i mean it's good that they document that. If the choice is between: = no Palemoon firefox fork because they can't keep up with development = Palemoon firefox fork but no accessibilty in this fork The the second option is superior for everyone It's fair to call them out though. Upstream Firefox remains accessible
the issue is that the second option widens a gap between disabled and non-disabled users.
I’d actually argue that the first option is better for unrelated reasons: nobody should be using a browser with JIT and without any site/origin isolation or significant security research in 2024.
(I test my site in Pale Moon to ensure it’s robust enough to handle slightly different engines, and wouldn’t mind if this was marketed as a developer tool instead of a replacement for your actual browser).
The same that would be lost to sighted users by not having PM, unless you’re arguing that this software isn’t meant to be used by anybody and offers nothing unique in which case your first option would be fine.
the thing related to security is explained already in a forum topic.
The reason they don't consider sandboxing is because they don't believe is the solution to security issues and they prefer achieving them in a different approach by ensuring the safety of the code (if I read properly).
If you mean site isolation in the other sense of data being shared, I did not understood it in that way.
Err…but they can’t guarantee that the code is all safe. They still have vulns just like any software that size (C++ software to boot), and run untrusted programs.
Any software that processes untrusted content and has bugs needs sufficiently robust sandboxing, and web browsers run untrusted applications with dynamic native code generation.
Pale moon runs said applications in a post-Spectre world and doesn’t even have process isolation.
The browser itself is one of the most complex pieces of software on your system. Firefox and Chromium have separate processes for printing, audio, networking, etc. with strong boundaries between them to make chaining vulnerabilities harder. Unless Pale Moon’s stacks for these are magically bug-free (and given the sheer amount of code I can’t imagine this), I can’t recommend it on security grounds when alternatives exist.
Yeah, the forum posts only confirm to me that the devs either don’t care about browser security or are completely unaware of what Mozilla and Google put into Chesterton’s Fence before bulldozing over it.
I’m aware, and this honestly makes PM look way worse. The fact that he needs to backport that many vulns means that the browser has large exploitable attack surface, which is exactly why actual defense in depth in the form of sandboxing is necessary. It also raises concerns about vulns in the codebase that aren’t in the highly-diverged current Firefox codebase.
Upstream Firefox has split multiple components into separate processes; (re)written CSS, rendering, MP4 parser, and Linux audio stack in Rust; the list goes on. Zero security backports are coming for the legacy components they replace, or the original components in PM.
I realised that it's "Electrolysis" - although you can't be sure of course - a word I only remember because I'm a nerd about Firefox history. It's the name of their sandboxing project. I think it's the first major point at which Pale Moon diverged, followed by Quantum which was Mozilla's move to a multiprocess architecture. Both changes caused friction in the add-ons community, especially Quantum because it removed support for the legacy add-ons ecosystem.
electrolysis wasn’t directly about sandboxing; it was about switching to a multiprocess architecture with many pages sharing a process and a limited number of processes to go around, so one page wouldn’t hang or crash the whole browser. The main benefit IIRC was performance.
Current Firefox uses Fission, which does process-based site isolation. Even a cross-site iframe on a page gets its own process to isolate it from the rest of the page. There is also the Utility Process Overhaul which splits parts of the browser (audio, printing, networking, etc) into sandboxed processes with limited capabilities. Both of these are inspired by Chromium’s design. Electrolysis was far more limited than this.
"My relatively short time on HRT has been nothing less than catastrophically healing. Some restorations are so beautiful they are almost disasters. The medicine awakened magic that slept long in my bones, magic that breathes sensation back into parts of me I’d feared dead forever. Magic that regenerates the future even now, as I write this, resurrecting possibilities I’d spent years mourning."
Content warning for discussion of transphobia, trauma, C-PTSD, violence against a child, threats of sexual violence, minority stress, and suicide I often feel ignorant about trans news, but it’s a…
Na Mastodon jsem z X utekl především kvůli politice, bylo jí tam moc. Právě proto sem politiku postuji velmi výjimečně.
Dnes udělám výjimku, paní prezidentka Zuzana Čaputová je jeden z největších politiků 21. století. Jsem rád, že mohu říct, žil jsem v její éře. Její poslední rozhovor v roli prezidentky pro ČT si můžete přehrát zde: ct24.ceskatelevize.cz/clanek/s…
Zuzana Čaputová je na dvoudenní návštěvě Česka, její poslední ve funkci slovenské prezidentky. Při této příležitosti poskytla České televizi rozhovor, v němž bilancovala svých pět let v čele země. S Čaputovou hovořil Michal Kubal.
The woman who spearheaded the 1619 Project (the project that had a chokehold on GOP brains and guts and literally made them declare war on 'wokeness') had a really great post on the other site about these civil rights rollbacks and the impact on Black Americans.
***I am an enrolled citizen of the Muscogee (Creek) Nation. All of my beadwork/art is 100% Native American made, compliant with the Indian Arts and Crafts Act of 1990***
In 1978, a woman launched a global microchip revolution, and then disappeared from history.
Lynn Conway was born in Mount Vernon, New York on January 2, 1938. She was a shy and introverted child who did well in math and sciences. However, she was also assigned male at birth and struggled with intense gender dysphoria.
Conway entered MIT in 1955, earning high grades but ultimately leaving in despair after an attempted gender transition failed due to the medical climate at the time. After working as an electronics technician for several years, she went back to school at Columbia University's School of Engineering and Applied Science, earning her B.S. and M.S.E.E. degrees in 1962 and 1963.
The following year, she was recruited by IBM and was soon selected to join the architecture team designing an advanced supercomputer. The project, called ACS, which stood for Advanced Computing Systems, has been described by historians as the world's first superscalar design, a computer architectural paradigm widely exploited in modern high-performance microprocessors.
In 1968, Lynn heard about the pioneering research of Harry Benjamin in healthcare for transgender women. And, realizing that gender affirmation surgery was now possible, Conway sought his help. Suffering from severe depression from gender dysphoria, Conway contacted Benjamin, who agreed to provide counseling and prescribe hormones. Under Benjamin's care, Conway began her medical gender transition. After the success of the ACS project, Lynn had hoped to be able to transition on the job, but IBM fired Conway immediately after she revealed her intention to transition.
So, in 1968, Conway restarted her career in computing, this time entering the field as a woman. She took a job at Computer Applications, Inc, then at Memorex, and then finally at Xerox in 1973. In her words, she was now in "stealth mode," under the not unfounded assumption that, should her past be discovered, she would be fired again.
In 1973, collaborating with Ivan Sutherland and Carver Mead of Caltech, Lynn co-developed a revolutionary new method of microchip design that allowed billions of individual components to be integrated into one chip with relative simplicity. Her design was called VLSI - or Very Large Scale Integration, and the importance of this invention cannot be understated in the modern world. Billions of digital devices worldwide, from iPhones to electronic cars to computerised coffee machines, were all made possible in part by her ideas. As the University of Michigan put it in 2014: "Thank Lynn Conway for your cell phone."
In 1978, she left Xerox and took a position at MIT, teaching a now famous course on VLSI design. While there, she co-authored "Introduction to VLSI Systems", with Carver Mead - a groundbreaking work that soon became a standard textbook in chip design, selling over 70,000 copies, and appearing in nearly 120 university curriculums by 1983. Basically, if you are in IT, and got your degree anywhere in America during the 80's you learned your trade, and owe your livelihood, in part, to a trans woman.
Following up on this, Lynn continued to be on the forefront of new technologies. The problem she was now trying to solve was how to cope with the increasing complexity of chip design. As the number of transistors per chip doubled every two years, keeping up with this required new ways to design and manufacture new microchips. In 1981, she invented dimensionless, scalable design rules that greatly simplified chip design, as well as a new form of internet-based infrastructure for rapid prototyping of new chip designs. This new infrastructure was called the Metal Oxide Semiconductor Implementation Service, or "MOSIS", and was funded in part by DARPA. Only two years into its success, Mead and Conway received Electronics Magazine's annual award of achievement. Since then, MOSIS has fabricated more than 50,000 circuit designs for commercial firms, government agencies, and research and educational institutions around the world.
Leaving MIT for DARPA, she became a key architect of the Defense Department's Strategic Computing Initiative, which was a research program studying high-performance computing, autonomous systems technology, and intelligent weapons technology. Working under Dr. Robert Cooper, Director of DARPA and Assistant Secretary of Defense, Conway led the effort that produced the Strategic Computing Plan published in November 1983.
Conway then joined the University of Michigan in 1985 as professor of electrical engineering and computer science and associate dean of engineering. It was here that, in 1987, Lynn met the man who would become her husband - Charles "Charlie" Rogers, a professional engineer who shared her interest in the outdoors, including whitewater canoeing and motocross racing. They started living together, and soon bought a house with 24 acres of meadow, marsh, and woodland in rural Michigan in 1994.
In 1998, Conway quietly retired from active teaching and research as professor emerita at Michigan, and four years later, on a beautiful bright day in August, Lynn and Charlie were married.
On June 9th of 2024, just 3 days ago, Lynn Conway passed away from a heart condition at her home in Jackson, Michigan, at the age of 86.
Lynn was a brilliant engineer and computer scientist, who never sought fame or recognition for her achievements and global contributions to the modern world. But, slowly, that recognition is coming to pass anyway. In 2009, she received an award from the engineering trade group, the Institute of Electrical and Electronics Engineers(IEEE). In 2020, IBM finally apologized for firing her 42 years earlier. And, this past October, just 8 months before she died, Lynn Conway was inducted into the National Inventors’ Hall of Fame as the co-creator of VLSI – some 14 years after Carver Mead received the same honor.
On 1 July 2024 AbilityNet and Citizens Online charities will merge, joining forces to support more digitally excluded people, and create stronger impact.
A so-called "AI-powered social network start-up" has started cloning posts from across the Fediverse without asking permission. You can find out more in this discussion thread:
It’s unlikely that #Maven scraped over federation. It’s more likely that they scraped the federated timelines off large servers such as mastodon.social, mstdn.social, and fosstodon.org.
Worth proactively defederating since they’re working on implementing AP but have already burned this bridge, but it won’t keep them from fetching your posts.
I could use APO + Windows to fine tune my headphones, or I could just grab EasyEffects straight from the repo and enjoy stuff. Just another unexpected bonus... #linux #pipewire #audio
If you use #pipewire for cameras you can now (in the upcoming 1.2) enforce specific rotations via node rules. This is useful on devices with rotated cameras that don't use a DT and #libcamera or for testing (e.g. to find out the correct rotation of a phone camera). The rotation is respected by an increasing number of apps, notably #gstreamer based ones (like Snapshot - but not Cheese) and #firefox (if you enable PW cameras via `media.webrtc.camera.allow-pipewire`).
PipeWire version (pipewire --version): 1.0.7. Distribution and distribution version (PRETTY_NAME from /etc/os-release): Ubuntu Oracular Oriole (development branch). Desktop Environment: Sway Wayland...
WebApp Proxies like Burp or OWASP’s ZAP are a vital tool in a pentester’s arsenal. @zaproxy is free, open source, performant & stable for >10yrs. They need your urgent support. @sensepost will be taking one of their support packages - can you help too? zaproxy.org/support/#support-p…
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
Derp. I'm leaving this post up, but editing the message, apparently I was fooled. Apple has apparently never posted anything directly on the Twitter account. My bad. It was fun for a laugh, but I was tricked.
It's honestly kinda crazy to me that massive tech/data companies dont just run their own instances. Think how many fans would want to have an @Apple.com mastodon account...
#SwiftUI does a lot of amazing #accessibility work behind the scenes, AND you can still customize the experience to give your users the very best of your app! Check out Tommy's talk: Catch up on accessibility in SwiftUI! #wwdc24developer.apple.com/videos/pla…
Wow this is so cool! The easy way to turn several interactive controls of a view into custom actions and thus reducing the number of items to navigate, is fantastically simple! Also, SwiftUI in iOS 18 and MacOS Sequoia seems to really simplify a lot more relatively common accessibility tasks. This is really nice, and I’ll be sure to share this with app developers who I know use SwiftUI in their apps.
-fbounds-safety in upstream clang is still a long way from readiness, but thanks to some of the work that we’ve already upstreamed, you can now use guarded_by(mutex_field) inside structs in C language mode for thread safety analysis: github.com/llvm/llvm-project/p…
Today, it's only supported inside C++ classes or top level C/C++
declaration.
I mostly copied and adapted over the code from the
[[counted_by(value)]] lookup.
Apple has released the first iOS 18 Developer Beta to developers. This major update introduces significant interface changes such as customizable app icon colors, a revamped Control Center, Apple Intelligence, and numerous other small tweaks.
One of the things I really miss after moving to #Linux from macos is the power that #Mailmate gave me. #Thunderbird does get close but lacks a bunch of things. #Betterbird has been working well for my needs. One feature I miss is the distortion mode from Mailmate (freron.com/screenshots/) as I tend to share my screen a bit. Does anyone know of any plugin/setting that would help? Tried looking for loremipsum, obfuscate, etc., but to no avail. cc: @thunderbird
Thanks for the feedback on features that matter to you! We'd be really grateful if you'd post them on Mozilla Connect (connect.mozilla.org) where they can get upvotes and responses from our developers.
This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
Recording Available: I Love Braille: Learn About the BT Speak From Blazie Technologies If you have further questions, you can call Blazie Technologies at (772) 214-1616 or visit us on the Web at www.BlazieTech.com. Recording available here and apologies for my raspy throat. With me, it's a feature, not a bug. 😊. eastbaycenterfortheblind.org/p…
Still needs some polishing (permission checks and error handling, plus documentation). After that I'll set it up in prod create a room for public general testing.
You're invited to talk on Matrix. If you don't already have a client this link will help you pick one, and join the conversation. If you already have one, this link will help you join the conversation
Weitere 11 #eBooks heute bei ebooks.qumran.org – und diesmal ist auch ein Bestseller dabei, für Freunde des Gruselns: Bram Stoker's Dracula, in der originalen Übersetzung von 1908!
At #cssday I shared a table that summarizes the main ways to hide content using HTML, CSS, & ARIA and indicates how each technique affects the accessibility of an element.
A get-right-down-to-it online course for Web designers and developers who want to start creating more accessible Web user interfaces and digital products today
A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials.
drawnto 🟨⬜🟪⬛ 📞3676
in reply to Hazelnoot • • •Sensitive content
= no Palemoon firefox fork because they can't keep up with development
= Palemoon firefox fork but no accessibilty in this fork
The the second option is superior for everyone
It's fair to call them out though. Upstream Firefox remains accessible
Seirdy
in reply to drawnto 🟨⬜🟪⬛ 📞3676 • • •Sensitive content
the issue is that the second option widens a gap between disabled and non-disabled users.
I’d actually argue that the first option is better for unrelated reasons: nobody should be using a browser with JIT and without any site/origin isolation or significant security research in 2024.
(I test my site in Pale Moon to ensure it’s robust enough to handle slightly different engines, and wouldn’t mind if this was marketed as a developer tool instead of a replacement for your actual browser).
drawnto 🟨⬜🟪⬛ 📞3676
in reply to Seirdy • • •Seirdy
in reply to drawnto 🟨⬜🟪⬛ 📞3676 • • •Echedelle ⚧
in reply to Seirdy • • •Sensitive content
the thing related to security is explained already in a forum topic.
The reason they don't consider sandboxing is because they don't believe is the solution to security issues and they prefer achieving them in a different approach by ensuring the safety of the code (if I read properly).
If you mean site isolation in the other sense of data being shared, I did not understood it in that way.
Seirdy
in reply to Echedelle ⚧ • • •Err…but they can’t guarantee that the code is all safe. They still have vulns just like any software that size (C++ software to boot), and run untrusted programs.
Any software that processes untrusted content and has bugs needs sufficiently robust sandboxing, and web browsers run untrusted applications with dynamic native code generation.
Pale moon runs said applications in a post-Spectre world and doesn’t even have process isolation.
The browser itself is one of the most complex pieces of software on your system. Firefox and Chromium have separate processes for printing, audio, networking, etc. with strong boundaries between them to make chaining vulnerabilities harder. Unless Pale Moon’s stacks for these are magically bug-free (and given the sheer amount of code I can’t imagine this), I can’t recommend it on security grounds when alternatives exist.
Echedelle ⚧
in reply to Seirdy • • •Sensitive content
Multiprocess and sandboxing design: PALEMOON BROWSER AT A CROSSROADS. - Pale Moon forum
forum.palemoon.orgEchedelle ⚧
in reply to Echedelle ⚧ • • •Sensitive content
Seirdy
in reply to Echedelle ⚧ • • •Echedelle ⚧
in reply to Seirdy • • •Sensitive content
I am unsure they don't care.
At least MoonChild makes the job to bisect and backport security fixes for shared code with Mozilla.
Seirdy
in reply to Echedelle ⚧ • • •I’m aware, and this honestly makes PM look way worse. The fact that he needs to backport that many vulns means that the browser has large exploitable attack surface, which is exactly why actual defense in depth in the form of sandboxing is necessary. It also raises concerns about vulns in the codebase that aren’t in the highly-diverged current Firefox codebase.
Upstream Firefox has split multiple components into separate processes; (re)written CSS, rendering, MP4 parser, and Linux audio stack in Rust; the list goes on. Zero security backports are coming for the legacy components they replace, or the original components in PM.
Echedelle ⚧
in reply to Seirdy • • •Sensitive content
emmm, what he backports is actually what mozilla releases in security in every release.
he has preferent access to that info and he backports what it applies.
is not like he is backporting delayed things or something
Seirdy
in reply to Echedelle ⚧ • • •Amy
in reply to Echedelle ⚧ • • •Sensitive content
omfg, i mean on a completely unrelated note from the ridiculous and bizarre stance on security (as well as accessibility) they have there-
they're all saying like "Multiprocess of E10S", "e10s isn't something that is desirable", "implementation of e10s"
say the fucking wordi can't work out what you're talking about here
(i eventually had to delve into my non-average firefox knowledge, came up with "electrolysis", and then manually counted the letters. just great.)
oh wait these are the people who don't care about accessibility, nvm this makes perfect sense
Hazelnoot
in reply to Amy • • •Sensitive content
Amy
in reply to Hazelnoot • • •Sensitive content
Seirdy
in reply to Amy • • •electrolysis wasn’t directly about sandboxing; it was about switching to a multiprocess architecture with many pages sharing a process and a limited number of processes to go around, so one page wouldn’t hang or crash the whole browser. The main benefit IIRC was performance.
Current Firefox uses Fission, which does process-based site isolation. Even a cross-site iframe on a page gets its own process to isolate it from the rest of the page. There is also the Utility Process Overhaul which splits parts of the browser (audio, printing, networking, etc) into sandboxed processes with limited capabilities. Both of these are inspired by Chromium’s design. Electrolysis was far more limited than this.