End of classical interface

[sflorack]

Quote:

Originally Posted by Grhm

On my Nokia C2-01, which runs the Symbian operating system,
classic.fastmail.com works fine, but fastmail.com gives this message:
"Sorry, your browser does not support the technologies needed to use our web interface. Please make sure you have the latest version, and that JavaScript is enabled."

Symbian is a discontinued OS.. As it's no longer being supported by it's own developer, how long do you suppose third party sites/applications should support it?

[BritTim]

Quote:

Yes, UC is one of several browsers that I have installed; and no, the new interface doesn't work on it. Thank you for the suggestion, though.

The only other browser I can think of that has a chance of working is Opera Mini. If, perchance, it works, it actually would have performance and security advantages over other potential solutions for this old platform.

[Bamb0]

Quote:

Originally Posted by DumbGuy

Very few customers use the Classic UI

Yes which is a shame...... Its so much better!!!

[joe_devore]

Quote:

Originally Posted by Bamb0

Yes which is a shame...... Its so much better!!!

yup

two things I like about the classic UI:
1 - constant view-able folder #s (new/total)
2 - empty link next to the trash folder
etc
I hope they will bring back those two features I rely on daily before they retire the Classic UI in June this year...
I have already used the transition guide they created at
https://www.fastmail.com/help/guides...ransition.html
to tweak the New UI as much as I could, which has made the New UI a bit more tolerable for me

[walpurg]

Quote:

Originally Posted by ChinaLamb

Javascript runs just about everything these days. I'm not concerned. Even without javascript there are plenty of exploits that are still nasty. Exploits are found, exploits are patched.

I don't quite follow your logic. If Javascript runs just about everything, then it suddenly becoming a more potent expoitation vector would obviously have an impact, regardless of what other exploits exist. It would only take a few high profile cases trumpeted by the media for a significant number of people to become more worried about Javascript. I am not suggesting that people run for the hills because of this, but then again I'm not a fear-mongering journo - and there are plenty of those. And if the idea that "Javascript == potential danger" manages to get more fuel, that psychology will remain a factor long after the actual problems have been patched. Thus, more people may become interested in less Javascript-dependent interfaces, and it may be a good idea not to scrap such an interface here. I think this is something to consider, even if one is not personally concerned.

Provided, of course, that this is a real, widely applicable problem and not just an obscure radar blip hyped up by these researchers for self-promotion.

[ChinaLamb]

Quote:

Originally Posted by walpurg

Provided, of course, that this is a real, widely applicable problem and not just an obscure radar blip hyped up by these researchers for self-promotion.

My logic is this: I've lived through 20+ professional years of end of the world scenarios, and the world is still here. Updates roll out very quickly anymore, I'm not concerned. I work in a very high risk industry where mistakes have very real consequences. Most threats have been over hyped. Javascript runs everything today, from banking sites, to everything else. It's on the front end, and it's on the back end. If the problem is so bad that javascript had to be scraped (highly unlikely), everyone is going to have to completely rewrite their sites. Javascript is literally everywhere.

[n5bb]

We need to understand that this isn't a vulnerability in JavaScript. The researchers discovered a method of compromising the ability of ASLR to hide the memory mapping used by certain popular CPU's. Discovering the memory map doesn't immediately break security, but if another bug can then be exploited security can be compromised. Imagine having two different locks on a door -- a conventional key lock and a combination lock. If someone stole your key they could open that lock, but the door would still be locked if they couldn't break the combination lock code. The researchers used JavaScript to show that this exploit could be executed on a browser if an infected website was viewed and the browser didn't block the dangerous JavaScript from executing.

FastMail uses various techniques to prevent malicious JavaScript code in emails from being executed, so I don't think that's a danger. But clicking a link in a an email could allow an attacker to execute this exploit in JavaScript, which would increase your vulnerability. As far as I can see, nobody has reported this exploit actually being used.

One solution to not falling for these types of JavaScript vulnerabilities is to not execute such code from unsafe websites. Some security software (just as Norton) can block block access to dangerous websites, and browser features and add-ons (such as NoScript for Firefox) can prevent the browser from executing JavaScript and other code from unsafe websites.

Bill

[David]

Quote:

Originally Posted by ChinaLamb

My logic is this: I've lived through 20+ professional years of end of the world scenarios, and the world is still here. Updates roll out very quickly anymore, I'm not concerned. I work in a very high risk industry where mistakes have very real consequences. Most threats have been over hyped. Javascript runs everything today, from banking sites, to everything else. It's on the front end, and it's on the back end. If the problem is so bad that javascript had to be scraped (highly unlikely), everyone is going to have to completely rewrite their sites. Javascript is literally everywhere.

It is appreciated, that we sometimes get posts, from the higher end of the spectrum.

[walpurg]

Quote:

Originally Posted by ChinaLamb

My logic is this: I've lived through 20+ professional years of end of the world scenarios, and the world is still here. Updates roll out very quickly anymore, I'm not concerned. I work in a very high risk industry where mistakes have very real consequences. Most threats have been over hyped. Javascript runs everything today, from banking sites, to everything else. It's on the front end, and it's on the back end. If the problem is so bad that javascript had to be scraped (highly unlikely), everyone is going to have to completely rewrite their sites. Javascript is literally everywhere.

That's great, but do you think that your average media consumer also has 20+ professional years in a very high risk industry, or might they take in the hype (if there's enough of it) and conclude that being able to use a site with Javascript disabled would be a plus for them? It doesn't matter that the world is not actually going to end if people start believing that maybe it's going to. The software company I worked for at the time (as part of my own 20+ years of experience, since that has become relevant) made a lot of money off the Y2K scare, even though it would not have had any meaningful impact on most of our clients' operations. But that's largely beside the point here, because I was never talking about FM scrapping their JS interface, I was talking about the Classic interface potentially becoming more valuable in attracting customers, should exploits of this vulnerability start popping up in the wild. @n5bb is quite right, strictly speaking this is not a JS vulnerability, but if the media focus of the JS aspect, that's what people are going to remember. For someone equating JS with danger, the fact that FM's own site would still be secure and the JS in emails wouldn't be executed would matter less than knowing that they could use the site with JS turned off, period.

[edu]

Quote:

Originally Posted by walpurg

For someone equating JS with danger, the fact that FM's own site would still be secure and the JS in emails wouldn't be executed would matter less than knowing that they could use the site with JS turned off, period.

I agree. In fact, many people (including me and I see there are many more like me) are looking for email services without needing javascript when using the browser. Talking about security I think that it's very dangerous using javascript in all the websites, people should only enable it in some websites they trust, but it's also bad for our privacy: the server will receive a lot of information from us (maybe this is what many companies are looking for to track us more and more). So, I think FM would think about it.

[jchevali]

With @walpurg on this one.

[ChinaLamb]

Quote:

Originally Posted by jchevali

With @walpurg on this one.

Go get your tin foil hats.

[walpurg]

Quote:

Originally Posted by ChinaLamb

Go get your tin foil hats.

Don't worry, I've worked in high risk environments for 20+ years so I already have one.

(Not that I follow the logic of how pointing out a possibility (contingent on several things, which I'm pretty sure I haven't failed to mention) makes me worthy of insults.)

[ChinaLamb]

Quote:

Originally Posted by walpurg

Don't worry, I've worked in high risk environments for 20+ years so I already have one.

(Not that I follow the logic of how pointing out a possibility (contingent on several things, which I'm pretty sure I haven't failed to mention) makes me worthy of insults.)

Aaah. Didn't mean it to be an insult. If you took my comment that way, not my intention. Hat off and an apology to you.

[walpurg]

Quote:

Originally Posted by ChinaLamb

Aaah. Didn't mean it to be an insult. If you took my comment that way, not my intention. Hat off and an apology to you.

It wouldn't be a big deal (to me, don't know about @jchevali) even if you had meant it, It's just that people usually start talking about tin foil hats when someone is being... rather unreasonable? and in this case it seemed a bit too... abrupt? to suddenly get to that.