Disabling Firefox insecure password form warning

While I believe in security in general, and in SSL-certificates as a means for that, it gets quite annoying to have the newly released password form warning for several of my sites.

In particular my home router and my intranet NAS-box at home, which prefers http login, even though the NAS actually comes with an https-variant, which unfortunately does not work very well since it uses a self-signed certificate issued to QNAP NAS, and therefore does not match the hostname/URL of my configured NAS. Which still creates warnings and needs for exceptions and so on rather than actually helping out.

But anyway, the point of this post was not about QNAP, (who beyond this little misstep makes a splendid product), but about how to disable the insecure password form warning in Firefox, and also how to re-enable password autofill on http sites again.

So. Here’s how to disable Firefox insecure password warnings:

  1. Open a new tab, paste about:config into the address bar.
  2. In the Search box at the top, paste insecure_field_warning.contextual.enabled
  3. Double click the setting to change it to “false”, to disable Firefox’s insecure password warning.

To also restore autofill functionality, so saved login/password automatically populates in an HTTP form here’s how:

  1. In the Search Box on the about:config page, paste signon.autofillForms.http
  2. Double click the setting to change it to “true,” to enable autofill

And I believe the old joke on doing unsafe things you shouldn’t used to come with the warning “don’t do this at home!”… 😉

One thing I would like very much however is for Binero to come up with their planned support for free SSL-certificates through some 3rd party provider. (I believe Let’s Encrypt was mentioned in a comment to a blog post a while back but now I can no longer even find that specific blog post so it might have been deleted).

 

 

Upgrading Plex Media Server

Today I made a new attempt to upgrade my Plex Media Server on my QNAP to the most recent version available in the QNAP appstore.

From an initial quick check most things seems to have worked better this time, compared to what went wrong the last time.

  • New version prompt is still there, but it’s a minor annoyance only. (And I won’t try the available direct manual download just yet, but stick with the officially available version from QNAP).
  • The unclaimed server prompt still pops up every now and then, also somewhat annoying, still nothing major.
  • I’m not yet used to the new menus, and the front page is in English despite settings being set to Swedish, while the rest of the menus seems to be Swedish. I can’t quite put my finger on it but something feels like missing in the settings menus, but since I can’t spot it right away I’ll assume it’s no problem, for now.
  • Lastly, what broke it last time was that Media Libraries seems corrupt or content missing, no trace of this in this upgrade, so hopefully everything should be fine.

There was a small new surprise in that when trying to change the title of “Recently added movies” to Swedish, this did not change, but also (and instead) added a conversion task of all recent items, which I have no use for and needed to cancel.

It’s also annoying the settings menu can’t be hidden from the left side navigation bar, since it’s anyway present in top right menu, and in navigation bar it shows an error for not being logged in. I wish I could at least disable the warning, if not the entire menu from showing up in navigation.

But all things considered, it feels like the glitches are minor and I can live with them, which is quite nice since I’ll then be past the 1.x version, going from version 0.9.12.18 to version 1.3.4.3285 in one single upgrade. A version jump of 6 major releases and an uncounted minor versions.

I’ll try this on for a few days before claiming it a success though.

Enabling 2FA login

I came across this article on enabling two-factor-authentication for several accounts.

I noticed that not only are there several more services now offering 2FA than when I last checked a few months back. But once I set out to enable my accounts on these services I also noticed that several of them now supports apps in addition to SMS-messages.
And I’m also very glad that the apps are becoming more generic so I don’t need to have a mass of apps installed on my phone, but rather that it’s now possible to use for example Microsoft Authenticator not only for Microsofts own accounts but also for Google, Twitter, Dropbox, Amazon and others.

The article doesn’t mention Steam though, but I think it should. Steam is quite huge as platform and enabling 2FA was both easy and well worth it, considering the info stored there. And neither is Apple mentioned which is a little odd, but AppleID is also very smooth to enable for 2FA.

There are also some identity services missing in the article where maybe I should look more into their respective settings to see if they now support easy to use 2FA as well.

I’m thinking specifically of WordPress, Instagram, IMDb and Origin. And of course all the web shops where personal info is stored.

And lastly what I’d like to see now is support in Password Safe for PC and the pwSafe iOS app for tagging accounts with a green colour flag if they’re 2FA enabled.

My cyber is now protected. But against what?

As much as I like Avast Antivirus, and after some getting used to I’m also starting to like Avast SafeZone browser (with a few horrid exceptions, like the handling of shortcuts and colors, and the annoying fact that when you launch one instance of the browser it launches 8 separate processes)

What I don’t like is not being informed in any way when new features affect the operating system. When SafeZone was added that was annoying, but it was “just” another browser, like so many other adware programs that tries to install their own plugins, addons, and whatnots.

But installing a Windows service is quite another thing, in my eyes. And when I’m not even sure why it’s being done, for what purpose, and when it’s actually protecting me (or what it’s protecting) then I get a bit more annoyed. And then I try to find out where the settings are, and how to deactivate the plugin.

avast-ids

So far I haven’t found its settings, and it’s not listed as an installed component within the Avast settings user interface, and neither is it listed among the Windows installed software, so it must be handled as a part of the main Avast installation itself, but I’ll get there in the end I hope.

And if I don’t I’ll just consider uninstalling Avast and go back to basic Windows Defender. It wouldn’t be the first time.

CSS modifications to Minnow

I’ve made two minor modifications to my Minnow theme style.css:

Under section /* Wide screens */ changed

    .site-content {
max-width: 960px;

to

    .site-content {
max-width: 1100px;

and second under

    .content-area {
max-width: 660px;

changed to

    .content-area {
max-width: 800px;

At first I had planned to go for 1200/900, but this became so massive so I backed down to 1100/800 instead. For now. 🙂

 

 

New theme, Affinity

I’ve switched to the Affinity theme on my public blog, to see whether it’s usable and I should switch on the others. I’m actually quite fond of my current theme, Minnow, but I’d like to find a similar theme with a little more page width.

In that regard the Material theme is great but it has a problem in that it does not support automatic language detection. Maybe there’s some way to provide language files, I haven’t checked yet, but that’s definitely a large disqualifying minus in my eyes. And Material also has a minus in not supporting the Collapsing Archives plugin. Using the regular full archive widget provides a very long list for a blog with posts dating all back to 1998…

By the way, the default images in Affinity are amazing, I wish I could take pictures like the one of the forest. I do have a few I’m quite proud of but this one was really nice.

Besides that, I noticed that WordPress had auto-updated to the most recent version 4.7.2 on all my sites. And there are new versions of iOS 10.2.1 and more. In fact, updates are becoming so frequent that I don’t have the time to catch up with them all, so it’s lucky the stability has also improved so much that I can rely on auto-updates for most devices.

Upgraded to WordPress 4.7.1

I upgraded my sites to WordPress 4.7.1. No issues or unexpected problems so far.

I did note however that oddly enough one of the sites has received a rather unusual amount of visitors the last two days, especially considering there are no referrals and no new postings on it at the time. It also seems to have an increase in the stats for number of hacking attempts. But beyond that everything seems to be fine from what I can see.