frustbox

I don't mean some obscure about:config setting. I want it to show me some indication (doesn't have to be a popup, those have their own set of issues) that tells me "Firefox blocked x extension on this site [enable it]" - like they do for popup windows that have been blocked.

They have a knowledgebase article explaining why …

… that doesn't explain why. Yes it explains the technical mechanism by which extensions can be blocked, but no explanation why this feature is even there. There's just a sentence about "various reasons, including security considerations."

I think it would help if they explained some of those "various reasons", maybe with an example. Then I might even agree that those are situations where that might improve the user experience. Or the security.

But I would absolutely demand a transparent process for how, why and by who these decisions get made. And possibly a way to enable the extension regardless - you open a page, an extension is blocked, you get a notification explaining why and giving you an override option.

Part of me wants to believe that this is just very poorly communicated. Mozilla has been doing this for a while, for example extensions don't work on addons.mozilla.org or any of the about: pages. And that seems reasonable to me. But I also don't like the thought of mozilla policing what a user is or isn't allowed to do.

That depends on the password manager.

There are password managers that work on your computer and the data never leaves your hardware. KeepassXC for example. The database is just a file on your computer - you are in charge of backing it up, synchronizing it to your other devices (i.e. phone) etc. The database file is fully encrypted so you could share it with a cloud provider like google drive or dropbox, or you could use syncthing which synchronizes files between your devices without cloud storage. If you use cloud storage there's a small risk that the encrypted file gets into the wrong hands (but it is encrypted so it's most likely worthless to any would be hacker).

Some other password managers offer a web service where you can log into a website to see your passwords, and they have mobile apps and browser extensions. These do store your passwords in their cloud - the risk that those get breached is considerably higher. But even there it depends on the implementation details. Bitwarden for example kind of does something similar to keepass, where your "vault" is encrypted locally and then stored on their servers. Even if they get breached, the data would be useless. Lastpass had a breach recently and it turned out that they didn't encrypt everything - so someone with access to the data could determine some details such as which sites a user had accounts on. And apparently some vaults used a weaker encryption so those might be decrypted eventually.

And a lot of password managers are closed source so there's no telling what they may do, just "trust me bro".

If I had to give a recommendation it would be bitwarden - it's open source, it's free although there is a paid plan if you need it and want to support them. It's really easy to use. If you have extreme paranoia (no judgement) then keepassxc - it's also open source and free, it's just a little more effort to set it all up so it doesn't get my first choice.

Several points

They generate strong passwords - completely random with no scheme or method to guess. They are long and use many different characters. These won't be easy to memorize, but that's the point of a password manager, isn't it? Much stronger than "google-monkey123", "lemmy-monkey123" etc.

They generate unique passwords - different passwords for every login. When, inevitably, one website had their database breached and it turns out that they stored the passwords too (you never store the passwords, only a "hash", a scrambled version of it), that password of yours can't be used on other websites. Or any scheme be detected "hey that guy just appends 'monkey123' to the name of the site!" That password was truly unique and is not a danger to your other online accounts.

They protect you from phishing - consider this scenario: you get a message with a link, you click on it and the site asks you to log in, so you type in your login and password, but that was a phishing site, it looked like the real website, but really it wasn't. And now the attacker knows your username and password. A password manager that automatically fills your login details will only do so if the domain name is exactly correct, on a phishing site it will not auto-fill, giving you a moment to stop and think.

Probably also advertisement revenue. Why would people go on twitter if they can't see anything? Why would advertisers pay money to show ads to no-one?

I think Elon got quite a talking to.

Sure did. Kinda?

Moved the panel to the top, added a dock (rip latte, it's now just a panel) and set a hot corner for the overview effect. I like it to move windows between desktops.

Everything else is default though. Maybe I changed the application launcher widget, I don't remember.

A few things come to mind:

The "Mr. Robot" promotion was pretty bad - they force installed an extension without user interaction. This is IMHO still the worst thing they've done.

Their finances could be seen as a little sketchy, at times, like executive pay vs. layoffs at the start of COVID. The fact that they're hanging off the teat of Google (or maybe Microsoft, which ever search engine has the higher bid at the moment) could also be seen as a conflict of interest.

Some might criticise Mozilla for a lack of focus. While Firefox was getting stale they invested in Pocket, and VPNs and stuff.

It's a thing of the past, but there was this whole thing about Brendan Eich …

Honestly most of these things seem pretty par for the course under capitalism.

I've come around to liking Flatpak.

• I don't have to deal with dependency hell I sometimes get with third party packages (AUR/PPA)
• I don't have to worry about make dependencies
• I don't have to deal with clutter in my home directory, they are mostly encapsulated in ~/.var and easy to clean, discover even asks me. Especially if I try the app for 10 minutes and device it wasn't for me. Espexially for apps that don't follow XDG base directory specifications (which is too many, but that's another post)
• I get some (imperfect) sandboxing and control over what an app can access, especially with proprietary things like Discord …

Anything I need to get into a desktop environment should come from the distribution's repositories and package manager. For user applications, Flatpak is great.

I like to change the metaphor. We're not visiting websites. We are inviting them into our homes.

But when we open the door, our friend brings a group of rowdy drunks with him, they're rummaging through closets (privacy invasion), they drink the beer (draining batteries and using internet data volume) and maybe they damage things (malware) - so I have a bouncer. If you're not invited, you're not getting in.

As for creatives, I'll happily tip them, i have no issues with sponsored content (as long as it is declared) - they probably get more from that then the ad-impressions.

Yeah, if they had not used an off the shelf part, then people would make fun of the janky controls with "levers and pulleys." The thing is a simple control scheme that's well understood and easy to learn. It gives inputs to an onboard computer which interprets pilot intent and steers the vessel (how ever questionable the vessel's construction might be).

Game controllers are used for all kinds of robots and vessels (often remote controlled) - so the fact they chose a controller does not weird me out at all.

Do I think they could have gotten a better quality controller? Yea, sure. Do I think maybe a wired controller would have been better? My gut says yes, but I don't know their decision making process and the engineering challenges with running cables.