[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] IceCat 38.3.0 release

From: Ivan Zaigralin
Subject: Re: [Bug-gnuzilla] IceCat 38.3.0 release
Date: Thu, 15 Oct 2015 11:19:07 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

Actually, I've been studying the situation with the adblocking, and I
want to roll back my comments about blocklists. It seems much more of a
gray area than I imagined, with SOME categories of content being clearly
pointless and/or malicious, so I'd like to rescind my opposition to
bundling blocklists, as long as it's done in moderation :)

On 10/15/2015 05:42 AM, Dimitris Arvanitis wrote:
> Dear Ivan,
> thank you for your detailed analysis, in which you obviously put much
> effort. If hope it will be awarded by a clear statement by the
> maintainer where he sees the future of IceCat.
> Best regards,
> Dimitris
> Am Mittwoch, den 14.10.2015, 16:43 -0700 schrieb Ivan Zaigralin:
>> First of all, thanks for fixing the spyblock bug where custom filters
>> would not work. I've got zero feedback when I reported it, so it was a
>> pleasant surprise.
>> Get ready for another angry rant. Once again, I yell because I care,
>> because I believe users must have an alternative software source to
>> Mozilla, which is now not to be trusted, and icecat is pretty close to
>> an optimal answer. I am a long-standing user and also a maintainer of
>> the SlackBuild, which is a source-based distribution way in Slackware
>> derivatives, so please take my frustrated yells as signs of <3
>> OK.
>> There is a reason, I think, why users like maestro curse at this project
>> and its maintainers every now and then, and here's what I think is the
>> problem. Please note I am not at all endorsing or excusing the that kind
>> of trolling, but I really wish that devs would stop for a second and
>> look at the likely causes of the obvious user frustration.
>> In my humble opinion, the priorities need an adjustment. One of the
>> HIGHEST priorities for web browser users is staying on top of the
>> security patches, so every time the concern for the "new features"
>> results in skipped releases, the users are gnashing their teeth and
>> thinking about jumping ship and just customizing the heck out of the
>> stock Firefox. The official goal #1 is to produce a FREE browser, but
>> this goal is in jeopardy whenever the browser falls behind, since it
>> almost ENSURES that MANY users will be running non-free software such as
>> viruses and trojans, and that WITHOUT even knowing.
>> On the technical side, I want to bring up once more what I see as a very
>> mistaken move, which is the inclusion of addons. I hope to convince if
>> not the devs than at least other package maintainers like me, who
>> prepare icecat for distribution within a paricular OS. Starting with
>> this release, I am cutting all the addons, and I strongly urge all the
>> involved parties (including devs) here to do the same. I am doing this
>> precisely to improve the user experience and to make icecat and its
>> signature addons more popular, and here are some reasons why including
>> addons is a REALLY BAD idea.
>> (1) Since gnuzilla does not test addons and occasionally gives silent
>> treatment to bug reports in addons, including the ones produced
>> in-house, it should not distribute them. A common pattern seems to be
>> when users install icecat, they immediately run into an addon bug, and
>> give up. Here's my experience with a 38.3.0 and a VIRGIN profile:
>> duckduckgo does not work, asks to turn on javascript. I check settings,
>> javascript is on. This is already a show-stopping bug. I check LibreJS
>> (and how would a NEW user know that?), enable all that page, it reloads
>> and... still DOES NOT WORK, it's blank. I check librejs again,
>> everything is enabled. I try google maps, and the outcome is exactly the
>> same. Yes, maestro is a troll, but I think his emotional state is a
>> perfectly predictable consequence of the browser JUST NOT WORKING.
>> (2) Addons were intended to receive security updates independently from
>> the browser or the OS, but when we package icecat into GNU/Linux
>> distributions, the pre-added addons end up in the distro channel, so
>> they update only when users get around updating the OS. This is
>> suboptimal. The only addons which belong in the OS channel are the
>> OS-related addons, such as "Ubuntu Integration" or whatnot. Everything
>> else must go. Then there are users who get icecat directly from
>> gnuzilla, and they get addon updates only when they get around updating
>> the browser, which is slightly less bad. But the lazy release schedule,
>> which seems to be the norm, confounds this problem a lot.
>> (3) Why does gnuzilla think they know best about which addons user
>> should run? What if I want to run a different fork of adblock, not the
>> spyblock? Not many users know these forks are INCOMPATIBLE, so
>> installing a different blocker will break things. In effect, gnuzilla is
>> forcing its users to maintain gnuzilla's faulty package, as if users
>> didn't waste enough time maintaining addons they themselves installed.
>> (3.1) Forgive me for being blunt, but whose bright idea was it to
>> distribute blocklists along with spyblock? Do you realize you are
>> censoring the web without asking for explicit consent? Notice that good
>> adblockers (the addons themselves) do not do that, because USERS are the
>> only ones in the position to decide what is an unwanted ad. They offer a
>> choice of blocklists upon install, and taking this step out is meddling
>> edging on censorship.
>> (3.2) LibreJS in particular is basically nagware. Ostensibly, it should
>> help users to nag at web designers, but all it actually accomplishes is
>> nagging the users. As I explained before, it is 0% effective, since it
>> cannot possibly check whether javascript code is free. The only good way
>> to check that is to (a) authenticate the script source (b) check it
>> against the list of authorized free software sources. What makes THAT
>> script likely to be free is the tendency of users to put their trust in
>> ethical software sources such as FSF, Trisquel, FreeSlakc, etc. The
>> presence of a license boilerplate has not a JACK to do with ANYTHING,
>> and I frankly cannot believe this useless addon is still being bundled.
>> So here is a specific proposal:
>> (i) All currently bundled addons should go into the common directory,
>> none should be installed by default. Until this is done, the browser
>> will be bloated and unstable, and curses will fly thick. This will also
>> free the devs' hands to work on the long-neglected goal of making new
>> releases prompt and secure.
>> (ii) Even in the addon directory, no adblocker should be bundled with
>> blocklists.
>> (iii) The free addon directory which shows up at about:addons should
>> contain a simple "get started" list saying which addons are essential
>> for user freedom and why, and (IMHO) this list should omit LibreJS until
>> it's shown to do something useful.
>> On 10/12/2015 09:05 PM, Rubén Rodríguez wrote:
>>> GNUzilla is the GNU version of the Mozilla suite, and GNU IceCat is the
>>> GNU version of the Firefox browser. Its main advantage is an ethical
>>> one: it is entirely free software. While the Firefox source code from
>>> the Mozilla project is free software, they distribute and recommend
>>> non-free software as plug-ins and addons. Also their trademark license
>>> restricts distribution in several ways incompatible with freedom 0.
>>> https://www.gnu.org/software/gnuzilla/
>>> The user manual pages are at http://libreplanet.org/wiki/Group:IceCat/
>>> You can contribute by joining the wiki and editing the manuals.
>>> Source tarballs, binaries for generic GNU/Linux systems and translations
>>> are available at http://ftp.gnu.org/gnu/gnuzilla/38.3.0/
>>> GPG key ID:D7E04784 GNU IceCat releases
>>> Fingerprint: A573 69A8 BABC 2542 B5A0  368C 3C76 EED7 D7E0 4784
>>> https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gnuzilla
>>> This is a major release upgrade following the Extended Support Release
>>> upstream cycle, moving from v31.x-ESR to v38.x-ESR. All the features in
>>> previous releases have been preserved, along with extra polish and
>>> improvements in privacy.
>>> == Changes since v31.8.0-gnu2 ==
>>>  * Rebased to v38.x
>>>  * Updated to v38.3.0ESR
>>>  * LibreJS updated to
>>>  * HTTPS-Everywhere updated to 5.1.1
>>>  * HTML5 Video Everywhere updated to 0.3.3
>>>  * Added more privacy settings and crypto hardening
>>>   - Disabled battery handling in dom
>>>   - Disabled sensor handling in dom
>>>   - Disable face detection and autofocus controls
>>>   - Disabled DNS prefetch
>>>   - Disabled ssl/tls protocols that are useless or too weak
>>> --
>>> http://gnuzilla.gnu.org
>> --
>> http://gnuzilla.gnu.org
> --
> http://gnuzilla.gnu.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]