Yeah, I've gotta say I'm within a hair of dumping Firefox. I'm not a Chrome fan, and IE is just not on. I've tried some other open source browsers and they have the usability of a jello hammer.

At this point I'd be willing to pay money for a browser that just didn't flatline my CPU every time I loaded a page, that didn't stall for tens of seconds at random intervals (this is after I turned off hardware acceleration, which make things tens times worse on Windows in 38) and is simply, utterly and completely unusable on Amazon.

Why these basic usability metrics aren't the first priority for Firefox developers is beyond me. The changelog seems full of completely irrelevant stuff that's just going to bloat things more.

Dunno... maybe it's time to hold my nose and move to Chrome, but Firefox has so many features I like and know well that I'm loathe to do so. It feels churlish complaining about software I don't pay for, but I'm not sure why Firefox is being shipped any more. It certainly isn't to satisfy user needs, because it doesn't.

Or you can use pdftk to remove the arbitrary pdf restrictions and get a plain normal pdf file out of it...

If the password can be retrieved in an automated fashion then even if its encrypted, everything necessary (i.e. the key) is present, so if the host is compromised the passwords effectively are plaintext as the attacker can simply run the same process to decrypt the password.

And even if you use SSL to check your mail, that doesn't change how the email has been transmitted from one mail server to another, which is often done without using SSL, and most mail servers will fall back to plain text even if they do support SSL because so many out there don't support SSL at all.

Not necessarily in these days of social media... A lot of people have Facebook accounts and will have added relatives or people they went to school with...
For your example, you already know the school, so you find out a list of their teachers (often published online) and try them all, and if the attacker knows your age they can narrow it down further... Either way there's a relatively small number of possible answers.

All the routers i've seen implement statefull filtering on ipv6 and allow all outbound and no inbound (except traffic related to an outbound connection) by default, which is functionally identical to their ipv4 nat implementation.

Good luck trying to scan an ipv6 range...
The smallest subnet is a /64, even scanning every host there for a single port would take a LONG time.

IPv6 works fine with VPN software, even ipsec was originally a part of ipv6 and cruftily backported to ipv4... Infact, you can use ipsec properly (ie end to end without kludges like l2tp) with ipv6. The problems published recently were due to short sighted vpn providers who completely ignore the existence of ipv6. If they provided dual stack connectivity over their vpn then there wouldn't have been a problem.

Bugs could still be found in ipv4 stacks too (and are still being found), on the other hand ipv6 is much newer and addresses some of the weaknesses of ipv4.

MAC filtering will stop random users from connecting automatically, but won't stop someone who is intentionally trying to gain access... Changing your MAC is trivial.

Agreed that _optout is offensive, why should i have to change the name of *my* network to cope with this crap, and where would it end? I shouldn't have to explicitly opt out of things i never have any intention of using and might not even be aware of.

The only real solution is a dedicated (isolated) guest network, with regularly changing keys... I don't have guests visiting all the time so i could easily generate a new key each time...

Until games start requiring it...

Any device that connects to wifi has to store the passwords either in the clear or in a retrievable form...

If you compromise the device, you can extract the keys (and a lot of other stuff too). Other devices just obfuscate the keys, but they are still retrievable (e.g. try wirelesskeyview or gsecdump for windows).

That's why virtually all platforms offer device encryption these days to lessen the chances of the device being compromised at all.

Limiting sites and protocols just causes problems, people will have their devices setup to connect to all manner of things (vpns, email, im, voip etc), and restricting what they can access will invariably block some stuff and render the connection unusable, causing a denial of service if the handset automatically connects to the wifi and loses its cellular connection where everything was working.

The PSK *is* the passphrase... The only thing the passphrase gives you is access to the network, and the key does that too.

Are you referring to the zsh option which also wouldn't protect you from rm -fr /, funny man?

I don't dumpster dive much more these days, it's not worth the effort.