Australis is removing configurations options for absolutely no reason. If people want chrome, they'll use it. I don't care if mozilla want to ruin the default as long as they give people who want a normal browser a way out, but instead they are removing everything they can get their hands on.
Firefox is dumbing down. That's fine if it's IE, Chrome or Safari where the majority of users think said browser is 'the internet', but Firefox is for power users. People who like their privacy, who want to customise their software to their own use case, and who are rapidly running out of options in a world filled with shitty software that assumes the user has a room temperature IQ, removes options and metro-ifies everything while primarily existing to make money off your private information. Even Mozilla are not only dumbing down, but switching to privacy invasion mode with in-browser ads, and replacing their secure sync with one that drops it all on their servers presumably unencrypted as it works with a basic username/password.
I used Nightly for some time now so I know what is coming, and I started to use it after dropping Chrome. I think that the point you and the user on thedailywtf is wrongly exposed. Not necessarly wrong, but I think that it's wrong to see something different and immediatly say "it's not as it was before, so it must be bad, I want it back."
We saw this with Windows 8 and the start menu, we saw this with Android, we see this everywhere, all the time. Things changes and I think you should try it with an impartial eye and than, if you really don't like you can express your feelings in a more constructive way.
Also, "Firefox is for power users". I don't think so, I used to install it on every machine, even for elderly people. It's not some crazy super software.
>I think that it's wrong to see something different and immediatly say "it's not as it was before, so it must be bad, I want it back."
I've used chrome before. It was constant irritations, from the metro-ified right click menus to its RAM-hogging tendencies to its general inability to restore sessions after a crash. I use Firefox because I like it, and it's the best option that presently exists.
>We saw this with Windows 8 and the start menu
...and MS caved and restored it. I tried Windows 8 and found it completely horrible. As did enough other people for there to be at least 5 third party start menu implementations from Classic Shell (near perfect Windows 7 or XP menu) to a metro-ified spin on the start menu I forgot the name of.
>Also, "Firefox is for power users". I don't think so, I used to install it on every machine, even for elderly people. It's not some crazy super software.
Firefox is a platform to build the browser you want onto as much as it's a standalone browser. It has basic functionality without addons, but even random end users, in my experience, will learn to use addons and have adblock, etc, or have customised their toolbar layout.
The Pale Moon and Cyberfox browsers are forks of Firefox and they will not merge the Australis UI. I'm already using and liking Pale Moon, it's still not on par with Opera 12.17 though but is better than Firefox.
I'll see how Australis looks like on my boxes, but I'm not very hopeful: I like having a proper menu bar, tabs at the very bottom of the window, and a status bar, I couldn't care less for a touch-like interface on a desktop where I have a functioning mouse and keyboard.
I looked into Pale Moon before, but I think I was wondering whether they will be able to maintain it as Mozilla keep changing Firefox so much. Maybe it's time to try it again.
> and replacing their secure sync with one that drops it all on their servers presumably unencrypted as it works with a basic username/password.
Firefox Sync is every bit as end-to-end encrypted as it was before. The only difference is that it now comes with a login scheme that is actually usable.
Because everyone here is an uberprogrammer, right?
>Firefox Sync is every bit as end-to-end encrypted as it was before. The only difference is that it now comes with a login scheme that is actually usable.
I might have believed that before PRISM. I wouldn't even care about it sitting on Mozilla servers if I could still encrypt it with my own key instead of trusting them. Even if it is encrypted, presumably it is then derived from the user's password. For the average user, that might be 20-30 bits of entropy. Not good. I don't use sync, but if I did, now I essentially need a 2048-bit password to get good encryption on it.
What does this have to do with anything? How is the old sync system any different, then?
> Even if it is encrypted, presumably it is then derived from the user's password. For the average user, that might be 20-30 bits of entropy. Not good.
The other alternative here is having a sync system that your average user can't even figure out to use. On the other hand, it doesn't take anything away from you.
> I don't use sync, but if I did, now I essentially need a 2048-bit password to get good encryption on it.
You are confusing key lengths from algorithms like RSA with symmetric algorithms. The keys that are used for encrypting data will be either 128 or 256 bits (haven't checked) and used with some symmetric cipher.
Therefore, if you don't trust key stretching to be sufficient with a strong passphrase, you can grab 16 or 32 bytes of randomness, encode it however you wish and use it as a password.
>What does this have to do with anything? How is the old sync system any different, then?
The old one let you run your own server. It let you encrypt it with your own key, which you could know was generated from a good entropy source, not been shared, and is store securely. As it is, it's possible the new sync has a backdoor, even one many people at Mozilla don't know. There is also no point in deliberately increasing the attack surface for no reason.
>You are confusing key lengths from algorithms like RSA with symmetric algorithms. The keys that are used for encrypting data will be either 128 or 256 bits (haven't checked) and used with some symmetric cipher.
I may be wrong, but I thought the old sync used an RSA key as it's used for authenticating the user as well as actually saving/accessing the data (probably symmetric for the actual storage, with the key encrypted using the RSA key).
This is still possible with the new system, although I'll admit the ease and usability of such a setup needs work (and IIRC there are some changes required before android devices can properly use a third-party server; it may take a few releases before this become as easy as it was with the old system).
> As it is, it's possible the new sync has a backdoor,
> even one many people at Mozilla don't know.
Both the client and server are open-source, and you can verify that the client follows the protocol [1] and doesn't leak anything more than a PBKDF2-stretched password derivative to the server. It's about as backdoor-proof as any client/server system is likely to get.
But yes, it is more dependent on the strength of your password than the previous sync system.
Huh? No, it didn't. The key was generated automatically by the client just like it is now.
> As it is, it's possible the new sync has a backdoor, even one many people at Mozilla don't know.
How do you know the old one didn't? You have to trust Mozilla at some point. What if the client generates bad encryption keys on purpose, or so on?
> I may be wrong, but I thought the old sync used an RSA key as it's used for authenticating the user as well as actually saving/accessing the data (probably symmetric for the actual storage, with the key encrypted using the RSA key).
RSA keys were scrapped from the system a long time ago as they provided no benefit.
> Exactly the problem. The benefit is invisible to (most) endusers, so in Mozilla logic, it doesn't exist for the user.
What is the benefit in using RSA with the sync protocol? What sort of experience do you have in the design of cryptographic protocols to comment on this? Or are you grasping at whatever random reasons you can find to take a shit on the Firefox developers?
If you're interested in the reasons why asymmetric crypto was dropped, they are here:
http://forums.thedailywtf.com/forums/p/30903/355158.aspx
Australis is removing configurations options for absolutely no reason. If people want chrome, they'll use it. I don't care if mozilla want to ruin the default as long as they give people who want a normal browser a way out, but instead they are removing everything they can get their hands on.
Firefox is dumbing down. That's fine if it's IE, Chrome or Safari where the majority of users think said browser is 'the internet', but Firefox is for power users. People who like their privacy, who want to customise their software to their own use case, and who are rapidly running out of options in a world filled with shitty software that assumes the user has a room temperature IQ, removes options and metro-ifies everything while primarily existing to make money off your private information. Even Mozilla are not only dumbing down, but switching to privacy invasion mode with in-browser ads, and replacing their secure sync with one that drops it all on their servers presumably unencrypted as it works with a basic username/password.
Classic theme restorer: https://addons.mozilla.org/en-US/firefox/addon/classicthemer...
What we really need is a fork of Firefox.