Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
Re:Sheesh...It doesn't matter what you or I think. The point is that Mozilla has committed itself to "responsible disclosure". It expects "responsible disclosure" from others (and they get that). And Mozilla normally does that themselves, but not this time around, as they published the advisory the day after they notified Opera.
Also, when I explained that there's a difference between creating a fix and deploying a fix, I was pointing out that between the time the bug is analyzed and a final fix is deployed will not be as short as some seem to think. If you want to do it properly.
-
Re:No mention of EudoraSo with there being no mention of the Eudora code base that Qualcomm gave to the Mozilla folks, does this mean there are no plans for those features in Thunderbird? Does Eudora only have implications for the Penelope project? The last I heard, there was no plan to reuse any of the Eudora code -- they're basically just adding requested Eudora features into a version of TB with a tweaked GUI (keymappings, icons, etc. from Eudora). While I have my little soap-box, how come Thunderbird doesn't start off with a Junk email folder so that I can mark something as Junk and have it go to that folder? Apparently, there are people out there who don't get Junk email! It's been a *very* long time since I've had a fresh install of TB, but I believe it will create the Junk folder for you if it doesn't exist already.
The default doesn't move your email anywhere, just because it's generally a bad idea to go moving messages around on new users. It's easy to set up, though: open Options, Privacy section, Junk tab, and set your default settings there... that'll use those for all new accounts. For accounts you've already set up, open Account Settings, and pick Junk Settings for that account to configure whatever you want.
BTW, my personal (very effective) setup is basically copied from here - the page is about a specific spam-reporting plugin, but the tips are useful to any Thunderbird user. -
No mention of Eudora
So with there being no mention of the Eudora code base that Qualcomm gave to the Mozilla folks, does this mean there are no plans for those features in Thunderbird? Does Eudora only have implications for the Penelope project?
I think it would be a shame if all we got out of Qualcomm's Eudora are some very superficial changes (new buttons, etc). Then again, maybe I have an overly rosey memory of Eudora and it really didn't have much to contribute.
While I have my little soap-box, how come Thunderbird doesn't start off with a Junk email folder so that I can mark something as Junk and have it go to that folder? Apparently, there are people out there who don't get Junk email! -
How is the Penelope project affected?
Are the Qualcomm developers who support Penelope part of this? Will their work be incorporated into Thunderbird, or is it a separate project?
-
Re:The real story
Polishing the current Thunderbird is (at least from the impression I get) actually one of the main goals for Thunderbird 3. It's not all that exciting to talk about, so it only got the "a set of other user interface improvements" line in davida's article, but it's definitely known that making the program just a little bit better in many small ways (my personal pet peeve on this plane is not being able to search across all accounts) would make it hugely more useful for many people, and just good enough for a whole bunch of new potential users.
And no, spinning Mozilla Messaging off actually means it has the chance to finally get the attention it deserves. The Mozilla Corporation has been totally focussed on Firefox (since that's their big cashcow, and it's hard to do two things well), and the Mozilla Foundation is mostly just an oversight and broad planning organization, so a separate organization was needed to let email stand on its own. The Mozilla Foundation hopes that Mozilla Messaging will find its own source of income fairly soon, but they're heavily investing in it right now, and I suspect that if Mozilla Messaging is successful in furthering the goals from the Mozilla Manifesto, but without attracting a lot of income of its own, that funding will just keep on coming (bankrolled by the money Firefox earns). That's pure speculation on my part, and obviously MoFo won't say anything like that, because that would remove much of the incentive for Mozilla Messaging to find its own sources of funding - but it'd make sense.
-
Re:All Things Considered...By all means attack MS in this way, but play nice amongst the good guys.
Mozilla have historically played nice with everybody, including Microsoft.
Opera Software found and patched what it's calling a "highly severe" bug in its flagship browser, using a security tool released by its competitor, Mozilla. Mozilla worked with Microsoft, Apple, and Opera before making the JavaScript fuzzer widely available in order to reduce the possibility that the tool might be used to expose vulnerabilities in those browsers. Strangely enough, the actual advisory by Mozilla which was linked to by Opera's Claudio Santambrogio in his complaint doesn't mention Opera at all. Given Mozilla's history of cooperation with other browser teams, you'd have to guess any failure in early notification was through oversight rather than intention. -
Re:Sheesh...Still, Opera's security track-record does exceed Mozilla's. Look down, your bias is showing. So, Mozilla notify Opera they've discovered a flaw in Mozilla, gives Opera two weeks to check they're not vunerable to the same thing. If any siginifcant browser is, maybe give another two weeks for a patch to be devloped. Then the information becomes public. But seriously, just wanted to point out that it's ridiculously easy* to find the exploitable code without including it in the release notes/security bulletins.
*might need to copy-paste that link from here. -
Re:the alternative being...?
Right. Because the Mozilla developers are sitting around, working secret. They keep their code all locked up tight and no one can see it. They don't keep a source repository online, updated hourly. They don't publicly discuss the code on any mailing lists or news groups, have a public irc channel where they discuss development, nothing! The Opera developers and everyone else are kept totally in the dark, right up until release! Why, you'd think Mozilla wasn't an open source project, but was instead developed by Microsoft!
-
Re:the alternative being...?
Right. Because the Mozilla developers are sitting around, working secret. They keep their code all locked up tight and no one can see it. They don't keep a source repository online, updated hourly. They don't publicly discuss the code on any mailing lists or news groups, have a public irc channel where they discuss development, nothing! The Opera developers and everyone else are kept totally in the dark, right up until release! Why, you'd think Mozilla wasn't an open source project, but was instead developed by Microsoft!
-
Re:Sheesh...But allowing only one day is excessive. Can you track down and fix security problems in your software within one day of notification?
Now, wait a second. If I am developing software package "A", and you develop competing package "B", and I find a hole in A and fix it, then just for laughs test to see if your product has the same hole and then I am kind enough to let you know that it does, then I announce that there is a hole in A, how am I responsible for the security of B at all? I've done you a favor by performing the test and giving you a heads up in the first place! I don't owe you anything.
I think we all know already that disclosing the exploit is what brings the motivation to fix the hole. You haven't given a specific example of Opera needlessly hiding an exploit.I'm not sure what you think that has to do with anything. The Mozilla foundation didn't even announce to the public that there was a hole in Opera. The announcement is that there is a hole in Firefox. Why not try reading the advisory? There is NOTHING in there about Opera's susceptibility. You can't even view the bug report without a Mozilla bugzilla account with the proper access - I just logged into my account, and that doesn't include me, so it's not like even the report is generally available. Also, as per the advisory:
These bugs are variations on earlier problems reported by Charles McAuley and Michal Zalewski which were fixed in Firefox 2.0.0.4, as well as an issue reported by hong which was fixed in Firefox 2.0.0.8.
So it seems as though the Opera team has had some warning about problems similar to these in the past - along with the rest of the world.
Could I find and fix a bug in one of my pieces of software in a day? Probably, because all of them are very simple. If I had a development team and a security response team (they do have one of those, don't they?) then I bet "I" could find and fix known security problems in larger software products in a day, too.
Actually, a number of security holes in the Linux kernel have been found, announced, and fixed on the same day, now that I think of it.
-
Re:Sheesh...But allowing only one day is excessive. Can you track down and fix security problems in your software within one day of notification?
Now, wait a second. If I am developing software package "A", and you develop competing package "B", and I find a hole in A and fix it, then just for laughs test to see if your product has the same hole and then I am kind enough to let you know that it does, then I announce that there is a hole in A, how am I responsible for the security of B at all? I've done you a favor by performing the test and giving you a heads up in the first place! I don't owe you anything.
I think we all know already that disclosing the exploit is what brings the motivation to fix the hole. You haven't given a specific example of Opera needlessly hiding an exploit.I'm not sure what you think that has to do with anything. The Mozilla foundation didn't even announce to the public that there was a hole in Opera. The announcement is that there is a hole in Firefox. Why not try reading the advisory? There is NOTHING in there about Opera's susceptibility. You can't even view the bug report without a Mozilla bugzilla account with the proper access - I just logged into my account, and that doesn't include me, so it's not like even the report is generally available. Also, as per the advisory:
These bugs are variations on earlier problems reported by Charles McAuley and Michal Zalewski which were fixed in Firefox 2.0.0.4, as well as an issue reported by hong which was fixed in Firefox 2.0.0.8.
So it seems as though the Opera team has had some warning about problems similar to these in the past - along with the rest of the world.
Could I find and fix a bug in one of my pieces of software in a day? Probably, because all of them are very simple. If I had a development team and a security response team (they do have one of those, don't they?) then I bet "I" could find and fix known security problems in larger software products in a day, too.
Actually, a number of security holes in the Linux kernel have been found, announced, and fixed on the same day, now that I think of it.
-
Streisand effect?
Seems if they'd kept their whiny mouths shut, nobody would have realised from the vulnerability disclosure that the issue affects Opera. Now EVERYONE knows, from the kiddie scripting 'sploits to the IT manager planning the software deployment for the next few months, who is now seeing why closed-source Opera isn't really such a great choice after all. Even the CVE entry doesn't disclose Opera's vulnerability to this bug. Still, it makes good comedy if nothing else...
-
Re:The feature I really want: whole-page zoom
I'm suffering from the same problem [stupid web designers who use px instead of em], viewing my pages on a 21" screen at 2048x1536 [which, according to my NVidia X Tool, amounts to 115x118 ppi].
I have found stylish to be very useful. You have to know your way around CSS and the DOM Inspector but you only have to define stuff once for each site you visit and the result is worth it: no more stupid ad columns that eat half my page and a font I can read comfortably w/out needing a magnifying glass.
-
Re:How does you scale the font in firefox3?
There are many of us who want text zoom and not page zoom, and it looks like it will be in beta 4.
My extension, NoSquint, will allow nicer integration of page zoom and text zoom features. But for me, it's important I be able to relegate page zoom to second class citizen.
-
Re:So...
a) no mention of Bacon is made on the cycle collector page.
b) it labels the collector conservative, where Bacon's is accurate.
c) it mentions that your collector might fail to collect a garbage cycle, where by my recollection, Bacon's did not suffer this problem. Are you sure you're using Bacon's cycle collector? Perhaps these are simply the limitations of using C++.
d) why all the different collectors? Why not just use Efficient On-the-Fly Cycle Collection and be done with it? It's not quite as performant as a generational tracing collector, but at least your code won't suffer so many impedance mismatches, and thus be easier to maintain and extend. -
Re:Why nobody cares that FF3 doesn't work with Gma
If I actually have to tell you what is meant by the term "beta software", well, perhaps you should not be reading
/. in the first place. At least send the complaint to http://feedback.mozilla.org/ rather than here. -
Re:Is it faster?
I've been using Minefield nightlies on Winders for a coupla months now. I cannot recommend it highly enough. Minefield/FF3 is just better than FF2 in every way you can think of - size, speed, UI tweaks (not big UI changes, but lots of little UI tweaks that make things just nicer). Some builds are crappy (as one would expect running HEAD), but I haven't had a really dodgy build in a while. I would go so far as to say: forget this beta, just get the Minefield nightly. ftp://ftp.mozilla.org/pub/firefox/nightly/ is the place to go.
-
Re:So...
While there are extensions out there that need work to be brought up to speed to work with Firefox 3, a lot of them simply need to have their maxversion updated in the XPI file's install manifest - install.rdf. Obviously, it'd be better for the original developer to do this, but if you don't feel like waiting and aren't afraid of editing a configuration file, you can always do it yourself.
More information can be found here. -
Re:Firefox 3 Mac OS X UI
And in the provided screenshots, I can already spot ways that the "native" OS X theme doesn't cut it. For example, the screenshot which proudly shows off an Aqua-style select control and button next to a search box also shows those controls using the wrong font and with the text incorrectly placed.
The people creating this theme might not be experts in Mac OS X. Since it looks like you are, you can help. Please file a bug, explaining in detail what needs to be changed.
-
Re:acid 2?
No, not really. ActionMonkey (the project integrating Tamarin/Spidermonkey as part of Moz2) is not ready yet by a long way. According to the "old" timeline, though, there should be a Firefox 4/Moz2 alpha out in Q2 2008 (though I'm not sure I'd trust any timeline from Mozilla, old or new
;-)
http://wiki.mozilla.org/JavaScript:ActionMonkey
http://wiki.mozilla.org/Mozilla_2 -
Re:acid 2?
No, not really. ActionMonkey (the project integrating Tamarin/Spidermonkey as part of Moz2) is not ready yet by a long way. According to the "old" timeline, though, there should be a Firefox 4/Moz2 alpha out in Q2 2008 (though I'm not sure I'd trust any timeline from Mozilla, old or new
;-)
http://wiki.mozilla.org/JavaScript:ActionMonkey
http://wiki.mozilla.org/Mozilla_2 -
Firefox: better but still champion of godawfuflaws
firefox breaks if you have the ipv6 module in without an ipv6 capable ISP.
the party lines seems to be that a number of serious gating ipv6 bugs cannot be marked as gating because no devs can verify them, for lack of ipv6 setups to test. a highly suggest <a href="https://bugzilla.mozilla.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&content=ipv6">looking at the ipv6</a> bugs if you're bored at work and want cause for a good chuckle.
i've always been an opera proponent because firefox consumes far more resources than is concievably acceptable for any piece of code to use (my p1120 laptop IS perfect, no theres nothing wrong with 224mb of ram and an 800mhz crusoe), but the mishandling of critical showstopping issues in firefox 3 has been hilarious. firefox 3 has made enormous strides to try and become something like respectable, but ten percent of linux users are going to have firefox fall flat on its face and thats <i>hilarious</i>. -
Firefox 3
I've been using Firefox 3 (trunk builds) before Firefox 2 was an official release. I love it.
Whatever happened to:
> Issue one major release every year (Fx 3 in 2007, Fx 4 in 2008, etc.) since it helps drive upgrades and adoption
http://wiki.mozilla.org/Firefox3/Firefox_Requirements#Release_Roadmap
Now my dream is to see a QT brand of Firefox again, perhaps using QT 4's built-in Webkit. Unify Konqueror, Safari and Firefox on one rendering engine and work towards making that the best damned rendering engine out there. They spent nearly two years on the new Gecko rendering engine, and it still isn't as fast as Webkit/KHTML. Firefox has all the features I want for the most part. I'm not saying they should abandon GTK, but they support multiple widgets and toolkits. Someone please give me a QT 4 branch of Firefox and I've be very happy. -
Most plugins aren't working yet...
Although if you have a mac, be sure to install the proto theme. Although if you have a mac, you also should try the latest Webkit build too. Its ridiculously fast.
That is all. -
Re:So...http://www.squarefree.com/burningedge/releases/trunk-for-firefox-3.html
- Memory leaks
- 333078 - XPCOM Cycle Collector. (Cycle collection has similar goals to tracing garbage collection but integrates better with reference counting. Turning on cycle collection fixed entire classes of leaks, both in Firefox and in extensions.)
- 330128 - Calling cancel() on a timer doesn't drop reference to callback.
- Many more: 331 bugs fixed on trunk with the "mlk" keyword.
- Code size and memory use
- 296818 - Don't hold onto decoded image data for so long.
- 143046 - Reduce memory use for animated GIFs by storing frames other than the first at the original 8 bits.
- Take a string constructor out of line. (From 345517.) (1% code size win.)
- 332174 - Drop SOAP support. (2% code size win.)
- 313309 - Provide table-driven QI mechanism.
- 407459 - [Windows] Switch from default MSVC malloc to jemalloc for better memory allocation speed and lower fragmentation.
- Many more: 100 bugs fixed on trunk with the "footprint" keyword.
- Memory leaks
-
Re:So...http://www.squarefree.com/burningedge/releases/trunk-for-firefox-3.html
- Memory leaks
- 333078 - XPCOM Cycle Collector. (Cycle collection has similar goals to tracing garbage collection but integrates better with reference counting. Turning on cycle collection fixed entire classes of leaks, both in Firefox and in extensions.)
- 330128 - Calling cancel() on a timer doesn't drop reference to callback.
- Many more: 331 bugs fixed on trunk with the "mlk" keyword.
- Code size and memory use
- 296818 - Don't hold onto decoded image data for so long.
- 143046 - Reduce memory use for animated GIFs by storing frames other than the first at the original 8 bits.
- Take a string constructor out of line. (From 345517.) (1% code size win.)
- 332174 - Drop SOAP support. (2% code size win.)
- 313309 - Provide table-driven QI mechanism.
- 407459 - [Windows] Switch from default MSVC malloc to jemalloc for better memory allocation speed and lower fragmentation.
- Many more: 100 bugs fixed on trunk with the "footprint" keyword.
- Memory leaks
-
Re:So...http://www.squarefree.com/burningedge/releases/trunk-for-firefox-3.html
- Memory leaks
- 333078 - XPCOM Cycle Collector. (Cycle collection has similar goals to tracing garbage collection but integrates better with reference counting. Turning on cycle collection fixed entire classes of leaks, both in Firefox and in extensions.)
- 330128 - Calling cancel() on a timer doesn't drop reference to callback.
- Many more: 331 bugs fixed on trunk with the "mlk" keyword.
- Code size and memory use
- 296818 - Don't hold onto decoded image data for so long.
- 143046 - Reduce memory use for animated GIFs by storing frames other than the first at the original 8 bits.
- Take a string constructor out of line. (From 345517.) (1% code size win.)
- 332174 - Drop SOAP support. (2% code size win.)
- 313309 - Provide table-driven QI mechanism.
- 407459 - [Windows] Switch from default MSVC malloc to jemalloc for better memory allocation speed and lower fragmentation.
- Many more: 100 bugs fixed on trunk with the "footprint" keyword.
- Memory leaks
-
Re:So...http://www.squarefree.com/burningedge/releases/trunk-for-firefox-3.html
- Memory leaks
- 333078 - XPCOM Cycle Collector. (Cycle collection has similar goals to tracing garbage collection but integrates better with reference counting. Turning on cycle collection fixed entire classes of leaks, both in Firefox and in extensions.)
- 330128 - Calling cancel() on a timer doesn't drop reference to callback.
- Many more: 331 bugs fixed on trunk with the "mlk" keyword.
- Code size and memory use
- 296818 - Don't hold onto decoded image data for so long.
- 143046 - Reduce memory use for animated GIFs by storing frames other than the first at the original 8 bits.
- Take a string constructor out of line. (From 345517.) (1% code size win.)
- 332174 - Drop SOAP support. (2% code size win.)
- 313309 - Provide table-driven QI mechanism.
- 407459 - [Windows] Switch from default MSVC malloc to jemalloc for better memory allocation speed and lower fragmentation.
- Many more: 100 bugs fixed on trunk with the "footprint" keyword.
- Memory leaks
-
Re:So...http://www.squarefree.com/burningedge/releases/trunk-for-firefox-3.html
- Memory leaks
- 333078 - XPCOM Cycle Collector. (Cycle collection has similar goals to tracing garbage collection but integrates better with reference counting. Turning on cycle collection fixed entire classes of leaks, both in Firefox and in extensions.)
- 330128 - Calling cancel() on a timer doesn't drop reference to callback.
- Many more: 331 bugs fixed on trunk with the "mlk" keyword.
- Code size and memory use
- 296818 - Don't hold onto decoded image data for so long.
- 143046 - Reduce memory use for animated GIFs by storing frames other than the first at the original 8 bits.
- Take a string constructor out of line. (From 345517.) (1% code size win.)
- 332174 - Drop SOAP support. (2% code size win.)
- 313309 - Provide table-driven QI mechanism.
- 407459 - [Windows] Switch from default MSVC malloc to jemalloc for better memory allocation speed and lower fragmentation.
- Many more: 100 bugs fixed on trunk with the "footprint" keyword.
- Memory leaks
-
Re:So...http://www.squarefree.com/burningedge/releases/trunk-for-firefox-3.html
- Memory leaks
- 333078 - XPCOM Cycle Collector. (Cycle collection has similar goals to tracing garbage collection but integrates better with reference counting. Turning on cycle collection fixed entire classes of leaks, both in Firefox and in extensions.)
- 330128 - Calling cancel() on a timer doesn't drop reference to callback.
- Many more: 331 bugs fixed on trunk with the "mlk" keyword.
- Code size and memory use
- 296818 - Don't hold onto decoded image data for so long.
- 143046 - Reduce memory use for animated GIFs by storing frames other than the first at the original 8 bits.
- Take a string constructor out of line. (From 345517.) (1% code size win.)
- 332174 - Drop SOAP support. (2% code size win.)
- 313309 - Provide table-driven QI mechanism.
- 407459 - [Windows] Switch from default MSVC malloc to jemalloc for better memory allocation speed and lower fragmentation.
- Many more: 100 bugs fixed on trunk with the "footprint" keyword.
- Memory leaks
-
Re:So...http://www.squarefree.com/burningedge/releases/trunk-for-firefox-3.html
- Memory leaks
- 333078 - XPCOM Cycle Collector. (Cycle collection has similar goals to tracing garbage collection but integrates better with reference counting. Turning on cycle collection fixed entire classes of leaks, both in Firefox and in extensions.)
- 330128 - Calling cancel() on a timer doesn't drop reference to callback.
- Many more: 331 bugs fixed on trunk with the "mlk" keyword.
- Code size and memory use
- 296818 - Don't hold onto decoded image data for so long.
- 143046 - Reduce memory use for animated GIFs by storing frames other than the first at the original 8 bits.
- Take a string constructor out of line. (From 345517.) (1% code size win.)
- 332174 - Drop SOAP support. (2% code size win.)
- 313309 - Provide table-driven QI mechanism.
- 407459 - [Windows] Switch from default MSVC malloc to jemalloc for better memory allocation speed and lower fragmentation.
- Many more: 100 bugs fixed on trunk with the "footprint" keyword.
- Memory leaks
-
Re:So...http://www.squarefree.com/burningedge/releases/trunk-for-firefox-3.html
- Memory leaks
- 333078 - XPCOM Cycle Collector. (Cycle collection has similar goals to tracing garbage collection but integrates better with reference counting. Turning on cycle collection fixed entire classes of leaks, both in Firefox and in extensions.)
- 330128 - Calling cancel() on a timer doesn't drop reference to callback.
- Many more: 331 bugs fixed on trunk with the "mlk" keyword.
- Code size and memory use
- 296818 - Don't hold onto decoded image data for so long.
- 143046 - Reduce memory use for animated GIFs by storing frames other than the first at the original 8 bits.
- Take a string constructor out of line. (From 345517.) (1% code size win.)
- 332174 - Drop SOAP support. (2% code size win.)
- 313309 - Provide table-driven QI mechanism.
- 407459 - [Windows] Switch from default MSVC malloc to jemalloc for better memory allocation speed and lower fragmentation.
- Many more: 100 bugs fixed on trunk with the "footprint" keyword.
- Memory leaks
-
Re:So...http://www.squarefree.com/burningedge/releases/trunk-for-firefox-3.html
- Memory leaks
- 333078 - XPCOM Cycle Collector. (Cycle collection has similar goals to tracing garbage collection but integrates better with reference counting. Turning on cycle collection fixed entire classes of leaks, both in Firefox and in extensions.)
- 330128 - Calling cancel() on a timer doesn't drop reference to callback.
- Many more: 331 bugs fixed on trunk with the "mlk" keyword.
- Code size and memory use
- 296818 - Don't hold onto decoded image data for so long.
- 143046 - Reduce memory use for animated GIFs by storing frames other than the first at the original 8 bits.
- Take a string constructor out of line. (From 345517.) (1% code size win.)
- 332174 - Drop SOAP support. (2% code size win.)
- 313309 - Provide table-driven QI mechanism.
- 407459 - [Windows] Switch from default MSVC malloc to jemalloc for better memory allocation speed and lower fragmentation.
- Many more: 100 bugs fixed on trunk with the "footprint" keyword.
- Memory leaks
-
Re:So...http://www.squarefree.com/burningedge/releases/trunk-for-firefox-3.html
- Memory leaks
- 333078 - XPCOM Cycle Collector. (Cycle collection has similar goals to tracing garbage collection but integrates better with reference counting. Turning on cycle collection fixed entire classes of leaks, both in Firefox and in extensions.)
- 330128 - Calling cancel() on a timer doesn't drop reference to callback.
- Many more: 331 bugs fixed on trunk with the "mlk" keyword.
- Code size and memory use
- 296818 - Don't hold onto decoded image data for so long.
- 143046 - Reduce memory use for animated GIFs by storing frames other than the first at the original 8 bits.
- Take a string constructor out of line. (From 345517.) (1% code size win.)
- 332174 - Drop SOAP support. (2% code size win.)
- 313309 - Provide table-driven QI mechanism.
- 407459 - [Windows] Switch from default MSVC malloc to jemalloc for better memory allocation speed and lower fragmentation.
- Many more: 100 bugs fixed on trunk with the "footprint" keyword.
- Memory leaks
-
Re:So...http://www.squarefree.com/burningedge/releases/trunk-for-firefox-3.html
- Memory leaks
- 333078 - XPCOM Cycle Collector. (Cycle collection has similar goals to tracing garbage collection but integrates better with reference counting. Turning on cycle collection fixed entire classes of leaks, both in Firefox and in extensions.)
- 330128 - Calling cancel() on a timer doesn't drop reference to callback.
- Many more: 331 bugs fixed on trunk with the "mlk" keyword.
- Code size and memory use
- 296818 - Don't hold onto decoded image data for so long.
- 143046 - Reduce memory use for animated GIFs by storing frames other than the first at the original 8 bits.
- Take a string constructor out of line. (From 345517.) (1% code size win.)
- 332174 - Drop SOAP support. (2% code size win.)
- 313309 - Provide table-driven QI mechanism.
- 407459 - [Windows] Switch from default MSVC malloc to jemalloc for better memory allocation speed and lower fragmentation.
- Many more: 100 bugs fixed on trunk with the "footprint" keyword.
- Memory leaks
-
compatible but not miscible
X64 is compatible with x86. Is there some issue I'm not aware of?
Yes, X64 processors (AMD64, Intel EM64T, VIA's newest superscalar low-power) *CAN* run IA32-bits instructions.
*BUT* you can run both inside the same process without using a translation layer.
A 32bits application cannot directly call 64bits functions in a dynamically linked library (for example, it won't be able to understand the returned pointers)
A 64bits application cannot directly call 32bits functions in a dynamically linked library (for example it could request pointers that are outside the library's range.)
That's why on most Linux installation in addition to the basic libraries (all the packages ending in "lib" like SDL-lib) when installing in a mixed environment you also install special compatibility layers (all the package ending in "-32bits") which basically are the necessary bindings and translation layers needed to call the native 64bits libraries from within 32bits applications. On Windows 64 there's a similar thing called WoW64 (Windows on Windows64).
Also the reverse exist too : translation libraries made to run 32bits browser plugins inside a 64bits Firefox - nspluginwrapper.
Anyway most opensource browser plugins use only a thin layer that basically only serves as a launcher which will start an external player in a separate process and redirects the ouput inside the rendered page. You could mix whatever architectures you want (as long as they are supported by the CPU and Linux) they run in separate process each with its own memory model.
Flash works on your 64bits Linux installation because, most probably your distribution automatically downgrade Firefox to 32bits if you select to install Flash, Realplayer, Java, etc. It works flawlessly (I mean on Macromedia Flash's scale of flawlessness, i.e.: has the same frequency of freezes and crashes as a regular 32bits installation), only because the whole firefox stack is running in 32bits (which is possible thanks to the 32bit compatibility layer) and there's no problems with mixed architectures between the browser plugins and the browser itself.
But have a look on you browser about box, I'm pretty sure your browser is running in 32bits mode and not 64bits native.
Unless recent distributions have started shipping nspluginwrapper as a standart (openSUSE 10.3 has not yet).
Or unless, all of sudden, Adobe decided to release a 64bit version of their software - which they didn't a couple of months ago when I last checked and which I seriously doubt they'll ever do.
I personally prefer running Firefox in native 64bits mode. Anyway MPlayer's browser plugins is much better then any proprietary video player. And gnash is sufficient to me for the rare couple of times I need flash (some website use flash instead of <h#> tags to display titles). For video, I prefer using UnPlug and SaveTube and open the video in an external player, rather than using flash video players.
Of course I don't have the typical flash usage that the average user may have and that's why most /.es complain about not enough support for additional architectures. For them it's either stick with 32bits Firefox, or use less stable solutions (nspluginwrapper, gnash, swfdec, etc...) -
Re:Non free morals, the victim is also a criminal.The more reprehensible of non free software companies will deny a flaw exists when it's presented to them and beg the discoverer to keep quiet while they "fix" the problem
... forever and then act angry when the flaw is revealed to the public.You mean like Mozilla? I'm not sure if private security mailing lists, "confidential bugs" and all that are reprehensible, but they might be. Or do you mean another type of "reprehensible"?
Their existence may be repulsive
You mean like Mozilla, or do you mean another type of "repulsive"?
My patience for these parasites is exhausted.
Indeed.
-
Re:Non free morals, the victim is also a criminal.The more reprehensible of non free software companies will deny a flaw exists when it's presented to them and beg the discoverer to keep quiet while they "fix" the problem
... forever and then act angry when the flaw is revealed to the public.You mean like Mozilla? I'm not sure if private security mailing lists, "confidential bugs" and all that are reprehensible, but they might be. Or do you mean another type of "reprehensible"?
Their existence may be repulsive
You mean like Mozilla, or do you mean another type of "repulsive"?
My patience for these parasites is exhausted.
Indeed.
-
Not exactly....
Aren't Firefox plugins just Javascript?
Depends.
Firefox extensions (Like the oh-so-important NoScript and AdBlock Plus, or the must-have for every /.er Resurect pages) are all written in Javascript. That's what makes them portable (installable in Windows IA32 or AMD64, or Linux {whatever CPU you compiled it for}).
On the other hand, web-browser plugins (like Adobe Macromedia Flash, Sun Java, etc.) are binary code in dynamically linked libraries (DLL or SO depending on what's standart on your OS). That's why there are really serious portability problems with closed source companies providing plugins compiled only for a handful of operating system (often without 64bits support).
There are two strategies :
- most of the time open-source projects use very light libraries which obtain the parameters from firefox and launch a player in a separate process that get its output embedded inside the page display (mplayer's plugin just luanch a sepparate mplayer session, gnash' plugin runs gtk-gnash to open the flash movie, webgcjplugin compiles and runs the java applet using gcj, moz-plugger is an universal embedder, etc...)
- whereas most of the proprietary project try to cram everything inside a huge DLL that runs inside firefox' own process (macromedia flash, acrobat reader {BTW who does still use that piece of junk}, etc.)As I understand it, that's one of the major reasons that Firefox can get bogged down.
The Javascript extensions play some role because the javascript engine of current Firefox isn't very fast (Hopefully the integration of Tamarin VM in some future version will help). If a user has way too many of them, the firefox experience can become slow. But most of the time quite, the extensions are event-driven : they usually add entries in the main menu and the javascripts are only executed when the user clicks the entry.
The other problems comes with memory leaks.
- Javascript extensions, because they are only ran on demand and because of the garbage collector, aren't subject to many leaks. But anyway really badly written code can actually degrade firefox performance and eat up memory.
- Dynamically linked web browser plugins are a completely different animal : because they run inside the browser process (at least, not the open-source one which only launch an external process) if they leak memory, the whole firefox process will get its memory usage up and will only free the memory when the whole program is exited. Also, firefox isn't heavily multi-threaded and if some plugins freezes the whole program gets unresponsive (I've had some awful experience with acrobat and older versions of flash). Similarly crashes inside a dynamically linked library will bring down the whole process that called the function, and any exploit discovered inside flash can be used against firefox itself.
I strongly suspect that most of the memory leaks reported by users are actually due to browser-plugins, because I haven't experienced any leaks even if a use several extensions, whereas I don't run closed proprietary browser plugins at all (mplayer and gnash only !) because of the awful experience with acrobat and flash. -
Re:saved passwords
Or you could use the incredibly good PasswordHasher extension.
-
Re:saved passwords
Try the Secure Login Add-on, it just might be what you are looking for.
https://addons.mozilla.org/en-US/firefox/addon/4429 -
Re:saved passwords
I really like this one: https://addons.mozilla.org/en-US/firefox/addon/3282 (Password Hasher)
-
Scare mongering
gre is constant data. This report is FUD.
Firefox is open source; anyone who wants to view view-source:resource:///greprefs/all.js can just as easily load http://mxr.mozilla.org/mozilla1.8/source/modules/libpref/src/init/all.js?raw=1 it has the same content.
all.js is *not* user data, it's *public* app data. Your preferences are stored in prefs.js which are not exposed by greprefs. -
Re:saved passwords
Do you have a better way to store all your passwords?
Try Secure Login. -
Ah come on...
the page layout (right vs left) is hardly a major issue when it concerns Foxit, a PDF -reader-. I can fully understand if you want it to work correctly for a PDF authoring app, so that it comes out the printer the way you see it on screen, but geeze.
It's like calling ThunderBird "beyond hope" because the thunderbird team appear to be unwilling to fix the folder rename issue on the Windows platform (renaming "Test" to "test" will tell you that it already exists. durrr. https://bugzilla.mozilla.org/show_bug.cgi?id=92165 - July 2001. )
That said, next version (there's always a next version) of Foxit should have this implemented a la Adobe's Reader. If it is, then that's implemented a whole lot quicker than the aforementioned asinine TB bug ( http://www.foxitsoftware.com/bbs/archive/index.php/t-192.html - September 2005 ), although I agree that it should have been implemented in an afternoon's work (even done dirtily so by inserting a blank invisible page in the page array). -
User Agent Switcher
You can get it here: https://addons.mozilla.org/en-US/firefox/addon/59. Under Tools->User Agent Switcher you can choose between several user agents that you want FF to report. Very handy for sites like these.
-
Re:XML is a fad, STEP is the future
Strange. I don't know why, but this STEP reminds me of BASIC.
:-)
Is this supposed to be a step forward?Wikipedia page for ISO STEP mentions that many consider replacing it with XML, or rather creating XML schemas to represent the information STEP does (I didn't find Wikipedia's external reference for this though).
...programs can process and present results of STEP incrementally instead of requiring closing tags...It's not true that XML cannot be rendered incrementally. This Mozilla FAQ points out that versions before Firefox 3/Gecko 1.9 don't support it, which makes me believe that Firefox 3 does support it (I didn't check it myself).
The fact that XML allows you to check it for validity when you have the whole document doesn't prevent you from processing the parts you read already. SAX based parsers work that way, by passing events whenever one element is complete, you don't have to wait for all the document to finish to process the snippet at hand. If the document isn't valid, the processing will stop at the point where the error was found.
-
Re:flickr
F-Spot will export to Picasaweb, Flickr and others. Also there is an addon for Firefox called Firefox Universal Uploader that will do the same function for many sites.
-
Their reason for disabling text selection
As a matter of fact, I emailed them about this very problem last November. Their response was that "folks were copying the text of our articles and circulating them in e-mail, despite our copyright notices and even our asking them to stop." I will concur that not being able to even select text is extremely annoying, along the lines of a dialog saying "Copyright 1992" when you right-click. Unless, of course, you've got NoScript.
I won't mess with your revenue model if you won't serve pr0n ads or hide sneaky code, 'k?
-
Re:Microsoft has given everyone a bad name.