markdown guide
 

Yes, Snownews (on HBSD). Would highly recommend it. I do not use Firefox though, Chrome/Chromium is much more secure.

 

Chrome/Chromium is much more secure

?

You can't drop a sentence like this without an explanation, my dear Watson 🧐

Do you mean because Chromium has a bigger community and therefore more eyes on the code? Or are you referring to something in particular?

 

Mozilla, the company that makes Firefox, formalized a release schedule for handling their development. It is based on fixed windows (6 weeks) where builds cascade down a series of different channels (Nightly, Aurora, etc.), each time with more bug fixes and stability. This is transparent and a perfectly acceptable way to manage a software project (Chrome has a similar series of channels, although they move much faster and not on a fixed schedule.)

Mozilla releases Nightly builds every day (basically)
Aurora builds are released every 6 weeks
Beta builds are bug fix releases of Aurora, every 6 weeks
Release builds are final bug fix releases of Beta, every 6 weeks
Extended Support Release builds are Release builds with all the Critical and High security bugs patched, about every 6 weeks. To be clear - only Critical and High security bugs.

Here are some minor quirks, but in comparison to Firefox ESR's bug-fix scenario no big deal.

Case of threat modelling:

Chain a series of Medium / Low vulnerabilities together until they get the level of access they require, e.g. remote code execution. They have a permanent window of exposure.

Is it enough? I think we've gone beyond boundaries of this topic too far.

You gotta remember that it just means that Firefox builds are thoroughly tested before release.

Yes, but again - Extended Support Release builds are Release builds with all the Critical and High security bugs patched, about every 6 weeks. Chain a series of Medium / Low vulnerabilities together and you could get RCE very easily for adversary with proper resources.

If it’s so easy, do it and I’ll talk to you when you’re done.

Do you understand the concept of threat modelling? Obviously not. We're talking about adversaries with proper resources (e.g. Nation States, APTs, Offensive Intelligence, Major hacker groups).

But usually cleverly crafted XSS (which is opportunistic kind of attack) works with Firefox ESR too. They are mainly blocked by Chrome at the same time.

Well you said that RCE was easy with the proper resources, so I'm asking you to obtain those resources and prove your point.

Sloan, the sloth mascot Comment marked as low quality/non-constructive by the community View code of conduct

Do I see like an adversary with proper resources? If yes, you should probably take a cold shower. If not, why do you ask me stupid question like this. Let's make a deal: Try to study main concepts of information security at your local university and then we can discuss it like two people with equivalent degree of knowledge and understanding in this field. Otherwise, please do not ask me another stupid questions. Thank you.

 

I find it to be good, as I personally don’t use RSS, neither does the majority of people. Thus, Mozilla has reduced what to most is bloat, and won’t have to maintain it. Besides, there’s a dozen extensions out there that one could use instead.

 

What does this mean for RSS and its users (who happen to use Firefox as their main browser)?

I use Feedly and Firefox every day. Never once I thought about Firefox as "providing RSS support", not even sure how would that affect me and my (heavy) RSS usage.

 

Bummer, I really like RSS. I'm not using Firefox, but it's sad such a handy technology gets dismissed. I'm using Feedly (and Newsfold on Android) for everything, also dev.to.

 

Ditto on Feedly. It was my replacement for Google Reader when that was decommed.

 
 
 

Not a huge problem for me.

I use Inoreader to subscribe and read news.

 
 

I get all my daily news through RSS feeds, viewed in Feedly. Best way to do it as far as I can see

 
 

Yes I do, I use Thunderbird to read the feeds but I wonder how I'll be able to subscribe now that the RSS button has disappeared from Firefox.

Classic DEV Post from Jan 29

Advice for Developers in the Early Stage of their Career

I have been asked this a couple of times and will love to hear from others too....

Quentin Sonrel profile image
Web dev, cinema lover, music enthusiast and video game fan. Working as a full-stack Ruby on Rails web developer and hacking with Node/Express, Vue.js and Flutter on my spare time.

DEV is visited by over 2 million software developers per month. All are welcome to publish here or simply read great content.

Get Started