Seems the only addon I use that isn't compatible is "Disable Ctrl-Q Shortcut". It's an addon I really don't want to get rid of, there have been many cases in the past where I've accidentally pressed ctrl+q instead of ctrl+w, and had Firefox quit on me..
Edit: The page for the addon has a comment saying it does work with multiprocess, so I just forced it on. I'm on Linux, and I don't know of an about:config key to disable ctrl+q
Does anyone know of such an extension for Chrome and Alt-F4? Chrome seems to handle that all by itself on Debian, which is silly because my window manager doesn't use that for "Close Window".
If you set browser.showQuitWarning to true (also make sure browser.warnOnQuit is true; that should be default) it will show a dialog to confirm if you want to quit. But if you check the box "do not show next time" it will set browser.showQuitWarning to false.
Apparently the SSL certificate for that site expired a few days ago and nobody renewed it.
Certificate expiration seems like one of the most ridiculous aspects of TLS. Its only use case (apart from generating more money for CAs) seems like "we somehow can't revoke the certificate, but if we wait it'll expire".
that's kind of also a really important use case. "There is no reason to trust this certificate in perpetuity, so pretending it hasn't been compromised over a long period of time would be stupidly insecure. Let's expire it after X months". There is no reason to trust a certificate that's older than a year, for instance, there's been more than enough time for someone to reverse engineer the keys if they wanted. The real part you should be questioning is why no one renewed it. It's pretty trivial to set up cert renewal, so why didn't they? Maybe the site's no longer maintained, maybe it's not actually intended to be secure. Important questions.
> There is no reason to trust a certificate that's older than a year, for instance, there's been more than enough time for someone to reverse engineer the keys if they wanted.
Cryptography does not work that way.
> It's pretty trivial to set up cert renewal, so why didn't they?
That holds true today, with Let's Encrypt; their short expiration date seems to exist largely to force people to automate it, and in that regard it seems quite effective. But prior to that, many CAs did not have scriptable automated processes to renew certificates.
> There is no reason to trust a certificate that's older than a year, for instance, there's been more than enough time for someone to reverse engineer the keys if they wanted.
> Cryptography does not work that way.
But it kind of does. Imagine if we were still using certificates signed with DES and MD5 hashes because they were available perpetually. Certificate expiration at the very least means that whenever you renew you're keeping up to date with whatever vulnerabilities have been exploited in the past 3-5 years.
It also keeps CRLs short and concise as those certificates that have expired do not need to be included.
Thanks; I disabled quite a few non-critical addons based on this list and was able get the switch in about:support to flip. Will see if it's worth it! All of the addons I disabled are listed as "unknown" so I suspect they will all just work fine if I forced multiprocess but better safe than sorry. Thanks for the information.
That site listed a few of my addons as incompatible, but turned out that that site hasn't been updated in a while. Example, it lists Lastpass as incompatible, but it works just fine for me.
Lastpass definitely was rough at the beginning, but it's been stable for months for me. And I'm one of the crazy ones running multiple content processes.
Edit: The page for the addon has a comment saying it does work with multiprocess, so I just forced it on. I'm on Linux, and I don't know of an about:config key to disable ctrl+q