mozilla :: #nightly

8 Aug 2017
06:36decebalusThat's incredible: I can't login to mozilla own chat "mibbit" because of "security connection" (on the latest nightly):D
06:37decebalusthis is madness
06:38Seburo(Mibbit is not a Mozilla service)
06:38j605use something else, I don't think mozilla owns mibbit
06:38j605irccloud,kiwi etc or get a native client like hexchat
06:42decebalusI like "mibbit" because is very customisable, has sounds for different events.etc
06:43Caspy7still not Mozilla's
06:43decebalusthere is no way to add exception?
06:47j605decebalus: https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
06:47j605> If you experience this problem, contact the owners of the website and ask them to update their TLS version to a version that is still current and still secure.
06:50Caspy7j605: in this case, the issue is not occurring on Release or Beta (which wasn't mentioned but I tested) so it's something to probably file a bug on
06:52decebalusNow I'm on an earlier version of Nightly wich works ...I talk here trough "mibbit"
06:55j605I checked too but thought they disabled a lower version of TLS in the latest nightly
06:56j605then is it ok for decebalus to file a bug then?
07:00decebalusOn..no..I don't file bugs anymore, I'm sick of that , I just use this earlier Nightly version
07:05ajadecebalus, probably cuz it's trying 3DES
07:05ajaat least that's what Chrome says
07:06ajai don't think latest NSS supports 3DES anymore
07:06j605torch it with fire
07:14ajasee bug 1386754 (you can probably flip a pref, for the time being)
07:14firebothttps://bugzil.la/1386754 FIXED, jjones@mozilla.com Disable 3DES in TLS Handshake for Nightly builds
07:15ajafyi...it's probably headed to beta, too, shortly
07:16ajabut yeah...time to replace mibbit if they don't upgrade
07:26ajaactually, it's still in NSS. pref disables it in PSM
07:39decebalusTio hell with mozillas's exaggerated security obsession
07:47ajawell...mibbit does get an F on SSL Labs (for several reasons)
07:47Porkepixdecebalus: No exageration
07:47Porkepix3DES is broken crypto for more than a decade
07:50PorkepixIf we could get rid of that as well as sslv3 everywhere, it would only be better for everyone
08:12decebalusPorkepix: I personally I'm not agree with this approach from Mozilla regarding to security level, this approach can made more bad than good
08:12Porkepixdecebalus: Why so?
08:12PorkepixConsidering Mozilla isn't the only one on the move
08:16decebalusNot all browsers at so exagerate level..I have other 4 browsers to my desktop..no one have this "issue"
08:17fwiw:)
08:17fwiwdecebalus: would you tell use what's those 4 other browsers?
08:19decebalusIn fact 5 browser considering Edge
08:22fwiwPorkepix: also as casual user, what made it broken? or probably what could go wrong if that's being keep?
08:26Porkepixdecebalus: Yes. Do you use development versions of the other ones you're mentionning?
08:26PorkepixAfaik Chrome is gonna apply the same restriction in the same time or not far
08:26PorkepixFor example
08:27Porkepixfwiw: Crypto easy to break, algorithm and keys are pretty low now and there are many known flaws
08:27Porkepixsslv3 is weak to MitM (Man in the Middle) too
08:28ajaonly 0.18% of servers fall back all the way to 3DES, according to the bug.
08:29fwiwnot the same thing, but this kinda reminds me of https://www.reddit.com/r/programming/comments/60jc69/company_with_an_httpserved_login_form_filed_a/
08:31decebalusPorkepix: I don't use Chrome for years..but tried on Opera/Vivaldi/IE11/PaleMoon/Edge -all stable editions..I don't have technical skills but I'm advocate to "catch-him or stop him if it try"-ideology..not too much prevention. So let the AV's tot do her job.
08:32PorkepixPalemoon is a fork of Firefox
08:33decebalusyes..I know that, is my main browser still..but works way better than Firefox
08:33fwiwPorkepix: is Disabling 3DES at the same time a coordinated effort?
08:34Porkepixfwiw: I know they did it with SHA-1 on SSL certs, I don't know for 3DES. Looking at the bug light give useful informations. Currently looking if other browsers plan to do it too, but it definitely would make sense
08:35Porkepixdecebalus: I don't get what you mean with catch-him or stop him
08:35decebalusPorkepix: I mean about viruses/malware/phishing..etc
08:37decebalusPorkepix: sorry, I;m not good in english:/
08:39Porkepixs/light/might/
08:40Porkepixdecebalus: Okay. Let's put aside the viruses/malware/phishing part. Using a wifi with not-nice people on it? Global surveillance?
08:40PorkepixLet's stop them too? How?
08:41PorkepixYou know there are way stronger securities we could make use of (HSTS, HPKP and a lot stronger protocols and ciphersuits). But those aren't used that much yet
08:45Porkepixhttps://bugzilla.mozilla.org/show_bug.cgi?id=1227524
08:45firebotBug 1227524 NEW, nobody@mozilla.org Establish deprecation date for 3DES
08:45decebalusPorkepix: do that only for people hwo use wifi (an option to enable...this kind of security level for hwo wants) I don't use wifi..and..do you really think if NSA or other organisation is prevented by Mozilla's security level to spy you..if he wants?
08:47Porkepixdecebalus: Well, yes? 3DES can be instantly broken with what they have. Strong security like AES with a long enough key or GPG would require a whole long year. Do you think they'll use it for things they don't think are worth it?
08:49PorkepixAs of the wifi. 1/ Your browser can't know what's your mean of connection 2/ What about wired connections with wireless part later in the network? 3/ What about tethering? 4/ Optic fiber often have mutualizing points at some points (GPON). so that a bunch of optic fibers can happen to be placed on the same one. And you can look over that
08:51PorkepixAnd letting people choose. I let you explain to people why they should as most of them are not aware of security threats and don't even pay attention to it (for example, among the people you know, who's really reading permissions of applications they do install on their phone?)
08:55decebalusPorkepix: again..technical names..Whatever, we have different opinions..and I think we can talk here untill tomorrow..about this subject..About spying..nobody (from organisations) want really to spy you if you are not an interested person for them
08:55fwiwI believe it's a good thing if this would lead to a better and secure internet, especially if this movement is a coordinated effort from multiple browser/party.
08:56Porkepixdecebalus: Well, events proved you wrong as mass surveillance is just a fact
08:56fwiwdecebalus: reporting to the site owner is probably a better approach here.
08:56decebalusif you really want security..use Tor..or something like that
08:56Porkepixdecebalus: Oh and I even forgot to mention countries with censorship, political prisonners no freedom of speech and so on.
08:57Porkepixfwiw: Reporting what?
08:57fwiwPorkepix: mibbit is broken
08:57Porkepixfwiw: And sadly I didn't found equivalent discussions for 3DES on other browsers. Only on protocols, no ciphersuites
08:57decebalusPorkepix: you are from US?
08:58Porkepixfwiw: Oh. Yeah. Years I didn't took a look there. Even when I need an emergency web solution for IRC, kiwiirc is so much better than mibbit
08:58Porkepixdecebalus: No.
08:59fwiwI'll try to report to mibbit
09:00decebalusPorkepix: anyway..in US and some western country..the censorship exists for a couple years..but people not realize that
09:01PorkepixYes, but it's a quite light one (for now) compared to other countries
09:05decebalusPorkepix: you think so..It is more dangerous because the people know that the massmedia is free from times..and has trust in what mass media say...That's very dangerous to have trust for lies. I am from a former comunist country..and here all peopleknew that massmedia was censored and nobody trust. There are 2 different situations.
09:07PorkepixWell, either way have strong encryption people can trust for communications is still very important
09:08decebalusOk..maybe you are right..I do not deny completely
09:08PorkepixPerfect and total security cannot be achieved, it's only a matter of time for every possible one to be broken. Then, better replace broken ones whenever possible to keep it secure
09:11decebaluswell I have to quit now, have a nice day!
09:11fwiwdecebalus: I've reported it to mibbit support channel.
09:12decebalusfwiw: thanks !
09:16fwiwnp
14:15telegram_bot<AngelFQC> New Ui in Nightly for Android
14:15telegram_bot<AngelFQC> ?
14:21telegram_bot<AngelFQC> (Photo, 720x1280) https://bot.michaelkohler.info/ZYH9q3yJ/file_98.jpg Screenshot (8 ago. 2017 9:21:21 a. m.)
14:34j605AngelFQC: https://twitter.com/FirefoxNightly/status/894927496570961921
14:36telegram_bot<marwendoukh> @AngelFQC, Yup !
14:36telegram_bot<marwendoukh> (Photo, 480x800) https://bot.michaelkohler.info/Fplv330A/file_99.jpg
14:37telegram_bot<AngelFQC> Great!
15:16telegram_bot<facyber> Is it possible to change it back?
15:29Porkepixstas: Have you added --no-remote to the command-line?
15:30stasPorkepix: I did not! Is that the reason?
15:31PorkepixYes
15:32stasOK, I updated my .desktop files, I&#39;ll see if that helps tomorrow, thanks!
15:53hwineokay - pocket icon moved to awesome bar, and that confused me. It&#39;s there - PEBKAC
18:03decebaluswhat the hell? IRCCloud =404 ??? http://imgur.com/a/mTep3
18:33j605you are being sensational
18:33j605irccloud is reachable but that url does not exist for obvious reasons
18:57decebalusj605: yes..you have right, is not the correct url
18:57decebalus*you are right
19:49PorkepixUh, what could result in all tabs disappearing on Android&#39;s nightly
19:49Porkepix+?
22:44gandalfis there a reason why in today&#39;s nightly the preferences tab has bright background despite me using dark theme in Gnome?
22:45gandalfyesterday the preferences had dark bg
23:01Caspy7In case anyone was looking for a desktop background https://framapic.org/LxWepgqyBWAD/ScsrwuEKBxCt.png
23:01Caspy7a Nightly desktop background
9 Aug 2017
No messages
   
Last message: 14 days and 22 hours ago