Awful. Who are the suits that are sabotaging Mozilla's core mission? Don't they understand that Mozillas Unique Selling Point is trust? Why the hell are they fumbling the ball?

This is a great concept. Getting rid of settings, add-ons and plugins for people that "just want their browser to work" is a good thing, especially when this is paired with good privacy defaults.

However, I see the auto suggestion features of the Awesome Bar at odds with the goal of protecting the user's privacy. This essentially means that all search terms that you enter into the search field will be sent to to all web services that were integrated by Mozilla, including Google, Yahoo, Microsoft, Bing, Wikipedia, Amazon etc.

Just imagine using the Awesome Bar to search your inbox for a (business) "proposal". Then, a little while later, your partner uses your laptop for online shopping and Amazon helpfully reminds him or her that you recently searched for "proposal". Depending on your relationship status, this could become very interesting...

For anyone looking into free DynDNS alternatives: I have tested several of the established alternatives without success. I then looked into some of the newcomers and ended up choosing http://duckdns.org. The setup was super easy and the service has been absolutely reliable so far.

To cite the wiki: "sandboxing the content processes is a separate project from Electrolysis". So Electrolysis lays the foundation for sandboxing.

It's true. It wont provide anything on its own so I'm trying to be blunt to kill this misconception that keeps spreading.

I'm surprised nobody has mentioned SQRL for truly anonymous identification and authentication yet https://www.grc.com/sqrl/sqrl.htm

I'm surprised they went live with this without an expiration date on their permanent redirects. Now there's no way back, even if anything breaks. Looks like an unintentional Big Bang launch to me.

http://getluky.net/2010/12/14/301-redirects-cannot-be-undon/ http://mark.koli.ch/set-cache-control-and-expires-headers-on...

> Whitelisting is free for all small and medium-sized websites and blogs. However, managing this list requires significant effort on our side and this task cannot be completely taken over by volunteers as it happens with common filter lists. https://adblockplus.org/en/about#monetization

$30M surely is a lot of money for managing the "acceptable ads" list...

Agreed. There was also AdBlock Lite, but they now recommend ABE too https://addons.mozilla.org/en-US/firefox/addon/adblock_lite/

This was bound to happen, they where just waiting for the right amount of money. It will be interesting to see what they say about this news :) Probebly "no comment".

Here's a sample nginx config that would prefer PFS over other key exchanges if the client supports it and is not vulnerable to the BEAST attack:

  ssl_ciphers EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5

Source: http://stackoverflow.com/questions/17308690/how-do-i-enable-...

> Gmail messages must only be captured when they leave the Google network. They are the only provider to support server-to-server TLS

We should start lobbying for broader support for server-to-server TLS with perfect forward secrecy. While it alone is not sufficient to prevent the wiretapping of targeted individuals, it still makes fishing expeditions or "Big Data" level surveillance much harder. It would help keeping ordinary users' emails protected on the wire and secure the meta data of PGP emails.