Slashdot Mirror

Your tone is flamebait, but your question is valid. Firefox has a project called MemShrink whose focus has been on reducing memory usage. In the time they've been going they have found and fixed leaks in Firefox; come up with better ways to find leaks in add-ons, which were the biggest culprit; changed how Firefox handles memory used by add-ons to eliminate virtually all such leaks; and optimized Firefox's memory management in a bunch of non-buggy cases.

So yes, if memory usage is what drove you away from Firefox you should take another look.

They don't: dom.disable_window_status_change is true by default in Firefox. Google changes the actual destination of the link when you click on it. You can see it in action if you click and hold the mouse button (and if you drag the mouse off of the link before letting go of the mouse button, you'll note that the link destination stays set to Google's redirector.)

Personally, I disable Javascript on google.com with YesScript (which causes them to serve the plain HTML version of the search results, which has the outbound tracking addresses in each link from the start) then use this userscript to rewrite the links:

for (let link of document.querySelectorAll("a"))
    if (link.href.match(/\/url\?q=([^&]+)/))
        link.href = decodeURIComponent(RegExp.$1);

What the other person said about plugins, but if you want a 64 bit windows Firefox, Mozilla has builds going back to 2010 or so.
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/

There are still plenty of 32-bit machines running Windows Vista and netbooks running Windows 7 Starter, so probably not. A 32-bit app on a 64-bit operating system is perfectly fine unless a single process needs more than 2 GB, which isn't quite the case for web applications. Firefox will more likely follow Chrome in splitting the user's browser session into multiple 32-bit processes.

Question 1: The data language that defines the structure of a web page is:

a) HTML
b) Javascript

c) Microdata! Oh wait, that died. RDFa Lite!

Question 2: Your web browser is at version 4.1.2. You make some minor changes to the code base. The next version of your web browser will be:

a) 4.1.3
b) 37

c) 4.2.0 since you didn't say the minor changes were only for security/stability. What, you didn't think SeaMonkey counts in this Mozilla quiz?

Question 3: The web standard for full-color animated images is:

a) MNG
b) Verboten

c) I'd say aPNG, but since you didn't limit it to binary images: SVG with SMIL.

Question 4: This extensible feature allows a browser to load non-standard data formats:

a) Plug-ins
b) A hard-coded component for each format, each of which requires optional features be turned on

c) A newly added-on extension to the plug-in system that you came up with but decided not to implement yourself.

Question 5: Your browser does not support a certain feature in the web standards. You should:

a) Add a feature request in your bug tracking system
b) Get the feature removed from the next version of the web standards and close any related feature requests in your bug tracking system.

c) Send an RFC to developers for a better standard, collect feedback, implement it, document it, and publish an open-source implementation.

Question 6: Your browser does support a certain feature in the web standards, like tbody scrollbars. You should:

a) Celebrate
b) Get the feature removed from the next version of the web standards, remove it from the browser, and close any related feature requests in your bug tracking system.

c) Hold on valiantly to MathML while every other browser removes support.

Question 7: You don't feel like implementing all of XHTML2 in your browser. You should:

a) Implement the good parts, skip the bad parts, and develop alternatives to the bad parts.
b) Break XHTML1 pages so developers get a bad feeling about anything with XHTML in the name, then promote an alternate standard that is intentionally incompatible with both versions of XHTML.

c) Get over yourself and use HTML5

Question 8: You have an idea for a completely new web feature like cookies or scripting or a common gateway interface. You should:

a) Send an RFC to developers, collect feedback, implement it, document it, and publish an open-source implementation.
b) Wait for the W3 to act.

c) File an enhancement bug and watch it get resolved WONTFIX.

Question 9: A certain browser feature is found to be a severe threat to user privacy and security. You should:

a) Develop measures to protect users.
b) Remove the option to disable it.

c) Add this to the bookmarks toolbar> about:config?filter=javascript.enabled

Question 10: A user who wishes to view the source of a dynamically generated web page can:

a) Select 'view source'
b) Eat a dick

c) Ctrl A, right-click -> View Selected Source, or just Ctrl Shift C

Actual announcement
https://blog.mozilla.org/services/2013/10/28/introducing-the-mozilla-location-service/

Blog with the most details so far:
http://soledadpenades.com/2013/10/14/moz-stumbler-and-mozilla-location-services/

If using Moilla Firefox then add the lightbeam aka collusion addon https://www.mozilla.org/en-US/lightbeam/ then visit a few sites just to get an idea of how special the avertising companies think you are. This will work better if you disable Noscript, Requestpolicy, Httpeverywhere and whatever else you use to keed your surfing safish. Security services may not have the time to monitor your movements across the web but plenty of commercial companies do have the time, the kit and yet pay you nothing for thed ata they collect and I expect sell on to others.

Firefox 24 fixed 7 critical security vulnerabilities, on top of the 4 fixed 6 weeks earlier in Firefox 23, and 4 more fixed 6 weeks before that in Firefox 22, and 3 more 6 weeks earlier still in Firefox 21, and so on. Within the past year there have been Firefox releases that fixed as many as 12 critical vulnerabilities.

By your argument, since I have no reason to believe the latest Firefox will have no known vulnerabilities for the entire time that release is current, we should probably just declare Firefox to be dangerous by default and have it prompt users before opening every page from a site they didn't already OK explicitly.

In fact, Microsoft should just flag Firefox as known insecure software and push out a Windows update that warns users about this every time they try to run it, even if Firefox itself is already doing that. And then Microsoft should push out another update a few weeks later that fully removes Firefox from everyone's system for their own safety, and they should kill support completely for anyone who doesn't install that update within the next few months.

Isn't it lucky that Microsoft have an alternative technology that they'd prefer us all to use instead, which they can generously offer to us when they shut down what we've chosen to use previously?

Firefox singletasking

For now. The Firefox team is moving toward a process per document. This will help with both the slowdown issue and the 32-bit issue.

See WebUSB: https://bugzilla.mozilla.org/show_bug.cgi?id=webusb

In short, it's coming, and in a manner that won't require a horrible, insecure binary plugin to do so. If you really cared about it, rather than just felt like whining about it, you'd push browser vendors to adopt this (or a similar) standard. But you don't. You just want to do the bare minimum, which means having a user run a horrible, insecure binary plugin to access USB. Or maybe I'm reading too far into your comment.

They also do replace external PDF viewer plugins with a HTML5/JS based one, so it is a coherent strategy towards open technologies. There are plenty of benefits if it works out, security is one of them. And it's a phased, non-invasive method, which can be disabled.

Yeah the inbuilt PDF viewer is great: it has worse unicode support than slashdot, often fails to correctly render diagrams and is slower than the adobe plugin.
Thankfully I occidentally found a way to make it default back to the Adobe plugin. If they want to keep users they need to stop removing functionality and adding half backed security systems that are very hard to disable.
Sadly there isn't a better alternative at the moment, but already there are a few sites I switch to IE to view...

It's on the list/planned to add eventually:

https://wiki.mozilla.org/WebAPI
http://www.w3.org/2011/07/DeviceAPICharter.html

Actually it's not an authorization dialog, but a "click-to-play" on the embed objects. You can get the same functionality already by setting plugins.click_to_play to true in about:config. That is just going to be a default setting on new installs, but you can set it to false. I set it to true myself, because it is useful to not have arbitrary Flash code to just start running (and playing).

The gamble Mozilla makes is that because of the extra step, companies will move to putting content into HTML5 rather than external plugins, because it makes their website more clunky. They also do replace external PDF viewer plugins with a HTML5/JS based one, so it is a coherent strategy towards open technologies. There are plenty of benefits if it works out, security is one of them. And it's a phased, non-invasive method, which can be disabled.

They hopefully will convince Mozilla to back this out, and
figure out a better UI for the user to deal with. A small red clickable icon
that leads to more clicking is not going to fly with non-tech users.

From Link:

Donald Smith 2013-10-22 22:03:01 PDT

Disclaimer: I'm in the Java SE Product Management team at Oracle.

Just to add to my colleague in Engineering Joe McGlynn's comment #61 -- we're happy to help here however we can. We do frequently speak with mcoates, but are happy to plug into any other channels the mozilla team think would be worthy (as we seemed to somehow miss this one until it was too late I think we need more contact/channels). For example, I think we can help address questions related to the Java 6 (and Java 5, for that matter) updates as they are still supported and do receive updates along with the latest public baseline(s).

As comment #50 notes, bugzilla is not forum software - so I'll leave it at that and send @bsmedberg a quick note and continue to try to catch up wit @coates.

First I've heard that Java 5 and 6 are not considered dead yet.

Yeah, I don't know what he thinks he's talking about. According to Oracle's own website, public updates to Java 5 ended in October 2009, and Java 6 in February 2013.

Enterprises can apparently pay to continue receiving critical bug fixes, but that hardly seems relevant to the discussion.

"Quote" - The plug-in screen shows options for always activate, ask to activate and never activate.

It may in the English version but in FF24 Spanish all I get is ask to activate and never activate.

Chrome (in Spanish) blocks too but at least gives me the always activate option.

Due to the EXTREME IMPACT this has on the Public Sector here - and that we're somewhat forced to use M-Soft for other applications - We had to return to Explorer yesterday. Sorry - But moves like this could well kill off the use of Firefox. Java applets are continuously used in the piping of Digital signatures to secure ministerial sites. This includes PRIVATE citizens. IMO Java has to be "trusted" even if we don't. Otherwise the use of Firefox WILL DIMINISH. 90% of users have NO BLOODY IDEA.

I am a firm fan of Firefox at home - but at work it's causing me more hassle than it's worth.

From Link:

Donald Smith 2013-10-22 22:03:01 PDT

Disclaimer: I'm in the Java SE Product Management team at Oracle.

Just to add to my colleague in Engineering Joe McGlynn's comment #61 -- we're happy to help here however we can. We do frequently speak with mcoates, but are happy to plug into any other channels the mozilla team think would be worthy (as we seemed to somehow miss this one until it was too late I think we need more contact/channels). For example, I think we can help address questions related to the Java 6 (and Java 5, for that matter) updates as they are still supported and do receive updates along with the latest public baseline(s).

As comment #50 notes, bugzilla is not forum software - so I'll leave it at that and send @bsmedberg a quick note and continue to try to catch up wit @coates.

First I've heard that Java 5 and 6 are not considered dead yet.

How to enable Java if its been blocked

In order to protect you, Firefox has stopped outdated versions of the Java plugin from running automatically because of security issues.

So, now, the lastest version of Java (7.45) is considered outdated.

Absolutely brain-dead decision.

There are two ways to improve security - lock out the user, or educate them.

Locking out the user is great - but it only works on NEW products, and if you don't have competitors. The reason it works well on NEW products is that the user isn't conditioned on what to expect. Remember, trying to change how people use their computer is an uphill battle. It works well when the do not believe they have alternatives.

Educating the user is harder, but that is the real fix. You aren't improving security by saying 'As responsible devs, our software won't do what you want'. Instead, make a two minute video showing them how $technology is flawed, and make them watch it ONCE. Then, let the choose whether to block $technology or live with it. Because right now they get fed up with Firefox (NOT Java), and click the little blue e.

And yes, it isn't a great hassle to keep using FF when you allow users to "click to allow $applet". But the pain is that I need to look at the little red icon in the address bar to permanently enable something. You might say that if I can't handle this additional step, I shouldn't be making a choice on whether to run an applet or not (but that is a bad road to head down). You could have just made a popup when I run an applet that says "Do you want to remember this setting?" - it doesn't fix the security problem, but the current solution doesn't either. At least this way, I don't feel frustrated at my browser for someone else's (Oracle, in this case) screw ups.

They annoy users by panicing any time a certificate is signed by an authority not on the list.

This is desired behavior for SSL. Otherwise, a man in the middle could start his own private CA and issue certs for each site that you view. Bug 460374 shows MITM in the wild. If I wanted to verify self-signed certificates through route diversity, I'd install the Perspectives extension. (And I have.)

When Google released Chrome, Firefox decided they wanted to have a Chrome-like super fast release cycle, which hurt extensions.

It hurt native extensions other than NPAPI media handlers, but it led to a more-or-less stable API for writing extensions completely in JavaScript.

You must be kidding. Microsoft Word has far more formatting capabilities than any HTML + CSS content I'm familiar with. Try creating text with a multi-coloured gradient fill and a drop shadow.

That'd be the linear-gradient and box-shadow CSS elements, respectively.

Try representing a complex mathematical equation.

You mean like MathML? That one's not quite as supported, I'll admit, mostly because nobody really wants it in their browser in the first place.

Try inserting a pie chart.

Okay, now you're really losing track of the concept of a "document". You're also being a bit of a dick by jamming in really specific use cases most people don't care about. But regardless, that's what things like Google Charts is for.

Try inserting a date field that updates automatically.

That'd be pretty simple in the domain of JavaScript, yes. If you start complaining that HTML documents should be static and shouldn't be running code in their presentation, I would counter that neither should office documents, but you seem to consider THAT to be a STRENGTH of MS Word for some reason.

Try rotating a block of text by an arbitrary number of degrees.

Sounds like you want the transform CSS element; rotation is one of its simpler tools. Others include skewing, vector transformation, scaling, and arbitrary matrix transforms.

Then consider that fact that many people using word processors in business today are capable of doing all these things without knowing a single thing about coding.

...people using word processors in BUSINESS have need to dump hideous multi-color gradients, rotated text, and drop shadows in their BUSINESS documents? That, sir, is not an endorsement of MS Word. That is an indictment against the current state of business, a state for which MS Word is to BLAME.

But anyway, here's a few WYSIWYG editors to do just that. Note that some of them are even Microsoft products! How 'bout that?

No, I'd say that the problem isn't HTML + CSS's limitations. As implied in your second sentence, the problem is that you just plain and simply aren't familiar with much HTML + CSS content.

You must be kidding. Microsoft Word has far more formatting capabilities than any HTML + CSS content I'm familiar with. Try creating text with a multi-coloured gradient fill and a drop shadow.

That'd be the linear-gradient and box-shadow CSS elements, respectively.

Try representing a complex mathematical equation.

You mean like MathML? That one's not quite as supported, I'll admit, mostly because nobody really wants it in their browser in the first place.

Try inserting a pie chart.

Okay, now you're really losing track of the concept of a "document". You're also being a bit of a dick by jamming in really specific use cases most people don't care about. But regardless, that's what things like Google Charts is for.

Try inserting a date field that updates automatically.

That'd be pretty simple in the domain of JavaScript, yes. If you start complaining that HTML documents should be static and shouldn't be running code in their presentation, I would counter that neither should office documents, but you seem to consider THAT to be a STRENGTH of MS Word for some reason.

Try rotating a block of text by an arbitrary number of degrees.

Sounds like you want the transform CSS element; rotation is one of its simpler tools. Others include skewing, vector transformation, scaling, and arbitrary matrix transforms.

Then consider that fact that many people using word processors in business today are capable of doing all these things without knowing a single thing about coding.

...people using word processors in BUSINESS have need to dump hideous multi-color gradients, rotated text, and drop shadows in their BUSINESS documents? That, sir, is not an endorsement of MS Word. That is an indictment against the current state of business, a state for which MS Word is to BLAME.

But anyway, here's a few WYSIWYG editors to do just that. Note that some of them are even Microsoft products! How 'bout that?

No, I'd say that the problem isn't HTML + CSS's limitations. As implied in your second sentence, the problem is that you just plain and simply aren't familiar with much HTML + CSS content.

You must be kidding. Microsoft Word has far more formatting capabilities than any HTML + CSS content I'm familiar with. Try creating text with a multi-coloured gradient fill and a drop shadow.

That'd be the linear-gradient and box-shadow CSS elements, respectively.

Try representing a complex mathematical equation.

You mean like MathML? That one's not quite as supported, I'll admit, mostly because nobody really wants it in their browser in the first place.

Try inserting a pie chart.

Okay, now you're really losing track of the concept of a "document". You're also being a bit of a dick by jamming in really specific use cases most people don't care about. But regardless, that's what things like Google Charts is for.

Try inserting a date field that updates automatically.

That'd be pretty simple in the domain of JavaScript, yes. If you start complaining that HTML documents should be static and shouldn't be running code in their presentation, I would counter that neither should office documents, but you seem to consider THAT to be a STRENGTH of MS Word for some reason.

Try rotating a block of text by an arbitrary number of degrees.

Sounds like you want the transform CSS element; rotation is one of its simpler tools. Others include skewing, vector transformation, scaling, and arbitrary matrix transforms.

Then consider that fact that many people using word processors in business today are capable of doing all these things without knowing a single thing about coding.

...people using word processors in BUSINESS have need to dump hideous multi-color gradients, rotated text, and drop shadows in their BUSINESS documents? That, sir, is not an endorsement of MS Word. That is an indictment against the current state of business, a state for which MS Word is to BLAME.

But anyway, here's a few WYSIWYG editors to do just that. Note that some of them are even Microsoft products! How 'bout that?

No, I'd say that the problem isn't HTML + CSS's limitations. As implied in your second sentence, the problem is that you just plain and simply aren't familiar with much HTML + CSS content.

I hate to say it, but in the world of end-user apps, Javascript won. (Note that I'm not talking about niche applications like 3D rendering or server software.) And I write this as a committed Mac and iOS developer. Moore's Law and improved JS compilers have made Javascript responsive enough for 99.9% of applications. Native end-user apps will stumble along for a while, but they're walking dead.

There are no more technological hurdles for Javascript to overcome. The payment model is the last nut to crack. Firefox is working on that. Maybe it'll take a bigger player to make it happen. But make no mistake: it will happen. It'll happen because it's cheaper to pay one development team that can deploy to every device.

As recently as last year, Facebook moved away from mobile to native, but that move already looks amazingly dated. Since Facebook moved from "HTML5" to native ObjC, Apple released the iPhone 5, which was over twice as fast as the 4s, and then the 5s, which is about twice as fast as the 5. The Javascript version of Facebook may have felt unresponsive on an iPhone 4 or 4S, but those days are history.

A lot of people may be reading this and thinking "yeah, yeah, people have been talking about 'write once, run anywhere' for decades." They're right—we've been staring at the oncoming freight train for decades, and now it's finally here. If you write end-user apps and you're not polishing your Javascript right now, that train will roll right over you.

Maybe I need to upgrade my browser.

You need the Certificate Patrol plugin, which warns you when a site's certificate changes unexpectedly, even when the new certificate has a "valid" signature.

Unfortunately, this doesn't work with Google's servers, who rotate among a gazillion certificates "legitimately", and thus drown the user in false positives. But given Google's cooperation with Prism, maybe this effect is wanted?

If you also use Certificate Patrol, at least you'll know when you've been MITM'd.

Some of the CAs included in Firefox's massive list are governments. It'd suck if they went out of business.

There are lots of java applets that implement games, graphs, and other useful things that require a real program.

Wrong. HTML5+WebGL is capable of running full-fledged applications. You can even develop in C++ and compile it directly to Javascript. Mozilla has demoed a 3D FPS in HTML5, or hell, even the Unreal Engine 3 has been ported to Javascript. Java and Flash are blights that need to die, the sooner the better.

The same still applies. Sure, you're circumventing the eavesdropping of your employer. You still have a long list of trusted signing authorities in your browser.

Firefox list

Microsoft/MSIE

Chrome

There's no good reason to believe your encryption is end-to-end safe. It's end-to-whoever-runs-the-proxy-server encrypted. Someone in your house won't eavesdrop on it, but ye olde MITM by a large enough organization can. There are some telecom providers included.

So your employer can't sniff your traffic, and you've compromised their internal security. You're safe from your desk to your home machine and that's it. I'd say you're totally safe on your computer, but as your employer could use keystroke loggers, watch your screen, and even access your files (via \\yourdesktop\C$\), the only thing you're protecting is the easy logging of the URLs you've browsed. If they're already doing deep packet inspection, either the VPN connection won't be established because VPN won't traverse the content inspector, or they'll notice massive amounts of encrypted traffic always going to the same place. So it won't work, or you'll raise red flags.

What if a government agency got in on this game? They could sign and eavesdrop without you knowing. Oh wait. They are already there.

Firefox: France, Hong Kong, Japan, The Netherlands, Spain, Taiwan, Turkey

Microsoft/MSIE: Austria, Brazil, Finland, France, Hong Kong, India, Japan, Korea, Latvia, Macao, Mexico, Portugal, Serbia, Slovenia, South Africa, Spain, Sweden, Switzerland, The Netherlands, United States, Tunisia,Turkey, Uruguay, Venezuela,

Chrome uses the underlying OS root CA list.

Any one of them can sign valid certs. For MSIE and Chrome users, the US Gov't can sign for *.google.com, and intercept all the traffic, without the need of adding any extra CAs to your browser/computer.

Mozilla has a bug open about it. There has apparently been lots of discussion about pros/cons of using key continuity.

https://bugzilla.mozilla.org/show_bug.cgi?id=398721

WebGL is fine.

From this page, Atom N450, Xubuntu 12.04, Xorg 1.11.3, Firefox 24: "Hmm. While your browser seems to support WebGL, it is disabled or unavailable. If possible, please ensure that you are running the latest drivers for your video card." This Mozilla page recommended looking in the "Additional Drivers" utility that came with the operating system, but all it showed me was the driver for a Broadcom NIC that I'm already using. The Mozilla page also referred me to Intel's driver update utility, but that's Windows-only.

The real problem is everyone has been coming up with "Go buttons" but there was no decent "Stop button". So to stop some stuff but not others you have to make sure ALL the unwanted Go buttons" are not pressed. And that is not easy to do. Some people say "Use a library" the problem is how do you make sure future "Go buttons" that haven't been invented yet are not pressed either? And how about different browsers behaving differently?

So more than 10 years ago I proposed that a "Stop" "button" be created: http://lists.w3.org/Archives/Public/www-html/2002May/0021.html
http://www.mail-archive.com/mozilla-security@mozilla.org/msg01448.html

But there was no interest in such a thing till recent years with CSP: https://developer.mozilla.org/en/docs/Security/CSP

If the major browsers had implemented my simple suggestion years ago it would have been harder for the Yahoo, MySpace and other worms.

But that doesn't mean they are actual purchased iPads.

See here for a clue.

IE apparently dropped it a long time ago, and Mozilla is dropping it.

Someone should tell Mozilla that.

Good luck getting full justification with HTML 5.

In which browser does CSS text-align: justify fail? This page claims it works in Firefox, Safari, and and Chrome since 1.0 and IE and Opera since 3.x. Could you explain the problem you ran into in more detail? Was the problem that lack of automatic insertion of ­ (which turns into a hyphen at the end of a line) caused rivers of whitespace?

We need to be much less tolerant of things that "phone home" to some headquarters. Or accept remote patches. We now have to assume that anything with a remote patch capability can be exploited.

You might think open source would be better. It's not. Even the Mozilla Foundation has become squishy-soft on enforcing their own privacy rules. Check out BlockSite, a Firefox add-on which used to just block requested sites. It was bought up by a company called WIPS, which buys up abandoned apps and puts in back-door tracking of every site visited. After a year of pressure from WIPS, Jorge Villalobos at Mozilla caved in and let them install tracking in an existing add-on and auto update it.

For Linux, Ubuntu pushes an awful lot of updates to supposedly "stable" versions. Is there a back door in there? Is anybody looking?

A 2 year old "text inflation" bug (not really a bug, more like a horribly flawed feature) renders the Android version totally unusable for me. https://bugzilla.mozilla.org/show_bug.cgi?id=707195

Now you can uninstall it and install the lighter-weight Click-to-play per element

Here is the bug: https://bugzilla.mozilla.org/show_bug.cgi?id=896016
https://bugzilla.mozilla.org/show_bug.cgi?id=896016
Whether Chrome temporarily uses more RAM is not the point. I have never seen Chrome get into a runaway 2-3GB memory leak like so frequently happens to FF https://bugzilla.mozilla.org/show_bug.cgi?id=896016

Here is the bug: https://bugzilla.mozilla.org/show_bug.cgi?id=896016
https://bugzilla.mozilla.org/show_bug.cgi?id=896016
Whether Chrome temporarily uses more RAM is not the point. I have never seen Chrome get into a runaway 2-3GB memory leak like so frequently happens to FF https://bugzilla.mozilla.org/show_bug.cgi?id=896016

Here is the bug: https://bugzilla.mozilla.org/show_bug.cgi?id=896016
https://bugzilla.mozilla.org/show_bug.cgi?id=896016
Whether Chrome temporarily uses more RAM is not the point. I have never seen Chrome get into a runaway 2-3GB memory leak like so frequently happens to FF https://bugzilla.mozilla.org/show_bug.cgi?id=896016

This link should help you out. Just download the latest version and install it over the top of your current version. It will upgrade your current install.

http://www.mozilla.org/en-US/firefox/fx/#desktop

I won't be downloading any new versions of Firefox--nor will I enable automatic updates--until they fix the danged memory leaks that have been present since they began their whirlwind upgrade cycle with FF 4.0.

What memory leaks? If you've found new ones, have you reported them? Significant progress has been made in Firefox's memory usage in the last three years. Do you read the memshrink progress reports? If you don't, maybe you should.

Chrome is a handy replacement for what used to be a reliable friend--Firefox.

Surely you realise that Chrome uses more memory than Firefox. Look at a comparison of browser memory usage with a single tab open and multiple tabs open. If you're happy with Chrome's memory usage, you'll be happy with any browser's memory usage.

Replace "FF" with "Google Chrome" and you'll see that Google beat Mozilla to the punch :-) Remember that Chrome is on version 29 (5 ahead of Firefox) and now uses more RAM than Firefox! You've also conveniently forgotten the Firefox ESR release (Chrome has *nothing* like it, so is a complete disaster for corporate use). Also, the performance gap has been gradually closing between Chrome and Firefox in the last year or so. For the first time in a couple of years, Firefox recent actually beat Chrome in Tom's Hardware Browser Grand Prix.

The lack of extensions on Android Chrome is utterly appalling, which is why Firefox on Android basically destroys Android Chrome. Now if Mozilla could fix the dodgy graphics issue with Firefox on the Nexus 10 (pages often half-rendering and needing a screen rotation to render them properly!), then I wouldn't have to double-rotate my tablet so often :-)

Replace "FF" with "Google Chrome" and you'll see that Google beat Mozilla to the punch :-) Remember that Chrome is on version 29 (5 ahead of Firefox) and now uses more RAM than Firefox! You've also conveniently forgotten the Firefox ESR release (Chrome has *nothing* like it, so is a complete disaster for corporate use). Also, the performance gap has been gradually closing between Chrome and Firefox in the last year or so. For the first time in a couple of years, Firefox recent actually beat Chrome in Tom's Hardware Browser Grand Prix.

The lack of extensions on Android Chrome is utterly appalling, which is why Firefox on Android basically destroys Android Chrome. Now if Mozilla could fix the dodgy graphics issue with Firefox on the Nexus 10 (pages often half-rendering and needing a screen rotation to render them properly!), then I wouldn't have to double-rotate my tablet so often :-)

The Firefox team needs to REMOVE the 'Top Sites' tab, or at least make it possible for the user to disable it, on Android. The existence of the 'Privacy Tab Browsing' is nice, but it's totally outrageous that for normal browsing there is a permanent indelible record of where you have browsed on display every time you load the browser.

This is different from the browser history how?

If you want your browsing to stay private, use "Private Browsing". It's right in the name!

That said, The Firefox Android browser is one of the main reasons it's even reasonable to browse the web on Android. If you use the default browser or Chrome, everywhere you browse is known to the Googleplex. I specifically NEVER log onto any Google Services from Firefox on my Samsung phone.

Son, Google Play Services runs as root. If they want your Firefox browsing history, they can get it easily.

I think he's more miffed by the fact that they have no 'disable history' or 'automatically clear history when firefox closes' options on the mobile version, as they do on the desktop version. Thus your 'Top Sites' page is spammed with all your incidental browsing history, unless you remember to manually clear your history each time you close the mobile browser...

That being said, he should really take a look at Clean Quit. It adds a quick-exit option to your popup toolbar on FF mobile, and (the most important part) it automatically clears whichever privacy settings you select if you exit via that button. That way, your 'Top Sites' page is only populated by your bookmarked sites, not by every little address search, imdb query or wikipedia article you happened to have browsed over the last few days...seems to work pretty well so far :)

http://www.theregister.co.uk/2013/09/13/review_zte_open_firefox_os_phone/ [theregister.co.uk]

Ouch. I wonder what the experience is like when you build and install Firefox OS on a decent Android 4.x smartphone.

Unless the phone's system apps are all open source and written in JavaScript, so necessarily there are Web APIs to everything. Firefox OS walks the walk.

PhoneGap will shrink to be a compatibility shim on decent standards-compliant smartphones; the problem is Apple will always favor native IOS over web apps because Apple Inc. wants the resulting lock-in and can get away with it while they have market dominance.

Surely Dave Winer can't be that out of touch. Firefox OS nails it.

In Firefox OS everything is written in JavaScript, the most widely-deployed scripting language that developers already know. Unlike all the other also-rans to IOS and Android, its system applications — calendar, on-screen keyboard, music player, etc. — are likewise written in JavaScript. To permit this, and unlike BBX, OpenWebOS, Tizen, Windows 8, and everyone else saying "Write apps for our failing platform using HTML/CSS/JavaScript", it has Web APIs to most phone features (battery status, Bluetooth, camera, SMS, etc.), all on various tracks towards standardization. Like lots of phones you can run your apps on the desktop in an emulator; unlike lots of phones the Firefox OS Simulator runs in your browser. Unlike any other smartphone many of the apps you write for the phone will also run and install unchanged as apps on desktops (and Android) running Firefox, many will also work as Chrome apps with minimal effort, and anyone can run an app store, you just put an install button for your app on a web page on your site.

Surely Dave Winer can't be that out of touch. Firefox OS nails it.

In Firefox OS everything is written in JavaScript, the most widely-deployed scripting language that developers already know. Unlike all the other also-rans to IOS and Android, its system applications — calendar, on-screen keyboard, music player, etc. — are likewise written in JavaScript. To permit this, and unlike BBX, OpenWebOS, Tizen, Windows 8, and everyone else saying "Write apps for our failing platform using HTML/CSS/JavaScript", it has Web APIs to most phone features (battery status, Bluetooth, camera, SMS, etc.), all on various tracks towards standardization. Like lots of phones you can run your apps on the desktop in an emulator; unlike lots of phones the Firefox OS Simulator runs in your browser. Unlike any other smartphone many of the apps you write for the phone will also run and install unchanged as apps on desktops (and Android) running Firefox, many will also work as Chrome apps with minimal effort, and anyone can run an app store, you just put an install button for your app on a web page on your site.

Surely Dave Winer can't be that out of touch. Firefox OS nails it.

In Firefox OS everything is written in JavaScript, the most widely-deployed scripting language that developers already know. Unlike all the other also-rans to IOS and Android, its system applications — calendar, on-screen keyboard, music player, etc. — are likewise written in JavaScript. To permit this, and unlike BBX, OpenWebOS, Tizen, Windows 8, and everyone else saying "Write apps for our failing platform using HTML/CSS/JavaScript", it has Web APIs to most phone features (battery status, Bluetooth, camera, SMS, etc.), all on various tracks towards standardization. Like lots of phones you can run your apps on the desktop in an emulator; unlike lots of phones the Firefox OS Simulator runs in your browser. Unlike any other smartphone many of the apps you write for the phone will also run and install unchanged as apps on desktops (and Android) running Firefox, many will also work as Chrome apps with minimal effort, and anyone can run an app store, you just put an install button for your app on a web page on your site.