Slashdot Mirror

Fx (the actual abbreviation) has had plugins in a separate process since 3.6.4 and you can see the RAM usage improvements being done in Aurora builds right now if you want. Now instead of a theory you can just paste the contents of about:memory

The problem is "keyless" (no password or secret bits needed) encryption doesn't actually add any real security because the passwords have to be accessed without being "unlocked" first.

What do I mean? Imagine you protect the password database with a single password (e.g. the unlock code). Now swiping the password database wins me nothing because it still needs unlocking. Now imagine I have a desktop with password-less autologin - my choices are now complicated. I must either

• Prompt the user the moment I need to access the password database
• Store the users password in a form that it can be derived using information on the filesystem
• Store the database unencrypted

• The first one is unweildly for a phone (does an unlock code really provide enough bits to securely lock the database?). The second and the third are effectively the same. In fact the second case reminds me of the old password database from Netscape where if you swiped the password database and a key file you could find out the real passwords.

You're whining about a performance problem that doesn't exist.

O rly? They even have knowledge base articles about issues related to performance and corruption of hte SQLite file that stores bookmarks. So, no, he was not whining about something that didn't exist as a simple Google search would show you more examples.

They are. Perhaps you should test the Aurora 7 builds before making false assumptions. That version will be officially released before the 64 bit builds.

They ARE focused on solving memory issues: http://blog.mozilla.com/nnethercote/2011/05/23/a-better-aboutmemory-stage-1-75/

They're fixing it see
http://blog.mozilla.com/futurereleases/2011/07/07/firefoxaurora7/
and
http://www.extremetech.com/internet/88998-fixes-to-memory-footprint-land-in-firefox-7
where they claim to reduce memory usage by 30%. From my personal experience it seems to be really better.

We're doing as much as we can to reduce those problems while Firefox is still single-process. For example, we recently started throttling timers in background tabs and added a sane web animation API. More and more internal APIs are asynchronous or interruptible. We've also reduced memory use quite a bit with Firefox 7; I think we use significantly less memory than Chrome in common cases now.

At the same time, we're also working on process separation. It looks like it will be ready to play with, perhaps even an option, in a few months. I don't think we'll enable it by default until we're comfortable with the tradeoff between memory use and responsiveness/stability.

And we're also working on a new programming language that could make it safe and sane to use "tasks" (likely mapping to threads) rather than processes, so we don't have to deal with that unhappy tradeoff :)

Why ?

The people at Microsoft thought it would be a good idea to name their product/service after a color, sure.

Then that is really Microsoft's own problem.

http://blog.mozilla.com/joe/2011/04/26/introducing-the-azure-project/
http://en.wikipedia.org/wiki/Azure_(color)

While we are on the Mozilla and naming problem. Google named their browser Chrome, even though the Mozilla already named part of their browser Chrome.

So, seems people just name things what they want.

Actually, Quartz might end up getting used as a backend for the Gecko-internal Azure API on Mac at least for a bit (just like Direct2D will be on Windows). See http://blog.mozilla.com/joe/2011/04/26/introducing-the-azure-project/ for some discussion of the tradeoffs here. There's some discussion about why it might be preferable to use a GL backend instead of Quartz on Mac (long story short, a GL backend is needed anyway for Linux and Android, and at that point it might make more sense to use it on Mac too so you don't have to maintain separate Quartz code).

I'm curious about the change to rendering. It seems to me they're saying, "these OS layout engines (Quartz et al) are too slow - we'll just route around them".

Precisely the opposite. It's our previous abstraction layer that's too slow, and we're replacing it with a thinner one, starting with the easier things like Canvas. See Introducing the Azure project and Azure vs Cairo.

> Upsized font - are you using a trackpad (e.g. on a laptop) and you happen to be holding the control key when the font blows up?

Nope. It's just started to happen with FF5. For example: You start FF - the page loads with larger fonts. You restart and it displays normally.

https://support.mozilla.com/en-US/questions/843109

..once again
following Skype and Firefox 4, now Mozilla officially drops PPC to go Intel only. Same with Opera.

Sad. Now I have no choice but to use unpatched software.

Right, as the article points out, the changelist for Firefox 5 is not much more expansive than the changelist for Firefox 3.6.

Some enterprise users have internal apps that they need to test, and some of them are upset about such a 'big' change. In reality they shouldn't be looking at version numbers, they should be looking at a list of potential impacts, to make their testing easier.

If Mozilla wants to handle this PR challenge well, it might help announce that from now on they are going to support they enterprise better (everyone likes to know they are being thought of), then from now on point people to the changelist, or add a 'potential impacts' section to the list. Simple enough, and lets people know they are considered.

I work in a company with over 10,000 deployed workstations. When 4 released it caused major headaches and we had to roll back to the 3.x series for technical reasons with some of our tools and add-on integration. It cost us a good bit of time and money to modify all of our dependent systems and tools, and we were actually just in the final testing round prior to a redeployment when version 5 and the end-of-life for 4 was announced. Management shit their pants, and next week we're pulling FF from our company entirely.
In the past FF was a great tool- it was low maintenance, upgraded smoothly with very few issues, and UI behavior didn't change drastically between versions which kept user support to a minimum. Not any more.

And before people start saying things about Addons and plugins supplying functionality which was changed or lost after version 3.x, that is not a solution. For example I had a series of scripts which automated data mining for agents working in our call center. In the past when a version update occurred I almost never had to modify it, and when I did it was always just minor changes. Moving from 3.x to 4 was just a nightmare, as the UI changes made this method difficult or impossible. Developing new tools that don't rely on the web client to get the data is not practical and does not have management support even if it was.

So good job, Mozilla. In your zeal to change things for no reason beyond making it looks more like someone else's browser, or to force users to interact with new UI elements which some developer has decided is "better" simply because HE likes them better, you've managed to piss off a very large segment of your user base. And while home users might be fickle enough, and the other options distasteful enough, for you to keep them around or bring them back... in the business world we're turning our backs on you like you just did to us. Fuck You and Good Night.

Right, as the article points out, the changelist for Firefox 5 is not much more expansive than the changelist for Firefox 3.6.

Some enterprise users have internal apps that they need to test, and some of them are upset about such a 'big' change. In reality they shouldn't be looking at version numbers, they should be looking at a list of potential impacts, to make their testing easier.

If Mozilla wants to handle this PR challenge well, it might help announce that from now on they are going to support they enterprise better (everyone likes to know they are being thought of), then from now on point people to the changelist, or add a 'potential impacts' section to the list. Simple enough, and lets people know they are considered.

I work in a company with over 10,000 deployed workstations. When 4 released it caused major headaches and we had to roll back to the 3.x series for technical reasons with some of our tools and add-on integration. It cost us a good bit of time and money to modify all of our dependent systems and tools, and we were actually just in the final testing round prior to a redeployment when version 5 and the end-of-life for 4 was announced. Management shit their pants, and next week we're pulling FF from our company entirely.
In the past FF was a great tool- it was low maintenance, upgraded smoothly with very few issues, and UI behavior didn't change drastically between versions which kept user support to a minimum. Not any more.

And before people start saying things about Addons and plugins supplying functionality which was changed or lost after version 3.x, that is not a solution. For example I had a series of scripts which automated data mining for agents working in our call center. In the past when a version update occurred I almost never had to modify it, and when I did it was always just minor changes. Moving from 3.x to 4 was just a nightmare, as the UI changes made this method difficult or impossible. Developing new tools that don't rely on the web client to get the data is not practical and does not have management support even if it was.

So good job, Mozilla. In your zeal to change things for no reason beyond making it looks more like someone else's browser, or to force users to interact with new UI elements which some developer has decided is "better" simply because HE likes them better, you've managed to piss off a very large segment of your user base. And while home users might be fickle enough, and the other options distasteful enough, for you to keep them around or bring them back... in the business world we're turning our backs on you like you just did to us. Fuck You and Good Night.

Or http://blog.mozilla.com/addons/2011/05/21/firefox-5-compatibility-bump/ worked for what I have

they did not break them actually. how about you get informed before you post aggressively then? FF 4 addons (plugins do not need update ever btw) have been marked compatible with FF 5 by Mozilla before FF 5 was released, so, no, they could not break.

From the Mozilla blog post: "Earlier tonight we updated compatibility information for add-ons that work with Firefox 4 to also work with Firefox 5, except in certain cases where we think the add-on may be incompatible." ... "There were 256 that failed our automatic scanners".

Right, as the article points out, the changelist for Firefox 5 is not much more expansive than the changelist for Firefox 3.6.

This may be true for this particular instance, but Firefox certainly isn't guaranteeing that going forward. What happens with Firefox 9 is released with a feature that breaks their enterprise, and Firefox 8 is suddenly no longer supported?

This whole attitude I hear parroted that "release numbers are irrelevant because they are just numbers" ignores a whole bunch of realities regarding how new features are introduced and developed to different classes of users. And in the case of Firefox, this new strategy sends a disturbing message to enterprise customers that new and potentially disruptive features will be introduced "when they are ready" and support for previous versions will be immediately dropped.

Right, as the article points out, the changelist for Firefox 5 is not much more expansive than the changelist for Firefox 3.6.

This may be true for this particular instance, but Firefox certainly isn't guaranteeing that going forward. What happens with Firefox 9 is released with a feature that breaks their enterprise, and Firefox 8 is suddenly no longer supported?

This whole attitude I hear parroted that "release numbers are irrelevant because they are just numbers" ignores a whole bunch of realities regarding how new features are introduced and developed to different classes of users. And in the case of Firefox, this new strategy sends a disturbing message to enterprise customers that new and potentially disruptive features will be introduced "when they are ready" and support for previous versions will be immediately dropped.

http://blog.mozilla.com/addons/2011/05/21/firefox-5-compatibility-bump/

Except there are still piles of addons that did not make it from 3.6 to 4, never you mind 5. More so if you are on OS X.

As to 4 to 5, there are about 256 or so addons that broke, according to Mozilla team themselves.

Damn trolls, they don't do their homework.

You just outed yourself as a homework-avoiding troll. Well done, Sir.

http://blog.mozilla.com/addons/2011/05/21/firefox-5-compatibility-bump/

What version of Chrome are you running? Most people running Chrome have no idea that it's going through major version upgrades all the time.

The curse of Firefox is the extensibility. Chrome has had a more limited, but growing extension system, and it isn't brittle like the one in Firefox.

Jetpack is the project to bring a Chrome like plugin layer to Firefox, which will handle the needs of 95% of addons, and should greatly ease the upgrade pain when developers start switching over to it.

It was only released widely a week ago, so there's still some time before it's ubiquitous, but when it is the upgrade pain for users and developers goes away.

TL;DR:
Firefox is doing the right thing, but there will be a bit of pain before things get better.

What addons are broken?

Also: http://blog.mozilla.com/addons/2011/05/21/firefox-5-compatibility-bump/

Right, as the article points out, the changelist for Firefox 5 is not much more expansive than the changelist for Firefox 3.6.

Some enterprise users have internal apps that they need to test, and some of them are upset about such a 'big' change. In reality they shouldn't be looking at version numbers, they should be looking at a list of potential impacts, to make their testing easier.

If Mozilla wants to handle this PR challenge well, it might help announce that from now on they are going to support they enterprise better (everyone likes to know they are being thought of), then from now on point people to the changelist, or add a 'potential impacts' section to the list. Simple enough, and lets people know they are considered.

Right, as the article points out, the changelist for Firefox 5 is not much more expansive than the changelist for Firefox 3.6.

Some enterprise users have internal apps that they need to test, and some of them are upset about such a 'big' change. In reality they shouldn't be looking at version numbers, they should be looking at a list of potential impacts, to make their testing easier.

If Mozilla wants to handle this PR challenge well, it might help announce that from now on they are going to support they enterprise better (everyone likes to know they are being thought of), then from now on point people to the changelist, or add a 'potential impacts' section to the list. Simple enough, and lets people know they are considered.

Actually, what I want from the Mozilla devs at the moment is not new features, but a solution to Firefox's memory problems.

Then you'll be happy to know that the "latest and greatest" includes some pretty big memory improvements. Do a find-in-page on The Burning Edge for "memory" or read Nick Nethercote's blog.

It seems that it's easier to motivate Mozilla developers to work on memory issues when the fixes will reach users in months rather than years.

I'm using Nightly (7) and I'm having trouble getting Firefox to use more than 400MB (explicit) even after a day of heavy use, with Gmail and Reader and Twitter as app tabs. You should try it out and report any bugs you encounter. Yes, we finally have tools that allow users like you to report useful memory leak bugs.

ORLY?

http://blog.mozilla.com/addons/2011/04/19/add-on-compatibility-rapid-releases/

http://www.mozilla.com/en-US/firefox/5.0/releasenotes/
What’s New in Firefox
The latest version of Firefox has the following changes:

        * Added support for CSS animations
        * The Do-Not-Track header preference has been moved to increase discoverability
        * Tuned HTTP idle connection logic for increased performance
        * Improved canvas, JavaScript, memory, and networking performance
        * Improved standards support for HTML5, XHR, MathML, SMIL, and canvas
        * Improved spell checking for some locales
        * Improved desktop environment integration for Linux users
        * WebGL content can no longer load cross-domain textures
        * Background tabs have setTimeout and setInterval clamped to 1000ms to improve performance
        * Fixed several stability issues
        * Fixed several security issues

Supposedly, the compatibility version string should be automatically updated in many cases: http://blog.mozilla.com/addons/2011/04/13/add-ons-review-update-29/

I used this last week, meaning in 2011 not years ago when it was brand new.

In that case : Tenfourfox (community ppc build of Firefox 4) and of course Firefox 3.6 is still available as a universal (x86 & ppc) binary.

I honestly considered putting a ppc linux on the machine. If the battery was not dead I would have. Too much work to fix it though, stupid Apple sealed laptop design.

What laptop is it, the "non user-upgradable" batteries only came in about 2008 IIRC, with the unibody macs ?

This blog post from Mozilla points out that in the past the assumption was that a new addon was broken in a new version, until proven otherwise. With the new release system, Mozilla is hoping to change this so the assumption is that the old addon is compatible with the new version, until proven otherwise.

I don't know how long it will take for this change of culture to set in, but hopefully by the next cycle developers will have made sure their addons no longer mark themselves as incompatible by default.

Perhaps it's wishful thinking.. but part of me is hoping that the new release schedule forces Mozilla, and the community, to re-think add-on compatibility reporting; flagging add-ons as 'broken' not by default, but after testing.

Mozilla is now doing exactly that for hosted add-ons and working on an Add-On SDK to reduce future breakage.

Perhaps it's wishful thinking.. but part of me is hoping that the new release schedule forces Mozilla, and the community, to re-think add-on compatibility reporting; flagging add-ons as 'broken' not by default, but after testing.

Mozilla is now doing exactly that for hosted add-ons and working on an Add-On SDK to reduce future breakage.

- Fixed several security issues

Are those going to be backported ?

And where are those release notes hidden ? I remember the good old days where there was a link to those next to the download button, but I can't find these now.

Sadly, I had to google it this time. https://www.mozilla.com/en-US/firefox/5.0/releasenotes/

To disable the annoying extension compatibility check:=

create a new boolean called "extensions.checkCompatibility.5.0" then set it false

Credit: http://support.mozilla.com/en-US/questions/837443

Because from a user perspective nothing had changed. A new version number is a new product, calling a minor update a new product is confusing and fragments the user base, and 10 security bug fixes is an important, but functionally minor update. If nothing else, imagine a year or two from now and Firefox is ready to put out a new release that actually is something new and exciting and they're stuck assigning it the same importance that the assigned to this security patch, because they already assigned the highest importance possible to this update.

Hyperbole much? This is the full list of changes and it's a whole lot more than "ten security bugs." A couple orders of magnitude more. It's not even true that nothing has changed from the user perspective; there are a couple minor changes. (Of course, had there been a UI revamp as in 4.0, people would be screaming in anger.)

Actually there is a project doing exactly this: Rendering pdf using Javascript! Take a looky here and at the demo.

Context Information Security has already tested WebGL implementations and demonstrated the sorts of bugs Microsoft warns about. In fact, it looks like maybe they got a tip about it from Redmond, but they do demonstrate it, and Mozilla has acknowledged the bugs for Firefox 4.

For you firefox folk out there

http://www.mozilla.com/en-US/plugincheck/

Works decently...

You haven't heart of Firefox profiles have you? It harkens back to the days of Netscape Communicator. http://support.mozilla.com/en-US/kb/Managing-profiles I use multiple profiles for Work/Home/Financial/Unsafe browsing

My understanding is that the standardization of ActiveX for secure banking in South Korea happened before SSL was well-known and widespread. Also, this was a country-wide standard, not something that was internally chosen by banks.

This is a good read if you're interested.

Netscape is still being updated. You can download it from here.

Instead, I'll send you links to the Firefox or Chrome. They will save few grand (mine or yours) and you'll get better browser. Actually, I can do it right away! http://www.google.com/support/chrome/bin/answer.py?answer=95346 http://www.mozilla.com/en-US/firefox/fx/ Glad to help (^_^)

Yes because you can always include something like

Dear valued customer, we regret that the browser you are using does not adhere to web standards and is not capable of handling all the great things this website has to offer, May we advise you to download a browser instead of an explorer. Any choice will do really as it seems that only Microsoft is incompetent enough to adhere to world wide web standards. we suggest a browser like Chrome, Firefox, Opera or Safari. This will not only greatly improve your internet experience but will also protect you against allot of Virus & Malware treats. We hope to see you again soon with a browser of your choice.
if you continue browsing on this page with your current browser you may experience incorrect page behaviour.


maybe leave some of the anti microsoft speak out of it but you get the pickture

I hate to spoil your rant, but you can turn the status bar back on in FF4.

The trick is in knowing that they now call it the "add-on bar".

In the new menu, go to Firefox -> Options -> Add-on bar. Or press Ctrl+/

The URL preview and download status still won't show in the bar like it used to, but if you want that as well, you can still restore that old behaviour with this addon, as recommend by Mozilla's official knowledgebase.

How's that for configurable?

As a web developer, I cry for you.

We don't want nor need your tears. FF 4 is ugly and has moronic design decisions. No status bar? really? not hidden, completely gone. Now that the world is trained to look for the padlock for SSL connections, they remove where that item sits and expect people to understand 'Site Identity Button'.

The explanation for this is patently ridiculous, from here

When viewing a website, the Site Identity Button will display in one of three colors - gray, blue, or green. Clicking on the Site Identity Button will display security information about the website, with a matching gray, blue, or green "Passport Officer" icon. "

Seriously? they wonder why they are losing market share?

Turns out, figuring out whether code in JS is dead is hard. See http://blog.mozilla.com/rob-sayre/2010/11/17/dead-code-elimination-for-beginners/ for some examples of things that look dead but aren't.

> Narrowly pointing out and having their lead
> "evangelist", Asa Dotzler

Uh... I think you're confused about Asa's role here. But anyway...

> I haven't seen any proof that the dead-code
> eliminator is "somewhat narrowly tailored for
> Sunspider"

Well, it only elimintated code that restricted itself to the set of operations used in the Sunspider function in question. This is pretty clearly described at http://blog.mozilla.com/rob-sayre/2010/11/17/dead-code-elimination-for-beginners/

For example, it eliminated code that included |TargetAngle > CurrAngle| but not code that was otherwise identical but said |CurrAngle >) was not. Addition and subtraction were eliminated while multiplication and division and % were not.

If it eliminated "any code that doesn't touch the DOM" that would be a perfectly good general-purpose eliminator. That's not what IE9 was doing, though.

There was the side issue that it also produced buggy code; that's been fixed since, so at least IE9 final doesn't dead-code eliminate live code.

http://blog.mozilla.com/dmandelin/2011/04/22/mozilla-javascript-2011/ has some discussion about LLVM in the comments. The short summary is that the LLVM register allocator, for example, is very slow; when doing ahead-of-time compilation you don't care much, but for a JIT that could really hurt. There are various other similar issues with LLVM as it stands.

They also use it to locate you in Google Maps if your phone isn't GPS enabled. It could find me inside my house even when running on my Nokia E65.

Firefox also uses Google's service to provide your location to websites (IF you allow it) by scanning the local area for known APs.