Announcement

Collapse
No announcement yet.

Firefox 91 Released As New ESR Base, HTTPS First Policy For Private Mode

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firefox 91 Released As New ESR Base, HTTPS First Policy For Private Mode

    Phoronix: Firefox 91 Released As New ESR Base, HTTPS First Policy For Private Mode

    Firefox 91.0 is out this morning as the latest monthly update to Mozilla's cross-platform web browser...

    https://www.phoronix.com/scan.php?pa...ox-91-Released

  • #2
    Users running beta (92) on the Wayland backend (`MOZ_ENABLE_WAYLAND=1`, unfortunately still not on by default) may want to try out the compositor backend (`gfx.webrender.compositor.force-enabled` in `about:config`). It aims to bring the Wayland backend on par with the CoreAnimation and DirectComposition backends on MacOS/Win respectively concerning energy efficiency. It does so by offloading compositing work to the Wayland compositor by using subsurfaces and other advanced Wayland features. That allows to e.g. paint page content only once and, when scrolling, just instructing the Wayland compositor to move that content around, reducing GPU work.

    Edit: only try this if you run a recent (dot)release of Gnome/Kwin/Sway - older versions have serious bugs, many of them found while developing this feature.

    See also https://mozillagfx.wordpress.com/201...ore-animation/
    Last edited by treba; 10 August 2021, 01:48 PM.

    Comment


    • #3
      I wish they would fix WebAuthn on Android again. It indicates to sites that it exists but nothing happens when you try to use it.

      Comment


      • #4
        This is why Firefox still sucks. I use it on desktop and mobile, but damn are they slow on the uptake.
        Https first should be the default attempt. Http should be the fallback at best, but Firefox still would try http first on any non explicit url entered in the box. Despite using https only options and extensions. Thus not being able to load sites until the s is inserted.
        This is like an old problem (maybe still there) where downloads with the open with app used (quicken import for instance) still actually downloaded the file to the temp directory, passed it to the app and wouldn't delete the temporary file. Plus the download dialog would always show the iriginsl filename while appending numbers as the temp files piled up. Of course, any bug report got rejected despite the information leakage.

        Firefox just is way too slow to adopt true privacy features no matter what their PR stance is.

        Comment


        • #5
          Originally posted by Ipkh View Post
          This is why Firefox still sucks. I use it on desktop and mobile, but damn are they slow on the uptake.
          Https first should be the default attempt. Http should be the fallback at best, but Firefox still would try http first on any non explicit url entered in the box. Despite using https only options and extensions. Thus not being able to load sites until the s is inserted.
          That doesn't sound right, I don't recall Firefox doing that anytime recently, and it certainly isn't the default behavior of LibreWolf. Maybe I'm just getting so used to the sane setup of LibreWolf that I've forgotten a lot of the old papercuts from Firefox.

          Comment


          • #6
            Originally posted by Ipkh View Post
            This is why Firefox still sucks. I use it on desktop and mobile, but damn are they slow on the uptake.
            Https first should be the default attempt. Http should be the fallback at best, but Firefox still would try http first on any non explicit url entered in the box. Despite using https only options and extensions. Thus not being able to load sites until the s is inserted.
            This is like an old problem (maybe still there) where downloads with the open with app used (quicken import for instance) still actually downloaded the file to the temp directory, passed it to the app and wouldn't delete the temporary file. Plus the download dialog would always show the iriginsl filename while appending numbers as the temp files piled up. Of course, any bug report got rejected despite the information leakage.

            Firefox just is way too slow to adopt true privacy features no matter what their PR stance is.
            I use Firefox (plus some add-ons to block ads) because I believe in its core it is way more privacy-friendly than any other alternative.

            NordVPN agrees with me.

            Edit: Oh and Firefox has HTTPS-Only-Mode since Firefox 83 (released 2020-11-17):

            https://support.mozilla.org/en-US/kb/https-only-prefs

            Last edited by reba; 10 August 2021, 11:57 AM.

            Comment


            • #7
              Originally posted by treba View Post
              Users running beta (92) on the Wayland backend (`MOZ_ENABLE_WAYLAND=1`, unfortunately still not on by default) may want to try out the compositor backend (`gfx.webrender.compositor.force-enabled` in `about:config`). It aims to bring the Wayland backend on par with the CoreAnimation and DirectComposition backends on MacOS/Win respectively concerning energy efficiency. It does so by offloading compositing work to the Wayland compositor by using subsurfaces and other advanced Wayland features. That allows to e.g. paint page content only once and, when scrolling, just instructing the Wayland compositor to move that content around, reducing GPU work.

              See also https://mozillagfx.wordpress.com/201...ore-animation/
              Oh great, your suggestion completely broke my browser and now nothing works. Clicking pretty much any button results in instant crash.

              Is there a config file somewhere where I can reset this setting? I can't access about:config from within the browser due to it being completely broken.

              Writing this post from the awesome GNOME Web by the way. I love Firefox though so I would really like it back thank you very much.

              Comment


              • #8
                Originally posted by Ipkh View Post
                Https first should be the default attempt. Http should be the fallback at best, but Firefox still would try http first on any non explicit url entered in the box. Despite using https only options and extensions. Thus not being able to load sites until the s is inserted.
                Well, not entirely right, Firefox actually queries the hosting server first about which mode (http or https) is preferred. Unless you explicitly define https only mode in firefox settings. This setting will make http only sites display a message that the site is not https and the site will not load until you explicitly confirm you wish to take the risk.

                There are many cases where by default http is still used, for example in embedded software to control machinery or other stuff that has no physical internet connection. Such systems do not require or need the overhead of https and the use of expiring certificates. Thus querying the hosting server is best.

                So setup the hosting server properly (many are not) and there is no problem for browsers between choosing https or http by default.

                Comment


                • #9
                  Originally posted by Brisse View Post

                  Oh great, your suggestion completely broke my browser and now nothing works. Clicking pretty much any button results in instant crash.

                  Is there a config file somewhere where I can reset this setting? I can't access about:config from within the browser due to it being completely broken.

                  Writing this post from the awesome GNOME Web by the way. I love Firefox though so I would really like it back thank you very much.
                  Open a terminal and start firefox in safe mode:
                  Code:
                  firefox -safe-mode

                  Comment


                  • #10
                    Originally posted by FPScholten View Post

                    Open a terminal and start firefox in safe mode:
                    Code:
                    firefox -safe-mode
                    Excellent. Thank you!

                    Comment

                    Working...
                    X