Another user said this, but I'm going to echo it -- Firefox opened up the LLM chat sidebar one time. I closed it. It's stayed closed. It hasn't asked me to open it again. I don't understand the hatred for something you can just _not use_. People will use it if they want to. Firefox also has a very tiny market share in comparison to other browsers.
It does not show up in the UI once disabled, does not re-enable again and does not pester the user into enabling it again as proprietary software often does.
I can understand criticism on the development time that may have been better spent, but less criticism against the existence of something that is fairly easily disabled and not user-hostile in intent.
I disabled the AI stuff immediately on my side (through the regular UI, not about:config settings) and never saw anything AI-related in Firefox afterwards.
It's worrying seeing Firefox getting so much more criticism than all the more user-hostile browsers that end up benefiting from such somewhat unwarranted criticism against the most popular non-hostile browser.
> I need things I don’t want to use to not appear in the UI.
Couldn't have said it better myself. Similarly, current youtube is unusable without element blocking and custom CSS editing. Unfortunately there doesn't seem to be a way to remove UI elements from Firefox, no?
I can't speak for everyone but the fact that it appears suddenly at all is rather annoying. It's like a blast of cosmic rays aimed right at my Error-Producing memory. You can tell me that I won a billion dollars and the solution to the Kryptos puzzle and I would still seethe over forgetting the what band I was about to look up.
That said Firefox is pretty good at obeying its own "Recommend me new features" option.
I don't like shoved down user throats features but i feel that Firefox has to evolve with times or simply wither. It's important how they do proceed with that tough. So far they're not abusive in behavior. I'm back to Firefox after giving up in Chrome and I'm quite pleased with it. Firefox is best for me.
If this was the only feature FF has ever shoved down my throat I would be fine with it, but without the disabling the feature recommendation option, every other time I open a tab I get hit with a pop-up for some minor UI change. The worst part is that it stops typing so sometimes I was just typing into the abyss for 5 minutes before I realize it lost everything I typed.
I've been using since 3 and I don't think it's a miracle browser or anything. Anecdotally I've observed plenty of folks try FF for bit in the wake of Manifest v3 then switch to Edge/Brave, and it's not because of a lack of AI. They need this sidebar but it's not the only reason they're losing.
I don't have the same experience as you with FF and nothing like losing what I type ever happened to me. That would indeed be nasty bug and make it very unreliable/untrustworthy. It's possible you have something corrupted? Try a reinstall or try on a new machine and see if you can replicate the bug? I'm not 100% with Firefox but it's really the least bad option to me. I found, for example, quite irritating how FF was playing shenanigans with the new tab/homepage settings, eagerly recommending things I never asked for but luckily I was able to disable that. So far FF is quiet, not obnoxious and working.
You're almost there. Think to yourself now: what was it that happened in the past that necessitated the need for a large regulatory apparatus, auditors, etc.?
FWIW, I work for a major financial organization in the UK as a software architect and I've brought it up more than once over the years in various roles: not a single bank in the UK supports Yubikeys or custom Authenticator apps.
Not one (I last checked about a month ago!)
Security, while pretty good, is still lacking imo!
I thought they still did for website flow at least. Bizarrely we seem to think that phone apps are infinitely secure and don't need the extra step because biometrics?
Isn’t it because the assumption is that a mobile device is personal in 99,99999% of cases while it’s common (less now than 15 years ago) with shared computers in libraries, schools, etc.
I once had a banking app that reported the wrong transaction amounts (downloading the statements resulted in a different balance than what was shown in my account -- this isn't the US, so it should show the correct amount). When I reported the bug, they changed the values on my statements instead of fixing the app -- so now, it didn't reflect my receipts.
It was a fun time. They eventually fixed it in the app to show my true balance and fixed my statements back to what it was. But holy shit, the fact that an engineer would think that would be the proper fix is wild... this is pre-llms, otherwise, I'd think they'd been vibe-coding.
I tend to avoid auto-cashiers. It's mostly because I find they don't save any time, and just exist to fire cashiers.
One place that they basically force you to use it, is my local drug store (big chain, that I won't call out by name).
Their auto-cashier absolutely sucks. It's almost impossible to avoid having an issue that requires you waiting around for the poor schulb to come over and fix.
They recently set up touchscreens, at the prescription counter.
I have not once had success with the touchscreen. It can never find me, or my wife. They always have to just take my information manually.
I suspect that the backend (the algorithm and main engine) is good. I think almost all the problems are with shoddy frontend stuff. For example, I think the touchscreen issue is capitalization, and the old system cut off our surnames, so I actually have to type in about half my name, in all caps, to have it find my prescription.
I feel personally offended, when I encounter stuff like that.
I have never used these auto-cashiers or whatever they are called. It might be due to anxiety, which is weird because social encounters should be more anxiety-inducing. I just feel like I would mess something up.
Oh, and here real cashiers usually scam you by scanning the items twice and so forth (not sure if intentionally or not), it happened a couple of times to my parents (not considered elderly yet) in the past few months I would say.
I am 1,000,000% sure that many fintech companies are taking security very, very seriously (I am Stripe customer myself). But I don't think that has anything to do with statement "we are heavily regulated, and audited" - that is too funny.
In the wake of every scandal in finance is a wave of regulations. Finance is one of the most heavily regulated industries the is. That smart people keep finding new areas that haven't yet been regulated doesn't mean that the existing areas agent heavily regulated and audited.
If you give me $5, and then I pass it on to Bob for you, how many licenses and how much paper work do you think I should need to do that if I did that as a business? If you give me some money and I am a business, how much paperwork should that incur?
The big problem is that the exchanges are largely self-regulated. Or at least when I was in the field. A company I worked at sued a counterparty to our trade because we had proof of market manipulation. I won't say any of the details of who, etc, but the trades of the counterparty were so... plainly obvious of market manipulation in violation of the exchange's rules. At one point in that lawsuit the exchange's lawyers accidentally CC'd my bosses, showing that the exchange was colluding with the counterparty.
From what I was told, the issue for the exchange was that if they were found out to not enforce their self regulation then it'd be the precipitous event to the hammer coming down on them from regulatory bodies.
give me some examples of this “regulation” actually doing serious “regulating”? on paper, there may be 1,000’s of statutes and whatnots doing all sorts of regulations - in practice though… not to mention this industry is probably the most “self-regulated” when you actually dig in than most others…
Yep. Every few months, someone learns about this, thinks they've made a new discovery, and writes a breathless blog post imagining the possibilities of what can be done with it.
Spoiler alert, you almost certainly have been completely pwned already if someone can set LD_PRELOAD or modify /etc/ld.so.conf.
Please describe the scenario where someone needs to make the assumption you described and it is reasonable to expect that they are unaware that symbolic links could be changed by a third party library?
Maybe I misunderstood your argument, but /proc/[pid]/exe is a symlink in Linux 2.2 and later (so virtually all running instances of Linux today).
That said, your example doesn't make much sense to me. I'd be willing to bet a lot of money that the authors of the exploit chain you mentioned are aware of LD_PRELOAD and /etc/ld.so.conf.
I remember using LD_PRELOAD for reverse engineering Linux binary-only apps in the late 90's so it's likely from much earlier than that, always has been a neat trick
Sure, but why not HN of all places? Things get re-posted here all the time when they are relevant again. I'm not new by any means but I didn't know this.
It may be hard for him to re-establish trust. Maintaining xz for more than a decade then doing this would be quite a "long con" but if HN threads are any indication, many will still be suspicious.
His commits on these links look legit to me. It's a sad situation for him if he wasn't involved.
Honestly, he should call it quits and just drop xz utils and move on with life.
He maintained it for 15 years and struggled to get anyone else to help until Jia showed up. Meanwhile the Linux ecosystem depended on it.
The Linux ecosystem will either figure shit out and maintain it or move into a different archive library.
Best of luck in the future! I'm a nobody - but I was around in the packer days and wrote a post-processor and terraform provider for our vsphere back in the day. I don't think I'd be where I am now without those experiences. Thanks!
