Bonum Certa Men Certa

Mozilla Finishes Sabotaging SeaMonkey. Highlights From IRC and SeaMonkey Meeting Minutes.



Reprinted with permission from Ryan Farmer

F

rom IRC and the Meeting Notes for today.



First off, Mozilla is “cutting SeaMonkey loose” and not allowing them to use any infrastructure soon. I think they’re just angry that the Suite they threw away in 2006 gets updates and is still cooler than Firefox.



Mozilla finally decided to fully cut us loose in Q3. Formally and legally this is all in order.



  • Source code will probably be removed from comm-central because it seems parts of MZLA and/or the Thunderbird council are eager to do the same.


  • Fortunately we are mostly independent already and it will not affect the 2.53 line or building releases.
    • Depending on when this will happen we will have a deplayed release and maybe broken updates for one release too.


  • If this happens it is unlikely we will pursue upstream fixes for suite any longer and just concentrate on the 2.53 fork


  • We need to find replacements for bugzilla, translations via Pontoon, add-on and the distribution site.
    • Reviews for SeaMonkey add-ons seem to no longer be done anyway. We don’t have any access there.
SeaMonkey Meeting Minutes for August 20, 2023


There were also some disturbing notes about the status of SeaMonkey’s infrastructure:



Our infrastructure is using Azure.



  • ewong has been looking at Kallithea, RhodeCode and other similar tools which are needed later to automate source code management for non mozilla repos (tools, website and others).
    • Also evaluation of Ansible and Terraform going together with it is done.
SeaMonkey Meeting Minutes for August 20, 2023


Usage of Azure for anything is troubling, as it’s just not possible to make Microsoft products secure.



 According to data from Google Project Zero, Microsoft products have accounted for an aggregate of 42.5% of all zero-days discovered since 2014.



Microsoft’s lack of transparency applies to breaches, irresponsible security practices and vulnerabilities, all of which expose their customers to risks they are deliberately kept in the dark about.



In March 2023, a member of Tenable’s Research team was investigating Microsoft’s Azure platform and related services. The researcher discovered an issue which would enable an unauthenticated attacker to access cross-tenant applications and sensitive data, such as authentication secrets. To give you an idea of how bad this is, our team very quickly discovered authentication secrets to a bank. They were so concerned about the seriousness and the ethics of the issue that we immediately notified Microsoft.



Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers’ networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the service.



That means that as of today, the bank I referenced above is still vulnerable, more than 120 days since we reported the issue, as are all of the other organizations that had launched the service prior to the fix. And, to the best of our knowledge, they still have no idea they are at risk and therefore can’t make an informed decision about compensating controls and other risk-mitigating actions. Microsoft claims that they will fix the issue by the end of September, four months after we notified them. That’s grossly irresponsible, if not blatantly negligent. We know about the issue, Microsoft knows about the issue, and hopefully, threat actors don’t.

-Tenable CEO Amit Yoran “Microsoft: The truth Is even worse than you think”


It’s good that they’re getting away from Azure for building the binaries from their official Web site (apparently?). Should have never used it. Have no idea what Microsoft might be stuffing in there and there’s no reproducible build data that comes with the binaries, afaik.



Unfortunately, they also consider Azure CDN for hosting the binaries themselves. *facepalm*



Some Capacity planning to find the best price/performance ratio is carried out.



  • Other than azure hosting options because of price are also evaluated.


  • ewong started to look at Azure CDN as a download server.
-SeaMonkey Meeting Minutes for August 20, 2023


Mozilla has “stopped testing” 32-bit Linux builds of Firefox, but SeaMonkey plans to stop providing 32-bit builds on any platform as well, it seems. It affects SeaMonkey even more because it’s single-process and the Web is so bloated and full of trash that 4 GB of RAM is no longer enough to contain all of the shit people are loading in a Web browser.



frg proposes to end 32 bit release support in 2024. Main reason is that modern websites are memory hungry and the 32 bit only architecture cause more and more oom crashes and subsequent complaints. Mozilla recently stopped testing Linux x86 releases too.



  • No consensus reached about it yet. So far building it is possible with gcc 8.3.1 under CentOS 7 and clang under Windows.
-SeaMonkey Meeting Minutes for August 20, 2023


An interesting insight into Mozilla’s Firefox build process. It seems they no longer use shit-ass Windows to create builds for shit-ass Windows. They cross-compile them from Linux in a process that needs Wine? :/



Mozilla switched Windows builds to cross compile on Linux.



  • This would need backports but is not 100% native (needs Wine). So currently no plans to do this for SeaMonkey.


  • Discussion for later when setting up jenkins. Even buildbot had some version specific files outside the tree.
-SeaMonkey Meeting Minutes for August 20, 2023


Some talk about wanting to eliminate excessive different compilers.



Microsoft compilers are garbage and the way I understand it, since 2019 they shove telemetry crap in your program whether you want it or not.



When I was looking at WavPack binaries for 64-bit Windows, I ended up using the MinGW builds that were cross-compiled from Linux because Microsoft’s compiler added bloat, ran slower on the CPU, and also pointlessly dropped Windows XP support (both 32-bit and 64-bit x86) although the MinGW builds were smaller, faster and even run on Windows 2000.



To reduce the use of different compilers we are looking into compiling future 2.53 Windows releases with clang 14 or later.



  • Currently CentOS 7 can not use the mozilla provided compilers because of a downlevel libstdc.


VS2022 is supported since 2.53.10b1 pre but building is spotty because of changes in new compiler releases.



  • The Windows build server will not be switched to it for now and currently compiling with it is broken.
-SeaMonkey Meeting Minutes for August 20, 202


Needs User Agent Hacks, per-site. This tracks with what I’ve experienced. Globally advertising Firefox UA is radically destructive. Currently, I advertise Firefox 102.14 ESR and then set per-site UAs to something else as-needed through about:config. This is advanced user stuff that most people wouldn’t want to do. I mentioned that I do this for GMail in an older blog post so Google’s “Secure Apps” shuts the hell up and gives me my email.



Because of bad user agent sniffing we updated the base UA version some time ago from Gecko 68 to 91.



  • Youtube no longer seems to display correctly for some users only advertizing Firefox in the UA.


  • Further enhancements are planned for a later release in bug 1737436.


  • We want to implement overrides for bad web sites like Waterfox does using a json file containing the UA replacements.
    • The Fedora maintainer already added some of this and we will likely use this in the official release.
-SeaMonkey Meeting Minutes for August 20, 202


Google is being nasty and especially with YouTube. There’s major jank and I usually use it through Piped or Invidious proxies. It’s very helpful that my search engine, Searx Belgium, directs me to Invidious or Piped and also to Old Reddit, as these aren’t rotting bloated trash meant for Google Chrome. I ended up activating Web Components even though it’s not ready because it makes github and gitlab work again.



We are looking into adding support for Custom Elements and Shadow DOM in a later release. No ETA yet.



  • What is there has been activated in the current prerelease for testing. Shadow Dom support is mostly still missing.


  • Google owned/based websites like youtube are likely to break because of this in the near future. There are already reports of broken functionality on youtube.


  • Some good progress has been made and sites which do not need shadow dom start to work with dom.webcomponents.customelements.enabled and dom.webcomponents.enabled set to true.
-SeaMonkey Meeting Minutes for August 20, 202


The situation for add-ons is horrible. Fortunately, old versions of ublock origin and NoScript work for me, and those are the only really important extension types anyway.



SeaMonkey can’t easily handle all of the JavaScript Garbage anymore considering that it doesn’t just hide the mess on other processor cores like Google Chrome and Firefox do.



Without the ads and JavaScript Crap, SeaMonkey normally works fine for me. I route my news and weather to the Gemini resources from gemi.dev over mozz.us’s Web proxy. Then I can get those without the absolute shit show that unfolds in a sad modern browser. There’s a gopher proxy that proxies Reddit to Gopher then mozz.us proxies it back into the Web.



My dad always said where there’s a will there’s a way around it. I took it to heart.



Of course sometimes I just access this stuff over Lagrange. It’s a browser for Gemini and Gopher, which don’t suck. You can read Reddit on Netscape Communicator 4 through Gopher through the native gopher support. Unfortunately, the images can’t be grabbed unless you have a TLS proxy like Crypto Ancienne.



There’s no technical reason why you can’t access information from the Internet except they want to be a big fat goddamn pain in the ass unless you’ve updated your browser 10 times this month and buy a new computer every few years that you shouldn’t need so you can deal with fucking Reddit again.



It’s all spyware and tracking nonsense. It’s basically the only reason you need new computers and the browsers that run on them.



If you’re not fighting them, you’re helping them, and Mozilla isn’t fighting them.



Mozilla claims they have a security app for Linux and can’t figure out what the root account does. (I swear the only reason I write these articles is the opportunity to make some sick burns.)



Anyway,



  • WebExtension support in SeaMonkey is tracked in bug 1320556.
    • Work on theme or extension support has not started.


    • Support for Webextension dictionaries and language packs has been added.


    • Manifest v3 support will be mandatory in 2023. Google will no longer accept new extensions using v2 in 2022.
      • We do not plan to support this in the near future.


  • NoScript Classic 5.x is still available. Currently 5.1.9.


  • uBlock Origin is still available. The latest classic version is currently 1.16.4.30.


  • Session Manager is still being updated. Latest version is 0.8.1.14 and supports SeaMonkey 2.53.x.


  • Enigmail is supported again. Big thanks.


  • The Stylish forks stylem and stylem df version work in 2.53.13.


  • DownThemAll fixed 3.1.2 version for 2.53.10 and up.


  • Palefill generic polyfill can be used for accessing github, gitlab and other broken sites. Latest working version version is 1.23. Later versions are no longer working in SeaMonkey because of the developers decision to not fix some incompatible changes. Please disable updates or uninstall it.


  • github-wc-polyfill can be used for accessing github and gitlab. Both need Custom Elements support right now. Latest version is 1.2.19.
    • The add-on is outdated.
-SeaMonkey Meeting Minutes for August 20, 202


Finally, from IRC…



I gather that 2.53.18 will be a decent-sized release. 2.53.17 seems to have just cleaned up some build environment garbage and made a few changes to JavaScript and such.



More Web platform stuff seems to be on its way.



[8/20/23 09:22] Status of the SeaMonkey Source Tree
[8/20/23 09:23] All building I think. Need to do some central checkins but was real busy in the last weeks.
[8/20/23 09:24] Trying to get SpiderMonkey updated for 2.53. Great progress locally but not yet fully stable with the latest regexp stuff.
[8/20/23 09:28] Not much else here from me for source. But updating masters in git and hg is still just a matter of time. patching becomes slow.
[8/20/23 09:29] what’s the next big Javascript shiny in the radar?
[8/20/23 09:30] * njsg imagines Oracle implementing a JVM on top of Javascript
[8/20/23 09:31] tomman bigint and dynamic modules. But I need to fix my local queue first.
[8/20/23 09:32] dynamic modules are indeed getting a pest, thankfully the regex stuff seems solid on the .18b1 builds
[8/20/23 09:33] tomman yeah crahses pretty fast now in my queue so this needs to work.
[8/20/23 09:33] I either need to fix it or put more stuff in so that the original stuff applies clean(er).
[8/20/23 09:34] Release Train
[8/20/23 09:36] 2.53.17 is done. Wonder if we should do the next beta fast to get the regexp stuff out. Missing support now breaks tons of sites.
[8/20/23 09:39] probably
[8/20/23 09:40] Let my try to fix my queue and if not we do it next week.
[8/20/23 09:41] frg: yes, it would be nice to get your local queue in
[8/20/23 09:44] Extensions Tracking
[8/20/23 09:45] The pref changes still cause fallout but nothing else I think. Fortunately an easy fixer.

Recent Techrights' Posts

All the Red Flags in New Linux Foundation Report
How telling...
[Meme] Shooting the Messenger
"you needn't refute the message, just take out the messengers"
Software Freedom Conservancy (SFC) Associate Sued Us for Publishing Perfectly Accurate Article About SFC; We Sued Them for Harassment
SFC and its associates aren't nice people
Fantastic Journalism by Brian Fagioli
A lot of today's Web, even "news" sites, is spam
The Free Software Foundation (FSF) Has Raised More Than Three Times More Money Than the Software Freedom Conservancy (SFC), Which Mostly Gets Money From Corporations, Including Microsoft
Do not donate any money to copycat organisations. It's worse than money down the river because your money might get spent attacking and even defaming the originals.
 
In France, Android Skyrockets to 52%, Windows Falls to 26%
even in rich countries across Europe Windows is rapidly losing "market share"
When News Sites Become Shopping Catalogues Disguised as 'Reviews' or 'Articles'
Sometimes Fagioli uses HEY HI (AI, LLMs actually) to make 'articles' about HEY HI
Three Months
Next week on Tuesday our sister site turns 20.5
[Meme] Hit and Run with SLAPP
Microsoft staff versus Techrights
[Meme] When You Go Against Corporate Front Groups and Shills of Moneyed Interests (EDRi is Microsoft-Compromised Now)
The "golden rule" is, follow the gold
The Register Exposed Many IBM Scandals, Lawsuits, and Secret Layoffs. Now IBM Pays The Register.
Hush money?
IBM Told the Media the Secret Mass Layoffs Would Carry on Till End of November, But They Still Happen This Month
"My team of 9 people had 4 regulars and 5 contractors. All contractors gone."
Links 06/12/2024: Promotion of Fake and Illegal Patent 'Court' (UPC), South Korean Strikes, and More Bailouts at Taxpayers' Expense
Links for the day
Gemini Links 06/12/2024: Shrinkflation and Working at Google
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 05, 2024
IRC logs for Thursday, December 05, 2024
Techrights Does Not Forget
Techrights has many anti-censorship mechanisms
Windows Has Fallen to All-Time Low in India
In India, only about 1 in 8 Web requests comes from Windows
Microsoft Criminals: Law Enforcement is the Real Problem
deflecting the issue and resorting to projection
[Meme] They Dropped the L (Libre and Law)
SFLC, could I borrow 75% of your letters?
Companies That the Software Freedom Conservancy (SFC) Will Censor the Community for, Using Their Very Large CoC
also exploiting poor (and sexually abused) women from eastern Europe
Software Freedom Conservancy (SFC) Has Asked a Blogger to Delete This Page About the SFC, So We Reproduce It in Full Here
Censored article
Increasing Productivity With Less Hardware, Little Power, and Fewer CPU Cycles (and Far Less Digital Waste in General)
A lot of people who glance at our PCs (as they visit us) act a bit baffled, as much of what we're using is a bunch of terminals and some text editors
Gemini Protocol Keeps Getting Better (Less and Less Reliance on Centralised Certificate Authorities)
Reliable systems do not depend on third parties, only themselves
Why We Moved to Perl and Dumped PHP Last Year
Elongating the lifetime of the underlying stack
Links 05/12/2024: Explaining the South Korea Chaos and French PM Barnier's Government Already Disintegrating
Links for the day
Gemini Links 05/12/2024: Domain Changes, Griping With Haskell
Links for the day
Links 05/12/2024: Mass Layoffs at Microsoft's PR (Bribery of Media) Agency, UnitedHealthcare CEO Shot Dead
Links for the day
GNU/Linux news for the past day
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 04, 2024
IRC logs for Wednesday, December 04, 2024
Links 05/12/2024: Formaldehyde and Cancer, US and China Boycotting One Another
Links for the day
Gemini Links 05/12/2024: Hermeticism, Living in the Shell, and More
Links for the day
At the OSI, Microsoft Operative (Funded by Microsoft) Promotes Proprietary Software of Microsoft
The OSI is deeply corrupt. The good news is, it's barely hiding it anymore.
It's FOSS? No, It's SPAM.
Another sellout
Links 04/12/2024: Social Control Media Thoughts, Enrons of 2024, and More
Links for the day
Gemini Links 04/12/2024: Soviet Esotericism, Mikrotik is Awesome, and More
Links for the day
Techrights is Officially an Adult
this site's eighteenth anniversary
Technology: rights or responsibilities? - Part IX
By Dr. Andy Farnell
Many Geeks' Achilles Heel: They Don't Take Computer Breaks
Life can get longer if you stay healthy
[Meme] Silicon Valley's "Successful Businessmen"
Debt is not a currency
Visualising About 0.7 Trillion Dollars of Debt in Supposedly "Successful" Tech Companies
If they're doing so well, how come they borrow so much money (which some would struggle to pay back or never manage to pay back)?
Single-Digit Microsoft: Windows Finally Falls Below 10% in Angola
it's only a matter of time before Windows is down to 5%
Coming Up With Topics to Cover and Issues to Comment on
Socialising is a big part of it
In Asia, Microsoft's Bing Became Smaller Than Yandex and It Shrinks Every Month
How long before Microsoft pulls the plug on Bing?
[Meme] Far From What Was Originally Intended
Makes site about RMS; Deletes his own 'site'
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 03, 2024
IRC logs for Tuesday, December 03, 2024
Illuminating Microsoft's Dirty Tactics
Criticising illegal things that Microsoft does can be classified as "Microsoft bashing" or "hatred"
Proof That Drew DeVault Vanished From Mastodon After the RMS Attack Site Was Linked to Him (and People Pointed Out DeVault's Fascination With Animated CP, Drawings of Naked Kids)
We assume he just wanted to vanish from Mastodon
Maybe Bill Gates is Getting Demented Like His Late Father (He Says Things That Are True But He's Not Supposed to Say in Public)
It happened in a podcast with Reid Hoffman
We've Clearly Struck a Nerve
Microsofters and Microsoft proxies have meanwhile lost their temper