1

Topic: I think a palemoon fork would be,

better than a basilisk fork. Emulatorman,  if you see this post, know that I tried to use palemoon and compared it to iceweasel-uxp, and it was more lightweight on ram, and cpu percentage used.



So yeah, I look forward to swiftweasel-uxp.  It is an enormously good idea although,

I also hope you will make a version of it that works compatible with other gnu/linux distros. But if not, still, I support this idea 1000%!

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

2 (edited by freemedia 2018-10-08 23:06:47)

Re: I think a palemoon fork would be,

im a huge fan of light on cpu and light on ram, though i have to say that when i was a proponent of palemoon i couldnt get anyone to use it that wasnt already a fan.

also, i used to spend ages clicking the "i am not a robot" teach-google-how-to-kill, click 50 fire hydrants and call it a day until i realised this wasnt google being saucy, it was palemoon being buggy. (or remotely, a plot from google to hurt palemoon. though for once, im not blaming google as the primary suspect here as i dont think its them.) when i switched (very begrudgingly) from pm back to ff, the problem resolved itself.

what im getting at here, is that i now (along with my peers) question the true quality of pm, despite being a major fan of forks and lightweight versions in general. fork iceweasel, fork icecat, but let pm do what it do best-- which is stink.

call it experience, call it bias, but consider the possibility. iceweasel might be a lot easier to maintain, and it just might be a better browser (even if i really hate all derivs of ff at this point-- i dont hate them all equally.)

and please dont let any air of finality discourage you from defending pm. im not challenging you to do so, id be interested in anything positive you have to say about it other than the nice features of lower cpu/ram use. you can have those, youre probably right. i also prefer the older ui, but i repeat: which one will be easiest for hyperbola to consistently maintain (to hyperbolas own standards, of course.) thats the one i think hyperbola should consider first-- no matter which one it is, for the record.

3

Re: I think a palemoon fork would be,

freemedia wrote:

im a huge fan of light on cpu and light on ram, though i have to say that when i was a proponent of palemoon i couldnt get anyone to use it that wasnt already a fan.

also, i used to spend ages clicking the "i am not a robot" teach-google-how-to-kill, click 50 fire hydrants and call it a day until i realised this wasnt google being saucy, it was palemoon being buggy. (or remotely, a plot from google to hurt palemoon. though for once, im not blaming google as the primary suspect here as i dont think its them.) when i switched (very begrudgingly) from pm back to ff, the problem resolved itself.

what im getting at here, is that i now (along with my peers) question the true quality of pm, despite being a major fan of forks and lightweight versions in general. fork iceweasel, fork icecat, but let pm do what it do best-- which is stink.

call it experience, call it bias, but consider the possibility. iceweasel might be a lot easier to maintain, and it just might be a better browser (even if i really hate all derivs of ff at this point-- i dont hate them all equally.)

and please dont let any air of finality discourage you from defending pm. im not challenging you to do so, id be interested in anything positive you have to say about it other than the nice features of lower cpu/ram use. you can have those, youre probably right. i also prefer the older ui, but i repeat: which one will be easiest for hyperbola to consistently maintain (to hyperbolas own standards, of course.) thats the one i think hyperbola should consider first-- no matter which one it is, for the record.


I think it depends on how Emulatorman implements a palemoon fork... aka with stability.  Although, Random Agent Spoofer is very much needed to be updated more regularly regardless. Whether its baslisk or palemoon, they are both treated like mozilla in the user agent. Which is an issue.

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

4

Re: I think a palemoon fork would be,

zapper wrote:

I think it depends on how Emulatorman implements a palemoon fork... aka with stability.  Although, Random Agent Spoofer is very much needed to be updated more regularly regardless. Whether its baslisk or palemoon, they are both treated like mozilla in the user agent. Which is an issue.

AFAIK, since Palemoon and Basilisk are applications on UXP platform, it could be solved creating a theme for Iceweasel-UXP, using Swiftweasel branding for our Palemoon fork (eg. Swiftweasel-UXP theme for Iceweasel-UXP). It was reported in HyperTask. [0]

5 (edited by freemedia 2018-10-12 22:32:23)

Re: I think a palemoon fork would be,

sounds like you have it under control. i was a fan of pm until the point where it automatically disabled my noscript plugin-- this should only happen on startup and it shouldnt load any sites with without the plugin (major security issue!)

instead, it happened while pm was left open for hours. it disabled noscript, told me why, and the reason was so ridiculous and dishonest i immediately blasted the developer for his arrogance and migrated (reluctantly) back to mozilla.

i also opened up a graphical editor and made a parody of the pm "warning" about noscript, saying that browser was incompatible with the plugin (flipping the wording exactly) and that noscript recommends uninstalling palemoon for security reasons.

so my two issues with pm are 1. it flat out lies about noscript and 2. it disables plugins that i installed, while the browser is mid-run. (im aware that mozilla has this anti-feature also, and i have disabled it from my hosts file-- it isnt triggered until it connects to do automatic updates, another thing i hate. though the pm dev was responsible and applied the feature in this instance.)

fix those two issues and a pm fork is a good thing. but the browser should never disable security features i added. it shouldnt do it while im away from the keyboard, or without my permission. also the developer was completely unapologetic. trust issues like that are a great reason to walk away (i walked away from debian after years for the same attitude.) just looking at the blacklist, i have no doubt that you understand where im coming from.

6

Re: I think a palemoon fork would be,

NoScript works fine in recent Pale Moon releases - you just see a warning in the add-on list that NoScript is known to cause issues (which you can simply disregard).

7 (edited by freemedia 2018-10-13 17:44:50)

Re: I think a palemoon fork would be,

(which you can simply disregard)

i really cant disregard the warning that i left noscript over. it was patently false, discouraged use of an important security feature, and had the disable checkbox checked by default.

noscript does work absolutely fine with palemoon, and the developer was basically lying to say otherwise. the wording of the warning was completely absurd and false and misleading.

i trusted the pm developer to produce a browser that i typed my site passwords into. after that nonsense, i didnt trust him to produce software that i install on my machine. his arrogance level is about 8.5 on the shuttleworth scale. "don't trust us? erm, we have root." to be fair, pm never fed plaintext local search queries to amazon.

following the authors "advice" would be bad for security though. "dont use a plugin that protects you from malicious software, because i get blamed for things not working!"

i try to use software i can actually recommend to people. i cant recommend pm to anyone, because it lies to them and tells them to do things they shouldnt do, which id have to explain "ignore that, hes full of it." pass.

https://web.archive.org/web/20181013165745if_/http://i.imgur.com/7SlNlou.png

the parody of the dialog with the wording flipped. you could disregard the pm dialog like you said (actually design-wise you cant just disregard it, as i will explain) or, you could click "more information" and get lied to a bit more.

i dont think this is an honest mistake. this is a situation where a free software developer uses windows-like lies in a dialog to mislead the user into doing things his way, just for his own convenience or preference. he should go work for canonical. if you dont agree, you dont agree. but i think theres no excuse for it.

note that there are two buttons on the real dialog, that say "restart later" and "restart palemoon."

neither of them uncheck the disable box. the expected behaviour of a dialog like this is to have a cancel button where the red x is, which does nothing. but either button will disable noscript if you arent paying attention. this is extremely dirty (dishonest) design, some of the worst ive encountered in a decade. this business belongs in the non-free software world, where it came from. no one should use pm as-is, as it endorses this unusually bad behaviour towards users.

of course, they can choose to regardless.

i got this very atypical, windows-10-upgrade-like dialog first thing in the morning. if id clicked "cancel" (design-wise, it is and would be expected to be, a cancel button) in a groggy moment, which i didnt do-- id be a lot angrier. instead i just stared at the dialog for a minute and puzzled over it. im surprised anyone endorses pm after this.

designing dialogs to trick a less-than-always-vigilant user into doing something undesired should be left exclusively to malware and windows upgrades, where it is commonplace.

8 (edited by zapper 2018-10-13 22:25:54)

Re: I think a palemoon fork would be,

freemedia wrote:

(which you can simply disregard)

i really cant disregard the warning that i left noscript over. it was patently false, discouraged use of an important security feature, and had the disable checkbox checked by default.

noscript does work absolutely fine with palemoon, and the developer was basically lying to say otherwise. the wording of the warning was completely absurd and false and misleading.

i trusted the pm developer to produce a browser that i typed my site passwords into. after that nonsense, i didnt trust him to produce software that i install on my machine. his arrogance level is about 8.5 on the shuttleworth scale. "don't trust us? erm, we have root." to be fair, pm never fed plaintext local search queries to amazon.

following the authors "advice" would be bad for security though. "dont use a plugin that protects you from malicious software, because i get blamed for things not working!"

i try to use software i can actually recommend to people. i cant recommend pm to anyone, because it lies to them and tells them to do things they shouldnt do, which id have to explain "ignore that, hes full of it." pass.

https://web.archive.org/web/20181013165745if_/http://i.imgur.com/7SlNlou.png

the parody of the dialog with the wording flipped. you could disregard the pm dialog like you said (actually design-wise you cant just disregard it, as i will explain) or, you could click "more information" and get lied to a bit more.

i dont think this is an honest mistake. this is a situation where a free software developer uses windows-like lies in a dialog to mislead the user into doing things his way, just for his own convenience or preference. he should go work for canonical. if you dont agree, you dont agree. but i think theres no excuse for it.

note that there are two buttons on the real dialog, that say "restart later" and "restart palemoon."

neither of them uncheck the disable box. the expected behaviour of a dialog like this is to have a cancel button where the red x is, which does nothing. but either button will disable noscript if you arent paying attention. this is extremely dirty (dishonest) design, some of the worst ive encountered in a decade. this business belongs in the non-free software world, where it came from. no one should use pm as-is, as it endorses this unusually bad behaviour towards users.

of course, they can choose to regardless.

i got this very atypical, windows-10-upgrade-like dialog first thing in the morning. if id clicked "cancel" (design-wise, it is and would be expected to be, a cancel button) in a groggy moment, which i didnt do-- id be a lot angrier. instead i just stared at the dialog for a minute and puzzled over it. im surprised anyone endorses pm after this.

designing dialogs to trick a less-than-always-vigilant user into doing something undesired should be left exclusively to malware and windows upgrades, where it is commonplace.

Whoa... people need to complain to them then, if enough people complain maybe he will get his head out of his ass and leave it at, "we don't recommend you use this addon, but we won't stop you"

And do nothing else.  But yeah, It is possible to fix those palemoon issues here, just takens some fixing from our own, Emulatorman, Coade, Luke and their security team.

I still look forward to seeing if its worth it... and I am sure it is, if Emulatorman is on the job.  He won't release it until it is fixed correctly.  ;)

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

9 (edited by aloniv 2018-10-13 22:59:42)

Re: I think a palemoon fork would be,

As long as you don't click remove the add-on is still there - you just need to re-enable it in the add-on list. I must have selected the correct option (with add-on and browser role reversed in the picture you posted) - a similar screen is also sometimes presented when upgrading the browser regarding incompatible add-ons so I am familiar with it. I select to disable incompatible add-ons after browser upgrades as they might become compatible later (or in case I choose to downgrade).

Even if you accidentally removed the add-on you can still re-install it later.

I think a big fuss was made regarding this particular decision which can easily be bypassed without needing to go into about:config and change any system settings. I can understand people being upset over another add-on which sends fake data to advertisers being blocked (which you can probably also bypass but which requires more effort to do so).

When I think of misleading and nasty dialog screens I think of this dialog screen (which popped up recently on a popular proprietary operating system when users tried installing alternative browsers to the default operating system browser but has since been disabled by the company which develops this proprietary operating system following user backlash):

https://www.ghacks.net/wp-content/uploads/2018/09/edge-firefox-chrome-blocks-installation.png

10 (edited by zapper 2018-11-21 04:21:19)

Re: I think a palemoon fork would be,

I checked on the palemoon browser myself, there is a way to turn off the blocklist that the palemoon devs
have in place but it would make more sense to remove noscript from the blocklist if a palemoon fork is possible. If not, have the block list turned off. smile

All in all, I hope a palemoon fork emerges for Hyperbola someday! Both email client like an old thunderbird, and a web browser too.

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

11 (edited by pekman 2018-11-21 06:10:47)

Re: I think a palemoon fork would be,

RequestPolicyContinued is a very best replace for NoScript.

This addon is a mixing options NoScript and Privace Badger.

Is very cool. Test it, y recommend

12

Re: I think a palemoon fork would be,

pekman wrote:

RequestPolicyContinued is a very best replace for NoScript.

This addon is a mixing options NoScript and Privace Badger.

Is very cool. Test it, y recommend

I use both actually just out of caution. smile

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

13 (edited by freemedia 2018-11-23 01:24:41)

Re: I think a palemoon fork would be,

pekman wrote:

RequestPolicyContinued is a very best replace for NoScript.

how does request policy "replace" noscript?

Javascript-based attacks

In addition to disallowing these plugins by default, there are also plenty of security reasons to disallow JavaScript on websites you visit unless you are sure you want to allow it. To help you control when plugins and JavaScript run on website you visit, we suggest using the NoScript Firefox extension. Using NoScript in addition to RequestPolicy will give you a highly secure browser.

https://requestpolicycontinued.github.io/FAQ.html

why would anybody "replace" noscript? people keep talking about replacements, which arent even replacements-- they dont talk about why--

except the palemoon author, who i am happy to straight out call a liar. does anyone actually believe his dialog window?

are they also afraid of this one? http://web.archive.org/web/201811230108 … _thumb.jpg

is it because palemoon is very stupidly (allegedly) incompatible with noscript (a flatout lie) or is there a non-palemoon-related reason?

are you really letting someone fork mozilla in way that (allegedly) makes noscript incompatible? because if i wrote a bash script, and someone rebranded bash and lied to people that the script was "incompatible" just because he was tired of being asked a question about it-- id stop using their garbage. but i wouldnt believe them, after i ran the script and it worked just fine.

there never was a compatibility/stability issue-- he is disguising his dislike of a plugin as a bug, rather than his opinion-- its just lies. would someone please show how the palemoon author is not lying, before making their software choices based on something that is easily demonstrated to be be false.

this is how you fix stuff in the windows/non-free world-- someone decides what youll use, and then you find a workaround. and its arbitrary, and dishonest.

seriously, why isnt palemoon being blacklisted? its not a rhetorical question-- id love it explained. i was using that piece of garbage (every day) until this happened. help me understand.

perhaps theres a detail i missed. which one would that be? im really asking-- this matter is unclear.

how is what the palemoon dev says about noscript anything other than fud? in what way are a single of his claims accurate or honest? not one of these questions is rhetorical-- theyre too important to be rhetorical.

1. why would you let one dev dictate which plugins you use?

2. why wouldnt you use noscript, and recommend requestpolicycontinued to "replace" it, when rpc itself recommends using it with noscript?

14

Re: I think a palemoon fork would be,

"seriously, why isnt palemoon being blacklisted? its not a rhetorical question-- id love it explained. i was using that piece of garbage (every day) until this happened. help me understand.

perhaps theres a detail i missed. which one would that be? im really asking-- this matter is unclear.

how is what the palemoon dev says about noscript anything other than fud? in what way are a single of his claims accurate or honest? not one of these questions is rhetorical-- theyre too important to be rhetorical.

1. why would you let one dev dictate which plugins you use?

2. why wouldnt you use noscript, and recommend requestpolicycontinued to "replace" it, when rpc itself recommends using it with noscript?"

I personally don't think palemoon is bad, rather given that it is based off of firefox 26 and has a useragent built in to subvert the issues of old firefox/basilisk version, aka it doesn't read as outdated browser...

Yes they are dishonest regarding noscript, but Hyperbola developers can fix this siutation easily for their fork.  As for, 1: and, 2:

I agree with both of your arguments. 

But yeah, I don't think you understand why a fork of palemoon could be useful.  There are other things however... I think would be worth exploring too. Obviously though you need to have some addons downloaded though. Long story short:


Don't write off palemoon's browser for use as a fork.

Swiftweasel branding + palemoon and only XUL + Hyperbola tweaks = GOLDEN!

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

15

Re: I think a palemoon fork would be,

@freemedia NoScript is functional for you, use it. For me, is very bugged.

16

Re: I think a palemoon fork would be,

zapper wrote:

Don't write off palemoon's browser for use as a fork.

just to respond, i dont write off a fork of anything, if:

1. its not to absurdly suspect in the first place (i dont think palemoon is, so its fine on that one.)

2. it addresses the important concerns (usually possible, so go right ahead)

3. it serves some reasonable purpose (im not sure what that would be in this instance, but by putting it here i hope its clear im open to the possibility.)

and this goes far beyond the example in question.

it sounds like you want xul-- im not sure why thats important to anybody at this point, but im not against it per se.

pekman wrote:

@freemedia NoScript is functional for you, use it. For me, is very bugged.

fair enough, if its not working for you. i wish i knew more about its flaws (ive never heard of any) but this isnt a challenge, its real curiosity.

that doesnt obligate you to explain or anything. if an everyday user tells me theyre having problems with a piece of software, im inclined to believe them. if their solution is to use something else, i dont take issue with that.

17 (edited by zapper 2018-11-23 22:28:15)

Re: I think a palemoon fork would be,

"Don't write off palemoon's browser for use as a fork"

Freemedia:

"just to respond, i dont write off a fork of anything, if:

1. its not to absurdly suspect in the first place (i dont think palemoon is, so its fine on that one.)

2. it addresses the important concerns (usually possible, so go right ahead)

3. it serves some reasonable purpose (im not sure what that would be in this instance, but by putting it here i hope its clear im open to the possibility.)

and this goes far beyond the example in question.

it sounds like you want xul-- im not sure why thats important to anybody at this point, but im not against it per se."


Me:  Xul has no chromium parts to it aka google, and is more secure/private.  There are issues with webextensions which I know little about, but also, Palemoon appears to be the lightest firefox based browser out there. 

As for 1-3,   Glad to hear it, but yeah, palemoon developers may have their faults, but at least we can escape the fingerprinting and bloat from firefox that mozilla keeps forcing down peoples throats.

Hyperbola plans to further debloat any firefox based browser they fork.  Basilisk, Palemoon, etc... 

and for that matter any mozilla xul stuff.  smile

PS, If you want to know why webextensions is so bad, I recommend you ask Emulatorman or there is this:

https://bugzilla.mozilla.org/show_bug.cgi?id=1372288

WebExtensions UUID can be used as user fingerprint essentially...

I bet more problems will show up in the future too...

That is why I avoid webextensions. It seems like it has similiar problems to systemd in the sense of it was a stupid change to make. aka unnecessary...

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

18

Re: I think a palemoon fork would be,

thats horrible. particularly sad is this comment from veditz:

The random UUID needs to be created at startup so that any tracking is limited to a session.

um, hello... a per-session random uuid would only connect together every website you visited in that session. so to thwart it, AFTER veditzs (hypothetical) compromise, youd still need to close the browser and open it again after each website you went to.

theyre building a supercookie into the browser.

iceweasel-uxp fixes this? what about icecat? i want to know the name of every browser (old versions dont count, so thats not firefox) that DOESNT have this. it should be a short list. but i want to know about the latest icecat. also, does palemoon turn it off? can it be turned off in about:config? i dont expect you to have every answer here-- youll understand if i ask either way.