subject:"Re\: \[DNG\] Mozilla is at it again \- Firefox nightly sends all your hostname lookups to cloudflare"

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-04-01 Thread golinux

On 2018-04-01 11:24, Steve Litt wrote:

On Sun, 1 Apr 2018 16:29:23 +0200
Antony Stone  wrote:

On Sunday 01 April 2018 at 16:13:10, aitor_czr wrote:

> On 31/03/18 20:54, Rick Moen wrote:

> Where is Vladimir Karimov, one of the worst dictators of the world,
> fortunately dead?

[snip]

Secondly, what has the current resting place of a dead dictator got
to do with Open Source licensing and Red Hat copyrights?

Who's buried in Grant's Tomb?

SteveT
__

And what does any of this diversion have to do with firefox and 
cloudflare?

golinux
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-04-01 Thread Steve Litt

On Sun, 1 Apr 2018 16:29:23 +0200
Antony Stone  wrote:

> On Sunday 01 April 2018 at 16:13:10, aitor_czr wrote:
> 
> > On 31/03/18 20:54, Rick Moen wrote:

> > Where is Vladimir Karimov, one of the worst dictators of the world,
> > fortunately dead?  
> 
[snip]
> 
> Secondly, what has the current resting place of a dead dictator got
> to do with Open Source licensing and Red Hat copyrights?

Who's buried in Grant's Tomb?
 
SteveT

Steve Litt 
April 2018 featured book: Troubleshooting Techniques
 of the Successful Technologist
http://www.troubleshooters.com/techniques
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-04-01 Thread Rowland Penny

On Sun, 1 Apr 2018 17:39:35 +0200
aitor_czr  wrote:

> Hi,
> 
> On 01/04/18 16:29, Antony Stone wrote:
> > On Sunday 01 April 2018 at 16:13:10, aitor_czr wrote:
> >
> >> On 31/03/18 20:54, Rick Moen wrote:
> >>
> >>> Yes, and your point is?
> >> My point of view, you mean?
> >>
> >> By downloading CentOS software, you acknowledge that you
> >> understand all of the following: CentOS software and technical
> >> information may be subject to the U.S. Export Administration
> >> Regulations (the “EAR”) and other U.S. and foreign laws and may
> >> not be exported, re-exported or transferred (a) to a prohibited
> >> destination country under the EAR or U.S. sanctions regulations
> >> (currently Cuba, Iran, North Korea, Sudan, Syria, and the Crimea
> >> Region of Ukraine, subject to change as posted by the United
> >> States government)
> >>
> >> Where is Vladimir Karimov, one of the worst dictators of the world,
> >> fortunately dead?
> > I often, and certainly in this case, find obscure rhetorical
> > questions presented as part of an answer to a request for
> > clarification, to be more of a hindrance than a help.
> >
> > Firstly, I am not familiar with who Vladimir Karimov is, and a
> > Google / Wikipedia search has not helped me to find out.
> 
> You don't miss anything
> 
> > Secondly, what has the current resting place of a dead dictator got
> > to do with Open Source licensing and Red Hat copyrights?
> >
> > Please, when asked for clarification, try to provide a clear answer
> > instead of simply making statements prompting even more people to
> > wonder "what?"
> 
> I don't claim to be aggressive; i only whish to express that
> scientific projects (like Scientific Linux, based on CentOS, is
> presumed to be) should stay away from policy (and religions).
> 
>    Aitor.

I wish you would get your facts right ;-)

Scientific Linux is not based on Centos, it (like Centos) is based on
RHEL.

Rowland


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-04-01 Thread aitor_czr


Hi,

On 01/04/18 16:29, Antony Stone wrote:

On Sunday 01 April 2018 at 16:13:10, aitor_czr wrote:


On 31/03/18 20:54, Rick Moen wrote:


Yes, and your point is?

My point of view, you mean?

By downloading CentOS software, you acknowledge that you understand all
of the following: CentOS software and technical information may be
subject to the U.S. Export Administration Regulations (the “EAR”) and
other U.S. and foreign laws and may not be exported, re-exported or
transferred (a) to a prohibited destination country under the EAR or
U.S. sanctions regulations (currently Cuba, Iran, North Korea, Sudan,
Syria, and the Crimea Region of Ukraine, subject to change as posted by
the United States government)

Where is Vladimir Karimov, one of the worst dictators of the world,
fortunately dead?

I often, and certainly in this case, find obscure rhetorical questions
presented as part of an answer to a request for clarification, to be more of a
hindrance than a help.

Firstly, I am not familiar with who Vladimir Karimov is, and a Google /
Wikipedia search has not helped me to find out.


You don't miss anything


Secondly, what has the current resting place of a dead dictator got to do with
Open Source licensing and Red Hat copyrights?

Please, when asked for clarification, try to provide a clear answer instead of
simply making statements prompting even more people to wonder "what?"


I don't claim to be aggressive; i only whish to express that scientific 
projects (like Scientific Linux, based on CentOS, is presumed to be) 
should stay away from policy (and religions).


  Aitor.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-04-01 Thread Rick Moen

Quoting Antony Stone (antony.st...@devuan.open.source.it):

> Firstly, I am not familiar with who Vladimir Karimov is, and a Google
> / Wikipedia search has not helped me to find out.
> 
> Secondly, what has the current resting place of a dead dictator got to
> do with Open Source licensing and Red Hat copyrights?

I'm guessing he meant Islam Abduganiyevich Karimov, dictator of
Uzbekistan, who died in Tashkent (the capital) in 2016 after an
iron-fisted, very bloody, and generally terrifying 27-year rule.  He's
buried in his native Samarkand.  ;->

Perhaps aitor_czr noticed Uzbekistan being missing from the cited Export
Administration Regulations (EAR) prohibited-countries list.[1]  The EARs are
a long-running farce by which the US Department of Commerce's Bureau of
Industry and Security (BIS) (advised by the No Such Agency, Never Say
Anything, NSA people) pretend as if the rest of the planet can't and
doesn't originate strong crypto.

Because CentOS includes strong crypto and is a project based at least
nominally in the USA, the project make a ritual gesture towards
compliance with the EARs.  However, like other open source projects,
IIRC they take no actual measures whatsover to prevent countries deemed
naughty by the NSA^w Department of Commerce to download their software,
and merely make the ritual declaration that people in certain countries
'may not' download it, nosirree, nope.

[1] Why?  Perhaps in accordance with the old motto, 'There's no fuel
like an oil fuel.'  (Apologies to members of the international community
who might not get the pun.  The joke is a little idiomatic.)

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-04-01 Thread Antony Stone

On Sunday 01 April 2018 at 16:13:10, aitor_czr wrote:

> On 31/03/18 20:54, Rick Moen wrote:
>
> > Yes, and your point is?
>
> My point of view, you mean?
>
> By downloading CentOS software, you acknowledge that you understand all
> of the following: CentOS software and technical information may be
> subject to the U.S. Export Administration Regulations (the “EAR”) and
> other U.S. and foreign laws and may not be exported, re-exported or
> transferred (a) to a prohibited destination country under the EAR or
> U.S. sanctions regulations (currently Cuba, Iran, North Korea, Sudan,
> Syria, and the Crimea Region of Ukraine, subject to change as posted by
> the United States government)
> 
> Where is Vladimir Karimov, one of the worst dictators of the world,
> fortunately dead?

I often, and certainly in this case, find obscure rhetorical questions 
presented as part of an answer to a request for clarification, to be more of a 
hindrance than a help.

Firstly, I am not familiar with who Vladimir Karimov is, and a Google / 
Wikipedia search has not helped me to find out.

Secondly, what has the current resting place of a dead dictator got to do with 
Open Source licensing and Red Hat copyrights?

Please, when asked for clarification, try to provide a clear answer instead of 
simply making statements prompting even more people to wonder "what?"

Thanks,

Antony.

-- 
https://tools.ietf.org/html/rfc6890 - providing 16 million IPv4 addresses for 
talking to yourself.

   Please reply to the list;
 please *don't* CC me.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-04-01 Thread aitor_czr


Hi Rick,

On 31/03/18 20:54, Rick Moen wrote:

Quoting aitor_czr (aitor_...@gnuinos.org):

Scientific Linux is a CentOS based distribution,

Indeed, which in turn is an RHEL rebuild, with the result that they are
both RHEL rebuilds.  I'm thus really not sure what your point is.


But..., read here:

https://www.centos.org/legal/

Yes, and your point is?

My point of view, you mean?

By downloading CentOS software, you acknowledge that you understand all 
of the following: CentOS software and technical information may be 
subject to the U.S. Export Administration Regulations (the “EAR”) and 
other U.S. and foreign laws and may not be exported, re-exported or 
transferred (a) to a prohibited destination country under the EAR or 
U.S. sanctions regulations (currently Cuba, Iran, North Korea, Sudan, 
Syria, and the Crimea Region of Ukraine, subject to change as posted by 
the United States government)


Where is Vladimir Karimov, one of the worst dictators of the world, 
fortunately dead?


   Aitor.








___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-31 Thread Rick Moen

Quoting chillfan (chill...@protonmail.com):

> I've not paid attention to Red Hat since FC1, so I have no idea what
> the issues are there. That's a whole different can of worms anyway.

Well, if you wish to know, I _have_ documented the matter:
'RHEL ISOs' on http://linuxmafia.com/kb/Licensing_and_Law/

Also of possible interest:
Bestiary (doubtless somewhat out of date again) of known RHEL rebuilds:
'RHEL Forks' on http://linuxmafia.com/kb/RedHat/


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-31 Thread Rick Moen

Quoting aitor_czr (aitor_...@gnuinos.org):

> Scientific Linux is a CentOS based distribution,

Indeed, which in turn is an RHEL rebuild, with the result that they are
both RHEL rebuilds.  I'm thus really not sure what your point is.

> But..., read here:
> 
> https://www.centos.org/legal/

Yes, and your point is?

I was very peripherally involved with the CentOS Project (_very_
indirectly) when a blow-up happened where the webmaster freaked out
about a letter received from Red Hat Legal, making aggessive noises
concerning trademark policy and demanding that CentOS Project take a
bunch of further steps.  The webmaster on that occasion changed all 
CentOS Web pages to remove all mention of Red Hat's distribution by 
name, substituting (IIRC) the phrase 'a North American enterprise Linux
distribution'.  

It's very common for trademark stakeholders to issue unjustifiably
aggressive threat letters for reasons Cory Doctorow explains in an
article I link from the top of my own trademark-law article as an
excellent overview:
http://www.openp2p.com/pub/a/p2p/2003/08/14/trademarks.html


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-31 Thread chillfan

I've not paid attention to Red Hat since FC1, so I have no idea what the issues 
are there. That's a whole different can of worms anyway.

If someone is happy to rebrand then it's fine. Also I don't mean to put down 
derivatives, I just think a defacto replacement would work out best.

Thanks,

chillfan

‐‐‐ Original Message ‐‐‐

On March 31, 2018 5:14 PM, Rick Moen  wrote:

> Quoting chillfan (chill...@protonmail.com):
> 
> > I think it was important to point this situation out. If distributing
> > 
> > free software can potentially get you into a legal situation this
> > 
> > quickly, then it's just not worth the headache that follows.
> 
> So, you're saying that CentOS and Scientific Linux are not safe to
> 
> distribute? (I thought the problem with RHEL rebuilds is that they're
> 
> kind of, you know, Red Hattish. ;-> )
> 
> Dng mailing list
> 
> Dng@lists.dyne.org
> 
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-31 Thread aitor_czr


Hi Rick,

On 31/03/18 18:14, Rick Moen wrote:

Quoting chillfan (chill...@protonmail.com):


I think it was important to point this situation out. If distributing
free software can potentially get you into a legal situation this
quickly, then it's just not worth the headache that follows.

So, you're saying that CentOS and Scientific Linux are not safe to
distribute?  (I thought the problem with RHEL rebuilds is that they're
kind of, you know, Red Hattish.  ;->  )


Scientific Linux is a CentOS based distribution, i have a cdrom 
distributed by LINUX-MAGAZINE years ago including a wallpaper with an 
atom and also its electrons whirling around. Appearently, all in favour 
of the human knowlegde.


But..., read here:

https://www.centos.org/legal/

Cheers,

  Aitor.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-31 Thread Rick Moen

Quoting chillfan (chill...@protonmail.com):

> I think it was important to point this situation out. If distributing
> free software can potentially get you into a legal situation this
> quickly, then it's just not worth the headache that follows.

So, you're saying that CentOS and Scientific Linux are not safe to
distribute?  (I thought the problem with RHEL rebuilds is that they're
kind of, you know, Red Hattish.  ;->  )

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-31 Thread chillfan

I think it was important to point this situation out. If distributing free 
software can potentially get you into a legal situation this quickly, then it's 
just not worth the headache that follows.

IMHO..

The primary reason for searching for an alternative to firefox is not that it 
sucks but because they are no longer the banner for freedom we once enjoyed 
getting behind. That's actually what's really been missing here, which goes as 
far back to the ads in tabs (and DRM/EME) situation.

The only thing I can see working, is if developers are happy to remove features 
and stop rebasing most of their work on firefox and syncing up with their 
codebase. That and starting a project with a clear goal to protect user freedom 
and privacy.

Thanks,

chillfan

‐‐‐ Original Message ‐‐‐

On March 31, 2018 2:52 AM, Steve Litt  wrote:

[quote]

> But to me, vendors matter, and I won't use software
> 
> from somebody as douchatudenous as this guy. He makes Linus and Lennart
> 
> look like pleasant people.
> SteveT
> 
> Steve Litt

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-31 Thread Nate Bargmann

* On 2018 31 Mar 02:15 -0500, Didier Kryn wrote:
> Le 30/03/2018 à 16:28, Steve Litt a écrit :
> > Here's why I wouldn't use Palemoon if it were the last browser on earth:
> > 
> > https://github.com/jasperla/openbsd-wip/issues/86
> > 
> > By the way, a little research on USPTO shows they have no registered
> > trademark on "Palemoon". For somebody so lawyerly threatening, he sure
> > hasn't dotted his i's and crossed his t's.
> 
>     This sheds a bad light on the whole project, but maybe they're forced to
> do so because they inherit the source and the build system from
> Mozilla.

No, the bad light was shed by mattatobin opening the issue with the
Internet version of a punch to the nose rather than with a handshake.
The other stuff is tangential, IMO.

The issue may well have been resolved satisfactorily had mattatobin
taken a friendlier approach when he opened the issue.  Instead he
doubled down and the main developer didn't call him out so that reveals
a lot about the project developers.  Just like LP, this isn't a group I
would care to deal with as a packager.

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Web: http://www.n0nb.us  GPG key: D55A8819  GitHub: N0NB

signature.asc
Description: PGP signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-31 Thread Didier Kryn


Le 30/03/2018 à 16:28, Steve Litt a écrit :

On Thu, 29 Mar 2018 17:42:37 +0200
Jaromil  wrote:


hi Chillfan,

On Thu, 29 Mar 2018, Chillfan wrote:


I agree that a fork is needed, but I think this would be a whole
lot of work.

yes. forks are a LOT of work. Even Devuan, which I'd say is a
relatively easy fork, mostly needing work on the infrastructure and
testing and documentation side, was more demanding than expected.


If palemoon offered something akin to extended support releases it
would be a great candidate for that,

palemoon is stuck at "version 27" series of Firefox and in any case
its in the 2x series I doubt it can be brought up to 50 since the
codebase is rather different.

said that, I'm happy with palemoon, using always the latest stable
release tagged on the git tree, compiling it myself on Devuan and then
github.com/dyne/tinfoil for sandboxing. here the mozconfig I use,
please note I do not disable pulseaudio or dbus, because that gives
problems, yet I do not use pulseaudio (but I do use dbus...)

Here's why I wouldn't use Palemoon if it were the last browser on earth:

https://github.com/jasperla/openbsd-wip/issues/86

By the way, a little research on USPTO shows they have no registered
trademark on "Palemoon". For somebody so lawyerly threatening, he sure
hasn't dotted his i's and crossed his t's.


    This sheds a bad light on the whole project, but maybe they're 
forced to do so because they inherit the source and the build system 
from Mozilla.


    Anyway, you're normally don't want the distributed package because 
it  depends on things you don't want, like Dbus and Pulseaudio. So just 
download the source from the official website and build with the config 
you like. Don't "distribute" the binary and forget the licensing crap.


        Didier

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Hendrik Boom

On Fri, Mar 30, 2018 at 07:42:49PM -0700, Rick Moen wrote:
> 
> Certainly your privilege -- but, to just by your bellyaching, you'd
> think it was difficult to just substitute a slightly different name
> and logo, which it's not.

You have to specify a specific option in order *not* to substitute 
a different name.

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Rick Moen

Quoting Steve Litt (sl...@troubleshooters.com):

> I gotta show these guys *everything*...

It's worse than that:  If you want us to understand that you did a
trademark search not just at USPTO but also at EUIPO, Canadian
Intellectual Property Office, India Trade Marks Registry, WIPO, CIPC,
China Trademark Office, and all the other significant registries, even
though you mentioned _only_ 'a little research on USPTO', you gotta
teach us mind-reading.

It would also be handy if you comprehended that a common-law trademark 
is a perfectly valid trademark, and that many significant and legally
strong trademarks are that way without registration.

Which should not be surprising to anyone who's also studied copyright
law.  Even though copyrights and trademarks are different fish, the
concept of a valid ownership claim without registration should be
familiar from basic knowledge of either area of law.

> So still, as far as I can research, Straver ain't got squat.
[...]
> Did you notice how I phrased my original assertion? I said:

I gotta show this guy *everything*.

A common-law trademark is not just 'some level of protection under
the law'.  It's an actual trademark.

You should read more (or perhaps read better) before speaking, Steve.

> We also both know that registered marks are easier to defend and more
> likely to have draw substantial monetary damages upon finding of
> infringement than common law marks.

Actually, the only difference in legal systems I'm familiar with (sadly,
that's mostly the USA, though I'm trying to do some readings about other
national arrangements) is that (1) a registered trademark has much wider
geographic scope, and (2) registration consitutes 'constructive notice' 
to infringers that plaintiff otherwise must show through explicit
measures.

 The day I see Google and Amazon
> depending on common law marks, I'll give M.C. Straver a little more
> credit.

They doubtless do through many minor marks if only because it's not
dawned on them to spend $330/decade (or whatever it is now) to keep
those registered.

But, sorry, your ignorance cannot be excused by 'I don't see the big
boys doing this' for many reasons including the extablishment of such a
mark being not an action you can 'see' but rather something that arises
automatically through using a mark in business.

 
> Absolutely true. But to me, vendors matter, and I won't use software
> from somebody as douchatudenous as this guy. He makes Linus and Lennart
> look like pleasant people.

Certainly your privilege -- but, to just by your bellyaching, you'd
think it was difficult to just substitute a slightly different name
and logo, which it's not.  You may not like the guy's business model,
but it's a perfectly valid and compliant open source one, that happens
to be, FWIW, the same as Red Hat's.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Steve Litt

On Fri, 30 Mar 2018 13:36:05 -0700
Rick Moen  wrote:

> Quoting Steve Litt (sl...@troubleshooters.com):
> 
> > Here's why I wouldn't use Palemoon if it were the last browser on
> > earth: https://github.com/jasperla/openbsd-wip/issues/86
> > 
> > By the way, a little research on USPTO shows they have no registered
> > trademark on "Palemoon". For somebody so lawyerly threatening, he
> > sure hasn't dotted his i's and crossed his t's.  
> 
> 1.  Are you aware that there are a number of other commercially
> significant trademark registries aside from USPTO?  FWIW, lead
> developer M.C. Straver appears to be in the Netherlands.  So, for
> example, the first place to look for relevant trademark registrations
> would be the European Union Intellectual Property Office, not USPTO.

I gotta show these guys *everything*...

Months ago I did a big old search, and not just on USPTO, to find
registered marks for "pale moon" or "palemoon". Nothing applicable. But
what the heck, I went on EUIPO, did both searches, widest possible
search, and the only text marks called "palemoon" or "pale moon" were
for Coors Brewery and one other brewery. So still, as far as I can
research, Straver ain't got squat.

> 
> (Don't be another one of those 'Murricans who embarrass me by
> implicitly assuming that nothing outside the USA counts.  Tusen takk,
> venn.)

But in this case it appears the Murrican was right.

> 
> 2.  Please, before addressing these subjects again, make sure you
> understand the concept of common-law trademark, which it's obvious you
> currently do not.
> https://www.bitlaw.com/trademark/common.html

Did you notice how I phrased my original assertion? I said:

 ==
 By the way, a little research on USPTO shows they have no
 registered trademark on "Palemoon". For somebody so lawyerly
 threatening, he sure hasn't dotted his i's and crossed his t's.
 ==

I didn't say he doesn't have some level of protection under the law: I
said that for a guy talking all that shit, he comes up short backing it
up. 

We also both know that registered marks are easier to defend and more
likely to have draw substantial monetary damages upon finding of
infringement than common law marks. The day I see Google and Amazon
depending on common law marks, I'll give M.C. Straver a little more
credit. But as of now, I see him as one of these guys who intimidates
with references to his AK-47 and grenades and rocket launchers, but when
it's time to produce, all he's got is a 2 inch pocket knife.

[snip]

> 
> It's somewhat painful to see Linux users blunder into this subject 
> repeatedly and make elementary gaffes like assuming that a trademark
> has no force if not evidenced by a current 10-year registration at
> USPTO.

That was not my assumption. Please reread my post.

> 
> As an aside, if anyone wished to sidestep M.C. Straver's
> trademark-based encumbrances entirely, it would more than suffice to
> use a slightly different name and logo / trade-dress stylings.  

Absolutely true. But to me, vendors matter, and I won't use software
from somebody as douchatudenous as this guy. He makes Linus and Lennart
look like pleasant people.

> So, why waste time ranting against Straver
> being possessive about his branding, when the branding is in no way
> essential to the codebase?  Isn't that a waste of your and everyone
> else's time, Steve?

What time? My original post was 308 characters; 46 words. 308
characters to say why Palemoon will never contaminate my computer.

SteveT

Steve Litt 
April 2018 featured book: Troubleshooting Techniques
 of the Successful Technologist
http://www.troubleshooters.com/techniques
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread aitor_czr



On 30/03/18 22:36, Rick Moen wrote:

And, for gosh sakes, spend a few minutes to learn some real trademark
law, already.  Please.


People fork the mozilla browser due to its legal restrictions (i think); 
so, referring to palemoon, where is the sense of forking it applying 
similar restrictions?


  Aitor.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Rick Moen

Quoting Steve Litt (sl...@troubleshooters.com):

> Here's why I wouldn't use Palemoon if it were the last browser on earth:
> https://github.com/jasperla/openbsd-wip/issues/86
> 
> By the way, a little research on USPTO shows they have no registered
> trademark on "Palemoon". For somebody so lawyerly threatening, he sure
> hasn't dotted his i's and crossed his t's.

1.  Are you aware that there are a number of other commercially
significant trademark registries aside from USPTO?  FWIW, lead developer
M.C. Straver appears to be in the Netherlands.  So, for example, the 
first place to look for relevant trademark registrations would be the
European Union Intellectual Property Office, not USPTO.

(Don't be another one of those 'Murricans who embarrass me by implicitly
assuming that nothing outside the USA counts.  Tusen takk, venn.)

2.  Please, before addressing these subjects again, make sure you
understand the concept of common-law trademark, which it's obvious you
currently do not.
https://www.bitlaw.com/trademark/common.html

In case they are useful, here are a set of notes about trademark law I
compiled while spearheading _Linux Gazette's_ (successful) trademark 
dispute against the magazine's former Web host, SSC, Inc. (then the
publisher of _Linux Journal_:

http://linuxmafia.com/faq/Licensing_and_Law/trademark-law.html
http://linuxmafia.com/faq/Licensing_and_Law/trademark-law.add

It's somewhat painful to see Linux users blunder into this subject 
repeatedly and make elementary gaffes like assuming that a trademark
has no force if not evidenced by a current 10-year registration at
USPTO.

As an aside, if anyone wished to sidestep M.C. Straver's trademark-based
encumbrances entirely, it would more than suffice to use a slightly
different name and logo / trade-dress stylings.  (This is what the
CentOS Project does, along with other RHEL rebuilds such as Scientific
Linux).  So, why waste time ranting against Straver being possessive
about his branding, when the branding is in no way essential to the
codebase?  Isn't that a waste of your and everyone else's time, Steve?

And, for gosh sakes, spend a few minutes to learn some real trademark
law, already.  Please.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Antony Stone

On Friday 30 March 2018 at 21:39:14, Hendrik Boom wrote:

> On Fri, Mar 30, 2018 at 10:28:00AM -0400, Steve Litt wrote:
>
> > Here's why I wouldn't use Palemoon if it were the last browser on earth:
> > 
> > https://github.com/jasperla/openbsd-wip/issues/86
> 
> Is there another name that palemoon could be called?

Of course - we could call it anything we like - they even include "default 
branding" in their source tree, and anyone's free to use that if they don't 
want to develop their own (I've not looked at it, I have no idea how appealing 
it is).

The main question is whether anyone wants to support / encourage / depend 
upstream on a developer group with those attitudes to packagers.

Okay, licensing and trademarks are important, but there are ways of asking 
people to play nicely and there are ways of setting the dogs on them at first 
opportunity...

Antony.

-- 
"Measuring average network latency is about as useful as measuring the mean 
temperature of patients in a hospital."

 - Stéphane Bortzmeyer

   Please reply to the list;
 please *don't* CC me.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Hendrik Boom

On Fri, Mar 30, 2018 at 10:28:00AM -0400, Steve Litt wrote:
> On Thu, 29 Mar 2018 17:42:37 +0200
> Jaromil  wrote:
> 
> > hi Chillfan,
> > 
> > On Thu, 29 Mar 2018, Chillfan wrote:
> > 
> > > I agree that a fork is needed, but I think this would be a whole
> > > lot of work.  
> > 
> > yes. forks are a LOT of work. Even Devuan, which I'd say is a
> > relatively easy fork, mostly needing work on the infrastructure and
> > testing and documentation side, was more demanding than expected.
> > 
> > > If palemoon offered something akin to extended support releases it
> > > would be a great candidate for that,  
> > 
> > palemoon is stuck at "version 27" series of Firefox and in any case
> > its in the 2x series I doubt it can be brought up to 50 since the
> > codebase is rather different.
> > 
> > said that, I'm happy with palemoon, using always the latest stable
> > release tagged on the git tree, compiling it myself on Devuan and then
> > github.com/dyne/tinfoil for sandboxing. here the mozconfig I use,
> > please note I do not disable pulseaudio or dbus, because that gives
> > problems, yet I do not use pulseaudio (but I do use dbus...)
> 
> Here's why I wouldn't use Palemoon if it were the last browser on earth:
> 
> https://github.com/jasperla/openbsd-wip/issues/86
> 
> By the way, a little research on USPTO shows they have no registered
> trademark on "Palemoon". For somebody so lawyerly threatening, he sure
> hasn't dotted his i's and crossed his t's.
> 
> SteveT
> 
> Steve Litt 
> April 2018 featured book: Troubleshooting Techniques
>  of the Successful Technologist
> http://www.troubleshooters.com/techniques
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Is there another name that palemoon could be called?

-- hendrik

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread aitor_czr


Hi,

On 2018 30 Mar 09:29 -0500, Steve Litt wrote:

Here's why I wouldn't use Palemoon if it were the last browser on earth:

https://github.com/jasperla/openbsd-wip/issues/86
After reading the discussion, makes me want to remove Pale Moon from 
gnuinos. What about Abrowser, Trisquel's version of Mozilla with the 
trademarked logos replaced?

Trisquel devs have preferred Abrowser// over IceCat.

   Aitor.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Nate Bargmann

* On 2018 30 Mar 09:29 -0500, Steve Litt wrote:
> Here's why I wouldn't use Palemoon if it were the last browser on earth:
> 
> https://github.com/jasperla/openbsd-wip/issues/86

Thanks, Steve.  I'm off to remove it from my laptop.

I guess they just set themselves up as a "routing problem".  Good show,
nerds, you've just shown the world how NOT to resolve issues/disputes.

> By the way, a little research on USPTO shows they have no registered
> trademark on "Palemoon". For somebody so lawyerly threatening, he sure
> hasn't dotted his i's and crossed his t's.

Are they based in the US?  Have they made such application in the EU or
other jurisdiction?

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Web: http://www.n0nb.us  GPG key: D55A8819  GitHub: N0NB

signature.asc
Description: PGP signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread chillfan

That's interesting. Perhaps it was best I didn't get palemoon building 
correctly, I was under the impression they had changed to a more friendly 
approach with their official branding.

So that would make Palemoon builds even more difficult there.

Thanks,

chillfan

‐‐‐ Original Message ‐‐‐

On March 30, 2018 3:28 PM, Steve Litt  wrote:

> Here's why I wouldn't use Palemoon if it were the last browser on earth:
> 
> https://github.com/jasperla/openbsd-wip/issues/86
> 
> By the way, a little research on USPTO shows they have no registered
> 
> trademark on "Palemoon". For somebody so lawyerly threatening, he sure
> 
> hasn't dotted his i's and crossed his t's.
> 
> SteveT
> 
> Steve Litt

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Steve Litt

On Thu, 29 Mar 2018 17:42:37 +0200
Jaromil  wrote:

> hi Chillfan,
> 
> On Thu, 29 Mar 2018, Chillfan wrote:
> 
> > I agree that a fork is needed, but I think this would be a whole
> > lot of work.  
> 
> yes. forks are a LOT of work. Even Devuan, which I'd say is a
> relatively easy fork, mostly needing work on the infrastructure and
> testing and documentation side, was more demanding than expected.
> 
> > If palemoon offered something akin to extended support releases it
> > would be a great candidate for that,  
> 
> palemoon is stuck at "version 27" series of Firefox and in any case
> its in the 2x series I doubt it can be brought up to 50 since the
> codebase is rather different.
> 
> said that, I'm happy with palemoon, using always the latest stable
> release tagged on the git tree, compiling it myself on Devuan and then
> github.com/dyne/tinfoil for sandboxing. here the mozconfig I use,
> please note I do not disable pulseaudio or dbus, because that gives
> problems, yet I do not use pulseaudio (but I do use dbus...)

Here's why I wouldn't use Palemoon if it were the last browser on earth:

https://github.com/jasperla/openbsd-wip/issues/86

By the way, a little research on USPTO shows they have no registered
trademark on "Palemoon". For somebody so lawyerly threatening, he sure
hasn't dotted his i's and crossed his t's.

SteveT

Steve Litt 
April 2018 featured book: Troubleshooting Techniques
 of the Successful Technologist
http://www.troubleshooters.com/techniques
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Chillfan

I believe so as well, but if I remember the build dependencies given in Steve 
Pussers sources require and fetch (apt-get build-dep) gcc-4.9 so it may be 
right that 4.9 is needed, or it should be built on Jessie. That might be why I 
was having issues with stability.

Thanks,

chillfan

‐‐‐ Original Message ‐‐‐

On March 30, 2018 10:40 AM, aitor_czr  wrote:

> Hi Hendrik,
> 
> On 30/03/18 11:25, Hendrik Boom wrote:
> 
> > What happens with later versions of gcc?  fails to build, or fails 
> > to function when built?
> 
> There are deb packages for debian 
> 9:https://software.opensuse.org/download.html?project=home:stevenpusser=palemoonSo,
>  palemoon should work on ascii.Cheers,  Aitor.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Dr. Nikolaus Klepp

Am Donnerstag, 29. März 2018 schrieb Tomasz Torcz ️:
> On Wed, Mar 28, 2018 at 02:42:53AM +0200, Adam Borowski wrote:
> > On Tue, Mar 27, 2018 at 05:43:15PM -0400, taii...@gmx.com wrote:
> > > https://www.theregister.co.uk/2018/03/20/mozilla_firefox_test_of_privacy_mechanism_prompts_privacy_worries/
> > > 
> > > Mozilla sucks these days - they pay zero attention to the issue of
> > > browser fingerprinting and keep sending users data to other parties via
> > > bogus "opt out" "research" studies.
> > > 
> > > "Oh but you can opt-out"
> > > Assuming you even know about it in the first place - and what? you need
> > > to opt-out of probably thousands of bad things in your life which makes
> > > such a policy absolute bullshit.
> > 
> > The only saving grace is that they do this tracking on a test group.  On the
> > other hand, Chromium saves both the URL and refer[r]er of every downloaded
> > file using an user-namespace xattr, a little-known feature implemented by
> > most filesystems (not tmpfs, if you use /tmp for testing :p).  Even in its
> > "incognito mode" that's not supposed to log anything.
> 
>   I though most popular download tools do that? Chromium for at least
>   six years: https://bugs.chromium.org/p/chromium/issues/detail?id=45903
> 
>   Curl for 8 years: 
> https://github.com/curl/curl/blob/master/src/tool_xattr.c#L55
> 
>   Wget: https://fossies.org/linux/wget/src/xattr.c#60
> 
>   Plasma desktop:
>   
> https://api.kde.org/frameworks/kfilemetadata/html/usermetadata_8cpp_source.html#127
> 
>   Even Fedora already obsoleted Yum:
>   
> http://yum.baseurl.org/gitweb?p=urlgrabber.git;a=blob;f=urlgrabber/grabber.py#l1775
> 
>   And, according to this, Microsoft Skype:
>   http://blog.manton.im/2017/02/working-with-extended-attributes-in.html
> 
>   Firefox is lagging:
>   https://bugzilla.mozilla.org/show_bug.cgi?id=665531
> 
>   I consider it standard in GNU/Linux (for years!), so why bring it up now?
> 

Well, I did not know about the misuse of xattr to do stuff like that (but I 
always ensure xattr are disabled). In times of "lawful inspection" this is an 
absolute no-go.

Nik


-- 
Please do not email me anything that you are not comfortable also sharing with 
the NSA, CIA ...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Didier Kryn


Le 30/03/2018 à 11:40, aitor_czr a écrit :


Hi Hendrik,

On 30/03/18 11:25, Hendrik Boom wrote:

What happens with later versions of gcc?  fails to build, or fails
to function when built?

There are deb packages for debian 9:

https://software.opensuse.org/download.html?project=home:stevenpusser=palemoon

So, palemoon should work on ascii.


    It does. I run it all the time, but mine was built on Jessie.

    The version on opensuse is with pulseaudio.

        Didier

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread aitor_czr


Hi Hendrik,

On 30/03/18 11:25, Hendrik Boom wrote:

What happens with later versions of gcc?  fails to build, or fails
to function when built?

There are deb packages for debian 9:

https://software.opensuse.org/download.html?project=home:stevenpusser=palemoon

So, palemoon should work on ascii.

Cheers,

  Aitor.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Didier Kryn


Le 30/03/2018 à 11:25, Hendrik Boom a écrit :

On Fri, Mar 30, 2018 at 09:30:48AM +0200, Didier Kryn wrote:


     Palemoon is also stuck with gcc-4.9. The documentation says that and
discourages trying to build it with versions newer than GCC-5.3 AFAIR.
I've built it on Jessie (without PA) and copied the binary to ASCII with
no problem. Also I've kept gcc-4.9 on ASCII in case I need to re-build it.
This restriction to a very short range of versions of GCC leads me to
think there are some insanities in either the build system or the code
itself. Insanities most probably inherited from Firefox.

What happens with later versions of gcc?  fails to build, or fails
to function when built?


    Didn't try. I guess at least it fails to build.

            Didier

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Hendrik Boom

On Fri, Mar 30, 2018 at 09:30:48AM +0200, Didier Kryn wrote:

> 
>     Palemoon is also stuck with gcc-4.9. The documentation says that and
> discourages trying to build it with versions newer than GCC-5.3 AFAIR.
> I've built it on Jessie (without PA) and copied the binary to ASCII with
> no problem. Also I've kept gcc-4.9 on ASCII in case I need to re-build it.
> This restriction to a very short range of versions of GCC leads me to
> think there are some insanities in either the build system or the code
> itself. Insanities most probably inherited from Firefox.

What happens with later versions of gcc?  fails to build, or fails 
to function when built? 

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-30 Thread Didier Kryn


Le 29/03/2018 à 17:42, Jaromil a écrit :


palemoon is stuck at "version 27" series of Firefox and in any case
its in the 2x series I doubt it can be brought up to 50 since the
codebase is rather different.

said that, I'm happy with palemoon, using always the latest stable
release tagged on the git tree, compiling it myself on Devuan and then
github.com/dyne/tinfoil for sandboxing. here the mozconfig I use,
please note I do not disable pulseaudio or dbus, because that gives
problems, yet I do not use pulseaudio (but I do use dbus...)


export MOZILLA_OFFICIAL=1
mk_add_options AUTOCLOBBER=1
mk_add_options MOZ_CO_PROJECT=browser
ac_add_options --enable-application=browser
mk_add_options MOZ_OBJDIR=`pwd`/pmbuild
ac_add_options --enable-jemalloc
ac_add_options --enable-jemalloc-lib
# ac_add_options --disable-dbus
ac_add_options --disable-gstreamer
ac_add_options --enable-alsa
ac_add_options --disable-oss
ac_add_options --enable-pulseaudio
ac_add_options --disable-necko-wifi
ac_add_options --enable-official-branding
ac_add_options --disable-installer
ac_add_options --disable-updater
ac_add_options --disable-tests
ac_add_options --disable-debug
ac_add_options --disable-mochitest
ac_add_options --with-pthreads
ac_add_options --enable-strip
ac_add_options --enable-optimize="-O2 -march=native -pipe"



    Palemoon is also stuck with gcc-4.9. The documentation says that 
and discourages trying to build it with versions newer than GCC-5.3 
AFAIR. I've built it on Jessie (without PA) and copied the binary to 
ASCII with no problem. Also I've kept gcc-4.9 on ASCII in case I need to 
re-build it. This restriction to a very short range of versions of GCC 
leads me to think there are some insanities in either the build system 
or the code itself. Insanities most probably inherited from Firefox.


    Didier

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-29 Thread Tomasz Torcz ️

On Wed, Mar 28, 2018 at 02:42:53AM +0200, Adam Borowski wrote:
> On Tue, Mar 27, 2018 at 05:43:15PM -0400, taii...@gmx.com wrote:
> > https://www.theregister.co.uk/2018/03/20/mozilla_firefox_test_of_privacy_mechanism_prompts_privacy_worries/
> > 
> > Mozilla sucks these days - they pay zero attention to the issue of
> > browser fingerprinting and keep sending users data to other parties via
> > bogus "opt out" "research" studies.
> > 
> > "Oh but you can opt-out"
> > Assuming you even know about it in the first place - and what? you need
> > to opt-out of probably thousands of bad things in your life which makes
> > such a policy absolute bullshit.
> 
> The only saving grace is that they do this tracking on a test group.  On the
> other hand, Chromium saves both the URL and refer[r]er of every downloaded
> file using an user-namespace xattr, a little-known feature implemented by
> most filesystems (not tmpfs, if you use /tmp for testing :p).  Even in its
> "incognito mode" that's not supposed to log anything.

  I though most popular download tools do that? Chromium for at least
  six years: https://bugs.chromium.org/p/chromium/issues/detail?id=45903

  Curl for 8 years: 
https://github.com/curl/curl/blob/master/src/tool_xattr.c#L55

  Wget: https://fossies.org/linux/wget/src/xattr.c#60

  Plasma desktop:
  
https://api.kde.org/frameworks/kfilemetadata/html/usermetadata_8cpp_source.html#127

  Even Fedora already obsoleted Yum:
  
http://yum.baseurl.org/gitweb?p=urlgrabber.git;a=blob;f=urlgrabber/grabber.py#l1775

  And, according to this, Microsoft Skype:
  http://blog.manton.im/2017/02/working-with-extended-attributes-in.html

  Firefox is lagging:
  https://bugzilla.mozilla.org/show_bug.cgi?id=665531

  I consider it standard in GNU/Linux (for years!), so why bring it up now?

-- 
Tomasz TorczTo co nierealne -- tutaj jest normalne.
xmpp: zdzich...@chrome.pl  Ziomale na życie mają tu patenty specjalne.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-29 Thread Chillfan

I suspect if I tried building from palemoon sources, it might be easier to 
figure that out (I will try with your mozconfig some time). In any case Steve 
Pussers builds seem to work reliably and are regularly updated, which makes it 
easy.

The issue I think is when you don't use dbus or pulse, etc but still have the 
support. But I don't think it's good to remove those in a standard built meant 
for everyone.

Interestingly someone pointed to an issue where dbus support would use a lot of 
resources in conjunction with libsdl2 if the dbus daemon isn't available but 
the support library is. So this might be a good reason why someone would want 
to build their own at times.

@hendrik 

I agree that does improve the situation a little bit. I think it would be great 
if there was more of a "hard" fork or more collaboration though.

Afaik the only one removing EME altogether is icecat. I think a tweaked build 
of that would be interesting.

Thanks,

chillfan

On March 29, 2018 4:42 PM, Jaromil  wrote:

> hi Chillfan,
> 
> On Thu, 29 Mar 2018, Chillfan wrote:
> 
> > I agree that a fork is needed, but I think this would be a whole lot of 
> > work.
> 
> yes. forks are a LOT of work. Even Devuan, which I'd say is a
> 
> relatively easy fork, mostly needing work on the infrastructure and
> 
> testing and documentation side, was more demanding than expected.
> 
> > If palemoon offered something akin to extended support releases it
> > 
> > would be a great candidate for that,
> 
> palemoon is stuck at "version 27" series of Firefox and in any case
> 
> its in the 2x series I doubt it can be brought up to 50 since the
> 
> codebase is rather different.
> 
> said that, I'm happy with palemoon, using always the latest stable
> 
> release tagged on the git tree, compiling it myself on Devuan and then
> 
> github.com/dyne/tinfoil for sandboxing. here the mozconfig I use,
> 
> please note I do not disable pulseaudio or dbus, because that gives
> 
> problems, yet I do not use pulseaudio (but I do use dbus...)
> 
> export MOZILLA_OFFICIAL=1
> 
> mk_add_options AUTOCLOBBER=1
> 
> mk_add_options MOZ_CO_PROJECT=browser
> 
> ac_add_options --enable-application=browser
> 
> mk_add_options MOZ_OBJDIR=`pwd`/pmbuild
> 
> ac_add_options --enable-jemalloc
> 
> ac_add_options --enable-jemalloc-lib
> 
> ac_add_options --disable-dbus
> =
> 
> ac_add_options --disable-gstreamer
> 
> ac_add_options --enable-alsa
> 
> ac_add_options --disable-oss
> 
> ac_add_options --enable-pulseaudio
> 
> ac_add_options --disable-necko-wifi
> 
> ac_add_options --enable-official-branding
> 
> ac_add_options --disable-installer
> 
> ac_add_options --disable-updater
> 
> ac_add_options --disable-tests
> 
> ac_add_options --disable-debug
> 
> ac_add_options --disable-mochitest
> 
> ac_add_options --with-pthreads
> 
> ac_add_options --enable-strip
> 
> ac_add_options --enable-optimize="-O2 -march=native -pipe"
> 
> ciao

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-29 Thread Jaromil

hi Chillfan,

On Thu, 29 Mar 2018, Chillfan wrote:

> I agree that a fork is needed, but I think this would be a whole lot of work.

yes. forks are a LOT of work. Even Devuan, which I'd say is a
relatively easy fork, mostly needing work on the infrastructure and
testing and documentation side, was more demanding than expected.

> If palemoon offered something akin to extended support releases it
> would be a great candidate for that,

palemoon is stuck at "version 27" series of Firefox and in any case
its in the 2x series I doubt it can be brought up to 50 since the
codebase is rather different.

said that, I'm happy with palemoon, using always the latest stable
release tagged on the git tree, compiling it myself on Devuan and then
github.com/dyne/tinfoil for sandboxing. here the mozconfig I use,
please note I do not disable pulseaudio or dbus, because that gives
problems, yet I do not use pulseaudio (but I do use dbus...)

export MOZILLA_OFFICIAL=1
mk_add_options AUTOCLOBBER=1
mk_add_options MOZ_CO_PROJECT=browser
ac_add_options --enable-application=browser
mk_add_options MOZ_OBJDIR=`pwd`/pmbuild
ac_add_options --enable-jemalloc
ac_add_options --enable-jemalloc-lib
# ac_add_options --disable-dbus
ac_add_options --disable-gstreamer
ac_add_options --enable-alsa
ac_add_options --disable-oss
ac_add_options --enable-pulseaudio
ac_add_options --disable-necko-wifi
ac_add_options --enable-official-branding
ac_add_options --disable-installer
ac_add_options --disable-updater
ac_add_options --disable-tests
ac_add_options --disable-debug
ac_add_options --disable-mochitest
ac_add_options --with-pthreads
ac_add_options --enable-strip
ac_add_options --enable-optimize="-O2 -march=native -pipe"

ciao

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-29 Thread Hendrik Boom

On Thu, Mar 29, 2018 at 06:32:44AM -0400, Chillfan wrote:
> 
> A lot of times a forks fall short of taking care of everything, 
sometimes features are built but disabled by default (which is not 
much better than disabling it yourself).

It's a lot better than having to disable the feature yourself and 
not being aware it's there.

-- hendrik

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-29 Thread Chillfan

I agree that a fork is needed, but I think this would be a whole lot of work.

IMHO, it's not enough to just disable features by default or have good 
defaults. The fact they are there to begin with is a similar argument as with 
systemd - we don't want to install these features to begin with, and want a 
smaller browser.

There's a lot of things that should/could be removed - pocket, ebook mode, ads 
in tabs, dbus support, aspell hard dependency (in packages) and especially EME 
features, google safe browsing, health reporting, etc.

A lot of times a forks fall short of taking care of everything, sometimes 
features are built but disabled by default (which is not much better than 
disabling it yourself). AFAIK there's no general purpose fork that takes care 
of *all* the freedom and bloat issues.

If palemoon offered something akin to extended support releases it would be a 
great candidate for that, as it would be suitable for Devuan stable releases. 
From there it would be easy to offer an alternative build from the same source 
package, without some of the stuff we don't like.

I tried building my own palemoon packages recently from Steve Pussers sources, 
and was able to disable dbus and pulse support very easily but sadly my builds 
were very unstable.

Thanks,

chillfan

‐‐‐ Original Message ‐‐‐

On March 27, 2018 10:43 PM, taii...@gmx.com  wrote:

> "Oh but you can opt-out"
> 
> Assuming you even know about it in the first place - and what? you need
> 
> to opt-out of probably thousands of bad things in your life which makes
> 
> such a policy absolute bullshit.
> 
> "If it was opt-in no one would do it and therefo-"
> 
> Yeah no shit - because no one really wants their data collected

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-28 Thread Rick Moen

Quoting Adam Borowski (kilob...@angband.pl):

> Support in filesystem varies:
> * ext{2,3,4}, xfs, btrfs, reiserfs, f2fs, ..., do
> * tmpfs doesn't
> * vfat doesn't on Linux but (reportedly) does on Windows
> * ntfs does

> Usually you can mount -o nouser_xattr, which is wrongly documented as being
> reiserfs specific (which shows how widespread knowledge of this is...); alas
> this doesn't include btrfs which doesn't support nouser_xattr.  I guess
> someone should implement it...

Also, tune2fs can disable the option inside the filesystem for ext{2,3,4},
e.g.:

tune2fs -O ^user_xattr /dev/sda1

There's also as you say, a nouser_xattr option for mount(8) that works
for some FSes.


For XFS and JFS, I see no facility for disabling it either using tune2fs
analogues (e.g., xfs_admin) or as mount(8) options.   

reiserfs, SRSLY?  ;->  man mount(8) mentions a user_xttr option but 
one to disable it is not mentioned in the manpage I examined.

btrfs, no clue, sorry.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-28 Thread John Morris

On Wed, 2018-03-28 at 02:42 +0200, Adam Borowski wrote:

> More interesting is the timing between this addition and the DNC hack, where
> the files are known to have been saved to an USB pen drive.  This would
> explain the weird inclusion of refer[r]er, which has no obvious legitimate
> use but would often leak who downloaded the file (if a session was
> identified as an argument to the URL rather than a cookie).

Looks older:
https://bugs.chromium.org/p/chromium/issues/detail?id=45903

So if Seth Rich used Chrome, it might have incriminated him.  If someone
got the physical flash drive he was using.  Or he uploaded a .tar file
that preserved the extended attributes?  But the 4chan spergs who went
over the DNC Leaks would have noticed something that big.

And it gets better:
https://www.freedesktop.org/wiki/CommonExtendedAttributes/

I swear, these people are a menace.   According to the same madmen who
gave us the modern desktops this isn't a security problem, a privacy
violation or even a bug.  It is a feature.

According to that bug, this started on Mac and was added to the Linux
version.  No note saying it was added to Windows.  If anyone still runs
that legacy security nightmare, it would be good to know if it has or
doesn't have this anti-feature.

signature.asc
Description: This is a digitally signed message part
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-27 Thread Adam Borowski

On Tue, Mar 27, 2018 at 05:43:15PM -0400, taii...@gmx.com wrote:
> https://www.theregister.co.uk/2018/03/20/mozilla_firefox_test_of_privacy_mechanism_prompts_privacy_worries/
> 
> Mozilla sucks these days - they pay zero attention to the issue of
> browser fingerprinting and keep sending users data to other parties via
> bogus "opt out" "research" studies.
> 
> "Oh but you can opt-out"
> Assuming you even know about it in the first place - and what? you need
> to opt-out of probably thousands of bad things in your life which makes
> such a policy absolute bullshit.

The only saving grace is that they do this tracking on a test group.  On the
other hand, Chromium saves both the URL and refer[r]er of every downloaded
file using an user-namespace xattr, a little-known feature implemented by
most filesystems (not tmpfs, if you use /tmp for testing :p).  Even in its
"incognito mode" that's not supposed to log anything.

Note that no tool displays the presence of user-namespace xattrs during
normal use, and to specifically query them, you need a tool that's not
installed by default (either getfattr from package "attr" or xattr from
package by that name).

Usually, when you hear about xattrs, it's because of file capabilities or
selinux labels, that's why most file manipulation programs either copy
xattrs by default or can be told to do so.  If you don't know what I'm
talking about, run: ｢getcap -r /bin /sbin /usr｣ (it's a safer version of
the setuid bit that grants only limited capabilities, so if someone suborns
eg. /bin/ping, the attacker obtains only use of raw sockets instead of full
root escalation).  For this reason, most sysadmins are told to give -X to
rsync.

Some tools copy xattrs, some don't:
* cp doesn't unless you say --preserve=xattr
* mv does
* rsync only with -X (but it's needed for caps)
* mc doesn't
* tar saves but doesn't restore unless with --xattrs (and you can
  --xattrs-exclude='^user.')
Obviously though, lack of such support doesn't help if you save the file
directly to its final destination, which you usually do.

Support in filesystem varies:
* ext{2,3,4}, xfs, btrfs, reiserfs, f2fs, ..., do
* tmpfs doesn't
* vfat doesn't on Linux but (reportedly) does on Windows
* ntfs does

Usually you can mount -o nouser_xattr, which is wrongly documented as being
reiserfs specific (which shows how widespread knowledge of this is...); alas
this doesn't include btrfs which doesn't support nouser_xattr.  I guess
someone should implement it...

The only other tool that logs the URL and (on recursive downloads)
refer[r]er this way is wget, which got patched by Sean Burford (a Google
employee) at the same time when this misfeature landed in Chrom{e,ium}.

More interesting is the timing between this addition and the DNC hack, where
the files are known to have been saved to an USB pen drive.  This would
explain the weird inclusion of refer[r]er, which has no obvious legitimate
use but would often leak who downloaded the file (if a session was
identified as an argument to the URL rather than a cookie).

Most of us don't run around hacking a ruling party for a sinister russian
agency -- but you do carry a phone, which get routinely seized, searched, or
possibly even remotely accessed.  Thus, if you have any files whose origin
you'd prefer to stay private...

Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ A dumb species has no way to open a tuna can.
⢿⡄⠘⠷⠚⠋⠀ A smart species invents a can opener.
⠈⠳⣄ A master species delegates.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Mozilla is at it again - Firefox nightly sends all your hostname lookups to cloudflare

2018-03-27 Thread Nate Bargmann

I have been using Waterfox of late which is *supposed* to be stripping
that sort of nonsense out.

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Web: http://www.n0nb.us  GPG key: D55A8819  GitHub: N0NB


signature.asc
Description: PGP signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

42 matches

Mail list logo