Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Comment A gem from the discussion (Score 2) 324

by kav2k (#49593709) Attached to: Mozilla Begins To Move Towards HTTPS-Only Web

I fully support this proposal. In addition to APIs, I'd like to propose prohibiting caching any resources loaded over insecure HTTP, regardless of Cache-Control header, in Phase 2.N. The reasons are:
1) MITM can pollute users' HTTP cache, by modifying some JavaScript files with a long time cache control max-age.
2) It won't break any websites, just some performance penalty for them.
3) Many website operators and users avoid using HTTPS, since they believe HTTPS is much slower than plaintext HTTP. After deprecating HTTP cache, this argument will be more wrong.

I'm sure the users will appreciate the extra traffic!

I can see 1 being a thing, but 2 is a penalty for the end-user on metered connections, and 3 is an argument for "Mozilla is much slower than [insert browser here]".

Comment Re:Buyer Beware (Score 1) 45

Not true.

You need Developer mode to install "unpacked" extensions, which essentially means "in development", with no auto-update.

On Windows, they disabled the ability to install packaged extensions from other sources, Developer mode or not. unless you have a domain-level enterprise policy to whitelist some.
On other platforms, you're free to install extensions from any source.
On any platform, you're free to install Chrome Apps from any source. The reasoning being that apps do not silently run in parallel and with access to your browsing.

Comment Important note: this is potentially not permanent (Score 4, Informative) 176

by kav2k (#49390793) Attached to: Chinese Certificate Authority CNNIC Is Dropped From Google Products

What this summary neglects to say is that Google is open to the idea of adding them back. Quote (link mine):

[...] CNNIC will be working to prevent any future incidents. CNNIC will implement Certificate Transparency for all of their certificates prior to any request for reinclusion. We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place.

Comment Better explanation (Score 4, Informative) 149

by kav2k (#49085981) Attached to: Google Faces Anti-Trust Probe In Russia Over Android

There is a post (in Russian) that explains Yandex's position better.

It's quite long-winded, but boils down to the fact that several phone manufacturers were told that they will be globally denied access to Google services if they ship a Russian regional version with Yandex's competing services pre-installed.

It's not just a matter of "in Russia, choose between having Google Play / Google services and Yandex", but "try to pre-install competitors in one market and we won't give you Google Play access anywhere".

Comment No developer mode in "stable" build, really? (Score 2) 196

by kav2k (#49034145) Attached to: Firefox To Mandate Extension Signing

[...] they will have to either test on Developer Edition, Nightly, or one of the unbranded builds [...]

Yes, there was much outcry when Chrome killed non-signed extensions installs, but at least it allows to load a development ("unpacked") version of any extension in the stable version. This is essential for testing, after all, to ensure it works and you can debug it on the platform most users actually run.

If FF does not allow it, well, nuts.

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close