Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On 2018-04-01 11:24, Steve Litt wrote: On Sun, 1 Apr 2018 16:29:23 +0200 Antony Stonewrote: On Sunday 01 April 2018 at 16:13:10, aitor_czr wrote: > On 31/03/18 20:54, Rick Moen wrote: > Where is Vladimir Karimov, one of the worst dictators of the world, > fortunately dead? [snip] Secondly, what has the current resting place of a dead dictator got to do with Open Source licensing and Red Hat copyrights? Who's buried in Grant's Tomb? SteveT __ And what does any of this diversion have to do with firefox and cloudflare? golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Sun, 1 Apr 2018 16:29:23 +0200 Antony Stonewrote: > On Sunday 01 April 2018 at 16:13:10, aitor_czr wrote: > > > On 31/03/18 20:54, Rick Moen wrote: > > Where is Vladimir Karimov, one of the worst dictators of the world, > > fortunately dead? > [snip] > > Secondly, what has the current resting place of a dead dictator got > to do with Open Source licensing and Red Hat copyrights? Who's buried in Grant's Tomb? SteveT Steve Litt April 2018 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Sun, 1 Apr 2018 17:39:35 +0200 aitor_czrwrote: > Hi, > > On 01/04/18 16:29, Antony Stone wrote: > > On Sunday 01 April 2018 at 16:13:10, aitor_czr wrote: > > > >> On 31/03/18 20:54, Rick Moen wrote: > >> > >>> Yes, and your point is? > >> My point of view, you mean? > >> > >> By downloading CentOS software, you acknowledge that you > >> understand all of the following: CentOS software and technical > >> information may be subject to the U.S. Export Administration > >> Regulations (the “EAR”) and other U.S. and foreign laws and may > >> not be exported, re-exported or transferred (a) to a prohibited > >> destination country under the EAR or U.S. sanctions regulations > >> (currently Cuba, Iran, North Korea, Sudan, Syria, and the Crimea > >> Region of Ukraine, subject to change as posted by the United > >> States government) > >> > >> Where is Vladimir Karimov, one of the worst dictators of the world, > >> fortunately dead? > > I often, and certainly in this case, find obscure rhetorical > > questions presented as part of an answer to a request for > > clarification, to be more of a hindrance than a help. > > > > Firstly, I am not familiar with who Vladimir Karimov is, and a > > Google / Wikipedia search has not helped me to find out. > > You don't miss anything > > > Secondly, what has the current resting place of a dead dictator got > > to do with Open Source licensing and Red Hat copyrights? > > > > Please, when asked for clarification, try to provide a clear answer > > instead of simply making statements prompting even more people to > > wonder "what?" > > I don't claim to be aggressive; i only whish to express that > scientific projects (like Scientific Linux, based on CentOS, is > presumed to be) should stay away from policy (and religions). > > Aitor. I wish you would get your facts right ;-) Scientific Linux is not based on Centos, it (like Centos) is based on RHEL. Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Hi, On 01/04/18 16:29, Antony Stone wrote: On Sunday 01 April 2018 at 16:13:10, aitor_czr wrote: On 31/03/18 20:54, Rick Moen wrote: Yes, and your point is? My point of view, you mean? By downloading CentOS software, you acknowledge that you understand all of the following: CentOS software and technical information may be subject to the U.S. Export Administration Regulations (the “EAR”) and other U.S. and foreign laws and may not be exported, re-exported or transferred (a) to a prohibited destination country under the EAR or U.S. sanctions regulations (currently Cuba, Iran, North Korea, Sudan, Syria, and the Crimea Region of Ukraine, subject to change as posted by the United States government) Where is Vladimir Karimov, one of the worst dictators of the world, fortunately dead? I often, and certainly in this case, find obscure rhetorical questions presented as part of an answer to a request for clarification, to be more of a hindrance than a help. Firstly, I am not familiar with who Vladimir Karimov is, and a Google / Wikipedia search has not helped me to find out. You don't miss anything Secondly, what has the current resting place of a dead dictator got to do with Open Source licensing and Red Hat copyrights? Please, when asked for clarification, try to provide a clear answer instead of simply making statements prompting even more people to wonder "what?" I don't claim to be aggressive; i only whish to express that scientific projects (like Scientific Linux, based on CentOS, is presumed to be) should stay away from policy (and religions). Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Quoting Antony Stone (antony.st...@devuan.open.source.it): > Firstly, I am not familiar with who Vladimir Karimov is, and a Google > / Wikipedia search has not helped me to find out. > > Secondly, what has the current resting place of a dead dictator got to > do with Open Source licensing and Red Hat copyrights? I'm guessing he meant Islam Abduganiyevich Karimov, dictator of Uzbekistan, who died in Tashkent (the capital) in 2016 after an iron-fisted, very bloody, and generally terrifying 27-year rule. He's buried in his native Samarkand. ;-> Perhaps aitor_czr noticed Uzbekistan being missing from the cited Export Administration Regulations (EAR) prohibited-countries list.[1] The EARs are a long-running farce by which the US Department of Commerce's Bureau of Industry and Security (BIS) (advised by the No Such Agency, Never Say Anything, NSA people) pretend as if the rest of the planet can't and doesn't originate strong crypto. Because CentOS includes strong crypto and is a project based at least nominally in the USA, the project make a ritual gesture towards compliance with the EARs. However, like other open source projects, IIRC they take no actual measures whatsover to prevent countries deemed naughty by the NSA^w Department of Commerce to download their software, and merely make the ritual declaration that people in certain countries 'may not' download it, nosirree, nope. [1] Why? Perhaps in accordance with the old motto, 'There's no fuel like an oil fuel.' (Apologies to members of the international community who might not get the pun. The joke is a little idiomatic.) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Sunday 01 April 2018 at 16:13:10, aitor_czr wrote: > On 31/03/18 20:54, Rick Moen wrote: > > > Yes, and your point is? > > My point of view, you mean? > > By downloading CentOS software, you acknowledge that you understand all > of the following: CentOS software and technical information may be > subject to the U.S. Export Administration Regulations (the “EAR”) and > other U.S. and foreign laws and may not be exported, re-exported or > transferred (a) to a prohibited destination country under the EAR or > U.S. sanctions regulations (currently Cuba, Iran, North Korea, Sudan, > Syria, and the Crimea Region of Ukraine, subject to change as posted by > the United States government) > > Where is Vladimir Karimov, one of the worst dictators of the world, > fortunately dead? I often, and certainly in this case, find obscure rhetorical questions presented as part of an answer to a request for clarification, to be more of a hindrance than a help. Firstly, I am not familiar with who Vladimir Karimov is, and a Google / Wikipedia search has not helped me to find out. Secondly, what has the current resting place of a dead dictator got to do with Open Source licensing and Red Hat copyrights? Please, when asked for clarification, try to provide a clear answer instead of simply making statements prompting even more people to wonder "what?" Thanks, Antony. -- https://tools.ietf.org/html/rfc6890 - providing 16 million IPv4 addresses for talking to yourself. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Hi Rick, On 31/03/18 20:54, Rick Moen wrote: Quoting aitor_czr (aitor_...@gnuinos.org): Scientific Linux is a CentOS based distribution, Indeed, which in turn is an RHEL rebuild, with the result that they are both RHEL rebuilds. I'm thus really not sure what your point is. But..., read here: https://www.centos.org/legal/ Yes, and your point is? My point of view, you mean? By downloading CentOS software, you acknowledge that you understand all of the following: CentOS software and technical information may be subject to the U.S. Export Administration Regulations (the “EAR”) and other U.S. and foreign laws and may not be exported, re-exported or transferred (a) to a prohibited destination country under the EAR or U.S. sanctions regulations (currently Cuba, Iran, North Korea, Sudan, Syria, and the Crimea Region of Ukraine, subject to change as posted by the United States government) Where is Vladimir Karimov, one of the worst dictators of the world, fortunately dead? Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Quoting chillfan (chill...@protonmail.com): > I've not paid attention to Red Hat since FC1, so I have no idea what > the issues are there. That's a whole different can of worms anyway. Well, if you wish to know, I _have_ documented the matter: 'RHEL ISOs' on http://linuxmafia.com/kb/Licensing_and_Law/ Also of possible interest: Bestiary (doubtless somewhat out of date again) of known RHEL rebuilds: 'RHEL Forks' on http://linuxmafia.com/kb/RedHat/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Quoting aitor_czr (aitor_...@gnuinos.org): > Scientific Linux is a CentOS based distribution, Indeed, which in turn is an RHEL rebuild, with the result that they are both RHEL rebuilds. I'm thus really not sure what your point is. > But..., read here: > > https://www.centos.org/legal/ Yes, and your point is? I was very peripherally involved with the CentOS Project (_very_ indirectly) when a blow-up happened where the webmaster freaked out about a letter received from Red Hat Legal, making aggessive noises concerning trademark policy and demanding that CentOS Project take a bunch of further steps. The webmaster on that occasion changed all CentOS Web pages to remove all mention of Red Hat's distribution by name, substituting (IIRC) the phrase 'a North American enterprise Linux distribution'. It's very common for trademark stakeholders to issue unjustifiably aggressive threat letters for reasons Cory Doctorow explains in an article I link from the top of my own trademark-law article as an excellent overview: http://www.openp2p.com/pub/a/p2p/2003/08/14/trademarks.html ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
I've not paid attention to Red Hat since FC1, so I have no idea what the issues are there. That's a whole different can of worms anyway. If someone is happy to rebrand then it's fine. Also I don't mean to put down derivatives, I just think a defacto replacement would work out best. Thanks, chillfan ‐‐‐ Original Message ‐‐‐ On March 31, 2018 5:14 PM, Rick Moenwrote: > Quoting chillfan (chill...@protonmail.com): > > > I think it was important to point this situation out. If distributing > > > > free software can potentially get you into a legal situation this > > > > quickly, then it's just not worth the headache that follows. > > So, you're saying that CentOS and Scientific Linux are not safe to > > distribute? (I thought the problem with RHEL rebuilds is that they're > > kind of, you know, Red Hattish. ;-> ) > > Dng mailing list > > Dng@lists.dyne.org > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Hi Rick, On 31/03/18 18:14, Rick Moen wrote: Quoting chillfan (chill...@protonmail.com): I think it was important to point this situation out. If distributing free software can potentially get you into a legal situation this quickly, then it's just not worth the headache that follows. So, you're saying that CentOS and Scientific Linux are not safe to distribute? (I thought the problem with RHEL rebuilds is that they're kind of, you know, Red Hattish. ;-> ) Scientific Linux is a CentOS based distribution, i have a cdrom distributed by LINUX-MAGAZINE years ago including a wallpaper with an atom and also its electrons whirling around. Appearently, all in favour of the human knowlegde. But..., read here: https://www.centos.org/legal/ Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Quoting chillfan (chill...@protonmail.com): > I think it was important to point this situation out. If distributing > free software can potentially get you into a legal situation this > quickly, then it's just not worth the headache that follows. So, you're saying that CentOS and Scientific Linux are not safe to distribute? (I thought the problem with RHEL rebuilds is that they're kind of, you know, Red Hattish. ;-> ) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
I think it was important to point this situation out. If distributing free software can potentially get you into a legal situation this quickly, then it's just not worth the headache that follows. IMHO.. The primary reason for searching for an alternative to firefox is not that it sucks but because they are no longer the banner for freedom we once enjoyed getting behind. That's actually what's really been missing here, which goes as far back to the ads in tabs (and DRM/EME) situation. The only thing I can see working, is if developers are happy to remove features and stop rebasing most of their work on firefox and syncing up with their codebase. That and starting a project with a clear goal to protect user freedom and privacy. Thanks, chillfan ‐‐‐ Original Message ‐‐‐ On March 31, 2018 2:52 AM, Steve Littwrote: [quote] > But to me, vendors matter, and I won't use software > > from somebody as douchatudenous as this guy. He makes Linus and Lennart > > look like pleasant people. > SteveT > > Steve Litt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
* On 2018 31 Mar 02:15 -0500, Didier Kryn wrote: > Le 30/03/2018 à 16:28, Steve Litt a écrit : > > Here's why I wouldn't use Palemoon if it were the last browser on earth: > > > > https://github.com/jasperla/openbsd-wip/issues/86 > > > > By the way, a little research on USPTO shows they have no registered > > trademark on "Palemoon". For somebody so lawyerly threatening, he sure > > hasn't dotted his i's and crossed his t's. > > This sheds a bad light on the whole project, but maybe they're forced to > do so because they inherit the source and the build system from > Mozilla. No, the bad light was shed by mattatobin opening the issue with the Internet version of a punch to the nose rather than with a handshake. The other stuff is tangential, IMO. The issue may well have been resolved satisfactorily had mattatobin taken a friendlier approach when he opened the issue. Instead he doubled down and the main developer didn't call him out so that reveals a lot about the project developers. Just like LP, this isn't a group I would care to deal with as a packager. - Nate -- "The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true." Web: http://www.n0nb.us GPG key: D55A8819 GitHub: N0NB signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Le 30/03/2018 à 16:28, Steve Litt a écrit : On Thu, 29 Mar 2018 17:42:37 +0200 Jaromilwrote: hi Chillfan, On Thu, 29 Mar 2018, Chillfan wrote: I agree that a fork is needed, but I think this would be a whole lot of work. yes. forks are a LOT of work. Even Devuan, which I'd say is a relatively easy fork, mostly needing work on the infrastructure and testing and documentation side, was more demanding than expected. If palemoon offered something akin to extended support releases it would be a great candidate for that, palemoon is stuck at "version 27" series of Firefox and in any case its in the 2x series I doubt it can be brought up to 50 since the codebase is rather different. said that, I'm happy with palemoon, using always the latest stable release tagged on the git tree, compiling it myself on Devuan and then github.com/dyne/tinfoil for sandboxing. here the mozconfig I use, please note I do not disable pulseaudio or dbus, because that gives problems, yet I do not use pulseaudio (but I do use dbus...) Here's why I wouldn't use Palemoon if it were the last browser on earth: https://github.com/jasperla/openbsd-wip/issues/86 By the way, a little research on USPTO shows they have no registered trademark on "Palemoon". For somebody so lawyerly threatening, he sure hasn't dotted his i's and crossed his t's. This sheds a bad light on the whole project, but maybe they're forced to do so because they inherit the source and the build system from Mozilla. Anyway, you're normally don't want the distributed package because it depends on things you don't want, like Dbus and Pulseaudio. So just download the source from the official website and build with the config you like. Don't "distribute" the binary and forget the licensing crap. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Fri, Mar 30, 2018 at 07:42:49PM -0700, Rick Moen wrote: > > Certainly your privilege -- but, to just by your bellyaching, you'd > think it was difficult to just substitute a slightly different name > and logo, which it's not. You have to specify a specific option in order *not* to substitute a different name. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Quoting Steve Litt (sl...@troubleshooters.com): > I gotta show these guys *everything*... It's worse than that: If you want us to understand that you did a trademark search not just at USPTO but also at EUIPO, Canadian Intellectual Property Office, India Trade Marks Registry, WIPO, CIPC, China Trademark Office, and all the other significant registries, even though you mentioned _only_ 'a little research on USPTO', you gotta teach us mind-reading. It would also be handy if you comprehended that a common-law trademark is a perfectly valid trademark, and that many significant and legally strong trademarks are that way without registration. Which should not be surprising to anyone who's also studied copyright law. Even though copyrights and trademarks are different fish, the concept of a valid ownership claim without registration should be familiar from basic knowledge of either area of law. > So still, as far as I can research, Straver ain't got squat. [...] > Did you notice how I phrased my original assertion? I said: I gotta show this guy *everything*. A common-law trademark is not just 'some level of protection under the law'. It's an actual trademark. You should read more (or perhaps read better) before speaking, Steve. > We also both know that registered marks are easier to defend and more > likely to have draw substantial monetary damages upon finding of > infringement than common law marks. Actually, the only difference in legal systems I'm familiar with (sadly, that's mostly the USA, though I'm trying to do some readings about other national arrangements) is that (1) a registered trademark has much wider geographic scope, and (2) registration consitutes 'constructive notice' to infringers that plaintiff otherwise must show through explicit measures. The day I see Google and Amazon > depending on common law marks, I'll give M.C. Straver a little more > credit. They doubtless do through many minor marks if only because it's not dawned on them to spend $330/decade (or whatever it is now) to keep those registered. But, sorry, your ignorance cannot be excused by 'I don't see the big boys doing this' for many reasons including the extablishment of such a mark being not an action you can 'see' but rather something that arises automatically through using a mark in business. > Absolutely true. But to me, vendors matter, and I won't use software > from somebody as douchatudenous as this guy. He makes Linus and Lennart > look like pleasant people. Certainly your privilege -- but, to just by your bellyaching, you'd think it was difficult to just substitute a slightly different name and logo, which it's not. You may not like the guy's business model, but it's a perfectly valid and compliant open source one, that happens to be, FWIW, the same as Red Hat's. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Fri, 30 Mar 2018 13:36:05 -0700 Rick Moenwrote: > Quoting Steve Litt (sl...@troubleshooters.com): > > > Here's why I wouldn't use Palemoon if it were the last browser on > > earth: https://github.com/jasperla/openbsd-wip/issues/86 > > > > By the way, a little research on USPTO shows they have no registered > > trademark on "Palemoon". For somebody so lawyerly threatening, he > > sure hasn't dotted his i's and crossed his t's. > > 1. Are you aware that there are a number of other commercially > significant trademark registries aside from USPTO? FWIW, lead > developer M.C. Straver appears to be in the Netherlands. So, for > example, the first place to look for relevant trademark registrations > would be the European Union Intellectual Property Office, not USPTO. I gotta show these guys *everything*... Months ago I did a big old search, and not just on USPTO, to find registered marks for "pale moon" or "palemoon". Nothing applicable. But what the heck, I went on EUIPO, did both searches, widest possible search, and the only text marks called "palemoon" or "pale moon" were for Coors Brewery and one other brewery. So still, as far as I can research, Straver ain't got squat. > > (Don't be another one of those 'Murricans who embarrass me by > implicitly assuming that nothing outside the USA counts. Tusen takk, > venn.) But in this case it appears the Murrican was right. > > 2. Please, before addressing these subjects again, make sure you > understand the concept of common-law trademark, which it's obvious you > currently do not. > https://www.bitlaw.com/trademark/common.html Did you notice how I phrased my original assertion? I said: == By the way, a little research on USPTO shows they have no registered trademark on "Palemoon". For somebody so lawyerly threatening, he sure hasn't dotted his i's and crossed his t's. == I didn't say he doesn't have some level of protection under the law: I said that for a guy talking all that shit, he comes up short backing it up. We also both know that registered marks are easier to defend and more likely to have draw substantial monetary damages upon finding of infringement than common law marks. The day I see Google and Amazon depending on common law marks, I'll give M.C. Straver a little more credit. But as of now, I see him as one of these guys who intimidates with references to his AK-47 and grenades and rocket launchers, but when it's time to produce, all he's got is a 2 inch pocket knife. [snip] > > It's somewhat painful to see Linux users blunder into this subject > repeatedly and make elementary gaffes like assuming that a trademark > has no force if not evidenced by a current 10-year registration at > USPTO. That was not my assumption. Please reread my post. > > As an aside, if anyone wished to sidestep M.C. Straver's > trademark-based encumbrances entirely, it would more than suffice to > use a slightly different name and logo / trade-dress stylings. Absolutely true. But to me, vendors matter, and I won't use software from somebody as douchatudenous as this guy. He makes Linus and Lennart look like pleasant people. > So, why waste time ranting against Straver > being possessive about his branding, when the branding is in no way > essential to the codebase? Isn't that a waste of your and everyone > else's time, Steve? What time? My original post was 308 characters; 46 words. 308 characters to say why Palemoon will never contaminate my computer. SteveT Steve Litt April 2018 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On 30/03/18 22:36, Rick Moen wrote: And, for gosh sakes, spend a few minutes to learn some real trademark law, already. Please. People fork the mozilla browser due to its legal restrictions (i think); so, referring to palemoon, where is the sense of forking it applying similar restrictions? Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Quoting Steve Litt (sl...@troubleshooters.com): > Here's why I wouldn't use Palemoon if it were the last browser on earth: > https://github.com/jasperla/openbsd-wip/issues/86 > > By the way, a little research on USPTO shows they have no registered > trademark on "Palemoon". For somebody so lawyerly threatening, he sure > hasn't dotted his i's and crossed his t's. 1. Are you aware that there are a number of other commercially significant trademark registries aside from USPTO? FWIW, lead developer M.C. Straver appears to be in the Netherlands. So, for example, the first place to look for relevant trademark registrations would be the European Union Intellectual Property Office, not USPTO. (Don't be another one of those 'Murricans who embarrass me by implicitly assuming that nothing outside the USA counts. Tusen takk, venn.) 2. Please, before addressing these subjects again, make sure you understand the concept of common-law trademark, which it's obvious you currently do not. https://www.bitlaw.com/trademark/common.html In case they are useful, here are a set of notes about trademark law I compiled while spearheading _Linux Gazette's_ (successful) trademark dispute against the magazine's former Web host, SSC, Inc. (then the publisher of _Linux Journal_: http://linuxmafia.com/faq/Licensing_and_Law/trademark-law.html http://linuxmafia.com/faq/Licensing_and_Law/trademark-law.add It's somewhat painful to see Linux users blunder into this subject repeatedly and make elementary gaffes like assuming that a trademark has no force if not evidenced by a current 10-year registration at USPTO. As an aside, if anyone wished to sidestep M.C. Straver's trademark-based encumbrances entirely, it would more than suffice to use a slightly different name and logo / trade-dress stylings. (This is what the CentOS Project does, along with other RHEL rebuilds such as Scientific Linux). So, why waste time ranting against Straver being possessive about his branding, when the branding is in no way essential to the codebase? Isn't that a waste of your and everyone else's time, Steve? And, for gosh sakes, spend a few minutes to learn some real trademark law, already. Please. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Friday 30 March 2018 at 21:39:14, Hendrik Boom wrote: > On Fri, Mar 30, 2018 at 10:28:00AM -0400, Steve Litt wrote: > > > Here's why I wouldn't use Palemoon if it were the last browser on earth: > > > > https://github.com/jasperla/openbsd-wip/issues/86 > > Is there another name that palemoon could be called? Of course - we could call it anything we like - they even include "default branding" in their source tree, and anyone's free to use that if they don't want to develop their own (I've not looked at it, I have no idea how appealing it is). The main question is whether anyone wants to support / encourage / depend upstream on a developer group with those attitudes to packagers. Okay, licensing and trademarks are important, but there are ways of asking people to play nicely and there are ways of setting the dogs on them at first opportunity... Antony. -- "Measuring average network latency is about as useful as measuring the mean temperature of patients in a hospital." - Stéphane Bortzmeyer Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Fri, Mar 30, 2018 at 10:28:00AM -0400, Steve Litt wrote: > On Thu, 29 Mar 2018 17:42:37 +0200 > Jaromilwrote: > > > hi Chillfan, > > > > On Thu, 29 Mar 2018, Chillfan wrote: > > > > > I agree that a fork is needed, but I think this would be a whole > > > lot of work. > > > > yes. forks are a LOT of work. Even Devuan, which I'd say is a > > relatively easy fork, mostly needing work on the infrastructure and > > testing and documentation side, was more demanding than expected. > > > > > If palemoon offered something akin to extended support releases it > > > would be a great candidate for that, > > > > palemoon is stuck at "version 27" series of Firefox and in any case > > its in the 2x series I doubt it can be brought up to 50 since the > > codebase is rather different. > > > > said that, I'm happy with palemoon, using always the latest stable > > release tagged on the git tree, compiling it myself on Devuan and then > > github.com/dyne/tinfoil for sandboxing. here the mozconfig I use, > > please note I do not disable pulseaudio or dbus, because that gives > > problems, yet I do not use pulseaudio (but I do use dbus...) > > Here's why I wouldn't use Palemoon if it were the last browser on earth: > > https://github.com/jasperla/openbsd-wip/issues/86 > > By the way, a little research on USPTO shows they have no registered > trademark on "Palemoon". For somebody so lawyerly threatening, he sure > hasn't dotted his i's and crossed his t's. > > SteveT > > Steve Litt > April 2018 featured book: Troubleshooting Techniques > of the Successful Technologist > http://www.troubleshooters.com/techniques > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng Is there another name that palemoon could be called? -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Hi, On 2018 30 Mar 09:29 -0500, Steve Litt wrote: Here's why I wouldn't use Palemoon if it were the last browser on earth: https://github.com/jasperla/openbsd-wip/issues/86 After reading the discussion, makes me want to remove Pale Moon from gnuinos. What about Abrowser, Trisquel's version of Mozilla with the trademarked logos replaced? Trisquel devs have preferred Abrowser// over IceCat. Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
* On 2018 30 Mar 09:29 -0500, Steve Litt wrote: > Here's why I wouldn't use Palemoon if it were the last browser on earth: > > https://github.com/jasperla/openbsd-wip/issues/86 Thanks, Steve. I'm off to remove it from my laptop. I guess they just set themselves up as a "routing problem". Good show, nerds, you've just shown the world how NOT to resolve issues/disputes. > By the way, a little research on USPTO shows they have no registered > trademark on "Palemoon". For somebody so lawyerly threatening, he sure > hasn't dotted his i's and crossed his t's. Are they based in the US? Have they made such application in the EU or other jurisdiction? - Nate -- "The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true." Web: http://www.n0nb.us GPG key: D55A8819 GitHub: N0NB signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
That's interesting. Perhaps it was best I didn't get palemoon building correctly, I was under the impression they had changed to a more friendly approach with their official branding. So that would make Palemoon builds even more difficult there. Thanks, chillfan ‐‐‐ Original Message ‐‐‐ On March 30, 2018 3:28 PM, Steve Littwrote: > Here's why I wouldn't use Palemoon if it were the last browser on earth: > > https://github.com/jasperla/openbsd-wip/issues/86 > > By the way, a little research on USPTO shows they have no registered > > trademark on "Palemoon". For somebody so lawyerly threatening, he sure > > hasn't dotted his i's and crossed his t's. > > SteveT > > Steve Litt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Thu, 29 Mar 2018 17:42:37 +0200 Jaromilwrote: > hi Chillfan, > > On Thu, 29 Mar 2018, Chillfan wrote: > > > I agree that a fork is needed, but I think this would be a whole > > lot of work. > > yes. forks are a LOT of work. Even Devuan, which I'd say is a > relatively easy fork, mostly needing work on the infrastructure and > testing and documentation side, was more demanding than expected. > > > If palemoon offered something akin to extended support releases it > > would be a great candidate for that, > > palemoon is stuck at "version 27" series of Firefox and in any case > its in the 2x series I doubt it can be brought up to 50 since the > codebase is rather different. > > said that, I'm happy with palemoon, using always the latest stable > release tagged on the git tree, compiling it myself on Devuan and then > github.com/dyne/tinfoil for sandboxing. here the mozconfig I use, > please note I do not disable pulseaudio or dbus, because that gives > problems, yet I do not use pulseaudio (but I do use dbus...) Here's why I wouldn't use Palemoon if it were the last browser on earth: https://github.com/jasperla/openbsd-wip/issues/86 By the way, a little research on USPTO shows they have no registered trademark on "Palemoon". For somebody so lawyerly threatening, he sure hasn't dotted his i's and crossed his t's. SteveT Steve Litt April 2018 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
I believe so as well, but if I remember the build dependencies given in Steve Pussers sources require and fetch (apt-get build-dep) gcc-4.9 so it may be right that 4.9 is needed, or it should be built on Jessie. That might be why I was having issues with stability. Thanks, chillfan ‐‐‐ Original Message ‐‐‐ On March 30, 2018 10:40 AM, aitor_czrwrote: > Hi Hendrik, > > On 30/03/18 11:25, Hendrik Boom wrote: > > > What happens with later versions of gcc? fails to build, or fails > > to function when built? > > There are deb packages for debian > 9:https://software.opensuse.org/download.html?project=home:stevenpusser=palemoonSo, > palemoon should work on ascii.Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Am Donnerstag, 29. März 2018 schrieb Tomasz Torcz ️: > On Wed, Mar 28, 2018 at 02:42:53AM +0200, Adam Borowski wrote: > > On Tue, Mar 27, 2018 at 05:43:15PM -0400, taii...@gmx.com wrote: > > > https://www.theregister.co.uk/2018/03/20/mozilla_firefox_test_of_privacy_mechanism_prompts_privacy_worries/ > > > > > > Mozilla sucks these days - they pay zero attention to the issue of > > > browser fingerprinting and keep sending users data to other parties via > > > bogus "opt out" "research" studies. > > > > > > "Oh but you can opt-out" > > > Assuming you even know about it in the first place - and what? you need > > > to opt-out of probably thousands of bad things in your life which makes > > > such a policy absolute bullshit. > > > > The only saving grace is that they do this tracking on a test group. On the > > other hand, Chromium saves both the URL and refer[r]er of every downloaded > > file using an user-namespace xattr, a little-known feature implemented by > > most filesystems (not tmpfs, if you use /tmp for testing :p). Even in its > > "incognito mode" that's not supposed to log anything. > > I though most popular download tools do that? Chromium for at least > six years: https://bugs.chromium.org/p/chromium/issues/detail?id=45903 > > Curl for 8 years: > https://github.com/curl/curl/blob/master/src/tool_xattr.c#L55 > > Wget: https://fossies.org/linux/wget/src/xattr.c#60 > > Plasma desktop: > > https://api.kde.org/frameworks/kfilemetadata/html/usermetadata_8cpp_source.html#127 > > Even Fedora already obsoleted Yum: > > http://yum.baseurl.org/gitweb?p=urlgrabber.git;a=blob;f=urlgrabber/grabber.py#l1775 > > And, according to this, Microsoft Skype: > http://blog.manton.im/2017/02/working-with-extended-attributes-in.html > > Firefox is lagging: > https://bugzilla.mozilla.org/show_bug.cgi?id=665531 > > I consider it standard in GNU/Linux (for years!), so why bring it up now? > Well, I did not know about the misuse of xattr to do stuff like that (but I always ensure xattr are disabled). In times of "lawful inspection" this is an absolute no-go. Nik -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Le 30/03/2018 à 11:40, aitor_czr a écrit : Hi Hendrik, On 30/03/18 11:25, Hendrik Boom wrote: What happens with later versions of gcc? fails to build, or fails to function when built? There are deb packages for debian 9: https://software.opensuse.org/download.html?project=home:stevenpusser=palemoon So, palemoon should work on ascii. It does. I run it all the time, but mine was built on Jessie. The version on opensuse is with pulseaudio. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Hi Hendrik, On 30/03/18 11:25, Hendrik Boom wrote: What happens with later versions of gcc? fails to build, or fails to function when built? There are deb packages for debian 9: https://software.opensuse.org/download.html?project=home:stevenpusser=palemoon So, palemoon should work on ascii. Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Le 30/03/2018 à 11:25, Hendrik Boom a écrit : On Fri, Mar 30, 2018 at 09:30:48AM +0200, Didier Kryn wrote: Palemoon is also stuck with gcc-4.9. The documentation says that and discourages trying to build it with versions newer than GCC-5.3 AFAIR. I've built it on Jessie (without PA) and copied the binary to ASCII with no problem. Also I've kept gcc-4.9 on ASCII in case I need to re-build it. This restriction to a very short range of versions of GCC leads me to think there are some insanities in either the build system or the code itself. Insanities most probably inherited from Firefox. What happens with later versions of gcc? fails to build, or fails to function when built? Didn't try. I guess at least it fails to build. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Fri, Mar 30, 2018 at 09:30:48AM +0200, Didier Kryn wrote: > > Palemoon is also stuck with gcc-4.9. The documentation says that and > discourages trying to build it with versions newer than GCC-5.3 AFAIR. > I've built it on Jessie (without PA) and copied the binary to ASCII with > no problem. Also I've kept gcc-4.9 on ASCII in case I need to re-build it. > This restriction to a very short range of versions of GCC leads me to > think there are some insanities in either the build system or the code > itself. Insanities most probably inherited from Firefox. What happens with later versions of gcc? fails to build, or fails to function when built? -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Le 29/03/2018 à 17:42, Jaromil a écrit : palemoon is stuck at "version 27" series of Firefox and in any case its in the 2x series I doubt it can be brought up to 50 since the codebase is rather different. said that, I'm happy with palemoon, using always the latest stable release tagged on the git tree, compiling it myself on Devuan and then github.com/dyne/tinfoil for sandboxing. here the mozconfig I use, please note I do not disable pulseaudio or dbus, because that gives problems, yet I do not use pulseaudio (but I do use dbus...) export MOZILLA_OFFICIAL=1 mk_add_options AUTOCLOBBER=1 mk_add_options MOZ_CO_PROJECT=browser ac_add_options --enable-application=browser mk_add_options MOZ_OBJDIR=`pwd`/pmbuild ac_add_options --enable-jemalloc ac_add_options --enable-jemalloc-lib # ac_add_options --disable-dbus ac_add_options --disable-gstreamer ac_add_options --enable-alsa ac_add_options --disable-oss ac_add_options --enable-pulseaudio ac_add_options --disable-necko-wifi ac_add_options --enable-official-branding ac_add_options --disable-installer ac_add_options --disable-updater ac_add_options --disable-tests ac_add_options --disable-debug ac_add_options --disable-mochitest ac_add_options --with-pthreads ac_add_options --enable-strip ac_add_options --enable-optimize="-O2 -march=native -pipe" Palemoon is also stuck with gcc-4.9. The documentation says that and discourages trying to build it with versions newer than GCC-5.3 AFAIR. I've built it on Jessie (without PA) and copied the binary to ASCII with no problem. Also I've kept gcc-4.9 on ASCII in case I need to re-build it. This restriction to a very short range of versions of GCC leads me to think there are some insanities in either the build system or the code itself. Insanities most probably inherited from Firefox. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Wed, Mar 28, 2018 at 02:42:53AM +0200, Adam Borowski wrote: > On Tue, Mar 27, 2018 at 05:43:15PM -0400, taii...@gmx.com wrote: > > https://www.theregister.co.uk/2018/03/20/mozilla_firefox_test_of_privacy_mechanism_prompts_privacy_worries/ > > > > Mozilla sucks these days - they pay zero attention to the issue of > > browser fingerprinting and keep sending users data to other parties via > > bogus "opt out" "research" studies. > > > > "Oh but you can opt-out" > > Assuming you even know about it in the first place - and what? you need > > to opt-out of probably thousands of bad things in your life which makes > > such a policy absolute bullshit. > > The only saving grace is that they do this tracking on a test group. On the > other hand, Chromium saves both the URL and refer[r]er of every downloaded > file using an user-namespace xattr, a little-known feature implemented by > most filesystems (not tmpfs, if you use /tmp for testing :p). Even in its > "incognito mode" that's not supposed to log anything. I though most popular download tools do that? Chromium for at least six years: https://bugs.chromium.org/p/chromium/issues/detail?id=45903 Curl for 8 years: https://github.com/curl/curl/blob/master/src/tool_xattr.c#L55 Wget: https://fossies.org/linux/wget/src/xattr.c#60 Plasma desktop: https://api.kde.org/frameworks/kfilemetadata/html/usermetadata_8cpp_source.html#127 Even Fedora already obsoleted Yum: http://yum.baseurl.org/gitweb?p=urlgrabber.git;a=blob;f=urlgrabber/grabber.py#l1775 And, according to this, Microsoft Skype: http://blog.manton.im/2017/02/working-with-extended-attributes-in.html Firefox is lagging: https://bugzilla.mozilla.org/show_bug.cgi?id=665531 I consider it standard in GNU/Linux (for years!), so why bring it up now? -- Tomasz TorczTo co nierealne -- tutaj jest normalne. xmpp: zdzich...@chrome.pl Ziomale na życie mają tu patenty specjalne. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
I suspect if I tried building from palemoon sources, it might be easier to figure that out (I will try with your mozconfig some time). In any case Steve Pussers builds seem to work reliably and are regularly updated, which makes it easy. The issue I think is when you don't use dbus or pulse, etc but still have the support. But I don't think it's good to remove those in a standard built meant for everyone. Interestingly someone pointed to an issue where dbus support would use a lot of resources in conjunction with libsdl2 if the dbus daemon isn't available but the support library is. So this might be a good reason why someone would want to build their own at times. @hendrik I agree that does improve the situation a little bit. I think it would be great if there was more of a "hard" fork or more collaboration though. Afaik the only one removing EME altogether is icecat. I think a tweaked build of that would be interesting. Thanks, chillfan On March 29, 2018 4:42 PM, Jaromilwrote: > hi Chillfan, > > On Thu, 29 Mar 2018, Chillfan wrote: > > > I agree that a fork is needed, but I think this would be a whole lot of > > work. > > yes. forks are a LOT of work. Even Devuan, which I'd say is a > > relatively easy fork, mostly needing work on the infrastructure and > > testing and documentation side, was more demanding than expected. > > > If palemoon offered something akin to extended support releases it > > > > would be a great candidate for that, > > palemoon is stuck at "version 27" series of Firefox and in any case > > its in the 2x series I doubt it can be brought up to 50 since the > > codebase is rather different. > > said that, I'm happy with palemoon, using always the latest stable > > release tagged on the git tree, compiling it myself on Devuan and then > > github.com/dyne/tinfoil for sandboxing. here the mozconfig I use, > > please note I do not disable pulseaudio or dbus, because that gives > > problems, yet I do not use pulseaudio (but I do use dbus...) > > export MOZILLA_OFFICIAL=1 > > mk_add_options AUTOCLOBBER=1 > > mk_add_options MOZ_CO_PROJECT=browser > > ac_add_options --enable-application=browser > > mk_add_options MOZ_OBJDIR=`pwd`/pmbuild > > ac_add_options --enable-jemalloc > > ac_add_options --enable-jemalloc-lib > > ac_add_options --disable-dbus > = > > ac_add_options --disable-gstreamer > > ac_add_options --enable-alsa > > ac_add_options --disable-oss > > ac_add_options --enable-pulseaudio > > ac_add_options --disable-necko-wifi > > ac_add_options --enable-official-branding > > ac_add_options --disable-installer > > ac_add_options --disable-updater > > ac_add_options --disable-tests > > ac_add_options --disable-debug > > ac_add_options --disable-mochitest > > ac_add_options --with-pthreads > > ac_add_options --enable-strip > > ac_add_options --enable-optimize="-O2 -march=native -pipe" > > ciao ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
hi Chillfan, On Thu, 29 Mar 2018, Chillfan wrote: > I agree that a fork is needed, but I think this would be a whole lot of work. yes. forks are a LOT of work. Even Devuan, which I'd say is a relatively easy fork, mostly needing work on the infrastructure and testing and documentation side, was more demanding than expected. > If palemoon offered something akin to extended support releases it > would be a great candidate for that, palemoon is stuck at "version 27" series of Firefox and in any case its in the 2x series I doubt it can be brought up to 50 since the codebase is rather different. said that, I'm happy with palemoon, using always the latest stable release tagged on the git tree, compiling it myself on Devuan and then github.com/dyne/tinfoil for sandboxing. here the mozconfig I use, please note I do not disable pulseaudio or dbus, because that gives problems, yet I do not use pulseaudio (but I do use dbus...) export MOZILLA_OFFICIAL=1 mk_add_options AUTOCLOBBER=1 mk_add_options MOZ_CO_PROJECT=browser ac_add_options --enable-application=browser mk_add_options MOZ_OBJDIR=`pwd`/pmbuild ac_add_options --enable-jemalloc ac_add_options --enable-jemalloc-lib # ac_add_options --disable-dbus ac_add_options --disable-gstreamer ac_add_options --enable-alsa ac_add_options --disable-oss ac_add_options --enable-pulseaudio ac_add_options --disable-necko-wifi ac_add_options --enable-official-branding ac_add_options --disable-installer ac_add_options --disable-updater ac_add_options --disable-tests ac_add_options --disable-debug ac_add_options --disable-mochitest ac_add_options --with-pthreads ac_add_options --enable-strip ac_add_options --enable-optimize="-O2 -march=native -pipe" ciao ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Thu, Mar 29, 2018 at 06:32:44AM -0400, Chillfan wrote: > > A lot of times a forks fall short of taking care of everything, sometimes features are built but disabled by default (which is not much better than disabling it yourself). It's a lot better than having to disable the feature yourself and not being aware it's there. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
I agree that a fork is needed, but I think this would be a whole lot of work. IMHO, it's not enough to just disable features by default or have good defaults. The fact they are there to begin with is a similar argument as with systemd - we don't want to install these features to begin with, and want a smaller browser. There's a lot of things that should/could be removed - pocket, ebook mode, ads in tabs, dbus support, aspell hard dependency (in packages) and especially EME features, google safe browsing, health reporting, etc. A lot of times a forks fall short of taking care of everything, sometimes features are built but disabled by default (which is not much better than disabling it yourself). AFAIK there's no general purpose fork that takes care of *all* the freedom and bloat issues. If palemoon offered something akin to extended support releases it would be a great candidate for that, as it would be suitable for Devuan stable releases. From there it would be easy to offer an alternative build from the same source package, without some of the stuff we don't like. I tried building my own palemoon packages recently from Steve Pussers sources, and was able to disable dbus and pulse support very easily but sadly my builds were very unstable. Thanks, chillfan ‐‐‐ Original Message ‐‐‐ On March 27, 2018 10:43 PM, taii...@gmx.comwrote: > "Oh but you can opt-out" > > Assuming you even know about it in the first place - and what? you need > > to opt-out of probably thousands of bad things in your life which makes > > such a policy absolute bullshit. > > "If it was opt-in no one would do it and therefo-" > > Yeah no shit - because no one really wants their data collected ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
Quoting Adam Borowski (kilob...@angband.pl): > Support in filesystem varies: > * ext{2,3,4}, xfs, btrfs, reiserfs, f2fs, ..., do > * tmpfs doesn't > * vfat doesn't on Linux but (reportedly) does on Windows > * ntfs does > Usually you can mount -o nouser_xattr, which is wrongly documented as being > reiserfs specific (which shows how widespread knowledge of this is...); alas > this doesn't include btrfs which doesn't support nouser_xattr. I guess > someone should implement it... Also, tune2fs can disable the option inside the filesystem for ext{2,3,4}, e.g.: tune2fs -O ^user_xattr /dev/sda1 There's also as you say, a nouser_xattr option for mount(8) that works for some FSes. For XFS and JFS, I see no facility for disabling it either using tune2fs analogues (e.g., xfs_admin) or as mount(8) options. reiserfs, SRSLY? ;-> man mount(8) mentions a user_xttr option but one to disable it is not mentioned in the manpage I examined. btrfs, no clue, sorry. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Wed, 2018-03-28 at 02:42 +0200, Adam Borowski wrote: > More interesting is the timing between this addition and the DNC hack, where > the files are known to have been saved to an USB pen drive. This would > explain the weird inclusion of refer[r]er, which has no obvious legitimate > use but would often leak who downloaded the file (if a session was > identified as an argument to the URL rather than a cookie). Looks older: https://bugs.chromium.org/p/chromium/issues/detail?id=45903 So if Seth Rich used Chrome, it might have incriminated him. If someone got the physical flash drive he was using. Or he uploaded a .tar file that preserved the extended attributes? But the 4chan spergs who went over the DNC Leaks would have noticed something that big. And it gets better: https://www.freedesktop.org/wiki/CommonExtendedAttributes/ I swear, these people are a menace. According to the same madmen who gave us the modern desktops this isn't a security problem, a privacy violation or even a bug. It is a feature. According to that bug, this started on Mac and was added to the Linux version. No note saying it was added to Windows. If anyone still runs that legacy security nightmare, it would be good to know if it has or doesn't have this anti-feature. signature.asc Description: This is a digitally signed message part ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
On Tue, Mar 27, 2018 at 05:43:15PM -0400, taii...@gmx.com wrote: > https://www.theregister.co.uk/2018/03/20/mozilla_firefox_test_of_privacy_mechanism_prompts_privacy_worries/ > > Mozilla sucks these days - they pay zero attention to the issue of > browser fingerprinting and keep sending users data to other parties via > bogus "opt out" "research" studies. > > "Oh but you can opt-out" > Assuming you even know about it in the first place - and what? you need > to opt-out of probably thousands of bad things in your life which makes > such a policy absolute bullshit. The only saving grace is that they do this tracking on a test group. On the other hand, Chromium saves both the URL and refer[r]er of every downloaded file using an user-namespace xattr, a little-known feature implemented by most filesystems (not tmpfs, if you use /tmp for testing :p). Even in its "incognito mode" that's not supposed to log anything. Note that no tool displays the presence of user-namespace xattrs during normal use, and to specifically query them, you need a tool that's not installed by default (either getfattr from package "attr" or xattr from package by that name). Usually, when you hear about xattrs, it's because of file capabilities or selinux labels, that's why most file manipulation programs either copy xattrs by default or can be told to do so. If you don't know what I'm talking about, run: 「getcap -r /bin /sbin /usr」 (it's a safer version of the setuid bit that grants only limited capabilities, so if someone suborns eg. /bin/ping, the attacker obtains only use of raw sockets instead of full root escalation). For this reason, most sysadmins are told to give -X to rsync. Some tools copy xattrs, some don't: * cp doesn't unless you say --preserve=xattr * mv does * rsync only with -X (but it's needed for caps) * mc doesn't * tar saves but doesn't restore unless with --xattrs (and you can --xattrs-exclude='^user.') Obviously though, lack of such support doesn't help if you save the file directly to its final destination, which you usually do. Support in filesystem varies: * ext{2,3,4}, xfs, btrfs, reiserfs, f2fs, ..., do * tmpfs doesn't * vfat doesn't on Linux but (reportedly) does on Windows * ntfs does Usually you can mount -o nouser_xattr, which is wrongly documented as being reiserfs specific (which shows how widespread knowledge of this is...); alas this doesn't include btrfs which doesn't support nouser_xattr. I guess someone should implement it... The only other tool that logs the URL and (on recursive downloads) refer[r]er this way is wget, which got patched by Sean Burford (a Google employee) at the same time when this misfeature landed in Chrom{e,ium}. More interesting is the timing between this addition and the DNC hack, where the files are known to have been saved to an USB pen drive. This would explain the weird inclusion of refer[r]er, which has no obvious legitimate use but would often leak who downloaded the file (if a session was identified as an argument to the URL rather than a cookie). Most of us don't run around hacking a ruling party for a sinister russian agency -- but you do carry a phone, which get routinely seized, searched, or possibly even remotely accessed. Thus, if you have any files whose origin you'd prefer to stay private... Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ A dumb species has no way to open a tuna can. ⢿⡄⠘⠷⠚⠋⠀ A smart species invents a can opener. ⠈⠳⣄ A master species delegates. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare
I have been using Waterfox of late which is *supposed* to be stripping that sort of nonsense out. - Nate -- "The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true." Web: http://www.n0nb.us GPG key: D55A8819 GitHub: N0NB signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng