Mozilla To Drop Support For All NPAPI Plugins In Firefox 52 Except Flash

The Netscape Plugins API is "an ancient plugins infrastructure inherited from the old Netscape browser on which Mozilla built Firefox," according to Bleeping Computer. But now an anonymous reader writes: Starting March 7, when Mozilla is scheduled to release Firefox 52, all plugins built on the old NPAPI technology will stop working in Firefox, except for Flash, which Mozilla plans to support for a few more versions. This means technologies such as Java, Silverlight, and various audio and video codecs won't work on Firefox.

These plugins once helped the web move forward, but as time advanced, the Internet's standards groups developed standalone Web APIs and alternative technologies to support most of these features without the need of special plugins. The old NPAPI plugins will continue to work in the Firefox ESR (Extended Support Release) 52, but will eventually be deprecated in ESR 53. A series of hacks are available that will allow Firefox users to continue using old NPAPI plugins past Firefox 52, by switching the update channel from Firefox Stable to Firefox ESR.

Firefox 53 won't be an ESR

[NotInHere]

ESR releases are only all 7 releases. So the one after firefox 52 will be 59.

Context please

[ebonum]

I must be an idiot. I read TFA and I have no idea if AdBlock Plus, Ghostery, NoScript, etc. will continue to work.
What will break? What will continue to function normally?

Re:Context please

[Anonymous Coward]

I must be an idiot. I read TFA and I have no idea if AdBlock Plus, Ghostery, NoScript, etc. will continue to work.
What will break? What will continue to function normally?

There is no talk of removing support for extensions. This is only about plugins.

Re:Context please

[Anonymous Coward]

actually there is (more than) talk to remove extensions, well replace them with a new standard
coming in ff 57
it'll break a lot of nice extensions
http://www.ghacks.net/2017/01/28/firefox-add-on-quicksaver-quits/

Re:Context please

[Anonymous Coward]

And the day they follow through on it, is the day they for real die, despite all the propaganda floating around already about how "buggy" and "leaky" and "useless" it is. I've never had any such problems with Mozilla, but the day they kill ublock, noscript and other such necessary add-ons, and replace them with substandard, neutered google-crap, is the day not only I have absolutely no further use for them, it's the day they have actually lost the entire point of their existence.

Re:

[MrL0G1C]

100% agree, I use Firefox because of the extensions, killing extensions is killing Firefox.

Re:

[fyrewulff]

Nah. It'll be the day Firefox doesn't need to die with every upgrade because the old extension structure was more or less direct access to every little nook and cranny, which sounds like "full power" but really meant that the bigger the extension was, the more it was (for all intents) rewriting Firefox.

The newer style doesn't have breakage, has proper privilege separation, process separation, etc etc, and the browser itself won't break everything because of Dave's Way Cool Website Toolbar.

And you still have

Re:

[arglebargle_xiv]

There is no talk of removing support for extensions. This is only about plugins.

And they're specifically keeping the least secure plugin there is, while disabling all the others. Thanks, Mo://http:://a.

Re:

[Anonymous Coward]

Those are all addons not plugins. But fear not, Firefox is disabling a bunch of my favorite addons soon.

"This add-on will stop working..."

[Futurepower(R)]

Posting this again: The reason I like Firefox is the add-ons.

1. Classic Theme Restorer [mozilla.org]

   "This add-on will stop working when Firefox 57 arrives in November 2017."
   
   This add-on will stop working when Firefox 57 arrives in November 2017 and Mozilla drops support for XUL / XPCOM / legacy add-ons. It should still work on Firefox 52 ESR until ESR moves to Firefox 59 ESR in 2018 (~Q2).
   
   There is no "please port it" or "please add support for it" this time, because the entire add-on eco system changes and the technology behind this kind of add-on gets dropped without replacement.

2. Cookies Manager+ [mozilla.org]
3. Ghostery [mozilla.org] DON'T UPDATE. New versions don't allow sufficient user control.
   USE THIS: ghostery-5.4.10-sm+an+fx.xpi Link: Version 5.4.10 [mozilla.org]
4. Mozilla Archive Format [mozdev.org]
5. NoScript [mozilla.org]
6. Nuke Anything Enhanced [mozilla.org]
7. Open link in... [mozilla.org]
8. Print Edit [mozilla.org]
9. Session Manager [mozilla.org]
10. Snap Links Plus [mozilla.org] DON'T UPDATE. New versions don't have as many features.
    USE THIS: snap_links_plus-2.4.3-sm+fx.xpi Link: Version 2.4.3 [mozilla.org]
11. uBlock Origin [mozilla.org]
12. Video DownloadHelper [mozilla.org]

Re:

[Anonymous Coward]

when they kill the unique-to-firefox flexibility of addons, it WILL KILL FIREFOX itself. rip. it was a good run but your days are now numbered unless the morons-in-charge over there get their shit together.

Re:

[guises]

Ghostery [mozilla.org] DON'T UPDATE. New versions don't allow sufficient user control. USE THIS: ghostery-5.4.10-sm+an+fx.xpi Link: Version 5.4.10 [mozilla.org]

I'd suggest not using Ghostery at all, and going with Privacy Badger [mozilla.org] instead.

Thanks.

[Futurepower(R)]

Thanks for the suggestion. I'll try it.

Re:

[MrL0G1C]

I'd suggest not using Ghostery at all, and going with Privacy Badger instead.

Why's it better?

Re:

[guises]

Ghostery is produced by a for-profit company with some dubious motives. It's closed source, and it does collect information, but maybe that information isn't so bad? I don't know, I don't want to slander them unfairly and I do think that the information collection is optional. It also uses a block list to determine what to block which... while not terrible, is not the best approach I think. You just wind up playing wack-a-mole and something's always going to slip through.

Privacy Badger is produced by the

Re:

[MrL0G1C]

I did a bit of researching and am entirely unconvinced so far that privacy badger actually works, I think I'd only use it to bolster ad-block / ublock.

Re:

[guises]

Well... it kinda depends on what you're trying to do. Privacy Badger is about protecting your privacy, Adblock just blocks ads. There's some overlap there, but they're not the same thing. That said, I don't think that Privacy Badger is foolproof. It's not the only thing that I use. If you want a blocklist-based privacy filter though, I still wouldn't go with Ghostery. Try Disconnect.

Thanks!

[Futurepower(R)]

Disconnect looks good. It works with Pale Moon. Ghostery doesn't.

Re:

[trawg]

When Classic Theme Restorer stops working, I'm off to PaleMoon or something else. I've stuck with Firefox through thick and thin but I don't like the new interface, and losing access to it as well as a bunch of other plugins will be the last straw.

Amazingly bad management by tech. companies

[Futurepower(R)]

Pale Moon no longer supports Ghostery.

I forgot to mention: Tab Mix Plus [mozilla.org]

No only the Mozilla Foundation, but many technology organizations are poorly managed. Any theories about why that is so?

Re:

[drinkypoo]

Lots of pages which work in normal Firefox don't work in Pale Moon. Nobody tests for it, which makes it a total non-worker. I used it for a while, but had to give up due to compatibility issues.

Re:

[trawg]

Boo, really? I haven't tried it for years but I understood it to be a fairly standard derivative of mainline Firefox.

Re:

[drinkypoo]

Boo, really? I haven't tried it for years but I understood it to be a fairly standard derivative of mainline Firefox.

Some time ago they changed their rendering engine and that's when the trouble began. I was a fan at first but that ended my love affair with their browser and I went back to Firefox. Compatibility is job 1.

Thanks for the info.

[Futurepower(R)]

Thanks for saying that. Apparently you mean Firefox is moving to extensions and away from add-ons. I don't know the difference. I only know that there have been add-ons, exensions, and plugins, 3 names for what seems the same to users.

It's amazing how bad Mozilla Foundation is at communicating.

The Classic Theme Restorer [mozilla.org] author is saying we will be forced to use the new Firefox theme.

Re:

[caseih]

The chrome (in the mozilla sense of the word) add-on system is different from the NSAPI system. Add-on extensions are programmed in Javascript and can be seen by going to about:addons

Right now the only NSAPI plugins listed are the flash plugin, the Java plugin, and a plugin from Rhythmbox that is supposed to handle itunes urls or something. None of these things I use, and all of them are disabled in my browser using the QuickJava add-on. You can see your plugins by going to the url about:plugins

Re:

[fuzzyfuzzyfungus]

If Flash is being whitelisted; the main news will be Java applets(much rarer than they used to be; but a distant second to Flash in the embedded-blobs-of-stuff-that-can't be done in HTML, at least not when this site was built market); maybe Shockwave; if anyone still uses that; and then mostly shitware(at least at one point, Acrobat or Acrobat Reader would install something to grab PDF handling, some AV packages would inject their little contribution; Cisco has a hilariously vulnerable Webex support plugin

Re:

[Pentium100]

Java applets(much rarer than they used to be

It seems to me that a lot of servers use Java for remote management (IPMI, ILO, DRAC...), either for everything or just remote KVM. Some networks switches (D-Link for example) also use it, at least for the live monitoring on the web interface.

I rarely see Java used on the public internet though. Still, I guess I'll have to stop updating firefox so as not to break compatibility with the Java stuff that I have to use.

Java already whines enough, no need to add even more inconvenience.

Re:

[Anonymous Brave Guy]

Still, I guess I'll have to stop updating firefox so as not to break compatibility with the Java stuff that I have to use.

Sadly, I doubt you'll be alone.

I work with a lot of networked devices, which is a common environment where Java in a browser still matters. While there are now alternative technologies that can be used for much of what we used to use Java for, people should remember that they have only quite recently become stable and reliable enough for long-term professional use in an embedded context, and even today, there are plenty of bugs and performance problems with both canvas and SVG, so they're still not a perfec

Re:

[drinkypoo]

It's a horrible shame that access to all of this content, much of it developed over two decades but as relevant today as ever, is being lost just because the browser developers and Oracle couldn't get their acts together.

Uh no. It's because the academics jumped on a language encumbered by shitty licensing agreements. They had a choice, they could have made javascript pages, but instead they used Java. Anyone could see that Sun had too much control over the language, and later, that Oracle exerted even more. Well, anyone thinking. Academics often think only about what they want to think about, and nothing else seems important. Well, guess what? It is, since we live in the really real world.

Re:

[Anonymous Brave Guy]

They had a choice, they could have made javascript pages, but instead they used Java.

You could draw interactive diagrams, or animate them, in JavaScript in the year 2000? It was difficult enough doing these things in JavaScript ten years later! The reason the <applet> tag existed was that Java was the standard way to do things beyond what basic HTML could handle for a long time before.

As for too much control, I invite you to consider that the likes of Apple, Google and now Mozilla have been successfully killing off access to useful content that has existed for 10-20 years for their ow

Re:

[AmiMoJo]

No, add-ons as they are called will be fine for now. This API is only for binary plug-ins like Flash, Java and Adobe PDF Reader.

Binary plug-ins are much more vulnerable because they are native code and run in the browser process. Add-ons are Javascript and run in the Javascript sandbox, although in Firefox they can really screw with the browser's security model which is why Mozilla is wanting to move away from them eventually.

Re:

[Anonymous Coward]

Those addons you listed are all "extensions" - they will continue to work.

What's being disabled is NPAPI plugins, an older type of addon (from back in the Netscape days, before Firefox even existed - NPAPI stands for Netscape Plugin API). For the most part, the only plugins most people use are Flash (which being whitelisted) and the Java plugin (which you shouldn't be using anyway, because it's full of security problems). So no need to worry - this probably wont affect you at all.

Re:

[thegarbz]

I read TFA and I have no idea if AdBlock Plus, Ghostery, NoScript, etc. will continue to work.

An easy estimate at the damage would be: Does this plugin exist for Chrome? If yes, it will either continue to work or be ported across (I mean they have had a LOT of notice).

Re:

[r1348]

Plugins extensions

Mozilla...getting it wrong so you don't have to.

[Anonymous Coward]

"We have announced today that we will be dropping support for all plugins, except the one that's really the problem judging by the security advisories. You can expect your specialty software to stop working immediately, while the security-hazard that is Flash will continue to work for several, pointless version number bumps."

If it weren't for mistakes the Mozilla Foundation wouldn't be good at making any fucking thing.

Re:

[NotInHere]

Flash only has so many security vulnerabilities discovered and fixed because its so popular. The other add ons are similarly insecure, they just don't get used by the malware authors because there is too few users to target.

And the idea with flash is to move it to use PPAPI (project mortar) and then continue to work towards its deprecation.

Re:

[gravewax]

not quite, Adobe and Flash are in a class of their own, the sheer extent and severity of vulnerabilities far outstrips any other piece of software including those with much larger user bases.

Re:

[NotInHere]

I said discovered and fixed, not existing. I didn't dispute that Silverlight had less security vulnerabilities discovered and fixed.

Re:

[fuzzyfuzzyfungus]

I certainly don't disagree that Flash should be taken out and shot on security grounds; but it is pretty much the last NPAPI plugin that you are likely to piss users off by dropping support for. iOS got away with it; but Safari continues to support it(though grudgingly); Chrome killed NPAPI; but the 'Pepper' plugin interface appears to exist primarily to support Flash; Edge also whitelists Flash; and Flash on Android died mostly because Adobe couldn't make it work very well; not because Google shoved them o

Re:

[AmiMoJo]

No, this is good news. Flash isn't the only bad plug-in out there, and by only supporting just that one they can more heavily sandbox it like Chrome does. Flash vulnerabilities typically are mitigated in Chrome anyway, only being of much danger to Firefox and IE users.

Adobe Reader, Java and numerous anti-virus plug-ins are all just security nightmare crap that are long overdue for deprecation. Unfortunately a lot of people still like Flash but at least once (now?) most sites have moved to HTML5 for video it

Re:

[Anonymous Brave Guy]

Also, as browsers start to emulate the extra functionality that used to be provided by plugins, it is logical to assume based on past performance that they will probably start to suffer from related security issues as well.

But let's not let facts get in the way of bashing web technologies more than a year or two old and promoting replacement technologies that aren't necessarily as capable as the old ones, because that would totally spoil all the fun.

Re:

[Luckyo]

But it has killed jetpack add-on support recently, well ahead of Firefox which will only do it later this year for main channel and Q2 2018 for ESR. A good chunk of critical add-ons simply no longer work on it.

Essentially it's gone down the path of Mozilla, but decided to do it before Mozilla at some points.

Fuck you, Mozilla.

[Anonymous Coward]

Blocking NPAPI, *execpt* the worst of them all, security ala mozilla, like we know it for years. Running out of ways to piss off every single admin on the planet, are we...?

Re:Fuck you, Mozilla.

[TheRaven64]

I don't know - between Java and Flash, it's hard to tell which has the worse security record. Though these days about the only Java applets on the web are malware, so at least you get a lower false positive rate by blocking them all.

Re:

[ArhcAngel]

these days about the only Java applets on the web are malware

You mean like Intercontinental Exchange's [theice.com] WebICE? [theice.com] A multi-billion dollar commodities trading platform.

Re:

[AmiMoJo]

Can't you just run the applet outside the browser, using the desktop JRE? Running Java in the browser via a plug-in seems like a silly way of doing it, and limits the app's UI quite severely.

Re:

[NotInHere]

That is in fact their plan. First remove all NPAPI plugins except flash, then move flash over to use PPAPI, then remove NPAPI support entirely.

Re:

[Tough Love]

many enterprise management applications require java in the browser

They should have started converting those to Javascript long ago, it's not like they didn't know this was coming years ago. As a bonus, you get to not write Java, and not deliver a less than satisfactory end user experience with all the waiting around for mammoth Java applications to load and slowly jit themselves, and the generally crappy Java UI design because developing in Java is so cumbersome that you are pretty must stuck with the first piece of alpha crap that comes down the pipe.

Re:

[Anonymous Brave Guy]

They should have started converting those to Javascript long ago, it's not like they didn't know this was coming years ago.

That's... not how any of this works.

For one thing, JS has only recently become a viable alternative for a lot of what used to be done with plugins. In many cases it's still relatively slow and/or buggy as hell.

For another thing, it costs time and money to produce software, and big rewrites are notoriously expensive. Expecting people to just dump working software because it's inconvenient to continue supporting its platform is unrealistic.

As for criticism of Java's speed, it takes longer to display Facebook

Flash

[dschiptsov]

Which is the absolute champion in vulnerabilities exploited by hackers, tracking, malware and every possible kind of crap, including banners, which is the only reason it is still exist and pushed by the browser vendors.

Which ones are NPAPI

[freeze128]

How do I tell which plugins are NPAPI? It really doesn't say under the plugins tab.

Re:

[account_deleted]

Comment removed based on user account deletion

A Year of My Life Lost on NPAPI

[glennrrr]

5 years ago, part of my job was keeping an NPAPI plugin running on the Mac. Apple had transitioned their support to a new graphics and event model and it was a lot of work refactoring our plugin. And of course, that ended up being wasted time we should have spent transitioning to writing a Javascript version of our app.

But my business bank deposit Java app...

[__aaclcg7560]

When Google Chrome pulled support for plugins on the PC, I had to use Mozilla Firefox for a Java app that my business bank uses for check deposits at home. Looks like that is going away. It'll be interesting to see if the business bank will move away from Java or keep it. I'll have to download the app on my iPhone.

Re:

[wvmarle]

With Firefox and Chrome having over 2/3 of the browser market between them, your bank will have not much of a choice. Sooner or later nothing supports Java anymore and their plugin is simply obsolete.

Re:

[myowntrueself]

With Firefox and Chrome having over 2/3 of the browser market between them, your bank will have not much of a choice. Sooner or later nothing supports Java anymore and their plugin is simply obsolete.

There is still a lot of hardware out there and embedded systems that depend on Java for management eg KVM consoles. I know people who keep an XP virtual machine around just so they can manage certain pieces of hardware.

Re:

[__aaclcg7560]

With Firefox and Chrome having over 2/3 of the browser market between them, your bank will have not much of a choice.

Banks can be pretty stubborn. I did a Token Ring to Ethernet conversion project at a bank branch office in 2005. I was shocked to see Token Ring in the field. My previous experience with Token Ring was taking apart a NIC card to find an 80186 processor in 1995 and reading about them in certification exams prior to 2005. The five-year-old branch office had coaxial cables installed beside the already installed Ethernet cables. The bank was perfectly fine with 16Mbps for decades. The killer app for the convers

Re:

[ericlondaits]

The argentine tax collecting agency still has critical parts of their web site (particularly the one where small business and independent professionals declare their gross income) that only work under IE6 due to use of MS-only javascript API. The "funny" thing is that with newer versions of IE you have to use the site in "compatibility mode" which with the latest versions has to be activated through the developer tools panel. The tax collection agency gives instructions on how to do this instead of fixing t

Mozilla business plan

[alexhs]

1.1 Drop feature
1.2 Drop feature
...
1.(n-1) Drop feature
1.n Drop product altogether
2. ???
3. Profit!

Re:

[QuietLagoon]

You forgot: 1.0 Add unwanted bloat

Re:

[wvmarle]

MS has always been noted for its ability of turning bugs into features.

It seems the Mozilla foundation has now found a way of turning features into bugs.

Not sure which version I prefer.

That's why Firefox will forever suck

[Doloresanto]

Flash Player is the one to ditch first. Everyone is doing it, but not the ever slow (and not so free) Firefox.

No real benefits (only perceived ones)

[Unknown User]

There really is no benefit in replacing native plugins with a strictly inferior technology - Javascript instead of the language of your choice and then removing the former. This is just another closing down of an ecosystem for the sake of nonexistent "security" under the obviously dubious presumptions that the developers of the base technology are more competent about security than plugin developers and that users need to be constantly patronized. Instead, they should open a native plugin technology to as many languages as possible and let people decide what language to use and which developer to trust.

But you can see this trend everywhere. Less power to users and third-party developers and more control to the people who run the "platform".

Use Emscripten

[tepples]

You can use any programming language you want, so long as you have access to a compiler to compile it into JavaScript. Treat JavaScript as an object code format, not the source code. That's what asm.js was supposed to be about: a subset of JavaScript that the JIT engine can convert trivially for which things like Emscripten can generate code.

Re:

[tgv]

Exactly. And Javascript may be a language with some really dumb features, you can write decent programs in it (TypeScript!) and it's safe, much safer than any plugin written in C could ever be.

Re:

[Tough Love]

Lucky for you WebAssembly is on the way. Compile whatever language you want to WebAssembly and run it in your browser.

The best you can say about that is, it works. It's ugly beyond belief, and "near native speed" would be true only for some very liberal definition of "near".

To much IT hardware needs java for management

[Joe_Dragon]

To much IT hardware needs java for management. LIke switch admin, IPMI's, others.

Re:

[NotInHere]

And they should have moved to javascript a long time ago, requiring people to install modern browsers instead of continuing to use internet explorer 6 and microsoft XP without any service packs.

Still, you can just back up Firefox 51 and put it to a live linux cd of some sort, then making it access the hardware you need via a VM.

Re:To much IT hardware needs java for management

[myowntrueself]

And they should have moved to javascript a long time ago, requiring people to install modern browsers instead of continuing to use internet explorer 6 and microsoft XP without any service packs.

Still, you can just back up Firefox 51 and put it to a live linux cd of some sort, then making it access the hardware you need via a VM.

Yeah the vendors should have released firmware patches or hardware modules to deal with the changes to browsers. Never going to happen. People with very sensitive jobs are going to keep using crappy unsecurable browsers because they no longer have any choice.

Re:

[NotInHere]

The plugins were totally unsecurable already. Just use that browser for accessing those devices only, without internet access.

Re:To much IT hardware needs java for management

[myowntrueself]

The plugins were totally unsecurable already. Just use that browser for accessing those devices only, without internet access.

'Without internet access' isn't going to work when you are accessing KVM consoles on servers on the other side of the world which are at a hosting company where you don't have the option of a VPN. There are many thousands such sites perhaps millions. I deal with about a hundred personally.

Out in the real world people do need java, and often flash as well, in a browser, to be able to do their jobs. You can't just say "Well I'm not going to do my job if you don't upgrade the systems so I don't need java" because they'll just fire you and hire someone who will. Obviously.

Re:

[NotInHere]

Then whitelist the IPs of the devices you maintain. Just make sure you don't use the older browser version as your main browser.

Flashblock

[tepples]

Recent Java versions prompted users to enable an applet before it was run, flash still doesn't.

Yes it does, at least for the past several years. There used to be a Firefox extension called Flashblock that prompted users to activate each SWF object on a site that the user hasn't added to the extension's whitelist. Nowadays, Firefox itself includes click-to-play for Flash Player. But no matter how activated, SWF click to play behavior used to be an effective plausibly deniable ad blocker until the iPad took off and ad networks got the "mobile first" hint.

Re:

[thegarbz]

And they should have moved to javascript a long time ago, requiring people to install modern browsers instead of continuing to use internet explorer 6 and microsoft XP without any service packs.

Move? I didn't realise we upgraded equipment worth multiple hundreds of thousands of dollars based on market trends in browsers.

Re:

[NotInHere]

Well the switch manufacturers. Obviously, if your switch is already an older model and the manufacturer made js available only in the new iterations of it, then its excusable, but then you still are required to use older software. I mean, some software only runs on Windows XP, right? So you still continue to use Windows XP to operate that software. Same here. Plugins are an outdated concept and insecure, you shouldn't expect to be able to run them on the newest browser versions.

You don't even need a vm, jus

Re:

[Skuld-Chan]

Get used to Internet Explorer ;).

Retrograde step

[Archtech]

As a general principle, anything that tends to disable large amounts of good working software is a bad idea. Even if a particular mechanism must be retired, surely it isn't beyond Mozilla's ingenuity to find some way of letting existing plugins go on working somehow. A shim layer of some kind?

Re:

[Anonymous Brave Guy]

Mozilla aren't the last hold-outs on NPAPI. Plenty of business users still run IE, and will continue to do so for a long time because of measures like this. All it's doing is turning IE11 into the new IE6.

Firefox is getting worse

[melting_clock]

I've been using Firefox since the early versions and it is only in the last couple of years that it has given me any problems. The most frustrating is strange crashes on mainstream websites, on multiple platforms. By far the worst Firefox version is on Android which really pisses me off. I like checking in on several websites on my Android tablet of a morning and Firefox crashes more than once a day and I am really sick of that stupid sorry message...

I also use Firefox on Linux and Windows - both have pr

Re:

[smartr]

I felt like a holdout last year, and then gave up on it this past fall and fully switched to Chrome as my primary browser for both development and general use. Too many glitches in Firefox these days. Hopefully they can roll out something fresh that works, Mozilla really has made the web better over the years.

Except Flash?

[mi]

How do you enforce such an exception? By filename? By some kind of digital key?

And why pick Flash? I don't use it (there is no FreeBSD-variant), but I do use the Java-plugin to control an old (but still nicely functional) network switch. Did Adobe pay the Mozilla Foundation to retain the exception — while Oracle refused to pay for Java?

Anyway, hopefully, it will remain possible to disable the "feature" at compile-time...

Re:

[tepples]

Your problem isn't that the network switch is administered through a Java applet. Ideally, you could edit the source code to use JNLP (Java Web Start) instead of an applet. Your problem is that the switch's administration firmware is proprietary software.

Re:

[mi]

Your problem is that the switch's administration firmware is proprietary software.

You are right, that is the problem! But currently I have a solution for it. A solution, which Mozilla is about to take away...

Re:

[tepples]

The solution I intended to imply was to insist on buying switches that come with at least enough API information to make your own client instead of using the included applet.

Re:

[mi]

Software is much easier to change than hardware, is not it? Or should be?..

Anyway, the problem I intended to underline is the dubious choice of the plugin to survive — why Flash? What process was used to pick Flash, and how will the choice be enforced — the questions, that remain unanswered.

Re:

[NotInHere]

I think the reason for why they've picked flash to survive is that its by far the most popular plugin both in install base and in use in websites.

https://w3techs.com/technologi... [w3techs.com]

Flash is said to have 7.2% of use, while Java has less than 0.1%.

Of course, it can be different for the sets of websites you visit.

Flash install base is about 76%: https://metrics.mozilla.com/fi... [mozilla.com]

Re:

[tepples]

Software is much easier to change than hardware, is not it?

Which is why people who care about their freedom ought to consider hardware carefully before buying it.

Left the worst one?

[duke_cheetah2003]

Left flash enabled? Gah, that's like the worse plugin of all. Should disable it and leave everything else alone.

ILO/IDRAC gen7/8 = e-waste

[npoqwiegrgw]

Will ilo/idrac for gen7/8 servers be possible to remote control with any browser now? I don't think so, chrome already dropped support and Dell/HP doesn't update their ilo/idrac firmware anymore. It's essentially impossible to reinstall such servers now, because won't use IE6 and my HP machines cannot boot on "big" usb sticks that are required for any modern OS (win2012r2).

Re:

[tepples]

Dell/HP doesn't update their ilo/idrac firmware anymore

Which is a problem only because said management firmware is proprietary software.

my HP machines cannot boot on "big" usb sticks that are required for any modern OS (win2012r2).

Can you use a "small" USB stick to install a free operating system, such as Debian netinst, instead of Windows Server 2012 R2?

rtjrtj

[npoqwiegrgw]

ghkdyjryjrsyjsrj

If you want NPAPI, there is Pale Moon

[SEE]

Pale Moon [palemoon.org] is a long-established fork of Firefox that, among other things, is maintaining NPAPI support.

Re:

[Luckyo]

But it has killed jetpack add-on support recently, well ahead of Firefox which will only do it later this year for main channel and Q2 2018 for ESR. A good chunk of critical add-ons simply no longer work on it.

I.e. it's gone down the path of Mozilla, but decided to do it before Mozilla at some points.

Re:

[Anonymous Coward]

FYI, actually people are trying to port back jetpack add-ons to Pale Moon as they were removed for changes in the compiler code as they needed to drop Windows XP support for stablity.

Remember Pale Moon != Firefox, they were like that in 20 version.

Re:If you want NPAPI, there is Pale Moon

[Luckyo]

I imagine people would. This change basically crippled Pale Moon to the point of uselessness to people like myself who migrated to it in search of alternative to Firefox when Firefox went nuts with UI experiments and other weird BS.

That said, to me that also demonstrated full willingness on part of PM devs to remove add-on compatibility for [reasons]. Browser is a platform for add-ons, and many of them are crucial for me. That patch basically broke several add-ons that are absolute deal breakers for me. And considering the state of forums when I came to ask for support in possibly making these add-ons work, as I did after the previous patch that also broke many add-ons (but I was able to find replacements for all crucial ones then), it demonstrated to me that developers simply did not understand the same thing that Firefox developers miss. We don't come to them for the browser. We come to them for the browser that is also the add-on platform for our favourite add-ons that make everyday browsing far more comfortable, or meet specific work flow demands. As a result, removing support for some add-ons is simply unacceptable, especially when you consider that many of the more esoteric add-ons that people like are often not updated, ever. They just work. Until browser devs decide that they will break them.

Re:

[Luckyo]

In other news, nothing new on Eastern Front.

News for nerds, huh?

[allo]

"A series of hacks"
Nope, these aren't hacks, they are simple settings.

And there is a much easier way. Download the f*cking ESR-Release, unzip it and use it instead of the normal release. This even works coming from a newer version (nobody will guarantee you a smooth downgrade, but normally it works without major problems).

And on the other hand, the ESR will only delay the change. ESR is similiar to stopping upgrading firefox, but guarantees you security patches until the next ESR superseedes the current one

End of Plugins = Techno racism

[neutrino38]

This move from Mozilla foundation is consistent with what we have seen happening with Chrome, Edge. It has been initiated long by Apple which decided to drop flash support on their mobile device.

The motivation of these move are well known: less battery usage, more security. For general public it is justified.

However there are a whole range of corporate application that relied and still rely on plug-ins. Not just flash. So deep down, by not providing at least a supported version of browser with plugin, the industry is building a monolithic platform ...again. Single language, single platform. Its about control not user choice.

The argument that HTML5 is now mature enough does not fly very far. Mature enough for common web app sure. But it you start using advanced feature such as WebRTC, you'll start seeing glitches and incompatibilities that pushes some service to advertize "please use Chrome" ...

The fact is that now people in general (users, developers and software editors) are techno racists. They want security and despite technology that is not 'like them'. So the prefer to slam the door and drop the plugins and by decree ban any foreign technology from our beloved HTML / JS free platform.

This is unfortunately consistent with the behavior of the political world of today ...

Re:

[TroII]

If my bank was reliant on Java applets, I'd be switching banks, not browsers!

Re:

[MadMaverick9]

Lynx [invisible-island.net]