September patch set for TenFourFox

102 is now the next Firefox Extended Support Release, so it's time for spring cleaning — if you're a resident of the Southern Hemisphere — in the TenFourFox repository. Besides refreshing the maintenance scripts to pull certificate, timezone and HSTS updates from this new source, I also implemented all the relevant security and stability patches from the last gasp of 91ESR (none likely to be exploitable on Power Macs without a direct attack, but many likely to crash them), added an Fx102 user agent choice to the TenFourFox preference pane, updated the ATSUI font blacklist (thanks to Chris T for the report) and updated zlib to 1.2.12, picking up multiple bug fixes and some modest performance improvements. This touches a lot of low-level stuff so updating will require a complete rebuild from scratch (instructions). Sorry about that, it's necessary!

If you're new to building your own copy of TenFourFox, this article from last year is still current with the process and what's out there for alternatives and assistance.

Network Solutions screws the pooch again

Floodgap appears to be down because Network Solutions' name servers are timing out and name queries are not reliably resolving (everything's up on this end). There is no ETA. If this continues for much longer I'll figure out an alternative, but between this and the social engineering hack last year, maybe this is a sign I need to move it to a different registrar even though I prepaid a few years ago.

macOS Oxnard

Those of us in southern California are shaking our heads. I like the City of (San Buena)Ventura fine, but Ventura isn't exactly in the same snobbish class as, you know, Big Sur or Monterey. I mean, if they really wanted they could have had macOS Camarillo, or macOS Thousand Oaks, or maybe even macOS Calabasas even though that sounds those gourd urns you buy at Pier 1 or a euphemism for unmentionable body parts, but anyway. (macOS Malibu! Buy all her friends!) There was a lot of buzz over the possibility this could have been macOS Mammoth, and even Wikipedia went all-in. I can see why they didn't because the jokes would have flown thick and heavy if it turns out as big and ponderous as the name, but when you give up the chance at Point Mugu or Oxnard (or La Conchita: the operating system that collapses on itself!) for a pretty if less ostentatious coastal community, someone at Apple just isn't thinking big. Or, for that matter, mammoth.

April patch set for TenFourFox

I've had my hands full with the POWER9 64-bit JIT (a descendant of TenFourFox's 32-bit JIT), but I had a better idea about the lazy image loader workaround in February's drop and got the rest of the maintenance patches down at the same time. These patches include the standard security fixes and updates to timezones, pinned certificates and HSTS, as well as another entry for the ATSUI font blacklist. In addition, a bug in the POWER9 JIT turns out to affect TenFourFox as well (going back to at least TenFourFox 38), which I ported a fix for. It should correct some residual issues with IonPower-NVLE on a few sites, though it may allow code to run that couldn't run before that may have its own issues, of course. A clobber is not required for this update. The commits are already hot and live on Github.

The next ESR, version 102, is due in June. I'll change the EV and certificate roots over around that time as usual, but we might also take the opportunity to pull up some of the vendored libraries like zlib, so it might be a somewhat bigger update than it would ordinarily be.

Next update set available for TenFourFox

Security patches and a couple tweaks have been landed on the TenFourFox Github, so warm up your computers and prepare to rebuild. The security patches mostly cover DOM and media, but the tweaks add a UA exception for YouTube to prevent it forcing you onto the really slow main page from its "unsupported browser" page, as well as a workaround for sites using lazy-loaded images with lozad.js. (I said I scratch my own itches, and these annoyed me personally, so I fixed them.) If you have a custom UA for YouTube in your own settings, it should remain unaffected. There are also the usual updates for the HSTS and TLD lists, and a more complete fix for non-SHA-1 OCSP stapled responses.

The workaround is needed because TenFourFox doesn't support IntersectionObserver. I'm pondering whether this is the point to add a global polyfill to the browser that could potentially cover this and other deficiencies, but although it would be nice to not play whack-a-mole so much, that would have some consequences for performance and memory use over a targetted fix like this. I don't want to get too complex with having a "black list" for sites that need the polyfill you can add to, but maybe that's the least bad option. I'll do some thinking.

In case you missed it, I've always maintained that the most logical upgrade path from a PowerPC-based computer is to ... another PowerPC-based computer. SheepShaver, the well-known classic Mac OS emulator (which many of you use to run Classic apps in Leopard), is now ported to OpenPOWER, so you can run it on a POWER9-based workstation like the Raptor Talos II or Blackbird. Myself, with this port working, I've migrated almost entirely from QEMU to SheepShaver except for a few apps that still have compatibility issues. Come on in: Power ISA isn't dead, not by a long shot.

Updates to TenFourFox on Github

Happy New Year (I'd like to say nothing can be worse than 2021 was, but I don't want to tempt 2022). Fortunately, we're starting the year off right with new changesets on Github for the TenFourFox rolling release. Besides the periodic updates to TLDs, HSTS and timezone data, these two changesets also fix some security issues, include a minor update to NSS with new support for SHA-2 OCSP stapled responses (thanks to roytam1 for the suggestion), and correct a couple minor Mac OS X-specific widget problems. No clobber is needed for this go-around, so just pull down the changes and gmake -f client.mk build to fresh your installation. If you're new to self-building TenFourFox on your Power Mac (or unsupported Intel Mac), read this recent article.

The strawberry iMac that made the Wikipedia

Apparently the strawberry iMac G3 is to blame for Wikipedia, and in keeping with the stupid prices people are paying for collectable Power Macs (to the chagrin of those of us actually using them), you can bid on it. The first edit he allegedly made in 2001 is available as an NFT, also for $tupid money, which I have reproduced here for the nominal charge of your eyeballses:

In 2001 this was probably Microsoft Internet Explorer on OS 9, maybe OS X Cheetah, but the NFT doesn't say and this substantially diminishes the value of it in my eyes. Seriously, if you're buying for the history, provide the damn history. Also, the strawberry iMac G3 I have in the music room is in rather better condition and even has a Sonnet HARMONi upgrade card. I'm just saying, because I'm not selling.

Back briefly on topic, watch for a dump of security updates in the next few days now that I've made some more progress on the POWER9 JIT for my Raptor Talos II.