Slashdot Mirror

"A free (as in freedom) software app store for Android would be awesome." Check out F-Droid. "I'd love to see a free software Android fork with a modern package manager and native development tools." Not quite a complete project for what you want, but BotBrew is a start... Also, if it's ever possible to install FirefoxOS on more than a handful of devices, it sounds like a possible contender for the niche, too.

It has all the bugs that Firefox does when compiled as a 64-bit binary.

Out of curiosity, which bugs are those? I've seen bugs in FF (such as the well known memory leaks), but they never seemed to be 64 bit specific.

I've been running the 64 bit firefox for, gosh... I don't even know. 8 or 10 years?

$ file /usr/lib/firefox/firefox /usr/lib/firefox/firefox: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24

I don't know if this link will work but you can also search to see the 64 bit bugs (some of which also affect x86): https://bugzilla.mozilla.org/buglist.cgi?quicksearch=firefox+64+bit

Well then, just remove them permanently ;)

Firefox Android doesn't. You can "clear all private data" but you have no control other than that. You can't refuse them while browsing, and you can't keep cookies that you might actually want if you "clear all", either.

See?

Now it could be that there is a better way of doing this, but it seems to me that no matter how this game is played, constant updates to users should be the norm...

Now that I think of it, perhaps a Firefox extension could do the trick. Signed extensions can be updated automatically. The extension could have obfuscated URLs that are decrypted with something like this: https://addons.mozilla.org/en-US/firefox/addon/domcrypt/ and then wired in to automatically select an available proxy from the current batch. Not perfect by any stretch of the imagination, but it solves the "spam" problem. Also, it maybe easier for users and harder for censors? Crap... now I'm not going to get any work done...

There are multiple benefits of email delivery that aren't present in the Firefox Addon model:

• It's push notification - the updates only go out once. Firefox Addons are a pull - a server has to handle all the clients requesting updates (and sending the appropriate subset!).
• It's more difficult for the people that this list is supposed to enable to bypassing of to automate the immediate blocking of the new set of domains.
• It natively enables two-way communication at a human level.

If I were the OP, I'd consider moving to an encrypted blog method of delivery (still via email), but doing it while being very conscious of the level of technical know-how of the target recipients.

His behaviors are _similar_ to those of a spammer in number only. Having visited his site: http://www.peacefire.org/ it seems that he gets his email list from people subscribing to it on his site. If I understand it correctly, people who sign up for this list are looking for regular updates to proxies so that they can avoid censorship. As proxies are discovered by governments or certain companies , they are blacklisted, and new proxies must be created and sent out to the interested masses:

"Of course, employees of blocking software companies have gotten on this list as well, so they add our sites to their blocked-site database as soon as we mail them out, but in most places it takes 3-4 days for the blocked-site list to be updated. So the latest one that we mail out, should usually still work. "

Now it could be that there is a better way of doing this, but it seems to me that no matter how this game is played, constant updates to users should be the norm...

Now that I think of it, perhaps a Firefox extension could do the trick. Signed extensions can be updated automatically. The extension could have obfuscated URLs that are decrypted with something like this: https://addons.mozilla.org/en-US/firefox/addon/domcrypt/ and then wired in to automatically select an available proxy from the current batch. Not perfect by any stretch of the imagination, but it solves the "spam" problem. Also, it maybe easier for users and harder for censors? Crap... now I'm not going to get any work done...

Well the exploit uses APIs that only work in IE, such as attachEvent, so it breaks in other browsers before it can even try the exploit.

I looked into how other browsers handle manually firing events and found this nice example. As you can see, you are REQUIRED to create your OWN event object, where the exploit depends on the browser creating and populating one.

Couldn't something similar be achieved using the Pointer Lock API, as implemented by Firefox and Webkit browsers?

Or if Cygwin is too much work.....try installing FireSSH

• 1. (like above) put replies in folder being replied to. (I also put sent messages there, so the whole conversation's in one place)
• 2. Install the Thunderbird Coversations add-on. I like the conversation view better than Thunderbird's default. It also lets you reply on the same page if you want.

Do you see $100 million of development every year? Where does the money go? Where is the 2011 report?

The 2011 report is right here.

A friend of mine said recently he is looking for a new email client because it seems that Mozilla Foundation doesn't want to improve Thunderbird. I agree with him.

Mozilla Foundation gets something like $100 million per year. Quoting: "Mozilla's consolidated reported revenue (Mozilla Foundation and all subsidiaries) for 2010 was $123 million..."

Do you see $100 million of development every year? Where does the money go? Where is the 2011 report?

We often distribute short but complicated business reports to clients by email. The emails must be formatted in HTML or they would be difficult to read.

Things we need in Thunderbird:

A "Get All Mail" button. Getting all email should not require a menu choice.

Better handling of images and other attachments. Sending an image with slightly different text to 10 people should have the option of not requiring storage of 10 copies of that image.

Automatic storage of important emails in both the email database and as separate files. If something corrupts the database, we cannot afford to lose important emails.

I'm not sure why people are saying Thunderbird is not getting new features

Perhaps because after five years we're STILL waiting for "compose in tab".

The "killer feature" for me on Gmail is conversation view, where it groups messages together in conversations, so instead of a ton of disparate emails, they're grouped together in a single line and can be seen in sequential order. Back when I switched over to Gmail, it was the only thing that had this feature, and now I find it indispensable, though it does sometimes screw up (since email was never designed to actually have this in the first place). Do other clients have this yet?

Yes: https://addons.mozilla.org/en-US/thunderbird/addon/gmail-conversation-view/. My experience has been that webmail is inferior to having a mail client. Even simple things like correctly displaying email which contains styled HTML content doesn't work in, for example, Gmail.

So when Firefox gets off-main-thread compositing and runs chrome and content on different threads so will Thunderbird.

So when Firefox gets off-main-thread compositing and runs chrome and content on different threads so will Thunderbird.

Sure. Here's one for Mac:
https://bugzilla.mozilla.org/show_bug.cgi?id=700835

I'll admit I didn't immediately find one for Windows. Instead I found that fun incedent where MS added their own Firefox extension as an update to Windows Live without prompting. So I guess the responsibility of the OS distributor goes beyond just keeping API breaks from affecting users.

You keep saying it's too much for one group to handle and yet, Linux distributions don't seem to be having all that many API-break related problems. Maybe you have a specific example to support your case?

Firefox rules. I have been using addons refcontrol to take care of paywalled websites like nytimes.com, wsj.com etc.
linky: https://addons.mozilla.org/en-us/firefox/addon/refcontrol/

I've removed Ghostery as a memory hog, and replaced it with about:trackers

For firefox this is actually pretty good. My personal favorite bug is still plaguing users of FF over 11 years after being reported.

Perhaps there's a reason for that...

Roman 2012-09-07 02:57:01 PDT

WHERE THIS BUG STANDS AS OF TODAY

There is a technical side to this issue: Firefox is technically UNABLE TO FILTER THE KEYS [...]

There is a bounty standing at $164 as of today on this bug [...]

When the browser asks you if you want to use one of these features, just click No. No one is forcing you to use a Facebook siderbar.

Meanwhile, the Mozilla folks have been dodging HTML4 and CSS3 for over twelve years. You tell me, what sounds like a better use of time: bloating the browser with some bullshit Facebook-specific plugin or allowing for decimal aligned numbers in tables?

Sadly, Firefox becomes less and less relevant as they try the most hamfisted ways to maintain relevance.

Twitter means both a microblog service and a Slashdot personality known for pro-GNU/Linux, anti-M$ sockpuppetry. APK means both an Android application packaging format and a Slashdot personality known for promotion of hosts files as a component of Internet security. And now BMO means both the public bug tracker of Firefox and a Slashdot personality known for accusing people of astroturfing for Microsoft. Why do names have to be so overloaded?

I'm noticing behavior in Firefox 17 where all the glass can be used as a drag handle when the menu bar is disabled. However, when the menu bar is enabled, only the window title glass can be used as a drag handle. The glass surrounding the menu bar and the tabs don't respond to mouse dragging.

There is a bug report 667234 regarding this issue for Thunderbird which has been addressed (IIRC), but it also applies to Firefox.

Maybe if they do implement this fix, they'll finally get around to fixing this bug after nearly 11 years and counting!

I forgot to mention that using different themes for each profile really helps me to keep from accidentally using the wrong window. I also use the customize_titlebar_v2 add-on to change the titlebar to something unique to each profile, that helps when looking at iconified windows where you can't see the theme.

For firefox this is actually pretty good. My personal favorite bug is still plaguing users of FF over 11 years after being reported.

Definately not what most people want -- I certainly would hate that, too.

If you want it though, it's easy enough to enable: https://support.mozilla.org/en-US/kb/private-browsing-browse-web-without-saving-info#w_how-do-i-always-start-firefox-in-private-browsing

2013-04-02 to precise.

But you can probably download the daily build right now, the pre-Beta/Aurora in the week of 2013-01-06 or the beta on 2013-02-19.

https://wiki.mozilla.org/RapidRelease/Calendar

Are you sure that wasnt a popup crafted to look like a non-browser window? That is a very common method of enticing people to click on them, and to run the files it downloads.

Alternatively, perhaps you should visit the Mozilla Plugin Check:
https://www.mozilla.org/en-US/plugincheck/

If you truly got a driveby virus, your plugins are out of date, or your browser is. For the record, this is easily possible on Linux and OSX as well (and has been demonstraded before, and each year at Pwn2Own).

A short summary:

1) TraceMonkey turned out to have very uneven performance. This was partly because it type-specialized very aggressively, and partly because it didn't deal well with very branchy code due to trace-tree explosion. As a result, when it was good it was really good (for back then), but when it hit a case it didn't handle well it was awful. JaegerMonkey was added as a way to address these shortcomings by having a baseline compiler that handled most cases, reserving tracing for very hot type-specialized codepaths.

2) As work on JaegerMonkey progressed and as Brian Hackett's type inference system was being put in place, it turned out that JaegerMonkey + type inference could give performance similar to TraceMonkey, with somewhat less complexity than supporting both compilers on top of type inference. So when TI was enabled, TraceMonkey was switched off, and later removed from the tree. But keep in mind that JaegerMonkey was designed to be a baseline JIT: run fast, compile everything, no fancy optimizations.

3) IonMonkey exists to handle the cases TraceMonkey used to do well. It has a much slower compilation pass than JaegerMonkey, because it does more involved optimizations. So most code gets compiled with JaegerMonkey, and then particularly hot code is compiled with IonMonkey.

This is a common design for JIT systems, actually: a faster JIT that produces slower code and a slower JIT that produces faster code for the cases where it matters.

https://blog.mozilla.org/dmandelin/2011/04/22/mozilla-javascript-2011/ has a bit of discussion about some of this.

Wikipedia goes into a bit of detail about it but in basic summary...

TraceMonkey was the first JIT compiler for SpiderMonkey released in Firefox 3.5.

JagerMonkey is a different design on TraceMonkey which outperforms it in certain circumstances (Some differences between TraceMonkey and JagerMonkey)

IonMonkey is another attempt at better perfecting the idea of JagerMonkey allowing even greater optimisations under particular circumstances.

However TraceMonkey, JagerMonkey and IonMonkey are part of SpiderMonkey as JIT compilers, not a replacement of SpiderMonkey itself.

I'm curious as to what benefits this will offer over Node.js or Rhino. I mean my biggest aversion to Java has been the amount of boilerplate needed, to a lesser degree C# (.Net). Been really liking Node.js + MongoDB + WebStorm lately. Thinking of stripping down my API and pushing the base as a starting point framework for for building JSON web services.

Since JDK 6, the open source Mozilla Rhino Javascript engine is already built-in

There have also been standalone javascript engines running on the JVM; the best-developed is Rhino from Mozilla.

I have been watching TV, listening to radio and reading for nearly 60 years, and I WILL NOT look at ads in my web browser! I use Adblock Plus https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/?src=ss

Hosts files aren't the only way to block ads. Putting Flash Player on click-to-play, with a whitelist per origin, blocks most of the more annoying and CPU- and RAM-hogging ads. And because Flashblock is content-neutral, and in effect enabled out of the box on tablets, it's more likely to stand up to legal challenges.

Well it could be true that there's a growing market, and you'll definitely find people on Slashdot who are part of that market, but could we have some stats? Why does it "certainly" seem that the market is growing?

Anecdotal evidence: Privacy search plugins like Google Sharing appear to have fast growing userbase/# of reviews etc, many more each time I upgrade and check them anyway.

The sandbox adds security restrictions plus "tokens" for explicitly allowing the things that you, the site developer, want. The main purpose of the restrictions is to prevent content within an iframe from accessing content in or related to the parent page. For example, lots of ads are loaded in iframes, the sandbox attribute can prevent JavaScript in the ad from executing. The site Can I Use is a decent place to look for which browsers and browser versions support particular parts of HTML5, CSS3, etc. The iframe sandbox has had support from Google and Apple but Microsoft only added it in IE10 and no version of Opera on any platform has it.

No more of this Mac OS X version: https://blog.mozilla.org/futurereleases/2012/10/04/we-bid-you-adieu-spotted-cat/ ...

It's okay, the whole point of their fast release cycle is that you'll probably see that feature within the next 6 weeks rather than in 6 months from now. Idiots who don't understand the version system will whine about it, but that's a very tangible benefit of releasing more often.

And you know, if the rapid updates were just to fix bugs and improve performance, I doubt anyone would really care how fast versions came out. The problem is that with every release they feel the need to dick around with the user interface as well.

Look what's included in 17:

• Some frakking stupid built-in "Social API" bullshit. Why the hell do I need Facebook and Twitter embedded in my browser? I intentionally block both of them on webpages, and now I have to deal with them being an integrated part of the software? I genuinely DO NOT understand this -- I thought the WHOLE POINT of the addon system was for adding things like this. Nowadays the Firefox addon ecosystem seems more focused on removing things from the browser. What. The. Hell.
• Just what we need: Bigger icons!. Let's display less information and take up valuable vertical screen space (which they whine about so much as excuses to get rid of the status and tab bars).

I think Mozilla would face much less resistance to their new update model if they would release fixes and performance updates automatically, but hold off making poorly thought-out UI changes except for on a 6-12 month cycle.

Or, better yet, drop the stupid UI changes all together.

It's okay, the whole point of their fast release cycle is that you'll probably see that feature within the next 6 weeks rather than in 6 months from now. Idiots who don't understand the version system will whine about it, but that's a very tangible benefit of releasing more often.

And you know, if the rapid updates were just to fix bugs and improve performance, I doubt anyone would really care how fast versions came out. The problem is that with every release they feel the need to dick around with the user interface as well.

Look what's included in 17:

• Some frakking stupid built-in "Social API" bullshit. Why the hell do I need Facebook and Twitter embedded in my browser? I intentionally block both of them on webpages, and now I have to deal with them being an integrated part of the software? I genuinely DO NOT understand this -- I thought the WHOLE POINT of the addon system was for adding things like this. Nowadays the Firefox addon ecosystem seems more focused on removing things from the browser. What. The. Hell.
• Just what we need: Bigger icons!. Let's display less information and take up valuable vertical screen space (which they whine about so much as excuses to get rid of the status and tab bars).

I think Mozilla would face much less resistance to their new update model if they would release fixes and performance updates automatically, but hold off making poorly thought-out UI changes except for on a 6-12 month cycle.

Or, better yet, drop the stupid UI changes all together.

We could have fixed this whole privacy thing from the beginning, but for whatever reason we didn't.

There was a time when people read E-mail using local clients. Freeware programs such as Thunderbird and Pegasus Mail were common.

The issue could have been addressed by fiat from any one popular software package. It would only have required:

1) For each user, generate a default public and private key on install
2) Add a field to the protocol requesting the recipient's public key if they have one
3) Add a field advertizing the sender's public key
4) Add a button on the interface for "Prevent others from reading the content"

Done right, that's all it would have taken.

The protocol allows for experimental fields which can be ignored if the client doesn't understand, and there is already a mechanism for "delivery confirmation" which could be adapted for "public key confirmation". It would have taken very little to have the client intercept the public key response, process it, and not bother the user about it.

The mouseover for the button could have said "use encryption if the recipient has a compatible client".

At the time, this would have been a feature that mainstream clients didn't have (Outlook, Exchange, &c), so it would have been a selling point for open source. It would have led people to encourage the recipient to change to a more secure client. There would be an incentive to make other packages compatible, and soon the feature would be everywhere.

All of this could have been implemented transparently for the naive user, with a more sophisticated interface for advanced users who needed more control.

But for some reason we didn't do that, and now everyone reads their E-mail online. We didn't make this a de-facto standard, and now we've missed our chance. (I've often wondered if the browser could automatically encrypt/decrypt the content of specific named text blocks from specific sites such as gmail. Then the content could be encrypted online, but show cleartext to the user.)

We have the means and expertise to fix some of these problems, all it takes is the will to do it.

Notice that Firefox 17 is also an Extended Support Release, so if you are a fan of a more conservative update cycle, now is a good time to hop on the wagon.

Mozilla Firefox ESR Overview

Just grab 10.0.11 ESR and relax.

Or 17.0 ESR which is also out now and that will replace 10.0 ESR over the two upcoming releases. So if you want to roll out Firefox in your organization, be advised that 10.0 ESR is going out of support in only a couple of months.

Just grab 10.0.11 ESR and relax.

Has anyone mentioned that you can see much more detail of memory usage by going to about:memory?verbose and about:compartments yet? There is a known leak with the Firebug extension (built-in developer tools are enough to obsolete it for me anyway) and other extension-related bloat is tracked here.
Ironically someone wrote a Memchaser extension to track memory usage progress from the info in the about:memory page.

Has anyone mentioned that you can see much more detail of memory usage by going to about:memory?verbose and about:compartments yet? There is a known leak with the Firebug extension (built-in developer tools are enough to obsolete it for me anyway) and other extension-related bloat is tracked here.
Ironically someone wrote a Memchaser extension to track memory usage progress from the info in the about:memory page.

Has anyone mentioned that you can see much more detail of memory usage by going to about:memory?verbose and about:compartments yet? There is a known leak with the Firebug extension (built-in developer tools are enough to obsolete it for me anyway) and other extension-related bloat is tracked here.
Ironically someone wrote a Memchaser extension to track memory usage progress from the info in the about:memory page.

From this page: "Apple stopped supporting Mac OS X 10.5 (Leopard) in 2009". Have you tried upgrading to at least Snow Leopard, or failing that, replacing your over six-year-old PowerPC Mac with an Intel Mac?

A few weeks after my switch to Firefox

When was this? Was it several years ago? Recent versions of Firefox are reportedly much better at not letting JavaScript make the browser leak memory.