I'm also so overstressed and worried that can only sleep on Xanax and have an asthma flare-up that looks like covid19 symptoms at times, adding to the anxiety.
This will be a good and needed change, but it can wait.
Consider an old organization with hundreds of old systems, that can be fairly critical. Nobody understand or is willing to do the work. To their credit, TLS and cryptography is really difficult.
So don't be surprised that things will be fixed... after they're noticeably broken.
This makes a lot of sense. Normally, browsers moving together to turn down an old and insecure protocol would push the last few sites to update, but with everything being a mess because of the coronavirus this isn't a good time.
(Disclosure: I work for Google)
No thanks. How do they do this, and how do I stop people from being able to remotely "manage" my Firefox install?
Mozilla, please, I want a browser that I, as a "power user" can manage. Not an idiot-proof remotely managed on-prem SaaS.
Note: I and I'm sure many others would donate meaningful amount of money, if it could be restricted to categories of use, such as Firefox development or Rust development. You don't have to become a service vendor to wean off Google.
Then you need to accept that Firefox will linger at a very low number of users and many of those users will be left with insecure browsers because they fail to update them properly. Maybe that's a fine thing, but that's the world you need to accept if Firefox is explicitly targeting power users.
Firefox is already providing automatic updates. Would it be so bad to release a point version (do they even to that anymore) instead of a remote preference change?
Still, it's not exclusive - they could do both, while providing a clear power user mode, where you may need to update, because they don't do such shenanigans.
It's not an idle offer - I'm offering 1k€ to properly document user prefs and not second guess their setting (could be a compile time switch, possibly with altered branding, but on a supported/LTS versions). Anyone want to set up a gofund me or something?
Good for most consumers. Not necessarily so, if you are managing it.
And I see a new Firefox about:config preference:
The points of standards are to get the entire industry to adopt them. When the browser vendors come together and agree to all do the same thing, that's not one vendor flexing its muscles, that's standards working as intended.
no, bad standards are flat-out bad for users.
lots of text files being written in ascii, for example,
and 'ASCII is from 1963!'
There’s an element of carrot and stick here, the browser vendors sometimes have to push people in the right direction. I think they’ve made the right call both in pushing for deprecation and altering their plans when circumstances have changed.
TLS 1.0 and previous protocols have been prohibited from usage since around 2017 by PCI DSS and most regulations. Any company that gets a basic security audit or self-submit their website to https://www.ssllabs.com/ssltest/ would have been red flagged for using TLS 1.0 for years.
I've worked on the TLS upgrade in some financial institutions that notoriously always lag behind and even them have been ready for a while.
At this stage websites stuck on TLS 1.0 are either unmaintained for years or purposefully trying to support a Windows XP and Java 7 audience.
Or are using Heroku Automated Certificate Management https://help.heroku.com/G0YVUNPG/how-do-i-disable-support-fo...