[CentOS] C5 : Firefox 38 bug

Fri Jun 12 19:35:26 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Fri, June 12, 2015 2:03 pm, Jonathan Billings wrote:
> On Sat, Jun 13, 2015 at 12:38:35PM -0600, jd1008 wrote:
>> I was just using that as an example of damaging javascripts.
>> The current version of noscript no longer tells the number of
>> javascrits that are blocked out of the total (per web site).
>> In the older versions, I would dlete all entries in the visible
>> whitelist, and would visit new websites. It would list some
>> n javascripts blocked out of m scripts.
>> Clicking on 'options' tab on bottom, I would not see the
>> 'allowed' scripts listed.
> So, you're scaring people away from a privacy-enhancing tool with
> unprovable claims of a hidden whitelist?  Which I can't find in the
> javascript source of the XPI?  Also, based on your conversations with
> someone who worked at a company that hasn't existed since 2009?
> I get it, you've got some concerns about the security of the web
> model.  But adjust your tin foil hat, you're picking up Fox News on
> that thing.
> For the record, I use NoScript, Ghostery and uBlock, and am happy with
> the experience (for the most part).
> I also heavily use Firefox profiles, and only use a completely
> separate profile for certain operations, such as online banking.  I've
> been playing with using the SELinux sandbox program too, but its just
> too convenient to be able to copy-paste into firefox, which sandbox
> blocks. I don't use the same profile for Facebook (*sigh*, yeah) and
> just random browsing.  I'm certain that a certain amount of private
> information leaks out when I'm browsing forums or catching up with the
> news, but unfortunately, that's the tax you pay when you use the web.

Speaking of privacy... I would recommend people to check out tor project:


they have nice browser (codebase of which is Mozila Firefox, - they didn't
find better workhorse yet...). One  privacy aspect that wasn't mentioned
here is you internet provider being able to see your traffic (destination
at least) and analyze that. This is what tor project helps with. But other
aspects are also well lit on their website, including what information you
disclose yourself (often even not realizing that).

I hope, this helps someone.


> I'm fairly certain that io9.com isn't reading /etc/shadow on my
> computer.
> --
> Jonathan Billings <billings at negate.org>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247