Disabling Firefox insecure password form warning

While I believe in security in general, and in SSL-certificates as a means for that, it gets quite annoying to have the newly released password form warning for several of my sites.

In particular my home router and my intranet NAS-box at home, which prefers http login, even though the NAS actually comes with an https-variant, which unfortunately does not work very well since it uses a self-signed certificate issued to QNAP NAS, and therefore does not match the hostname/URL of my configured NAS. Which still creates warnings and needs for exceptions and so on rather than actually helping out.

But anyway, the point of this post was not about QNAP, (who beyond this little misstep makes a splendid product), but about how to disable the insecure password form warning in Firefox, and also how to re-enable password autofill on http sites again.

So. Here’s how to disable Firefox insecure password warnings:

  1. Open a new tab, paste about:config into the address bar.
  2. In the Search box at the top, paste insecure_field_warning.contextual.enabled
  3. Double click the setting to change it to “false”, to disable Firefox’s insecure password warning.

To also restore autofill functionality, so saved login/password automatically populates in an HTTP form here’s how:

  1. In the Search Box on the about:config page, paste signon.autofillForms.http
  2. Double click the setting to change it to “true,” to enable autofill

And I believe the old joke on doing unsafe things you shouldn’t used to come with the warning “don’t do this at home!”… 😉

One thing I would like very much however is for Binero to come up with their planned support for free SSL-certificates through some 3rd party provider. (I believe Let’s Encrypt was mentioned in a comment to a blog post a while back but now I can no longer even find that specific blog post so it might have been deleted).

 

 

Advertisements

NoScript block for Handelsbanken BankID

I had a repeat this weekend of the same issue as last week, that it worked perfectly fine to sign in to my bank, Handelsbanken, using mobile BankID, but approving new payments or transfers did not work, the site would just lock up and not process the approval for the payment.

After some help from Handelsbanken tech support we narrowed it down to the plugins in Firefox, and with some additional testing I found out it’s NoScript (again) which is this time blocking the payment approvals. Previously it has been blocking my internal sites on http://192.168.x.x local subnet, and blocking referrals to Google Fonts, to name the most recent.

I’m not yet sure what I will do here, I don’t want to remove NoScript, but on the other hand it is getting somewhat random what works from day to day, and when it gets to nitty gritty details such as BankID-login working but BankID-signing not working it becomes rather difficult to keep the program without adding a secondary browser for entirely trusted sites, such as banks.

This last option is incidentally suggested by Avast every time I login, to use their SafeZone browser, but I’m not sure why it needs to open 12 parallell processes each time I try to login, so I’m not yet ready to switch to it.

And switching to IE, as suggested by tech support, does work, but the point of using Firefox with NoScript was to make things more secure. NoScript description states that

“It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking site…”

However, things keep getting broken and fixes breaks new things. If I could get to a stable version I could try to disable automatic updates entirely for it. But so far there’s no stable version in sight. Maybe I should try Edge?

Missing: location

While it’s really such a minor trivial thing, it’s still quite annoying that my “home” location won’t appear in the Facebook app on my iPad, only in Firefox on my PC.

It does result in quite many incorrectly location-tagged posts, to be adjusted later sometime. It’s just such a waste of time.

(Another annoying triviality is that the iPad still hasn’t picked up the change of site icon which the rest of the devices has. Should I really need to reinstall the app just for this detail? It works, but still…)

(And, updated, I reinstalled the Facebook app as well. It didn’t help.)

And all I wanted was to quickly download a file

The morning starts with troubleshooting my own computer, as it so often tend to do. Auto-updates may be a must in some cases but sometimes they’re really more a pain…

This morning I wanted to update my webpage, and in order to do so I needed to access the photos from yesterday, which were uploaded to OneDrive, since I was now on a computer which does not cache this folder locally due to lack of disk space.

Starting Firefox and going over to onedrive.com I noticed a new, odd behavior. There was an infinite reload-loop and selecting a folder was almost impossible. The reloads also made the browser so slow it became unusable. (Excluding the fact that this really shouldn’t happen of course).

A quick check in Edge confirmed it was a Firefox problem, and that reminded me of the notification I had dismissed that NoScript had updated itself. Seeing this a the most likely problem I disabled the plugin and all was well again.

What annoys me in this is that I have whitelisted all URL’s used and needed by Onedrive, so this shouldn’t really happen. And it’s the second time in a short while where NoScript has failed. I really like the plugin, but I don’t like unpredicted instability, so I’m not sure whether to keep NoScript or not, but I’m not sure there are any equally good replacements either.

Avast SafeZone, autoinstallation without consent

I had been reading news during the evening, in Firefox as usual. And when I closed it I noticed a new icon had appeared on my desktop, for an Avast SafeZone Browser.

Now, what’s this?

Updates and signatures, of course, scanner engines, restarts, fine, but I’m not entirely sure I like the idea of Avast installing completely new features like entire webbrowsers without asking for my consent or even telling me in the first place. It reminds me too much of the first time https-certificate insertion appeared and replaced all my banking certificates with Avast proxy certificates, (which led me to try out Panda instead).

Apparently I’m back with using Avast, and apparently again I’m being surprised. In more than one way though, as initially I considered just uninstalling the SafeZone Browser, but then decided to give it a quick test to see how it behaved, and got quite surprised there too.

Facebook is simply lightning fast, I can’t recall it ever having been this fast, and clean. And the same goes for several other sites as well. like Twitter, some newspapers and so on. And after some looking I did actually find my imported bookmarks, so at a first glance things seem quite smooth. (Except it uses the wrong search engine by default. that setting could have been imported as well).

But there are the plugins for Firefox, maybe not the end of the world, but I like them. Especially the XMarks sync for bookmarks, because there’s really more to bookmarks than importing them. I want to be able to switch browsers, when a site requires it for some reason, and I don’t want to import bookmarks. I want them synced, between all my browsers and all my devices. So until XMarks becomes available for the Avast browser, I’m sorry but it won’t be enough, for me. The others are mostly built-in, except HTTPFox, which is nice to have but not crucial, but XMarks is a must.

I guess I’ll keep it for testing for a few more days, but I don’t appreciate not getting told when new software is installed on my computers. And first impressions last.

Minnow suddenly looked different

It started just the other day, my personal website looked different.

And not intentionally by my doing, which I didn’t like at all.

At first I didn’t see it, it was after all only a minor change in appearance. But then I got it, the font had changed. And the font in Minnow was one of the reasons I use this particular lovely little theme (the other being it’s clean and without distractions).

But why? I hadn’t updated anything, or had I…?

So I began to backtrack through the endless stream of updates. The iPhone and iPad gets gigabytes of updates almost every day for all apps, quite annoying but quickly eliminated since the problem existed on PC as well.

Firstly, it only happened for the website hosted on a dedicated server, not for the same replica hosted on WordPress.com, (this site).

So what auto-updates on a WordPress site? Well, basically everything…
The site itself, but that hadn’t changed. The WP Security plugin, hadn’t changed. And Jetpack, which seems to update itself about every time I look away, also hadn’t changed.

Oh well, onwards. Now, the problem also only happened when using Firefox, not in IE, or Edge.So I started on that end. Edge works, FF does not. But FF works on another users computer, so it must be a local issue then.

Not Firefox versions, these were the same. But after disabling all plugins it worked. Which, by re-enabling them one by one pinpointed the problem to NoScript, and as it turned out, this plugin had just auto-updated itself just a few days ago. Got it!

Now, the problem became something else. All relevant sites were whitelisted, the local domain, wp.com, wordpress.com, and gstatic.com for the fonts. So this shouldn’t really happen. A quick search on Google turned up some recommendation to allow the @font-face value, which I tested but still things did not work.

Enter Forum search to the rescue. Not much of a search really since it was listed among the top hot topics, new NoScript update breaks Google Fonts. And a solution as well, to install the newest release candidate.

And while I usually prefer stable released versions to RC’s, in this case given the choice of uninstalling NoScript, or not having working fonts, the answer was to use the RC.

 

First Major Update for Windows 10

While waiting for the Windows 10 November update to resolve my Xbox problems, I’ve tried to see what’s really in it for me, besides a lengthy time-wasting upgrade period and up to then a lot of non-working apps, like the Xbox app.

Microsoft says,

  • that the new update improves performance over Windows 7, which for me is irrelevant since I noted that already in the original upgrade from Windows 7 and Windows 8.1 to Windows 10. So, nothing new there.
  • that there are new features in Cortana, which to my knowledge still isn’t available in Sweden. So, nothing new there, either.
  • that there are new features in Edge, however Edge is still not on par with Firefox in areas such as syncing my favorites, offering addons and plugins. So any news in Edge is a waste of time for me.
  • there’s also said to be a lot of upgrades to
    • mail (don’t use it since I use Office365)
    • calendar (don’t use it either)
    • Groove (what’s that…?)
    • Xbox (hm, ok, it starts to work again, that’s nice)
    • Store (haven’t seen much news yet, still a lot of unuseful apps)
    • OneNote (nice, but I use the OneNote 2016 in Office365)
    • Solitaire (oh well, one for the kids, maybe)
    • Photos (not sure what’s new but that’s nice, sometimes I even open it and look, mostly though what I see of it is the icon on the start menu, but I guess it’s good anyway)
  • And then there’s supposed to be a lot of updates for office users, which I am not, (on these computers).

So, essentially it’s a major upgrade to resolve a login problem caused by another update, to offer me a new photo icon on the start menu, and maybe give the kids some news in playing solitaire.

I still like Windows 10, but I hope the next major update brings me something more useful.