> On Sun, Sep 30, 2018 at 06:53:06PM -0700, Keith Lofstrom wrote: > > Sometime in the last two days, automatic updates on my > > older 32 bit laptops "upgraded" to Firefox Quantum > > 60.2.1.esr, and my saved logins stopped working. I have > > backups, and I can restore a previous version of Firefox > > and my old .mozilla configuration files, then turn off > > updates, but perhaps there is a way to make this > > "upgrade" work. > > I'm running an old 32 bit distro on the laptops, which > will get upgraded to a recent 64 bit distro Real Soon Now. > Then I will upgrade myself to Chromium as John suggested.
On Mon, Oct 01, 2018 at 10:14:42PM -0700, Russell Senior wrote: > Did you report the bug? Not yet - I need to ponder my use-case a bit, and think about how it differs from their (minimal) likely testing. My WAG is that this happened because we had browser windows open when updates are scheduled, and their user-neglecting code treats unlocked login/password files as "unencrypted". However, the fact that they would even conceive of deleting /any/ user-generated file without warning or permission suggests that their design goals are sociopathic and arrogant. I'll send them a bug report when I develop an easy-to-reproduce use case, but I expect it to be rejected. It won't be the first time they've done that to my reports. I hope the Chromium development team is more humane. If there is less code, there are fewer insecure interactions. Code evaluated by two different groups (Google developers and outsider repackagers) may be better tested. Many eyes make all bugs shallow; two sets of eyes makes bugs ever so slightly less deep. ----- As an aside, my original reason for becoming involved with "open-source" (long before Chris Peterson named it) was that even a non-programmer like me could understand it and find bugs. I found the Y2K error in BSD, and my suggested improvement was coded by Real Programmer(tm). When most of us become mere "code consumers", we eat whatever the "cooks in the fast food code kitchen" churn out. Some is great, some is absolutely awful, but the quantity of code is huge, and the combinatorial number of possible interactions is literally astronomical, more than the baryon count for the universe. That makes secure, high-reliability software impossible, even with "perfect" programmers and methods. Web browsers are vulnerable to their innate flaws, but also to the flaws and exploits in every scrap of active web content on the internet. Perhaps we need a two-stage process; our personal computers use plain-vanilla html browsers and external proxies that process all the varied crap out there into maximally simple html, with very few local extensions. That simplifies code on our machines, though admittedly it helps big brother snoop the external proxies. I'd rather not have video codecs on the same machine accessing the same memory as my password files. ---- I wonder how many of you read down this far? In the twitter age, most can't read a page of plain English, much less software code. Keith -- Keith Lofstrom [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
