logs archiveIRC Archive / Freenode / #firefox / 2015 / July / 9 / 1
user1138
why is FireFox such a piece of crap?
It hasnt been stable for years
kbrosnan
crash ids? https://support.mozilla.org/en-US/kb/mozillacrashreporter
Duderino_
Good evening
How do i bypass the Diffie-Hellman page now?
I'm trying to login on a website but i get that message
and i really need to access that site
shouldn't we be able to say if we want or not to using the certificate
*use
kbrosnan
Duderino_: try security.tls.insecure_fallback_hosts
Duderino_
it's empty
shall i set it to true?
kbrosnan
it is a string. site.tld,site2.tld
Duderino_
hmmm
i see
i'll try
Peng
I might point out that the reason you can't connect to that website is because it's using insecure crypto from 20 years ago
Duderino_
i know
and it's state job search site
lulz over 9000
         

Peng
(Action) cries
Duderino_
already sent them an email
it's like they don't even use the site
hmmm
didn't work
i'll go there personally
zzzz
thx anyway
good evening
RPiAwesomeness
I have a question for any FF devs/spokespeople in here. Why does Firefox not support VP9 and similar formats for HTML5 video?
b0at
apparently it is supported in nightlies
judging by the fixed bug that comes up when you search for vp9 on bugzilla.mozilla.org
RPiAwesomeness
Ah, well that's good. Why'd it take them so long? It's been in Chrome & IE for ages.
b0at
https://bugzilla.mozilla.org/show_bug.cgi?id=833023#c49 notes how to enable it, though that's a month old so dunno where it's at now
google had a hand in developing it, and microsoft is willing to pay licensing fees quickly, i'd imagine. or ms added it to windows and firefox just turned on
MSE everywhere this last spring
RPiAwesomeness
Ah.
b0at
if you want an official answer, ask on #firefox on irc.mozilla.org
RPiAwesomeness
Ah, thanks.
Mo0O
hi there, do you know if it's possible to lauch firefox from CLI but in "blocking" mode, don't return the prompt?
by reading the help message it looks not
b0at
in linux i think that's the default, unless the wrapper bypasses it, in which case the wrapper could be modified
in windows, you'd need to wrap it and wait for the child process to exit
Mo0O
thanks b0at
it's not the default on archlinux, at least
;)
b0at
if `which firefox` is a shell script, you could try copying that somewhere and see if it does anything obvious like "/usr/bin/firefox &" somewhere
Mo0O
b0at: do you know how can we modify the wrapper?
ah ok
I see
b0at
or whatever the actual executable is
auscompgeek
b0at: /usr/bin/firefox hasn't been a wrapper since the 3.0 days
b0at
oh ok
auscompgeek
or something.
b0at
some distros still seemed to use them, but arch wouldn't in that case
Mo0O
which firefox return `/usr/sbin/firefox` which is a binarie
         

auscompgeek
not even ubuntu has a shell wrapper
Mo0O
auscompgeek: do you know how can I fix this?
auscompgeek
there's nothing to fix :P
Mo0O
yep, but do you know how to launch firefox from CLI without returning the prompt?
"blocking" mode
auscompgeek: ^
auscompgeek
launch a new instance :P
Mo0O
auscompgeek: great, thx ;)
b0at
hm, for me it doesn't return in arch. it dumps its messages and there's no shell
Mo0O
b0at: yes, it return the prompt only if an instance is running
my bad
b0at
oh, i see
yeah, the second instance just passes off to the first
Mo0O
exactly
b0at
you could start a separate instance with -no-remote
but to keep a passing-off instance around, you'd need to edit a little code and rebuild firefox
(or write a little script that simulates that behavior to a program which thinks it's calling firefox)
Mo0O
thx b0at, -P --no-remote --new-tab foo.com # does the trick for me ;)
Mo
Cork: Hi, I need an expert. Starting Firefox breaks my vmware Workstation Multiscreen (Win7 host, Linux VM). Then re-enabling multiscreen work, but using maps.google.com it breaks again.
maps.google.com is the only site breaking. FF is the only app that breaks multi-screen when starting.
b0at
hardware acceleration?
Mo
What does FF do here? I thought about the XSHM or --remote stuff, maybe, but disabling --remote doesn't help.
b0at: Wow, thanks. Calling glxgears is the same issue. Good hint, I file that as vmware-bug.
https://github.com/vmware/open-vm-tools/issues/15
twb
$user reports on upgrading from ff 34 to 38, ff hates my autonomous CA cert (sec_error_bad_der). libnss3-tools (tstclnt), gnutls-bin and openssl (s_client) are all still happy.
How do I get more details about why firefox hates my cert?
Where is the user's cert database stored (e.g. ~/.pki ?) -- can I inspect it with e.g. certutil -d "sql:~/.pki/nssdb" -l ?
auscompgeek
$firefox_profile/cert8.db
twb
Where can I find a list of things firefox does that its underlying TLS/x509 implementation doesn't (by default) do, so I can avoid similar issues in the future?
Cork
twb: what ciphers are you using in the cert?
twb
sec
RSA-SHA1 --> http://sprunge.us/VXEV
IIRC I couldn't use anything newer because the prod servers are too old
They're definitely too old for ECDSA; not sure about SHA2
http://sprunge.us/PZWE is one of the the host certs (signed by that CA)
certutil -d .../ -L reports ==> Cyber IT Solutions - Cyber IT Solutions CT,c,c
When I compare it to a nss3 database I created by hand, I only see "Cyber IT Solutions C,,"
Cork
twb: support for RSA-SHA1 was dropped in ff32
twb
Cork: So maybe $user lied when he said it worked in ff34
Cork
firefox requires stronger ciphers for the certs
twb
OK
Cork
https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/
twb
That gives me more ammo for my "can we please upgrade prod" campaign :P
Cork
:)
« prev 1 2 3 next »