User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0
Hello Dear Mozilla / Dear Firefox management & DevTeam,
using this rss app to stay up to date with various open source related blogs & sites., what cought the user’s eye was this headline:
“Firefox Lost Almost 50 million Users: Here’s Why It is Concerning”
“Mozilla’s Firefox is losing users big time since 2018, why are users moving away from it? Is this something to be worried about?”
by Ankush Das, August 4, 2021 src: https://news.itsfoss.com/firefox-decline/
Ankush Das published an article, claiming that the beloved Firefox (used to be Netscape) the beacon of the free wild wild web was constantly using users because it was not listening to their requirements.
some (possible) explanations:
- “Chrome browser automatically translated my Greek articles!“
- “People normally choose to use Chrome due to it’s speed and simplicity.“
- “Mozilla Firefox ( and duckduckgo search engine) are used very widely. That’s my preferred combination too. Chrome is fully featured no doubt but its popularity is also due to its marketing. Many people fall for this gimmick.“
- “Firefox was getting slower and slower over time“
The amount of Mobile Devices (SmartPhones, Tablets) has exploded in contrast to the amount of “traditional” PCs and Laptops. (2021: ~60% SmartPhones, 40% Desktop, ~3% Tablet)
Google’s Chrome is THE DEFAULT mobile browser on Android (unless tech savy and privacy concerned users install Firefox Mobile)
so: Mozilla, maybe u should start building privacy respecting, fast, great designed SmartPhones with a great camera 🙂 and Firefox Mobile the default browser 🙂
in software, simplicity is defintely key
no matter the gui or the code: it is okay and good and great that Mozilla-Firefox is following the UNIX philosophy of “keep it simple”: keeping a software simple means: the code is better to maintain, it compiles faster, bugs are found faster, testing is faster, the end result will be a better software with security, reliably and speed.
The Unix philosophy – simple and beautiful (so it “just works”)
problem: of course users got needs. like: do not break userspace.
Just as Windows user’s should really complain about the massive changes (and not in a good way) of the GUI called the Windows Desktop from Windows 7 to Windows 10 (absolute catastrophe).
It is just like changing the appearance of a screw-driver… it is still a screw-driver… but when it looks and handles completely different, users might not recognize it as a screw-driver anymore.
So users will have to spend massive amounts of time already-known-GUIs, which is a complete waste and disrespect of the user’s time aka a massive M$ caused in-efficiency in computing.
There is another interesting GNU-LINUX principle coming from Linus Torvalds: do not break userspace.
So Mozilla should really really take the user’s needs into consideration.
of course the most important need is still:
what about this: keep a list of features and requests and ideas that users commited and “let em vote” on importance (like a star or a heart symbol to click on).
at the end of the month sit together and discuss how and when the top 3 features could be implemented. (with or without complete rewrite 🙂
what about security?
holy crap hope this is fixed by now?
auto translated from: https://www.playground.ru/misc/news/staryj_bag_firefox_obnaruzhennyj_eschyo_9_let_nazad_pozvolyaet_vorovat_paroli-291267
March 20, 2018:
An old Firefox bug discovered 9 years ago allows you to steal passwords
The popular Firefox browser has been using an outdated password saving scheme for 9 years, which can be cracked using modern graphics adapters in less than a minute.
Firefox and Thunderbird allow users to set a master password for added security. As it turned out, this function used the SHA1 cryptographic hashing algorithm for a long period of time, the encryption mechanism of which is easy to crack.
The vulnerability was discovered by Wladimir Palant, author of the AdBlock Plus extension for blocking ads in browsers. The most interesting thing is that the flaw is already a long-standing one, it was first reported 9 years ago (!). However, during this time, Firefox developers have not fixed the error.
“I looked into the source code and found the sftkdb_passwordToKey () function, which converts the [website’s] password to an encryption key by applying SHA-1 hashing to a string consisting of the actual master password and random characters,” Vladimir Palant wrote in his blog.”
The problem is that the SHA-1 loop counter is one, meaning the function is applied once. Usually, the cycle counter is 10k or more, for example, in LastPass it is equal to 100k. This allows hackers and intruders to easily decrypt the master password and gain access to all stored user passwords. According to Palant, the GTX 1080 graphics card is capable of calculating 8.5 million SHA1 hashes in one second.
At the moment, the problem remains relevant, as well as the topic that the developer raised again on the official Mozilla forum on the detected bugs. Representatives of the company assured that they will soon release a new tool for the master password in the browser called Lockbox. In the meantime, users should come up with a longer password. Just in case.
could not find an update to this topic… https://www.reddit.com/r/firefox/comments/etkt3m/is_firefoxs_master_password_encryption_still_weak/
Linus: Do not break UserSpace
not even for security fixes?
“So from a user standpoint, the hardening was just a big nasty annoyance, and probably made their workflow _break_, without actually helping their case at all, because they never really saw the original bug as a problem to begin with.”
Torvalds’ post explained his view that “… the number one rule of kernel development is that ‘we don’t break users’.”
“Because without users, your program is pointless, and all the development work you’ve done over decades is pointless.”
“Because in the end, those users really do matter. Without those users, your system may be ‘secure’, but all your security work was still just masturbation. You didn’t do anything useful at all in the end.”
Torvalds post explained his attitude to security, namely that “security problems are just bugs” rather than opportunities to change the way the kernel behaves.
“The important part about ‘just bugs’ is that you need to understand that the patches you then introduce for things like hardening are primarly [sic] for DEBUGGING.”
“I’m not at all interested in killing processes. The only process I’m interested in is the _development_ process, where we find bugs and fix them.”
GNU Linux -> Alternative Browsers 🙂