-
msiism
Does SeaMonkey still have a "Show image" option in the right-click context menu?
-
njsg
I think it's "view", let me check
-
msiism
Oh, that could be. I'm usually using the German language version of Firefox.
-
msiism
And Firefoy trashed that option recently.
-
njsg
yeah, "view image". It might not appear or show instead as "View Background Image" depending on how images are used in webpages
-
njsg
... really? why?
-
msiism
Well, what I've heard is: Telemtry suggested it's rarely used… But I cannot confirm that in any way.
-
msiism
But then, this is just the latest incident of Firefox getting ever more user-hostile.
-
msiism
Okay, but SeaMonkey having that option is great. :)
-
msiism
By the way, the Downloads & Releases page always says, "MD5 sums and SHA1 sums are available for official packages and source tarballs."
-
msiism
But then, there are actually also SHA512 sums.
-
msiism
And then this makes me wonder, a) why the project "hides" those, and b) why the project provides 3 kinds of checksums.
-
msiism
I mean, creating those checksum also takes time, so maybe narrowing it down to one might not be a bad idea.
-
msiism
Also, it would really be nice if releases were signed.
-
msiism
That's pretty much standard practice now. And it would make SeaMonkey more appealing to the reasonably paranoid.
-
frg_Away
msiism there are not eough people around unfortunately so it is robin round and fix one thing at a time. There are bugs open for signing. Next platform will probably macOS. There it is already partially enforced.
-
frg_Away
But you are right the SHA512 checksums should be added to the builds page. Need to check if this is a general template.
-
msiism
Okay, nice. If it's on the list, that already makes me happy.
-
msiism
Yeah, mantioning those SHA512 sums would also be nice.
-
msiism
s/man/men/
-
frg_Away
msiism signning bugs are open for a long time now unfortunately :)
-
frg_Away
-
njsg
msiism: you mean signing with certificate or with PGP/GPG? or just in general?
-
msiism
I mean having a package signing key and using that to sign release packages. So, yeah, GPG would be a good way to do this.
-
msiism
frg_Away: Thanks, I've bookmakred that.
-
msiism
I mean, GPG should also work for macOS.
-
frg_Away
msiism macOS signing is a bunch of sh*t. It is called notarizing there. You need an apple approved developer key and I think also do it under macOS and online. This one is probably on me so need to figure it out if it can be automated.
-
msiism
Why don't you simply give it a GPG signature, though?
-
msiism
People on macOS will be able to verify that.
-
msiism
Or is this about being in some official package repository that uses some weird signing mechanism?
-
msiism
If so, maybe not supporting that would not be the worst idea.
-
frg_Away
msiim They could use the sha now. Outcome would not really be much different if you want to check if the file has been tampered with. I would rather do it in a way the OS supports instead of spenging time adding more complexity in the build process.
-
msiism
Okay, I can't judge that. I have never used macOS for more than a few minutes.
-
msiism
I was just wondering whether signing everything with a GPG key might be the easiest solution. Even Windows users should be able to verify such a signature.
-
msiism
And, by the way, for "Unix", I'd just sign the checksum files with GPG. That should be way more efificent than signing the actual release packages.
-
msiism
But I'd keep the signature separate so people who really can't deal with the signture still have a corrcetly formatted checksum file to work with.
-
njsg
at least the windows specific method is sometimes needed/useful
-
msiism
I see.
-
njsg
no idea about macOS (last time I touched such a system, I think it was still called MacOS?)
-
msiism
:)
-
frg_Away
Well Windows is done with the official signing now in effect. If you use the zip the exe and dlls are signed. Together with the checksum for the zip should all be what is needed. The installers are snow igned too and are verified when starting them by the OS.
-
frg_Away
^now signed
-
msiism
Okay, nice.
-
frg_Away
With 2.53.11 beta 1 I dropped the SHA-1 signing and didn't dual sign them but unless you are running an unpatched Windows 7 you will not notice. SHA-2 is available for all 7 and 2008 R2 releases even without ESU.
-
msiism
Okay, those SHA variant names always confuse me a bit…
-
msiism
frg_Away: What do you mean by not dual-signing, by the way?
-
msiism
That there will only be one kind of checksum?
-
frg_Away
msiism yes sha1 for old systems and sha256
ibb.co/9Gf9kVX
-
msiism
Okay, great.
-
frg_Away
msiism This is how it is now with the beta:
ibb.co/nr3W1n0
-
frg_Away
Only sha256. Mozilla does this too now. Only compatible with 7 and up so sha1 is unneeded anyway.
-
msiism
I see.
-
msiism
I'll give SeaMonkey an actual try on my testing laptop, I guess.
-
frg_Away
msiism It has some problems with later sites. Bigger too. We are working on it but you probably need another browser too for these.
-
frg_Away
Depends on you browsing habits. If you use google "services", facebook and the other ilk most of the time you will not be a happy camper probably.
-
frg_Away
They are masters in inventing new language constructs and pushing them to users.
-
msiism
Yeah, but I usually don't do that. ;)
-
msiism
I just used w3m to find something on the Web today…
-
njsg
the backwards-incompatible standard/specification changes aren't fun
-
njsg
I'd think those would be a big no-no, but that doesn't seem to be the case, or at least it didn't stop them.
-
msiism
Could you give an example?
-
njsg
I think there have been changes in javascript regex support that result in syntax errors
-
msiism
Oh… Fun.
-
msiism
I mean, there is a POSIX standard for regex. Why don't they just use that?
-
msiism
ERE is pretty powerful.
-
msiism
Maybe too powerful…
-
njsg
and the default parameters for fetch() have changed in a way that can break sites which don't do more than relying on what the standard says is the default
-
frg_Away
I thought hard about it but can't remember one site which got better on the desktop in the last two years after a make-over using latest web "standard". Most are a pile of too much empty space, bad design, too big fonts, cramped in the miggle of the screen slow loading sh*t right now. Might be different on mobile but I don't care about browsing on mobile.
-
msiism
Yeah, I think most people don't understand the original concept of what a web page is.
-
msiism
It took me some time to get there as well.
-
njsg
my general feeling with these redesigns is that often not only there's too much empty space, but also that the redesigns tend to get rid of the content.
-
njsg
but the "often" is probably YMMV and I didn't actually sample websites to reach a number
-
msiism
A well-structured classic website should also work pretty well on mobile, I guess.
-
msiism
But then smartphones are a crippled user interface, so, maybe not…
-
frg_Away
^cramped in the middle I mean :)
-
msiism
Oh, I didn't even notice the typo.
-
msiism
One insane thing about smartphones is that most of them don't really seem to have an equivalent of Home, End, PageUp, and PageDown.
-
frg_Away
Would need to be optimized differently for both I think. Hamburger button makes sense on mobile but anybody pushing it on desktop is imho clueless. Which includes a lot of people but I have a firm opinion here. I am a hater when it comes to this stuff :) Same for black and white or 1 color icons in toolbars.
-
msiism
Yeah, I agree to that.
-
njsg
black on white, did you mean gray on gray?
-
frg_Away
light gray text on white and the gray on gray variants included in my hate :)
-
tomman
fortunately no website has pissed me off lately THAT much
-
tomman
except for Simple Flying's latest hipster redesign, which amazingly works fine on SM
-
tomman
tons of stupid whitespace, and the 3rd-party comment provider will never work without Google WebComponents®, but at least they stopped punishing me for adblocking
-
tomman
...oh, and Colnect and it's gratuitous breakage because of nullish coalescing operator, but there are plenty of other banknote catalogs I can use
-
tomman
JavaScript-free, even!
-
tomman
not using Meth properties or Twatter not only keeps me away from more web breakage, it also keeps my sanity (mostly) intact~