From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CC04C1382C5 for ; Sun, 1 Apr 2018 09:18:18 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9F17EE0AD3; Sun, 1 Apr 2018 09:18:08 +0000 (UTC) Received: from blaine.gmane.org (unknown [195.159.176.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 30D7FE0A7D for ; Sun, 1 Apr 2018 09:18:08 +0000 (UTC) Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1f2Z5i-0001iH-BI for gentoo-user@lists.gentoo.org; Sun, 01 Apr 2018 11:15:58 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Martin Vaeth Subject: [gentoo-user] Re: Firefox and addons no longer supported question Date: Sun, 1 Apr 2018 09:15:51 +0000 (UTC) Message-ID: References: <3f62fbf9-c160-60e4-e5dc-07cecf213439@gmail.com> <20180331173626.nmq7jbqi2r2sxuwc@matica.foolinux.mooo.com> X-Complaints-To: usenet@blaine.gmane.org User-Agent: slrn/1.0.2 (Linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Archives-Salt: fe5534ce-5ee5-42f3-9df8-f8d8a68421e4 X-Archives-Hash: 6fced38ff9bea2cee3f6c2b755753c7c Ian Zimmerman wrote: > On 2018-03-31 08:18, Martin Vaeth wrote: > >> As usual, there is the balance >> "convenience" (old plugins) <-> "security". >> In the beginning (say, until firefox-52 is no longer supported >> upstream), there is a certain choice. But after that staying on the >> "convenience" side is not sane anymore. > > There are probably few people more familiar with this tradeoff than > myself :P. But the browser case is a bit different, because the > "convenience" features (in my case, at least) themselves have to do with > security. Using the latest official Mozilla browser means trusting > their built-in defenses are as good as my current plugin based ones. > And I have doubts about that. If you speak about defenses like noscript, there are safer variants available. I guess the usage of the already mentioned user.js (of course adapted to your needs) together with current Webextensions noscript, ublock-origin, and https-everywhere (maybe for privacy also coupled with decentraleyes, duckduckgo{-privacy-esesntials}, canvasblocker, skip-redirect) does protect you more than using old versions of these packages. Not to speak about freshly found security holes. > This is a tangent from the thread topic, but there is another > inconvenience of modern FF that keeps me from re-adopting it: font > rendering. I do not have experience with this, but there is also a lot customizable in user.js (i.e. about:config). I guess you have to switch off (or on) some hardware acceleration. There is also a rich "themes" API which might contain relevant options. However, as mentioned, I have no experience with all this.