32 votes

Firefox 68 released

16 comments

  1. [9]
    NeoTheFox
    Link
    It's time to go to your about:config and set network.trr.mode to 2. This would enable DNS-over-HTTPS with a regular DNS fallback.

    It's time to go to your about:config and set network.trr.mode to 2. This would enable DNS-over-HTTPS with a regular DNS fallback.

    15 votes
    1. [8]
      Douglas
      Link Parent
      ...can you eli5 what that does versus what it had done before?

      ...can you eli5 what that does versus what it had done before?

      5 votes
      1. [7]
        NeoTheFox
        Link Parent
        When you type in a URL like ddg.gg it represents an IP address. Your browsers sends a query to a DNS server, that acts like an address book and it tells your browser that ddg.gg means...

        When you type in a URL like ddg.gg it represents an IP address. Your browsers sends a query to a DNS server, that acts like an address book and it tells your browser that ddg.gg means 184.72.104.138. However, these requests are not encrypted, making it possible for ANY third party to intercept them, log them, etc. Basically with how it works today everyone in your supply chain of internet knows exactly what websites you visit and what are you doing on these websites. That's where DNS-over-HTTPS comes in, your browser uses HTTPS to access known servers and exchange DNS data with these servers. This way your browsing stays safe from espionage, censors and regulators.

        16 votes
        1. Soptik
          Link Parent
          I'll add for clarity that HTTPS means that the transportation is encrypted, so only you can view the data. This actually even prevents some attacks, such as DNS poisoning, where attacker falsify...

          I'll add for clarity that HTTPS means that the transportation is encrypted, so only you can view the data.

          This actually even prevents some attacks, such as DNS poisoning, where attacker falsify DNS response and force you to visit his website.

          And it didn't take long for British ISPs to award Mozilla the title of Internet Villain because of this feature :-)

          cc @Douglas

          15 votes
        2. [3]
          teaearlgraycold
          Link Parent
          It more so prevents MITM attacks than prevents people from knowing what site you're connected to. Sure, for a shared/cloud hosting solution many sites may be hosted on one IP address. But for all...

          It more so prevents MITM attacks than prevents people from knowing what site you're connected to. Sure, for a shared/cloud hosting solution many sites may be hosted on one IP address. But for all other situations there's a 1-to-1 mapping of domain name to IP address. You can perform the lookup in reverse:

          1. ISP sees you're connected to 184.72.104.138
          2. ISP looks up the IP address
          3. ISP now knows you're connected to ddg.gg

          Still a massive security improvement, though.

          5 votes
          1. [2]
            Silbern
            Link Parent
            Dang, you're right, I never even thought about using DNS in reverse. But it really makes no difference. Huh.

            Dang, you're right, I never even thought about using DNS in reverse. But it really makes no difference. Huh.

            1 vote
            1. Diff
              Link Parent
              Doesn't always work. Sometimes (usually only on tiny sites I think) multiple sites are hosted from a single IP address. And DNS servers don't have a query for things in reverse I don't think....

              Doesn't always work. Sometimes (usually only on tiny sites I think) multiple sites are hosted from a single IP address. And DNS servers don't have a query for things in reverse I don't think. Although ISPs usually run their own DNS servers that are your first choice for asking so they automatically know what you're looking for anyway without any reverse shenanigans.

              1 vote
        3. [2]
          balooga
          Link Parent
          I presume you have to be using compatible DNS in order for this to work? How would we confirm HTTPS is functioning and not using the legacy DNS fallback?

          I presume you have to be using compatible DNS in order for this to work? How would we confirm HTTPS is functioning and not using the legacy DNS fallback?

          1. teaearlgraycold
            Link Parent
            Well you can probably configure it to not fall back to plain ol' DNS if you're concerned about that happening. If you're worried about this getting botched at this OS level DOH is performed by...

            How would we confirm HTTPS is functioning and not using the legacy DNS fallback?

            Well you can probably configure it to not fall back to plain ol' DNS if you're concerned about that happening. If you're worried about this getting botched at this OS level DOH is performed by each application, not as a wrapper around your OS DNS.

            1 vote
  2. [3]
    Laiz
    (edited )
    Link
    To disable the recommended extensions in about:addons, set the flag extensions.htmlaboutaddons.recommendations.enabled to false in about:config. You may also want to do the same for...

    To disable the recommended extensions in about:addons, set the flag extensions.htmlaboutaddons.recommendations.enabled to false in about:config.

    You may also want to do the same for extensions.htmlaboutaddons.discover.enabled

    15 votes
    1. [2]
      PopeRigby
      Link Parent
      There's a bug opened about this on Bugzilla. Maybe add your voice so they can give us a toggle in the regular options menu.

      There's a bug opened about this on Bugzilla. Maybe add your voice so they can give us a toggle in the regular options menu.

      5 votes
      1. jwr
        Link Parent
        There is already a check box for that option added to the nightly channel, so it looks like they'll be adding that in a later release.

        There is already a check box for that option added to the nightly channel, so it looks like they'll be adding that in a later release.

        2 votes
  3. [3]
    Soptik
    Link
    I wonder if there is any measurable performance improvement with the new GPU rendering. I read that it decreases browser lag and on some test site, it achieved 60 FPS compared to Chrome's 15 and...

    I wonder if there is any measurable performance improvement with the new GPU rendering. I read that it decreases browser lag and on some test site, it achieved 60 FPS compared to Chrome's 15 and old Firefox 12 (?). However I would like to know the impact on normal browsing.

    Did anyone read something about this, or can someone recommend me a way how to track time to DOM draw finish so I can count it myself?

    4 votes
    1. [2]
      dblohm7
      Link Parent
      Probably the easiest way to do this is to use the Firefox Profiler. Install that add-on, then make these changes to the profiler configuration. Start the profiler, then when you want to examine...

      Probably the easiest way to do this is to use the Firefox Profiler. Install that add-on, then make these changes to the profiler configuration. Start the profiler, then when you want to examine the state, capture a profile by pressing Ctrl + Shift + 2.

      There are other tools, but many of them require custom builds.

      5 votes
      1. Soptik
        Link Parent
        Thanks! I’ll post thread with results on Tildes if I manage to get interesting data.

        Thanks! I’ll post thread with results on Tildes if I manage to get interesting data.

        2 votes
  4. Deimos
    Link
    Here's a post on the Mozilla Hacks blog as well, giving more detail about some of the developer-oriented updates: Firefox 68: BigInts, Contrast Checks, and the QuantumBar

    Here's a post on the Mozilla Hacks blog as well, giving more detail about some of the developer-oriented updates: Firefox 68: BigInts, Contrast Checks, and the QuantumBar

    4 votes