit. I clicked on it, and the entire post had been removed.
Reddit is one of those platforms for censorship. You post something informative that mods or Reddit doesn’t like, it vanishes. Unfortunately, search engines are starting to index and prioritize Reddit, and then you click on more posts that aren’t there.
The Wayback Machine at the Internet Archive doesn’t always have them either.
Sometimes, some bot went scraping photos on Reddit or something, and they still exist in some spamfarm’s cache.
Is this really the Web we want and deserve? I say it isn’t.
It’s very much not only mob rule, but it’s rule by idiots that are in charge because they own the place, or registered the subreddit before someone else could. So a lot of the time, it’s random malicious idiots. Which are worse than garden variety idiots.
It would be useful if something scrapes Reddit in real time, ignores robots.txt restrictions and retains it indefinitely. If there’s something like that though, I don’t know what it is.
The “New Reddit” even recently got a makeover that makes it heavier and less compatible than ever.
Brave can handle it because it’s written in Web Bundles and other Chrome-ism junk.
SeaMonkey just renders it like Reddit went through a Cuisinart.
In most of my browsers, I have an extension that forces everything to load on Old Reddit and removes the “Get New Reddit” button and suppresses their cookies prompts, but SeaMonkey’s extensions platform is too old for Old Reddit Redirect to work.
Luckily, the Searx.be search defaults to Old Reddit. (Which looks better in all browsers anyway.)
I learned to lurk and backup any information I find that’s useful in text or something locally. Because it has a habit of disappearing later. Bookmarking Reddit and thinking you’ll just come back and refer to it later is bad.
There’s a lot of Web rot, but Reddit is worse than Web rot.
Problem: Google doesn’t support STARTTLS or plain username and password over TLS anymore.
Google has declared war on mail clients. It will probably get worse in the near future, but for now, you can still log in with a proper email program, like SeaMonkey.
When Google makes these additional changes I’ll see if I can hack around them too and update everyone.
(Google really doesn’t like IMAP because they can’t shove ads that look like email messages in it like they do in the Web Mail version. These are basically a phishing attack that Google lets advertising companies pay for.)
To help keep your account secure, from May 30, 2022, Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.
Important: This deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date.
If an app or site doesn’t meet our security standards, Google might block anyone who’s trying to sign in to your account from it. Less secure apps can make it easier for hackers to get in to your account, so blocking sign-ins from these apps helps keep your account safe.
-Google
Solution: Fake the User Agent for Google.com and GMail.
Even though SeaMonkey Mail doesn’t have any security problems that Thunderbird doesn’t have, Google allows Thunderbird and denies SeaMonkey. They both use the same code to implement mail support.
To get around this, lie to Google about your User Agent String.
In about:config, right-click, make a new String.
Paste in general.useragent.override.gmail.com and for the value, use Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:115.14) Gecko/20100101
Be careful there’s no whitespace. Then do the same thing, make the value
Paste in general.useragent.override.google.com and for the value, use Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:115.14) Gecko/20100101
Then select OAuth as the authentication type and set up your GMail account in SeaMonkey and sign-in again (you may need to click the “Get Messages” button), and instead of seeing the “less secure apps” warning, it’ll log in and fetch your mailbox.
Every 18 months or so you have to bump the fake User Agent. This should be easy because Thunderbird uses ESR branches of Firefox (currently 115) and the minor builds on this ESR branch normally go to .14.
They only check the minor revision to make sure it’s not lower than the minimum required Thunderbird. They don’t check the major version to see if it actually exists yet or not. So putting “current ESR plus .14” works even though there is no such version.
This is important because I have also found out that if you’re not “following minor versions” of Thunderbird, Google will log you out and your mailbox will disappear from SeaMonkey until you bump it. And you usually only get two minor releases behind before they do this!
So really the only thing to bump is the rv:xxx.xx part of the String, whereas the x’s indicate the major and minor build of Thunderbird you’re claiming to be.
If you look in the “apps with access to my account” you’ll see an entry for “Mozilla Thunderbird” with “Access to GMail”. This is SeaMonkey.
“Security“ that you lie your way past. I like it.
Very “I’ll make three Windows Registry entries and Windows 11’s installer has no Secure Boot, TPM, or minimum processor anymore.” (which is also a thing) of Google.
I’m not very happy with WordPress.com for a number of reasons.
Their editor is very slow. In a long post, I can get to the point where I have to stop typing and wait for it to catch up with me.
Their site is currently broken in SeaMonkey again, and it’s not clear it can be fixed, and this was right after I blogged that Palefill provided a shim that lets you log in. Currently, you can log in but the editor is broken. Why? They change things around pointlessly and vomit Chromeisms on me. Only Web sites that have piss poor code fail in SeaMonkey.
It’s usually something corporate and terrible.
So going forward my new posts will be mirrored in Gemini so that people who want to read them don’t have to wade through all this garbage, JavaScript, and ads (if you’re not blocking those).
I do hate the Web so very much. For every desirable feature added in the last 10 years, there’s been at least 50 nasty ones. Every modern browser is proprietary and full of junk and DRM, WordPress.com isn’t doing anything now that it wasn’t 10 years ago, and all of a sudden you need GULAG CRASH or one of their clones, like Firefox, to deal with it. Boo!
Gemlog Blue has free sign-up and I can just type the post in and click enter, from SeaMonkey, even without giving them permission to run any JavaScript. Then my posts appear in a Gemini Pod. This is actually more pleasant than it was writing simple HTML to maintain my site when I was a teenager. I can put all kinds of stuff in there without worrying if the browser will lag or crash or if I will be graciously allowed to log in without updating to the latest browser with the support for all the new Chromeisms.
10 years ago I had a friend in Georgia who referred to Google Chrome as “the botnet”.
I said, “You know, that’s not far off.”. It’s essentially a virtual machine, with DRM, and a Remote Access Trojan.
It all started with some rather innocent-looking Web comics about how they just wanted to make the Web faster. It’s not faster, or smaller, they just throw the mess all over your PC cloning the entire operating system you already have.
Mozilla Bricking Firefox ESR Deliberately. This Code Breaks Tor Browser Too.
The Tor Browser, currently based on Firefox ESR 102.14, hasn’t been able to play any videos for about 3 months now on most Linux distributions. So everyone using it is now completely secure from maliciously crafted videos seeking to exploit your codecs embedded in Web pages. B-)
Thanks Mozilla! 😛
What seems to have happened is that they patched support for ffmpeg 4 out of Firefox and BACKPORTED it to 102 ESR for no reason, meanwhile they also didn’t add support for ffmpeg 6.
(Even though ffmpeg 4 is a currently supported stable branch upstream.)
Also, around the same time ffmpeg 6 landed in Fedora (close to the time I deleted Fedora and moved to openSUSE Leap KDE) and broke video playback in SeaMonkey, however I talked to the SeaMonkey developers on IRC and they quickly patched it so it can handle both versions!
It was one of the last patches that went in before the current release.
So now SeaMonkey has video playback with both versions, unlike any version of Firefox.
Which is cool, because no matter what you do, it works.
Also, SeaMonkey lets me shop at Walmart, which is broken in Firefox 115 ESR.
I could check Walmart in Firefox 116, but then I’d have three versions of Firefox (or derivatives) on my computer and they would all have different annoying and serious defects.
Mozilla is trying to brick things deliberately in Firefox, for no actual reason than to harass people trying to use something that’s not their latest and shittiest version yet.
The SeaMonkey people are actually really nice.
It’s unfortunate that Mozilla won’t actually commit themselves to keeping the major features of the browser functional for as long as they claim to support an ESR.
One of the things that does bug me about using NoScript….
Is that is keeps the text file it exports in a different format with “modern” browsers.
So I can pass around one exported list by occasionally stomping the exported file with a fresh one with the latest permissions from LibreWolf and then pass it around to my other browsers that can use the WebExtension.
SeaMonkey, on the other hand, uses a “Classic” unsupported version of NoScript which uses a different list format.
So I end up maintaining a special version of the list, a second time, just for SeaMonkey.
I’m hoping that the upcoming update adds enough backported JavaScript and WebComponents work that more sites start behaving normally in SeaMonkey.
Having to pay my electric bill through another browser is a real bummer, and some sites like Walmart just look weird, although humorously, Walmart is currently bungled in Firefox to the point where you can’t schedule a grocery pickup time and checkout, but in SeaMonkey that works fine, but the site looks a little weird. So I can shop for food in SeaMonkey, but not Firefox.
I’d report a site compat bug to Mozilla, but I’d get the usual “Go to Hell, also CoC” Standard Reply assuming they even took any action on the bug report at all.
Even the modern version of NoScript does not appear to have a special button to disable WASMs.
I think you can stop them with blocking Object to Trusted Sites, but not sure about this, and it seems more destructive than surgically removing WASM with a preference.
I noticed while I was playing with the Tor Browser last night, that the “Safer” setting, starts disabling some features that aren’t widely used while just browsing the Web. It leaves JavaScript on (but only for HTTPS sites), but it starts disabling some of the crappy features that you often don’t need.
If you look at the monthly Mozilla security updates, a lot of them address High and Critical CVEs that WASM itself adds to the browser.
That’s why I set javascript.options.wasm to False in all my browsers in about:config, so even sites I allow to run JavaScript can’t load WASM blobs on me.
I just want to pay my phone bill, not risk having executables sent down the hatch.
It seems the Tor Project agrees that WASMs are a special danger that adds a significant amount of attack surface to the browser, beyond what JavaScript alone is capable of, and it’s not really that important.
So I’ve set my copy of the Tor Browser to the safer setting. It’s not what I’d like (static content Web sites), but it’s probably the best you can do and have the Web as it is work at all.
They should move the slider closer to the user interface so the user can dial it up and down faster, and set it to Safest if they want to run silent, run deep for a while, and not take chances on scripts and stuff on .onion sites.
Best practices for .onion sites are to remain accessible to users who can only look at static content.
The way that people typically get unmasked on Tor is partially “active content” being on in the browser, and partially that the police will set up a site that requires logging in.
Then the court issues a broad warrant that authorizes a “Network Investigative Technique” or a NIT, which is just fancy talk for “You are authorized to attack every user who sets up an account and attempt to plant malware on the machine.”
Basically, interacting with a site like this adds you to the warrant’s scope, so sites that require logging in are a big red flag that “there’s a reason why”.
So the issue of Tor unmaskings are part technical and part legal.
In most cases, it’s a two-part thing where the user hands them both parts.
Unfortunately, Tor Browser is set by default to have almost all the same vulnerabilities as Mozilla Firefox.
Firefox Loses 16 Million More Active Monthly Users Between August 2022-2023.
According to the latest Firefox Public Data Report statistics, Mozilla has lost about 16 million more Active Monthly Users between August 15th 2022 and August 14th 2023.
192,840,300 minus 176,821,100 equals 16,019,200 less users in a single 12 month period.
On January 28, 2019, Mozilla had 253,877,800 Active Monthly Firefox Users, so if you subtract 176,821,100, they’ve lost 77,056,700.
Yes, over 77 million users lost in 4 years and 7 months. If you average out the loss over this period, then they’ve lost about 1.4 million Firefox users per month, give or take a couple thousand. Per day, that means that over 46,300 people slam Firefox shut and never open it again.
Where do they go?
Well, from the screenshot it may look like I used Firefox to take that picture, but I actually snapped them using LibreWolf on openSUSE Leap 15.5 KDE.
LibreWolf is a fork of Firefox that doesn’t spy on you and is set to privacy-preserving settings from the Tor Uplift Project and to default to not persisting your history or cookies between sessions and to never keep a disk cache. It also comes with ublock-origin, and is fully compatible with WebExtensions from the Firefox Add-Ons, including NoScript and all the other ones you may use.
It blocks fingerprinting vectors like Canvas and WebGL (which is a security hazard) and I’ve disabled WASMs (because those too are a hazard that adds more security issues, and I don’t want the Web platform to have it even if I whitelist a domain in NoScript…I want my bank to work, not shove a binary blob down the hatch).
I’ve also hidden and disabled the Widevine and EME (DRM stuff).
I don’t use Firefox Sync. I enabled (in about:config) password CSV imports and occasionally I just back up my password and bookmarks file to storage I control. Then I go over to SeaMonkey and stomp those with the latest version. It’s some work, but it keeps my information off of Mozilla’s server.
Set up this way, LibreWolf doesn’t spy on you like Firefox does.
With Mozilla quickly running out of Firefox users and resorting to petty harassment of SeaMonkey, it’s anyone’s guess exactly how long before Google totally defunds them.
Most people aren’t very intelligent, so I’d imagine that Mozilla is hemorrhaging users to something even nastier, like Chrome or Edge.
This does not bode well for the future.
At this point I don’t even think Mozilla wants to save themselves.
In addition to Mitchell Baker firing Gecko developers by the hundreds and hiring Diversity Inclusion People and folks to write adware (which LibreWolf disables, and SeaMonkey has never had), Mozilla has a long history of serving a a line item on someone’s resume before they go work at a GAFAM company officially.
There’s a good reason to switch from Firefox, even if you pick something else that’s basically Firefox.
We need to protect ourselves from all of this adware and spyware and these binary-only modules and tell Mitchell that “We’re not gonna take it anymore!”.
(My Firefox ESR from openSUSE has had the “profile hardening” applied to it to make it basically like LibreWolf with Firefox branding, but it’s more work than letting someone else maintain it for you.)
First off, Mozilla is “cutting SeaMonkey loose” and not allowing them to use any infrastructure soon. I think they’re just angry that the Suite they threw away in 2006 gets updates and is still cooler than Firefox.
Mozilla finally decided to fully cut us loose in Q3. Formally and legally this is all in order.
Source code will probably be removed from comm-central because it seems parts of MZLA and/or the Thunderbird council are eager to do the same.
Fortunately we are mostly independent already and it will not affect the 2.53 line or building releases.
Depending on when this will happen we will have a deplayed release and maybe broken updates for one release too.
If this happens it is unlikely we will pursue upstream fixes for suite any longer and just concentrate on the 2.53 fork
We need to find replacements for bugzilla, translations via Pontoon, add-on and the distribution site.
Reviews for SeaMonkey add-ons seem to no longer be done anyway. We don’t have any access there.
There were also some disturbing notes about the status of SeaMonkey’s infrastructure:
Our infrastructure is using Azure.
ewong has been looking at Kallithea, RhodeCode and other similar tools which are needed later to automate source code management for non mozilla repos (tools, website and others).
Also evaluation of Ansible and Terraform going together with it is done.
According to data from Google Project Zero, Microsoft products have accounted for an aggregate of 42.5% of all zero-days discovered since 2014.
Microsoft’s lack of transparency applies to breaches, irresponsible security practices and vulnerabilities, all of which expose their customers to risks they are deliberately kept in the dark about.
In March 2023, a member of Tenable’s Research team was investigating Microsoft’s Azure platform and related services. The researcher discovered an issue which would enable an unauthenticated attacker to access cross-tenant applications and sensitive data, such as authentication secrets. To give you an idea of how bad this is, our team very quickly discovered authentication secrets to a bank. They were so concerned about the seriousness and the ethics of the issue that we immediately notified Microsoft.
Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers’ networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the service.
That means that as of today, the bank I referenced above is still vulnerable, more than 120 days since we reported the issue, as are all of the other organizations that had launched the service prior to the fix. And, to the best of our knowledge, they still have no idea they are at risk and therefore can’t make an informed decision about compensating controls and other risk-mitigating actions. Microsoft claims that they will fix the issue by the end of September, four months after we notified them. That’s grossly irresponsible, if not blatantly negligent. We know about the issue, Microsoft knows about the issue, and hopefully, threat actors don’t.
-Tenable CEO Amit Yoran “Microsoft: The truth Is even worse than you think”
It’s good that they’re getting away from Azure for building the binaries from their official Web site (apparently?). Should have never used it. Have no idea what Microsoft might be stuffing in there and there’s no reproducible build data that comes with the binaries, afaik.
Unfortunately, they also consider Azure CDN for hosting the binaries themselves. *facepalm*
Some Capacity planning to find the best price/performance ratio is carried out.
Other than azure hosting options because of price are also evaluated.
ewong started to look at Azure CDN as a download server.
Mozilla has “stopped testing” 32-bit Linux builds of Firefox, but SeaMonkey plans to stop providing 32-bit builds on any platform as well, it seems. It affects SeaMonkey even more because it’s single-process and the Web is so bloated and full of trash that 4 GB of RAM is no longer enough to contain all of the shit people are loading in a Web browser.
frg proposes to end 32 bit release support in 2024. Main reason is that modern websites are memory hungry and the 32 bit only architecture cause more and more oom crashes and subsequent complaints. Mozilla recently stopped testing Linux x86 releases too.
No consensus reached about it yet. So far building it is possible with gcc 8.3.1 under CentOS 7 and clang under Windows.
An interesting insight into Mozilla’s Firefox build process. It seems they no longer use shit-ass Windows to create builds for shit-ass Windows. They cross-compile them from Linux in a process that needs Wine?
Mozilla switched Windows builds to cross compile on Linux.
This would need backports but is not 100% native (needs Wine). So currently no plans to do this for SeaMonkey.
Discussion for later when setting up jenkins. Even buildbot had some version specific files outside the tree.
Some talk about wanting to eliminate excessive different compilers.
Microsoft compilers are garbage and the way I understand it, since 2019 they shove telemetry crap in your program whether you want it or not.
When I was looking at WavPack binaries for 64-bit Windows, I ended up using the MinGW builds that were cross-compiled from Linux because Microsoft’s compiler added bloat, ran slower on the CPU, and also pointlessly dropped Windows XP support (both 32-bit and 64-bit x86) although the MinGW builds were smaller, faster and even run on Windows 2000.
To reduce the use of different compilers we are looking into compiling future 2.53 Windows releases with clang 14 or later.
Currently CentOS 7 can not use the mozilla provided compilers because of a downlevel libstdc.
VS2022 is supported since 2.53.10b1 pre but building is spotty because of changes in new compiler releases.
The Windows build server will not be switched to it for now and currently compiling with it is broken.
Needs User Agent Hacks, per-site. This tracks with what I’ve experienced. Globally advertising Firefox UA is radically destructive. Currently, I advertise Firefox 102.14 ESR and then set per-site UAs to something else as-needed through about:config. This is advanced user stuff that most people wouldn’t want to do. I mentioned that I do this for GMail in an older blog post so Google’s “Secure Apps” shuts the hell up and gives me my email.
Because of bad user agent sniffing we updated the base UA version some time ago from Gecko 68 to 91.
Youtube no longer seems to display correctly for some users only advertizing Firefox in the UA.
Further enhancements are planned for a later release in bug 1737436.
We want to implement overrides for bad web sites like Waterfox does using a json file containing the UA replacements.
The Fedora maintainer already added some of this and we will likely use this in the official release.
Google is being nasty and especially with YouTube. There’s major jank and I usually use it through Piped or Invidious proxies. It’s very helpful that my search engine, Searx Belgium, directs me to Invidious or Piped and also to Old Reddit, as these aren’t rotting bloated trash meant for Google Chrome. I ended up activating Web Components even though it’s not ready because it makes github and gitlab work again.
We are looking into adding support for Custom Elements and Shadow DOM in a later release. No ETA yet.
What is there has been activated in the current prerelease for testing. Shadow Dom support is mostly still missing.
Google owned/based websites like youtube are likely to break because of this in the near future. There are already reports of broken functionality on youtube.
Some good progress has been made and sites which do not need shadow dom start to work with dom.webcomponents.customelements.enabled and dom.webcomponents.enabled set to true.
The situation for add-ons is horrible. Fortunately, old versions of ublock origin and NoScript work for me, and those are the only really important extension types anyway.
SeaMonkey can’t easily handle all of the JavaScript Garbage anymore considering that it doesn’t just hide the mess on other processor cores like Google Chrome and Firefox do.
Without the ads and JavaScript Crap, SeaMonkey normally works fine for me. I route my news and weather to the Gemini resources from gemi.dev over mozz.us’s Web proxy. Then I can get those without the absolute shit show that unfolds in a sad modern browser. There’s a gopher proxy that proxies Reddit to Gopher then mozz.us proxies it back into the Web.
My dad always said where there’s a will there’s a way around it. I took it to heart.
Of course sometimes I just access this stuff over Lagrange. It’s a browser for Gemini and Gopher, which don’t suck. You can read Reddit on Netscape Communicator 4 through Gopher through the native gopher support. Unfortunately, the images can’t be grabbed unless you have a TLS proxy like Crypto Ancienne.
Mozilla claims they have a security app for Linux and can’t figure out what the root account does. (I swear the only reason I write these articles is the opportunity to make some sick burns.)
Anyway,
WebExtension support in SeaMonkey is tracked in bug 1320556.
Work on theme or extension support has not started.
Support for Webextension dictionaries and language packs has been added.
Manifest v3 support will be mandatory in 2023. Google will no longer accept new extensions using v2 in 2022.
We do not plan to support this in the near future.
DownThemAll fixed 3.1.2 version for 2.53.10 and up.
Palefill generic polyfill can be used for accessing github, gitlab and other broken sites. Latest working version version is 1.23. Later versions are no longer working in SeaMonkey because of the developers decision to not fix some incompatible changes. Please disable updates or uninstall it.
github-wc-polyfill can be used for accessing github and gitlab. Both need Custom Elements support right now. Latest version is 1.2.19.
I gather that 2.53.18 will be a decent-sized release. 2.53.17 seems to have just cleaned up some build environment garbage and made a few changes to JavaScript and such.
More Web platform stuff seems to be on its way.
[8/20/23 09:22] Status of the SeaMonkey Source Tree [8/20/23 09:23] All building I think. Need to do some central checkins but was real busy in the last weeks. [8/20/23 09:24] Trying to get SpiderMonkey updated for 2.53. Great progress locally but not yet fully stable with the latest regexp stuff. [8/20/23 09:28] Not much else here from me for source. But updating masters in git and hg is still just a matter of time. patching becomes slow. [8/20/23 09:29] what’s the next big Javascript shiny in the radar? [8/20/23 09:30] * njsg imagines Oracle implementing a JVM on top of Javascript [8/20/23 09:31] tomman bigint and dynamic modules. But I need to fix my local queue first. [8/20/23 09:32] dynamic modules are indeed getting a pest, thankfully the regex stuff seems solid on the .18b1 builds [8/20/23 09:33] tomman yeah crahses pretty fast now in my queue so this needs to work. [8/20/23 09:33] I either need to fix it or put more stuff in so that the original stuff applies clean(er). [8/20/23 09:34] Release Train [8/20/23 09:36] 2.53.17 is done. Wonder if we should do the next beta fast to get the regexp stuff out. Missing support now breaks tons of sites. [8/20/23 09:39] probably [8/20/23 09:40] Let my try to fix my queue and if not we do it next week. [8/20/23 09:41] frg: yes, it would be nice to get your local queue in [8/20/23 09:44] Extensions Tracking [8/20/23 09:45] The pref changes still cause fallout but nothing else I think. Fortunately an easy fixer.
BaronHK's Rants 
You must be logged in to post a comment.