DHTML Bug Found in Mozilla 1.2

joyoflinux writes "The people at Mozilla have announced that Mozilla 1.2 contained a bug that caused sites that use DHTML to fail (more on the front page). They have pulled 1.2 from the releases page, pending a 1.2.1 release."

Interesting

[fucksl4shd0t]

Interesting that every couple of months when Mozilla has a bug or exploit or something people talk all kinds of trash, but forget about other competitors (IE) that have new exploits almost daily.

All in all, bug for bug, line by line, even accounting for the massive differences in complexity (mozilla is by far a more complex project that IE ever wanted to be), I'd have to say that Mozilla has less show-stopping bugs and fewer exploits than IE.

Re:Interesting

[whereiswaldo]

I'd have to say that Mozilla has less show-stopping bugs and fewer exploits than IE.

Until I hear different, that's my impression, too. But personally, I think the Phoenix project based on Mozilla has a lot of promise. It is a blazingly fast browser and is quick to startup, too. Amazing!

At least this bug today wasn't a security-related bug, like *cough* IE *cough* Outlook *cough* windows *cough* *cough* *cough* *cough* *cough* goddamn! *cough* *cough* Microsoft
feck
*cough* *cough* *cough* must... hit.. submit...

Re:Interesting

[whereiswaldo]

No need. Every piece of software known to man has at least one security flaw. The differenced I see are the frequency of flaws found and timeliness of updates. Microsoft loses there. Ask the analysts if you don't believe me. (eg.)

But I'll just let you read this article.

Open your eyes, man.

Re:Interesting

[whereiswaldo]

OK, maybe you're right about the fact that MSIE has more security flaws than other browsers. That's also because more people are using it and more people found bugs.

I see your point, but it's not exactly that simple. A good example I can point out is the Apache webserver. It got hit hard with the Code Red virus just like IIS did. Only it wasn't susceptible like IIS was.

Still, Mozilla and Netscape will never be first class browser with large user base.

How can you say that? Linux stared out as a tiny OS which only supported IDE hard drives. Now look at it. OSS projects can mature at a rapid pace, especially those which are fueled by many people. How many people work on IE? How many on Mozilla? Is there much of a difference? (I don't know)

Don't even think about commercializing Mozilla when it can't open certain DHTML sites.

FYI: AOL's Netscape is based on Mozilla. I'd say it's been commercialized. Don't worry, the bug will be fixed shortly, most likely.

Progressive JPEG rendering

That's a minor bug, IMO.

Keep tabs on mozilla.org in the next week and see how things happen.

Re:Interesting

[tg_schlacht]

At least this bug today wasn't a security-related bug, like *cough* IE *cough* Outlook *cough* windows *cough* *cough* *cough* *cough* *cough* goddamn! *cough* *cough* Microsoft
feck
*cough* *cough* *cough* must... hit..
submit...

Hey whereiswaldo, I think you need to get a new keyboard. Yours appears to have developed a serious cough.

Re:Interesting

[marauder404]

I missed that day on Slashdot, but I just read that BBC piece, and that article doesn't support your argument. Your argument is that IE has more security flaws than other browsers. While that may or may not be true, the BBC article simply states that IE should be avoided because it's the most targeted: "The easiest way to avoid parasite programs, he says, is to stop using Internet Explorer because it is targeted by many of the adware and spyware companies." This advice is akin to saying that one shouldn't buy a Honda because they are targeted by thieves -- it's not saying that Hondas are easier to steal than other cars. Likewise, the article doesn't say that IE is more vulnerable than other browsers but merely that it's more targeted. IE is definitely more vulnerable than other browsers, but the article doesn't argue it for you.

Neither does that other article. I actually read the whole whitepaper and the article isn't about how Unix is better than Windows (in fact, right in the abstract of the paper, it says that Windows provides much better throughput and slightly better performance than Unix!). Rather, it describes the process by which Hotmail was migrated from Unix to Windows. There are advantages and disadvantages to both platforms and it discusses them well. It describes in good detail how it went about converting the platform and the challenges as they were presented and resolved. It criticizes Windows where appropriate, but it doesn't say that Unix is the better OS as the Slashdot headline and blurb suggest.

I was ok with your post up until you referencing the other articles because they make no sense.

Re:Interesting

[gallir]

... This advice is akin to saying that one shouldn't buy a Honda because they are targeted by thieves -- it's not saying that Hondas are easier to steal than other cars....

Most of the thieves are so lazy that they avoid hard targets.

Re:Interesting

[Blkdeath]

Yes there IS software that is secure... 100% secure like my example above.

I believe your parent posters' example was a tad short-sighted (it's the typical cliche people use when referring to software, mostly to Microsoft vs. OSS I've found).

In reality, as the complexity of an application increases, so does the potential for overflows and security vulnerabilities. It's a simple proportionality based on several factors, including (but not limited to);

1. Human (programmer) error
2. Unaccounted program (user) input (see #1)
3. Vulnerabilities present in included libraries (reference; recent mod_ssl exploit)
4. Lax security configuration (user error)
5. Poor implementation strategy (SUID apps; 'nuff said)

etc. ad nauseum. Incidentally, you forgot to initialize integer 'z' before you used it. Sorry, but that's a potential exploit. ;)

The long and short of it is, programmers need to pay much more attention to the code they produce. Large-scale applications should be heavily modular, and more auditing should take place (did you check that buffer before allocating it? Did you free all your buffers before you ended your routine?)

Re:Interesting

[Blkdeath]

You're not actually blind enough to think that linux is "first class with a large user base" are you? Linux still is a "tiny OS".

You're not actually silly enough to think the end-(l)user base is the only market that defines an OS's userbase, are you? Why is Microsoft so afraid of our "tiny OS"?

Re:Interesting

[ColdGrits]

There is no security flaw primarily because your code is fataly flawed in terms of syntax and won't even compile.

Kinda tricky to exploiut security flaws in something that won't even compile, let alone run.

Re:Interesting

[hkmwbz]

First, I know that you are just trolling, but some poor bastard might read your drivel and actually take it seriously.

"Still, Mozilla and Netscape will never be first class browser with large user base."

It sounds like "first class browser" means "the most widely used browser" to you. That says a lot about you, because everyone knows that MSIE dominates the market because it is distributed with the most widely used operating system in the world. Most people just don't care and can't be bothered to download another browser, even if it is superior, when they already have one.

"So,what steps do you think that Mozilla developers to squashall these bugs?"

When will Microsoft fix security holes, crap CSS, PNG alpha transparency etc. in MSIE?

Re:Interesting

[asa]

" Interesting that every couple of months when Mozilla has a bug or exploit or something"

This isn't an exploit or even a crash or dataloss bug. This is just a visual glitch that you'll get on some pages with DHTML. The release hasn't really been pulled and is still available at ftp but we'd rather spare our users a large download that would probably be repeated in a couple of days when the 1.2.1 release out so the high-visibility links were commented out for the time being.

--Asa

Re:Interesting

[whereiswaldo]

Yes there IS software that is secure... 100% secure like my example above.

I believe your parent posters' example was a tad short-sighted (it's the typical cliche people use when referring to software, mostly to Microsoft vs. OSS I've found).

I'll ignore the fact that the parent poster didn't offer a non-trivial example of a 100% secure piece of software.

Let me ask this: do you know of a piece of software that is 100% secure? Can you prove beyond any doubt that it is secure? While there may be software that has no security flaws, I doubt it could ever be identified because there is no way to prove it.

So allow me to rephrase my comment then: every piece of software known to man should be treated like it has security flaws, because we can never prove otherwise.

Re:Interesting

[asa]

Don't even think about commercializing Mozilla when it can't open certain DHTML sites. I've tried 1.2.1 (just now) on both Windows and my Debian.

Actually, if you're thinking about commercializing Mozilla then our milestone model is probably just the thing you're looking for.

We push nightly builds to thousands of testers every day, hundreds of thousands of users test and thousands of users report problems against Alpha and Beta Milesotne releases and then we ship a final milestone to even more users/testers.

In some cases a new problem is discovered in that Final Milestone a fix is landed on the milestone branch. Someone interested in commercializing Mozilla has a well tested and well patched code branch from which to build a commercial product.

That this bug was discovered in Mozilla is precisely the reason that organizations would want to use Mozilla technologies in commercial products. We keep making it better and when we move on to the next release cycle any commercial (or non-commercial) organization is free to pull the code, listen to Mozilla Milestone feedback and bug reports and continue making it better themselves.

The alternative is doing all this development and testing work yourself or relying on closed source code where you can't continue making it better yourselves if you do find something wrong. If I was building a commercial app that required HTML rendering then I'd definitely investigate using one of the Mozilla code branches for my products.

--Asa

Re:Interesting

[atam]

How can you say that? Linux stared out as a tiny OS which only supported IDE hard drives. Now look at it. OSS projects can mature at a rapid pace, especially those which are fueled by many people. How many people work on IE? How many on Mozilla? Is there much of a difference? (I don't know)

A lot of people forgot that IE also started off as an also-ran (maybe they were too young and joined the internet too late to observe that). People at that time joked and ignored IE when comparing it to the then de facto standard Netscape. But then MS, thru innovations as well as dirty tactics while Netscape showed little improvement, the IE became the new king. I can't see why Mozilla could not repeat this history to dethrone IE.

Re:Interesting

[whereiswaldo]

Yep, there's a bug in your logical reasoning software: hasty generalization [nizkor.org].

Hasty generalization? That sounds like a hasty assumption on your part.

Show me a non-trivial program which you can PROVE contains no security holes. If you link in any libraries, you'll need to PROVE that they don't contain security holes, too.

And since I anticipate that you cannot prove that any piece of software does not have any security flaws, then it is safe to say that all software should be treated as if it might contain security flaws, since chances are it does, and since we cannot PROVE otherwise.

I look forward to shooting holes in your following argument...

Re:Interesting

[Felinoid]

I avoid technical "expertise" from populare news media. Thow I'd trust BBC or MS NBC over FOX or CNN when it comes to computers.
Still when it comes to computers and medical science or any techniocal expertise rely on media that knows more about computers than "HTML is hard" and "Internet Explorer is my operating system"

Frankly when ever someone says "Hackers target Microsoft products" tune em out.
Hackers don't target populare they target accessable sytstems they don't like.

Example: Mac Virus targeting only the Atari ST using a single brand of Mac emulation.
The virus would check to be sure it's an Atari ST before infecting the system.
The Atari ST had a very small userbase and only a few of them ever bothered with Mac emulation.
The reason is simple. The Atari ST plus Mac Emulation was far cheapter. For a while the Mac fanatics were furreous.

A virus will more likely be writen for a buggy platform that is only used by 10 people while pissing off the general public than a secure platform that us used by 10,000 people.

It's not important how many bugs Windows or IE has it's how many Microsoft passes over or compleatly ignores.

Say Z Os has 12 bugs a day where as T os has only 1 a month but Z os fixes all 12 bugs and T os leaves the 1 a month alone.

Crackers will favor Z os over T os for a target. After a year T os has 12 bugs and so dose Z..
After two years T has 24 but Z still has only 12.
If Z ever figures out why they keep making bugs maybe they'll have less but untill that day comes they'll have 12 bugs to crush.

T however knows how to avoid bugs.. they only slip up once a month.. they're only human. But if they just ignore the bugs then it won't matter how few bugs they produce. It piles up.

And in the long run Z os could had 1,000 new bugs an hour vs only 1 bug in T os for 50 years....
If T os never fixed that one bug and Z os fixes everything then it'll be T os the crackers will attack.

No matter how many users they have.

BTW.. Obveously the articals made sense to the other guy or he wouldn't have responded...
But I'll it for him to defend them they could be piles of dog poo for all I know.
Just heard "It makes no sense" to often applied to the obveous by people who would demand the unreasonable.

Some hackers do target Linux and Netscape so realisticly no platform is safe.
The whole idea of just chaning web browsers makes you safe is itself a good sign that the BBC artical is lacking in tech expertise.

It's a mixure of old Microsoft fud and Linux Zeloty.
A real FUDmaister wouldn't bring up the switch angle that's more Linux Zeloty.

A sereous tech story wouldn't even start suggesting that popularity had anything to do with it and wouldn't suggest that switching to something else would be good just on the face of it.

Switch to a browser that is consistantly reliable or if you can't get one that has a fast bugfix responce and update often.
With web browsers you can just as easly keep track of dangerous websites and IE you can switch off dangerous features so I recomend doing that.

I like Mozilla BTW.. fast bug fix and a lack of annimositys are more effective protections than obscurity...

You know what security by obscurity brings you..

Some bugs are more buggy than others?

[Seehund]

They retract a release because of this?

I've been waiting for ages for a fix to e.g. this bug which renders Mozilla useless for quite a bunch of purposes. Still I wouldn't see a reason to retract the releases containing bugs like that, unless we're talking about serious security holes.

Re:Some bugs are more buggy than others?

[fucksl4shd0t]

uhhhhhh.... links to bugzilla from slashdot are disabled. :)

Re:Some bugs are more buggy than others?

[Seehund]

Crud. Well, copy and paste then. :)

If someone can't be bothered to do that, that bug is preventing pasting of more than 4000 bytes from other apps into Mozilla. 4kB ain't much, for example pasting spam mails into SpamCop forms usually won't work, most spammers aren't too considerate about the size of their spam... :-P

Re:Some bugs are more buggy than others?

[tunah]

So a bug that renders some (albeit poorly designed) websites unusable is far less important than having to copy text a page at a time?

I send a fair amount of email, and have never had the need to copy that much text, anything much bigger should really be an attachment. As for other purposes, care to give some examples?

Re:Some bugs are more buggy than others?

[fucksl4shd0t]

That could be a limitation caused by the cross-platform nature of the application. In wxWindows, a textbox widget can only store about 4000 bytes, but a richtext widget can store a lot more. Problem is, richtext isn't available for GNU/Linux, it's only for windows. I'd like to see it dealt with too, though, just because that's an irritating bug to have.

Re:Some bugs are more buggy than others?

[Seehund]

The bug I linked to was just an example of a highly disruptive bug. Examples? See my Spamcop example above, or let's say you want to copy-n-paste part of an article into a Slashdot post, or use Mozilla's Composer and paste text/code into that, or paste something into a Bugzilla(!) form, and so on and so forth.

In comparison to that, how many sites actually fail to display at all because of this DHTML bug?

My point was that I don't see the need to retract releases unless they contain harmful bugs.

Re:Some bugs are more buggy than others?

[Thenomain]

You could always down your favorite platform's nightly build. Or wait a few days, if the uncertainty of a bleeding edge isn't for you.

Re:Some bugs are more buggy than others?

[LX.onesizebigger]

With those two statements combined, it's a good thing that link is so short!

Re:Some bugs are more buggy than others?

[/ASCII]

Is it too much to ask for you to read the link? They've known the reason for the bug for well over a year. The problem only arises when pasting from GTK-based apps. Basically, because their GTK-clipboard implementation sucks they would have to rewrite it to squash the bug.

Re:Some bugs are more buggy than others?

[hkmwbz]

One could argue that if you need to handle pieces of text that large, you should go for a dedicated application. While Mozilla is far more than a browser, it is not a text editor or text handler as such.

Re:Some bugs are more buggy than others?

[asa]

They retract a release because of this?

I've been waiting for ages for a fix to e.g. this [mozilla.org] bug which renders Mozilla useless for quite a bunch of purposes. Still I wouldn't see a reason to retract the releases containing bugs like that, unless we're talking about serious security holes.

You're right that this isn't a serious security hole or even a crash or dataloss bug. But it is something that we'd like to fix and make available quickly. The 1.2 release is still available if you want it. Just go to FTP and download. We're very close to putting out something with a fix for this DHTML problem and figured it was better to save folks the extra download by asking them to wait a day or two for the fixed version. The easy way to do that was to pull the high-proifile links to that build until we had a better build to put in its place.

--Asa

Re:lalaa

[IamNotWitchboy]

from the mozilla FAQ: "Mozilla 1.0 is a fully functional technology demo for those interested in seeing what can be done with Mozilla technology, and those who want to create Mozilla-based products and packages. The intended target audience is the development community. " so, it's not really a product. but a great 'demo' imho. if you want to use the 'commercial' suite, use netscape.

Re:Get MS Internet Explorer 6.0 SP1

[kingkade]

That will fix it

Perhaps a lobotomy will fix you...

What?!?!

[trotski]

A bug in mozilla??? No way, you've got to be jokeing!!!

Seriously though, although Mozilla has it's faults, (this being a prime example). It is still the cutting edge of browser technology. I mean, theres one feature that wins over every person I've recommended Mozilla to: the ability to stop pop ups from apearing. ALthough Mozilla is still rough around the edges, it is still my browser of choice.

Re:What?!?!

[rseuhs]

I don't get it. Why give every app have a half-assed window manager with its own quirky UI rather than making the system window manager usable?

Because Mozilla lets me open pages into the background. Whenever I open a page into a new browser-window it appears on top of my existing windows (which sucks).

Also I can close tabs with the middle mouse button, which I can't do with any windowmanager I am aware of.

Re:What?!?!

[Blkdeath]

I don't get it. Why give every app have a half-assed window manager with its own quirky UI rather than making the system window manager usable?

Remember that Mozilla is in use across many OSs, each with their own quirks when it comes to window managers. It makes Mozilla more streamlined across all of them; configuring the same profile across Linux, FreeBSD, Win'98, Win2k, WinXP, OS/2, etc. I get the exact same UI. Besides that; tabs are way more convenient than new windows. New windows = more clutter on your desktop and taskbar (very important for those of us who perpetually have a dozen or two windows open), more clutter on your desktop itself ('How many layers deep is Mozilla window eighteen of thirty?'), and having short summaries of each tab right in front of my face is extremely convenient. It's not replicating a window manager's functionality because it's only one window.

To summarize (and support) what others here have been saying; you don't know how nice tabbed browsing is until you've tried it. I used to be skeptical myself until I started using it, now I hate browsing without it.

(For fun; use tabbed browsing, disable pop-ups and most of the annoying JavaScript functionality and use Mozilla exclusively for a month or two, then use IE. If you don't want to claw your eyes out within the first ten minutes, I'll mail you $20 of your country's currency)

Re:Oh, the OSS zealots would say this is a "featur

[IamNotWitchboy]

The developers of mozilla already acknowledged this as a major bug. Big enough to pull a release. Now zealots will try to convinve devs that they are wrong? ^_^

and in a MS product it would have been called a minor rendering problem or something equally undescriptive.

go figure. Closed source zealots are always ready to jump at the announce of a "major" oss bug -_-

Mozilla Bugs...

[trotski]

Finding Bugs like this is proof that Mozilla is well on the way to becoming the world's best browser. With open source and lots of people contributing, bugs are found and elliminated quickly.

Microsoft IE on the other hand, bugs take time to find and even more time to repair due to the slow reaction of a large organization. This is probably why we hear so much about Mozilla bugs, they're far easier to uncover than bugs in IE or other browser.

PErsonally, I think Mozilla users should concider this a Good Thing, it means that your browser of choice is getting better!

Re:Mozilla Bugs...

[tshak]

Then why is Mozilla, after all these years, STILL inferior to Opera? Opera has a very small group of developers, and especially before Moz 1.x was faster, more stable, and rendered properly. Now, after many years, Moz has almost caught up, but we'll just have to see wwith Opera 7.

Re:Mozilla Bugs...

[xchino]

Your reasoning is flawed. Mozilla is in no way inferior to Opera. Mozilla has tons more features and options than Opera, giving it a MUCH larger resource footprint, and less room for error than with Mozilla. Also, Opera has a much smaller user base, which means less testing and bug reporting. Not to mention that Opera is COMMERCIAL and costs money, unless you like seeing ads everywhere. Even IE is free, without adware. I personally like Opera, but if anything it is inferior to Mozilla.

Re:Mozilla Bugs...

[tshak]

Also, Opera has a much smaller user base, which means less testing and bug reporting.

Yeah, I mean, they're only available on almost every possible OS for almost every possible platform. Seriously, you make like all of those features, and that's your opinion. I personally measure Opera's superiority by it's small footprint, fast rendering, and usability (Moz generally copies Opera after a few months. eg: mouse gestures). Yes, Opera is Commercial, and that's why it's so successfull. OSS has done some incredible things (Perl being one of my favorites), but I've still found that commercial software is generally a notch or two above OSS, and Opera is no exception.

Re:Mozilla Bugs...

[xchino]

If you're looking for a small footprint the Pheonix project is smaller, faster, and more feature rich than Opera. And the effect of Opera being cross platform if negligible, considering that Mozilla is too.

Re:Mozilla Bugs...

[Kanasta]

world's best browser? More like a good browser in a world of crappy browsers.

There are so many usability problems. Why don't many dialogs remember their size and positions? Why can't I answer Yes/No dialogs with the keyboard, but have to reach for my mouse? Think of the effort adding an extra & to markers...

Too bad OS developers are too cool for fixing small things like this. That's the problem. When there are so many developers, everyone thinks someone else will get around to doing it. Plus nobody can force you to fix things if you don't feel like it.

Until these and many other problems are solved, the average user isn't going to care about security flaws. If they did IE wouldn't have 90% of the market, would they?

bugzilla link

[J.+Random+Software]

I'm guessing it's bug 182500 (or at least the bugs referred to there). Something about document.write() dropping leading characters.

IMHO documents that completely rely on ECMAScript are inherently broken anyway.

Re:bugzilla link

[Querty]

"IMHO documents that completely rely on ECMAScript are inherently broken anyway."

IMHO you are right, but:

What happens when you provide an alternative navigation if the browser doesn't support or use ECMAScript?

That's right, your code is fooled into using the DHTML version because everything seems just hunky dorey. It's really hard to test every step of the way if you're not producing some ECMAScript error.

Re:bugzilla link

[J.+Random+Software]

I'd argue that thinking the script version probably worked isn't a good enough reason to make the reliable version unavailable.

Talk about spin and hyposcrisy.

The world in an OSS zealot's View:

IE bugs: "What a crappy browser!"

Mozilla bugs: "This is proof Mozilla rules!"

Re:Talk about spin and hyposcrisy.

[fucksl4shd0t]

Speaking as an OSS zealot myself, I have to agree with the basic logic of your statement. It would be better for us, I think, if we just handled the bugs better than MS (not hard, just fix 'em quickly and move on) and demonstrated our superior capabilities constructively, rather than generating FUD that would make MS' collective dick hard.

Re:Talk about spin and hyposcrisy.

[IamNotWitchboy]

it's not really the presence or absence of bugs in the software. We all know that every softwarehas bugs.

it's rather the way these bugs are treated and fixed. With a MS product, some bugs are not acknowledged until they have a fix, sometime months after the first discovery.

with an open source model, bugs are public and are generally much quicker to be patched.

Re:Talk about spin and hyposcrisy.

[nagora]

It would be better for us, I think, if we just handled the bugs better than MS

Pulling the release is handling the bugs better than MS!

TWW

Re:Talk about spin and hyposcrisy.

[Swaffs]

Talk about narrowminded posting. Spoken like a true AC.

The "crappy browser" comments and the "Mozilla rules" comments are both very appropriate.

The reason is that this Mozilla bug, one that is not a vulnerability, crash or dataloss bug, but merely a rendering bug, made the front page of Slashdot.

Any IE bug short of a root hole simply isn't news, and won't make the front page of Slashdot. I've never even heard of a crash bug, nevermind a rendering bug, on Slashdot. And that's not because they don't exist, as anyone who's visited a site using valid CSS would know, but its simply because its not news, its par for the course.

So now what does that tell you about each browser? IE has had more vulnerabilities than Mozilla has had major rendering bugs recently. Don't even bother trying to compare the number of bugs of equal severity in each browser.

And of course, the original poster wasn't commenting on which browser was better, but that Mozilla's people are better, given the reaction they had to a minor bug as opposed to what would occur (nothing) if such a bug were found in IE.

Re:Talk about spin and hyposcrisy.

[blair1q]

Bull.

I've submitted one bug to Mozilla, and had to change the submission three times and recategorize the bug twice just to get those lamers to put it where it now sits, ignored, in a queue of bugs.

I have no faith that it will ever be fixed (it's been about 6 months, and I still get mail like "if you want this bug fixed you should put it in the right category").

Mozilla is an immature product being produced by puerile people. Its features are weak and its reliability is low. As much as I despise Microsoft, it has produced the best browser ever since AOL took over Netscape. Mozilla itself isn't even close. Phoenix was better than Mozilla, but still not as good as MSIE. Netscape, especially the execrable java versions, is unrunnable at modern network speeds.

Mozilla is no proof that the open source development model is superior to corporate engineering. Perfectly the opposite. Given the weaknesses of IE, Mozilla should by now be kicking its ass. It doesn't. The reason is the fractious, undirected, and weak talents of the developers and the model they work under. QED.

--Blair

Re:Oh, the OSS zealots would say this is a "featur

[eloki]

They would never admit this was a bug.

Sure it is.

If this were an IE bug, you'd never hear the end of it.

It's bad that this bug wasn't caught before the release - you'd think someone would have tried out a few DHTML sites, though I don't know the details. But at least it's not a security flaw, which we can be thankful for. That's what the last couple of IE bugs have been.

but HOW?

[FuegoFuerte]

What I'd like to know (and this is NOT meant as a flame any way, I love mozilla), is HOW exactly do big bugs like this get into final releases? I mean, the 1.2 release was more than a month behind what was scheduled on the roadmap, and yet it still ends up with this in it? Is it just the number of people who don't bother with nightlies or reporting bugs? I would think there would be enough people using the nightlies to find fairly significant bugs like this. Perhaps the fine mozilla people need to add a "gamma" release after "alpha" and "beta" but before "final"? Have the gamma and final be seperated by one week, and ONLY incorporate bugfixes which don't affect major parts of the code? I don't quite know what the answer is, but it seems something should be done. All in all though, great browser.

Re:but HOW?

[Mike+Schiraldi]

Mozilla is an experimental browser. It's not even meant for end users -- that's right, the intent is that end user browsers (Netscape, Galeon, etc) will be built from Mozilla.

It's got bugs. If you want to sacrifice new features in exchange for fewer bugs, download the latest Mozilla 1.0.x release.

Re:but HOW?

[caillon]

Long story short, a patch got checked in on the trunk before we branched, it caused problems, we noticed it and asked that it got backed out on both the trunk and the 1.2 branch. It got backed out OK on the trunk, but somehow it didn't get fully backed out on the branch...

From the bug: "It looks like the 1.2-branch backout was done incorrectly. The 9 was not changed to an 8."

Re:but HOW?

[caillon]

No. The patch was a 1 liner. patch -R would have either reverted it completely or not at all. I would imagine that the file in question was hand edited. The eHTMLTag_userdefined portion was removed but the 9 was not changed back to an 8.

FWIW, the patch was:

RCS file: /cvsroot/mozilla/htmlparser/src/nsElementTable.cpp ,v
retrieving revision 3.140
diff -r3.140 nsElementTable.cpp
102c102
< TagList gHeadKids={8,{eHTMLTag_base,eHTMLTag_bgsound,eHTML Tag_link,eHTMLTag_meta,eHTMLTag_script,eHTMLTag_st yle,eHTMLTag_title,eHTMLTag_noembed}};
---
> TagList gHeadKids={9,{eHTMLTag_base,eHTMLTag_bgsound,eHTML Tag_link,eHTMLTag_meta,eHTMLTag_script,eHTMLTag_st yle,eHTMLTag_title,eHTMLTag_noembed,eHTMLTag_userd efined}};

Re:but HOW?

[DrXym]

Bugs like this get into final releases, because Mozilla releases are branched straight off the trunk and while they are reasonably tested, they do not receive anything like the amount of testing that a stable Netscape release gets. In other words, from time to time, a milestone release is going to contain a bug that might have been caught with more time and QA. Presumably in this case, Mozilla 1.3 is far enough away and the regression serious enough that they decided to pull 1.2 and release a fixed version.

Therefore the choice as always is use Mozilla if you want new features but run the risk of more bugs, or Netscape if you want ultra stable but with commercial stuff added. Of course the more eyeballs testing betas and nightlies, the more likely bugs like this won't happen in future.

Re:but HOW?

[tshak]

What I'd like to know (and this is NOT meant as a flame any way, I love mozilla), is HOW exactly do big bugs like this get into final releases?

Because you see with OSS there's way more eyeballs looking at the code.... oh, nevermind.

Re:but HOW?

[Lucas+Membrane]

Why in the world is there a constant 8 or 9 in the code? We knew back in 1975 that this was evil. The only constants allowed in production code were zero, one, two, and one-half. All other constants were considered obscure by nature and had to be given explanatory names, eg NumberOfBitsPerByte, NumberOfPlayersInABaseballLineup. How can a big project not be fubarted with this kind of coding? Is this project written by young guys with enormous mental capacity who rely on their ability to remember the arcana of code values without fail? If so, expect problems later.

Re:but HOW?

[treat]

Maybe because it's the number of items in the array that's the only other member of the TagList, and defining a constant for this would be pretty senseless?

This sounds like a problem that would never have occurred if this software were written in Java.

(Of course, imagine the pain if Mozilla were 10 time slower)

Re:but HOW?

[kscguru]

And honestly, this "experimental" browser does better than anything else I've used (for Windows, for free...). Tabbed browsing, stability, better popup control, with quicklaunch it sometimes loads FASTER than IE, and I actually trust the security...

Been happily using Mozilla since 0.9.7, now on 1.1. I'll gladly send TalkBack reports or whatever else back just because this browser WORKS. I'd happily beta-test, but I need a working browser for school and can't afford to deal with serious bugs or spend time installing/reverting.

I'll use whatever browser works best for me. And right now the best is this "experimental, under development" browser. Kudos to the Mozilla team - this browser is a masterpiece.

Re:but HOW?

[Lucas+Membrane]

it's the number of items in the array that's the only other member of the TagList, and defining a constant for this would be pretty senseless.

Senseless? Preventing a serious bug in released code is senseless? Actually, you are probably right about 'senseless', but it is only senseless in the context, and the context that the programmers created is not propitious for rock-solid code

Any acerbic advocate of any favorite advanced programming language, no doubt even the programming language actually used to create this bug, could write a long and vitriolic article about how this bug should not and probably would not occur if the programmers had used the standards of good practice normally practiced with the favorite advanced language or enforced by its typical compiler.

It is something of a hint that the Mozilla code is not up to industrial strength when this occurs to showstop a release. Of course, I'm not saying that any of the competitors do any better, but if you want to do better, you have to do it better.

Re:but HOW?

[jonadab]

> why is it available to the public at large then

For testing purposes. Testing is highly parallelisable.

> and used as a main browser by so many subscribers to this site

Because this parallelised-testing model, with everyone having nearly
complete access to the bug database, has been so effective that
bleeding-edge nightly releases of Mozilla these days are usually
more stable than the final/gamma end-user releases of most other
browsers.

Try Netscape for a while: you'll find that most of the bugs are in
the commercial extensions (AIM and such); the open-source parts that
were tested in Mozilla first are more solid. This isn't because
more bugs were _introduced_ in the commercial extensions (plenty
of bugs were introduced in the open code too), but because there
were fewer testers, so fewer of the bugs were found and fixed.

Mozilla 1.0.1 is the most rock-solid browser I've ever seen. Yes,
it _can_ be made to crash, but it happens far less often than in
other browsers and usually involves esoteric conditions such as
printing client-side-dynamic content (e.g., plugins or pages with
a lot of active scripting).

I was hoping 1.2 would surpass it in stability (1.1 did not), but
it looks like we're waiting for at least 1.2.1 for that.

Re:but HOW?

[sholden]

Maybe because it's the number of items in the array that's the only other member of the TagList, and defining a constant for this would be pretty senseless?

Computers are far better at counting things than people.

It is pure madness to not write the code so that the compiler knows the number of items in the array, and stores them away in a conveniant macro.

After all for a standard array it's as simple as

WhateverType array[] = {INIT_LIST};
#define array_SIZE sizeof(array)/sizeof(*array)

Of course if you need access to the length outside the compilation unit with the definition, then make it an extern const int instead of a macro, or if it's C++ make it a const int anyway...

Re:Big deal. IE4 does that too.

[trotski]

IT does? Coulda fooled me, maybe I'm an idiot (quite likely actually) but I just spent a while looking throught all of the IE options (I use win2k, I don't know which version of IE that would give me) and I wasn't able to find anything to turn pop ups off... tell you what, let me know how to do it, and perhaps I'll stop using mozilla. And no RTFM bullshit either, after all... I am lazy.

My 2 cents

[jchawk]

I use mozilla all the time, and I'd be more interested in them fixing the bug in mozilla that causes it close when doing searches on ebay.

I constantly have to open another browser, in order to use ebay.

Anyone else have this problem?

arrrrggghhhh

[vsync64]

This really isn't fair. From the end of my most recent log entry:

I'm extremely upset. 8 hours ago I downloaded Mozilla 1.2b for Win32 for Joie's parents' computer. It looks like they released 1.2 while I was downloading 1.2b. This isn't the first time a fresh download of mine has been obsoleted, but never this quickly.

So today I downloaded 1.2. This is quite upsetting.

Anyway, in order to save Bugzilla the crush, I'm pasting the bug report (#182500) here. It seems that the main issues are broken user-defined XML tags, broken document.write(), and checkins to the 1.2 branch missing in the release.

This is a meta-bug whose dependencies will be problems caused by the incorrect backout described in bug 167493 comment 21. Some of these bugs have been reported as Windows-only, but I've also been able to reproduce them on a gcc 3.2.1 Linux build with -O2.

------- Additional Comment #1 From David Baron 2002-11-28 07:38 -------
I've corrected the backout on the 1.2 branch (although I admit I only tested the change on the trunk, but I did the backout by backing out the backout with cvs up -j -j and then backing out the original checkin the same way). It remains to be seen what (if anything) we'll do with the 1.2 release.

------- Additional Comment #2 From Malcolm Rowe 2002-11-28 08:26 -------
We may have to do something with the 1.2 branch anyway. Some of the checkins to the 1.2 branch disappeared from the 1.2 release - see bug 182506.

------- Additional Comment #3 From David Baron 2002-11-28 09:07 -------
I think I've gone through all the Browser bugs filed between the 1.2 release and now (mostly by just skimming bug summaries), and added all the relevant dependencies. However, bug 182317 and bug 182433 are probably also dependencies of this bug, but I didn't add them since I'm not sure.

------- Additional Comment #4 From Phil Schwartau 2002-11-28 13:21 -------
Note I've added this bug as a dependency:

bug 182253, "document.write() eats initial characters in 1.2"

It explains why so many sites with DHTML menus are being hit by the current bug. The sites are using document.write() to create them -

------- Additional Comment #5 From Dawn Endico 2002-11-29 16:50 -------
I removed links to 1.2 from the releases page and the home page, and announced the release of 1.2.1 when we have a correct tag and new builds. Since this happened on a 4 day holiday weekend the new release may not happen till Monday.

------- Additional Comment #6 From Bryan 2002-11-29 17:28 -------
Hi,
Yes I did see it happen in that relase but somebody beated me to the punch. Are you giong to remove it form the ftp://ftp.mozilla.org/pub/mozilla/realses page or you going to keep it there for people to download and test this problem. IF you can e-mail me wiht that info that will be great I will like to see still on there for the people who want to take risks like me.

------- Additional Comment #7 From Asa Dotzler 2002-11-29 20:10 -------
We're not talking about a security exploit or even major dataloss here. I see no need to re-write history. The 1.2 release will stay where it is.

This bug is likely to see some traffic. I'm taking this oportunity to ask all of you folks that read about this bug at mozillazine or slashdot or wherever to not comment. Unless you're actually working on this problem your comments will only get in the way. Thanks.

[Emphasis mine.]

Someone please explain why...

[Blaede]

...when I do an image search on Google, I get less results when using Mozilla as opposed to using IE5 (using the same exact search terms)? I'm not trying to start something, just something I noticed and wondered if I had a setting wrong on Mozilla or something.

Re:Someone please explain why...

[DgMeat]

You have most likely the Google safesearch on. A search for "nude" (totally randomly chosen ) generated 13,500 hits with the safesearch on, 135,000 with safesearch off. Turn it on on http://www.google.com/preferences

Re:Someone please explain why...

[matthewp]

You've got 'safe search', which excludes 'unsuitable' results, enabled on IE and disabled on Mozilla. I believe Google sets a cookie, which explains why the same URL returns different results on each browser.

The 'Mozilla' URL you quoted explicitly turns 'safe search' off ('&safe=off'), so you get all the results when you paste it into IE.

Google offers a preferences page, which allows you to decide whether you want to use 'safe search' and various other options by default.

Re:Someone please explain why...

[Russellkhan]

Ahh, of course. I guess my prefs cookie for IE has run out in the time since I started using Mozilla as my default browser.

1.0.1 and 1.1 too good!

[oddityfds]

I think the basic problem is that 1.0.1 and 1.1 works so well that few people bothered to test the 1.2 alpha and beta. Hence serious bugs showing up in the release.

Re:1.0.1 and 1.1 too good!

[Querty]

That's actually not entirely true.

One of the websites I helped build is broken in 1.2 (just noticed it yesterday). This was working fine in 1.2b, as well as in a homebuilt CVS version somewhere in the cycle leading up to 1.2.

I think a "Release Candidate" should have been put out, which when tested for a while should have become 1.2 final without any further changes.

Re:1.0.1 and 1.1 too good!

[oddityfds]

One of the websites I helped build is broken in 1.2 (just noticed it yesterday). This was working fine in 1.2b, as well as in a homebuilt CVS version somewhere in the cycle leading up to 1.2.

I see... Mod parent up and mod parent.parent down.

I think a "Release Candidate" should have been put out, which when tested for a while should have become 1.2 final without any further changes.

If 1.2 had been called 1.2rc1 and had been released as 1.2, it would still have had this bug. :-)

Re:1.0.1 and 1.1 too good!

[Anonymous+Brave+Guy]

I'm not sure that's entirely true. My theory is that, for all the Moz team's usually excellent efforts, 1.2b was awful and they should have released a 1.2c (if only, as others have suggested, as a "release candidate"). I downloaded 1.2b myself, intending to test out some fixes in the XSLT stuff I'd been waiting for. Unfortunately, it failed to render even basic pages properly several times in a typical browsing session, and I uninstalled it and reverted to 1.1 within an hour.

Still more unfortunately, I didn't have any useful concrete information to send them, and even if I had, I don't have anything set-up to use Bugzilla. It would be really helpful if there were a "report bug" menu option in test releases of Moz that did all of that for you, rather than expecting Joe Average User to (a) know Bugzilla exists and (b) take the time to use it. Just MHO, of course. (If there is one and I've just never found it, someone please supply a link!)

Re:1.0.1 and 1.1 too good!

[Wakkow]

I think a "Release Candidate" should have been put out, which when tested for a while should have become 1.2 final without any further changes.

That's what the nightly builds are for.

Patching Mozilla 1.2 instead of full download?

[Anonymous+Bullard]

It's only a surface wound. Really, I'm alright, I just need a bandaid...

Re:Oh, the OSS zealots would say this is a "featur

[Spy+Hunter]

If this were an IE bug, you'd never hear the end of it.

No, if this were an IE bug, sites would have been designed around it in the first place and no one would ever notice except for the web designers.

So somebody found a bug shortly before release

[friday2k]

and in other news: this is what IBM, Microsoft, Lotus, Oracle, etc. etc. find through testing every day. They find some, they miss some. Somebody found one in Mozilla. Why is this news?

Re:So somebody found a bug shortly before release

[khuber]

This is news because it was severe enough to back out of the release.

It's like an automotive recall or toy choking hazard:
DHTML could explode and make you go blind if you keep using Mozilla 1.2. Several Tripod users and viewers of garish movie promo sites have already sustained serious mental frustration. We are working with local authorities to prevent riots.

-Kevin

Pardon?

[Shade,+The]

This was a pretty major(ish) bug (though not security related, like the majority of IE's) that they found in a major release. In short, the Mozilla crew, programming gurus though they may be, screwed up.

They don't make excuses. They've pulled the browser and are working on an update. Please don't make excuses for them.

Re:Pardon?

[Mnemia]

That page isn't too kind to Mozilla either; it increased Moz's memory usage from 26M to 100M using 1.2beta on Linux. But no crashes, and no real slowdown because I have more than enough memory for that.

Re:Pardon?

[marauder404]

My IE 6.0 on Windows XP grew by 21 MB while trying to process that page. It took a few seconds, but got it done. On Opera 7.0, it grew from 40 MB. It did get it done faster, but it took up twice as much memory. Maybe you're having problems, but with this silly example of a "simple page" and with non-universally reproducible results, I don't think you have a case. Besides, that page isn't even HTML compliant.

Re:Pardon?

[gotw]

Indeed, this bug means that it's impossible to moderate using win 9x and IE. (Let's see the smart arse replies to that one)

Great browser for half the Internet

[melonman]

proof that Mozilla is well on the way to becoming the world's best browser

The points about spin have already been covered, so can I ask how many banking sites you have tried to use recently?

Just spent half an hour trying (unsuccessfully) to persuade Mozilla not to reduce all the pages on a French government site to 4 point text (why would this be a feature for anyone unless your name is Stuart Little?).

Most of my regular customers have learned how to do ctrl-alt-esc just to kill zombie Mozilla windows. The Mozilla-on-remote-X bug is so longstanding that there is now a lobbying campaign to get it fixed...

So, yes, it's a great bit of software, but it would be more useful if it worked with more than half of the Internet, or if it worked over a network.

Re:Great browser for half the Internet

[melonman]

There is a particular issue with the flash plugin over X. I don't like flash, but since it is on so many sites now, often on the first page, the result of this bug is to make quite a lot of the Internet inaccessible.

Re:Great browser for half the Internet

[Blkdeath]

Just spent half an hour trying (unsuccessfully) to persuade Mozilla not to reduce all the pages on a French government site to 4 point text (why would this be a feature for anyone unless your name is Stuart Little?).

Mind sharing a URL? I've got a minimum font size of 13 configured (my eyes, well, suck. :/ ) and I haven't had many problems. ATI's site used to be horrendous in that regard (I swear they were using 2pt fonts!) but now the web is readable.

BTW - a lot of the sites that won't work with Mozilla are in such a state due to retarded webmasters who do browser-checks. For whatever reason, Sprint Canada has decided that "Netscape 7 is not supported", whereas Netscape Communicator is. Wait - scratch that. I seem to be able to browse their entire site using Phoenix and Mozilla 1.2. Ok, so they've fixed themselves.

If you don't like the fact that a site doesn't work in a standards-compliant browser like Mozilla, complain to the webmaster not Slashdot.

Re:Great browser for half the Internet

[melonman]

Mind sharing a URL?

I don't know... isn't that dangerous nowadays? Oh, OK, since it's you: www.interieur.gouv.fr. The page as is comes out minute, the 'printable' version is no better, but the text only one (which still has images, err...) seems to work OK. I had another one the other day where Mozilla printed it as light grey on white, and konqueror printed it with the side bars on top of the text.

Webmaster, not slashdot

Sure, but when people keep saying that Mozilla is the world's greatest browser, I think that the fact it doesn't work with a lot of sites (even if it is the webmasters' fault) is relevant.

Re:Great browser for half the Internet

[asa]

There is a particular issue with the flash plugin over X. I don't like flash, but since it is on so many sites now, often on the first page, the result of this bug is to make quite a lot of the Internet inaccessible.
Get the Flash 6 plugin. Macromedia has fixed the hang and crash over x-remote and not only that but the problem with it blocking or being blocked by an audio device has been fixed.

--Asa

Re:Great browser for half the Internet

[rabidcow]

Just spent half an hour trying (unsuccessfully) to persuade Mozilla not to reduce all the pages on a French government site to 4 point text (why would this be a feature for anyone unless your name is Stuart Little?).

Did you try the little box at the bottom of the fonts section of the preferences labelled "minimum font size"? I would, but you don't give any references, so you're not really helping at all.

Re:Great browser for half the Internet

[melonman]

The reference is here. I must admit I'm touched by all these offers of help: I only mentioned it to make a general point...

(Pause to look for little box)

Well, I set it to 10pt, and what I got is nearer 7pt, but it is a lot more readable than the last version, and it does fill up the page (the mini version was less than 4" across. Why?) Thanks for the various suggestions.

Re:Great browser for half the Internet

[WhiteKnight07]

Edit -> Prefrences -> Aperance -> Fonts -> Minimum Font Size

Should take care of the problem with that French site.

Re:Great browser for half the Internet

[melonman]

The problem was with printed output. The screen rendering is OK.

Re:Great browser for half the Internet

[melonman]

I'd be delighted to have my argument reduced to swiss cheese if it meant my customers could live with my choice of browser. I'm alraedy resigned to using W2K TS to offer clients a WP that doesn't randomly throw away half their CV, as has happened twice this week with Star Office .doc filters, but I really don't want to have to run IE as well :-(

As mentioned in several other postings, it wasn't the screen rendering but the printing that caused the problem, and setting the minimum font size to 10pt gets me 7pt or so text on paper, which is bizarre but quite acceptable.

Re:Great browser for half the Internet

[Swaffs]

I've only tried two banking sites recently with Mozilla, my credit union's and the one for my Mastercard, both of which have always worked fine with Mozilla. Maybe you need to find a bank that supports you.

Re:Great browser for half the Internet

[melonman]

I was useful for a time, now I'm a disposable commidity.

Yes, except that

1. My bank did work with Mozilla, and then one day they redid their system and it didn't any more, so for how long will the new bank site work for, and
2. That argument doesn't really wash with my walk-in customers, they are more likely to find another cybercafe than another bank

This perennial /. solution of 'take your business elsewhere' just isn't viable for a lot of people a lot of the time.

Re:Get MS Internet Explorer 6.0 SP1

[KewlPC]

Is it just me, or have there have been an awful lot of "Just switch to Windows so you can use Windows Update! It's so easy to upgrade!" and "Upgrading Windows is easy! You just have to download the latest service pack!" posts lately? Methinks Microsoft is planting people (again).

Nevermind that Mozilla took a whopping 3 minutes to install once I had downloaded it, and required nothing more from me than to make a new directory and unpack the tarball. I kept waiting for the part where it would be hard to install (all the Windows fanboys keep telling me installing anything on Linux is next to impossible), but it never came. Too bad about the DHTML bug, though.

Composer & scripting issues.

As Mozilla issues go, this has got to be one of the more annoying ones, but apparently nobody wants to actively work on it. "Composer" is actually not a bad WYSIWYG html editor at all - it has alot of potential. But as long as it strips / corrupts PHP and other scripting code, it will never be very useful to anyone doing anything beyond the most trivial of web pages.

The Mozilla-dev folks need to wake up and realize that just about any web designer these days is using some degree of scripting.. Composer needs to at the very least ignore (and not corrupt) scripting blocks. Composer is quite an excellent html editor generally, but as long as it continues to act brain-damaged in regards to any unknown blocks it encounters, it is not going to be truly useful for anybody other than your Great Aunt Emma working on her Geocities homepage.

Right now, if you need PHP and still want to do your page design in Composer, you have only two options: (1) Every time you tweak the page in Composer, insert all your PHP by hand, or (2) Put your own "#PHPBlock1" tags in the html and have a script replace it with the neccessary PHP code later. Having to do either is annoying. Composer simply shouldn't mangle PHP blocks at all.

I'm pretty sure there's another outstanding bug regarding the fact that Composer cannot save 'fragments' - if you're merely designing a table or template to be generated via PHP, there is no way to have Mozilla save it as a fragment, without header tags etc. A bit of a nitpick, but really, how much effort would it take to code in a "Save as fragment" option?

Mozilla is quite an impressive accomplishment for open source, I really do think Mozilla smokes IE hands down these days.. but these Composer bugs should have been fixed long ago - not enough people care about this aspect of Mozilla. A little bit of work here could go a long ways towards undercutting commercial HTML editors in a big way.

Re:Composer & scripting issues.

[Reziac]

Better yet, dig up the source for old AOLpress (still my HTML editor of choice) and update it to include current stuff. It knows enough to ignore elements it doesn't recognise, such as scripting or newer HTML structures.

Re:Composer & scripting issues.

[DrXym]

You're not listening. The Mozilla editor chews up the original HTML and parses it into a DOM and then spits out the DOM reconstituted as text. PHP markup is invalid content and will be parsed out. Any PHP designer worth their salt would stick with an HTML text editor that did not do this. A proper editor for professional server side content might do stuff such as highlighting or folding, but the text you type is the text that is saved. It would never run it through a DOM parser except for validation purposes.

The editor, XML/HTML parser and HTML/XML to text converters would all have to be radically reworked to support nonstandard markup.

Perhaps you would be better served by asking the PHP people to produce XML compliant markup because I don't see this bug being fixed any time soon, if ever. If you really want to see it fixed, then tag the bug helpwanted, or better yet supply a patch yourself.

Mozilla 1.2 - The Release that Shouldn't Have Been

[cedars]

To follow links in this message you will need to copy and then paste them in the HTML bar since Bugzilla won't let /.ers through directly.

Usually I'm delighted to hear when Mozilla releases a new browser as, up until recently, Mozilla was my browser of choice. But when I heard about the Mozilla 1.2 release I was just disappointed.

The Mozilla team had been alerted to major bugs which only recently appeared in the browser like this one and some of these (the latter link also has the comment in which a few poeple suggest Mozilla 1.2 should be unreleased) and yet still the team proceeded with this release. I'm not pretending that it's everyone's experience, but certainly as far as my own experience, Mozilla 1.2 is the first Mozilla browser to step further backwards than forwards - and I know I'm not the only one who thinks that. IMHO, it's a shame that such a great browser which was really beginning to show its potential had to make such a disappointing release. And for all that, I have to wonder what were the critical changes that led to all the aforementioned bugs (the implementation of type ahead searching!?!).

It's too late for me, I've stopped using Mozilla on my Mac (still using the Gecko-based Chimera though) and have halted upgrades of it on my PC, so I guess all there is to say is better luck next time and hopefully we'll be fortunate enough to never see a release as bad as this one ever again.

Re:Mozilla bugs

[21mhz]

Maybe, this is the time for you to stop posting again and again about Microsoft ads on Slashdot? It was funny only for the first time. I'm tired of trolls like you in pursuit of easy karma. My moderation will be appropriate, whether you have seen the fucking ad or not.

Regression Tests

[Carnage4Life]

Any professional software development project has regression test suites that are meant to ensure that thinks like patches or checkins do not break previously working functionality. It's one thing for a patch to break some esoteric edge case such as your go to "help: about", then "edit: cut", then "edit: paste" file saves won't work and another for a core scenario to stop working. The former is something that is too expensive to test for and probably will be missed while the latter is something that should be caught.

However, without more details as to what kinds of DHTML is broken by Mozilla one cannot tell if this is an obvious scenario that should have been regression tested (does

window.open()

work?) or an edge case.

https/cookie problems

[hughk]

Mozilla's most serious bug is a show stopper for eCommerce and that is it sometimes refuses to allow access to cookies under https.

An important reason to use Mozilla is security. An important concern for anyone trying eCommerce on the web is security. eCommerce web sites often use cookies and they should use https.

The bug is reported in Bugzilla but it appears that some people can circumvent this with script preferences. Regrettably I can't. See also the slashdot thread from the original 1.2 announcement here.

I have kept my 1.1 installation under Linux and still have IE under Win 2K.

Re:https/cookie problems

[jon787]

Its common to use javascript to detect if cookies are enabled. If you disable the ability of javascript to do cookies it can falsely report that they are disabled. Luckily most sites don't really use javascript to read/write cookies, they only use it to check if they are enabled.

Re:https/cookie problems

[hughk]

Regrettably in this case, access by scripts is enabled (as recommended), but it still doesn't work.

SP1?

[famazza]

Maybe they should start releasing SPs!

Why this bug is considered "serious"

[caillon]

I'm surprised that: A) this is considered a serious bug--who actually uses DHTML? and B) they're "recalling" the release, as it were. Tainted Mozilla meat.

Is it not enough reason that this is a bug? We should stop release for all bugs! But seriously....

A big reason is that DHTML is pretty much just a way of saying the W3C DOM and a few DOM Level 0 (no spec) APIs. This bug effectively cripples our standards support and I would definitely call that serious.

On top of that, with every release, there is a chance that some embeddor will want to base their product off of it. Embeddors generally like DHTML, and this would be a show stopper for them.

OSS Bug Jumping vs Commercial

It's really sad to see advocates of Windows/Microsoft jumping on every bug in OSS. Surely, we [OSS developers, users, lovers] criticize the downsides of commercial, closed-source software - but we don't go party, if there is a bug announced and say "ha ha, you aren't any better than we".
Surely we are all human and we make mistakes - commercial programmers do and those who do it in their spare time. I don't like closed-source either, but that is, because I can't go edit the source if theres something strange going on and maybe aid the developer hunting that down.

OSS is about something totally different, that is, _contribution_, fun and a good feeling to help others.
Most of us aren't elitists who cry "foul", when someone is actually using Windows, be it to play a game or use Excel (imho the only good programm of MS). But we don't hesitate to explain users when they are expiriencing the typical down-sides how this would be totally different with Linux/....

I have contributed to mplayer (that DVD-key-caching-patch) and it's a wonderful feeling to know that you made the life of other users as well better and easier. A friend of mine did the "devfs" support - and it's a great feeling knowing all you around the world enjoy this.

Re:OSS Bug Jumping vs Commercial

[Izeickl]

"It's really sad to see advocates of Windows/Microsoft jumping on every bug in OSS. Surely, we [OSS developers, users, lovers] criticize the downsides of commercial, closed-source software - but we don't go party, if there is a bug announced and say "ha ha, you aren't any better than we"."

Erm, is there another Slashdot site out there I dont know about?? I dont feel the need to post links to prove my point, one just has to go through Slashdot archives to prove otherwise to your argument.

Re:OSS Bug Jumping vs Commercial

[Alomex]

but we don't go party, if there is a bug announced and say "ha ha, you aren't any better than we".

Hello? For years when IE was still in its infancy, every bug was celebrated and shown as "proof of incompetency" on Microsoft's part.

Even now every time a severe bug is found in Microsoft /.ers celebrate like a bunch of immature teenagers, fogetting that OSS is not going to succeed because how bad the competition is, but because how good a given OSS is.

Troll much?

[NineNine]

this is considered a serious bug--who actually uses DHTML?

I'll give your troll a C. I'm sorry, but this is just too ridiculous to even be considered close to anything resembling intelligent thought. If you're going to troll, try to at least use some fact next time. But, the effort was there (more than a one line troll), which is why you didn't fail altogether. Work on your trolls and please try again.

Re:Oh, the OSS zealots would say this is a "featur

[NineNine]

Call me nuts, but I'd rather have an actual working product that *may* have a security bug that happens if you happen to go to one of three web pages on the entire Net. DHTML working is very, very basic. No, actually, in this day and age, DHTML is essential. That's like releasing Apache and saying "ooops, sorry, serving web pages through port 80 isn't working. Minor bug. We'll re-release." You can't have a security problem until you at least have a working product.

Re:Oh, the OSS zealots would say this is a "featur

[rseuhs]

Well if it were a minor bug, they wouldn't have pulled the release.

But I was using Moz1.2 since release without noticing any problems, so it's not the end of the world.

You can't have a security problem until you at least have a working product.

Moz1.0 and Moz1.1 are working products and they work great.

If you have such a thin skin about bugs, don't adopt early, use Moz1.1 for the next weeks until you go to Moz1.2. It's tested, stable and much more secure than any version of IE, what is your problem?

Re:Idea

[melonman]

Oh wait! That's Opera.

As I've mentioned elsewhere, I really like Opera, especially when I look at my server memory usage. I just wish it didn't have such a freaky interface. Most of my customers won't touch it.

Re:Oh, the OSS zealots would say this is a "featur

[NineNine]

My problem in the parent post said, "well, at least it's not a security bug", as if security is more important than basic functionality. That's like saying, "Our computer product is *very* secure. It in no way, shape or form connects to any other electronic device of any kind." It's pretty silly.

Re:Mozilla 1.2 - The Release that Shouldn't Have B

[caillon]

"The Mozilla team had been alerted to major bugs which only recently appeared in the browser"

Sorry. Just because you filed a bug and posted a comment on another does not mean the Mozilla team was alerted. If there is a showstopper bug, filing it in Bugzilla does not guarantee it will get noticed if everyone is busy with final preparations for a release, and trying to get ready for the impending alpha. Don't forget that the people involved with Mozilla get tons of email from bugs, review requests, etc. as well as have real lives in which they eat turkey and go Christmas shopping. Bugs sometimes slip through the cracks. Hop on to IRC next time and make sure that one of the drivers, or even a developer or QA person knows about your bug if you think it is an absolute showstopper.

It definitely sucks that this bug was in a release. But things happen. Hopefully it won't again.

Mozilla as AOL/TW corporate initiative...?

[nazgul000]

Caveat: I use Mozilla as my primary browser. That said, I'd like to make this observation:

It seems to me that we spend a lot of time on Slashdot talking about Mozilla as a premiere project of the open source community. However, my impression is that Mozilla is largely still an internal project of Netscape (and by extension of AOL Time Warner). This impression is based on, among other things, the very large number of @netscape.com email addresses that pervade Bugzilla, the mozilla.org web site, etc. I can't believe that Netscape's engineers restrict themselves to working solely on their release branch of the Mozilla codebase during working hours.

I don't think it at all diminishes the magnitude of the Mozilla project's achievement to say that it has made progress largely under the aegis of AOL/TW. But we should at least be honest that Mozilla is furthering the agenda of a very large corporation that is just as rapacious and profit-motivated as Microsoft.

Anyone have any hard data about the investment that AOL has made in Mozilla development?

Re:Mozilla as AOL/TW corporate initiative...?

[caillon]

Without a doubt, Netscape has been the largest single contributor to the Mozilla project. Of course, they want to see Mozilla (and their Netscape branded derivative in particular) succeed. But Netscape does not control the project. Sure, they have their influences with what their developers work on, but there's nothing wrong with that. Outside contributors have their influence of what they work on too.

You said "Mozilla is furthering the agenda of a very large corporation" which I would agree with. Mozilla furthers the agenda of several other companies as well: OEone, ActiveState, IBM, etc... But Mozilla could not do that alone. If Mozilla has played a part in furthering Netscape's agenda, Netscape has played an even bigger part in furthering Mozilla's agenda. The staff and drivers of mozilla.org try hard to ensure that happens.

This may not be the best example (there are many others that would suit better) but I was reading bug 7 0 7 4 6 at the time, and figured I would post a few comments from it:

------- Additional Comment #13 From Blake Ross 2001-03-20 14:35 -------

By the way, having sat on these changes for over two weeks (and enduring
multiple merge conflicts), I'm not particularly interested in waiting until
someone finds the time to fix the other commercial cases. These changes are
going to break Alphanumerica and MozDev products also, as well as potentially
any other xul-based app out there, and while I'm certainly willing to help,
they're not waiting until every commercial vendor's branch is ready (such is
pre-1.0 development).

------- Additional Comment #17 From David Hyatt 2001-03-20 16:21 -------

Blake, I feel your pain, but I work for Netscape, and therefore can't approve a
patch that will bust up the commercial tree.

Are there any volunteers to convert the rest of commercial (outside of AIM)? I
would do it myself, but this kind of bug just kills my hands.

------- Additional Comment #18 From Mike Shaver 2001-03-20 17:05 -------

Hyatt: acting as module owner, you certainly _can_ permit a change that will
break a closed source base, especially after the developer (Blake) has gone to
such reasonable lengths to get someone to fix said closed source base. There
are lots of other source trees, as Blake points out, that will break because of
this (in the short term), and he's offered to help with the ones whose authors
are not actively preventing them from providing such assistance (as is
Netscape/AOL, in this case). We held off until 0.8.1 to minimize the pain of
this checkin, and the time has come to bear what pain remains.

If you don't feel that your employer will let you fulfill your
Mozilla-module-owner responsibilities, please let us know, because that's the
kind of problem that we have to solve quickly.

------- Additional Comment #19 From Brendan Eich 2001-03-20 17:42 -------

Module owners whose employers pay them to keep commercial add-ons working along
with their Mozilla modules have to wear two hats: one for their employer, one
for Mozilla. If there's a conflict, Mozilla wins, or we need a new module owner
(at least _pro tem_). Life's rough. Let's get these changes landed.

It sounds like all but Mac builds have been tested in any case. True?

/be

Re:Mozilla as AOL/TW corporate initiative...?

[G00F]

Netscape as other free software they control, is a wild they have against MS. Netscape being one of the biggest.

Re:Mozilla as AOL/TW corporate initiative...?

[cobar]

While a considerable bit of the Mozilla effort is directed by Netscape (which operates as its own department for the most part), part of the reason for that is that many of the biggest contributors from outside Netscape were hired to work as full-time contributors. That's probably a good thing in the long run since those people will have more time to code and get to take advantage of the AOL's resources. Quite a few of them work afterhours on Mozilla, for which I doubt they are paid. And really there's only 1 real branch of Mozilla - the development version eventually stabilizes into a release, and the Netscape commercial release is not significantly divergent from the Mozilla release it is based on.

Mozilla is easily the most complex open source application bar none. That discourages casual contributors from getting into the core code without a significant time investment. Additionally, it wasn't until Mozilla 0.81 or so that Mozilla started becoming really useable, thereby making it a more interesting target for contributors. There are definitely barriers to outsider participation, but they do get overcome by persistent enough people. The same situation exists with Open Office, where the an even larger majority of code comes from Sun, however they've stated that the community is invaluable in providing QA and bug reports.

As for AOL's agenda, what does it matter. Thus far, they've supported Mozilla's goal of making the web standards compliant and provided an excellent browser. If they ever deviate from that plan, the code is there for interested parties to work with. I doubt that the community could provide anywhere near the kind of manpower commitment that AOL has funded for the last 5 years. Be thankful that their goals jive with the geek populations'.

Re:Mozilla 1.2 - The Release that Shouldn't Have B

[joyoflinux]

Mozilla 1.2 is not the stable branch. Use the 1.0 or even 1.1 if you want more stability.

Way to go Mozilla team!

[Lokist]

We've discovered a bug in Mozilla 1.2 that can cause DHTML on some sites to fail. We plan to release Mozilla 1.2.1 with a fix shortly
This is what I like to see! This is why Open Source is a very good thing... They discovered there was a bug.... They officially announced that they will be releasing a patch soon... If I can make an educated guess I probably would say a patch would be out by Monday or Tuesday...

The point I am trying to make...Companies or groups of developers that are not obsessed on how much money they make with there code are more likely to take pride in what they do and patch exploits or bugs really quickly...

It has been proven hasn't it?

Re:lalaa

[Bunji+X]

Why would anyone want to use the "commercial suite", when the technology demo has more features and is more stable, in my experience?

Re:no matter

[spike+hay]

I have a problem with Moz on Win2k. I have been using 1.2b for quite a while. When 1.2 came out, I immediately switched to it. However, my chatzilla and news/mail and everything was non-functional. I reinstalled 1.2b, but to no avail.

The Internet is Mozilla's playing field.

[Lokist]

Just another quick comment...

Tell me what you would rather have... A company that hired its own Quality Assurance team and kept all bugs they found quiet...Or a mass audience from all over the world testing the software and reporting what they find?

With that being said... There really isn't any other way for the Mozilla team to let there mass audience "or shall we say...testers" know that they found a bug and that it will be patched soon?

And would you people stop comparing Mozilla to IE... IE has its own set of troubles... Let it fail on its own...

Re:The Internet is Mozilla's playing field.

[Misch]

There really isn't any other way for the Mozilla team to let there mass audience "or shall we say...testers" know that they found a bug and that it will be patched soon?

There is. We call it Bugzilla. Every time someone submits a comment on a bug I've submitted, I get an e-mail. This usually involves either someone elaborating on my submitted bug, or marking it a duplicate (it happens!), or discussion from the Mozilla development team on the bug, or even just a re-assignment of the person responsible for the bug.

FUD

[bogie]

"Most of my regular customers have learned how to do ctrl-alt-esc just to kill zombie Mozilla windows."

Haven't had those problems since the M release days.

"So, yes, it's a great bit of software, but it would be more useful if it worked with more than half of the Internet"

Oh so it doesn't work on HALF of the Internet? Umm Ok. Funny for me it work on the vast majority of the Internet. In fact only sites that have any problems are sites that refuse to code to standards. Of course if the webmasters there don't respond to my email to fix there site then screw em, I'll take my business elsewhere thank you. These are the same banks that will no doubt embrace Palladium with glee.

I've switched to Phoenix full time on both windows and linux and while only a moron says things are perfect, I say things are pretty dam good and I'm very happy with my browsing experience.

In fact since you "claim" to be a linux user what exactly do you use on linux since Mozilla is such crap?

But then again half of your posts are defending Microsoft against us irrational Linux users. I could see now and then pointing out some linux zealots, but really looking at your posts the majority of recent ones ALL defend Microsoft. So how do you explain that? Most linux and opensource users are slightly less militant then the /. ones, but even they don't constantly go out of their way to defend MS which you seem to do. Is there something you want to confess?

There are a lot more bugs than that

[Sivar]

I use Mozilla in Windows 2000 and Gentoo Linux. I haven't had any major problems with the Linux release (though the announced DHTML bug is in both), but the Windows release has been buggy as hell. This in contrast to 1.1 which was only somewhat buggy.

- It forgets the previous pages visited every so often,

- Every 10th or so time I visit a page, it announces "The entry point @113WINAPAITSP@@% was not found in [some DLL file]",

- It randomely decides to ignore the mouse wheel, the keyboard, or the mouse altogether, but recovers if I switch to another window and use that device,

- It places some banner ads in the middle of a page. For example, on the StorageReview.com, the bottom banner is often smack dab in the middle of the last message in any given forum thread,

- It reports all downloaded images, be they 200 bytes or 5MB, as "1K" in the download manager,

- It decides that some files are text files, whether they are or not, and insists on displaying them in the browser rather than downloading them. RAR archives and PNG images do not look good in a web browser window. This bug has been present in many versions and is ignored Bugzilla, with claims that it is the website telling Mozilla what MIME type the file is. Well, whatever, IE seems to be able to figure the files out just fine.

Bitch, bitch, moan, moan. The Mozilla team is still doing an excellent job making the world's most powerful browser suite. I do, however, hope they run releases through a bit more QA before the next release.

Re:There are a lot more bugs than that

[spacefrog]

Well, whatever, IE seems to be able to figure the files out just fine.

That is because IE is intentionally broken since a lot of web servers are not configured correctly.

Try outputing an XML MIME type in your HTTP headers and watch IE totally ignore it if the file extension is not .XML, IE will treat it like HTML. I run into this all the time and can demo it all day long....

Re:There are a lot more bugs than that

[Sivar]

Regardless, usually the IE method works out. Try downloading the Linux version of DivX from Divx.com, for example. They apparently have something misconfigured. Good luck. :)

That's not just an IE bug.

[Reziac]

[looking] That's not an IE bug per se. I *think* that's yet another manifestation of a core Mosaic bug, which is in ALL versions of Netscape AND IExplorer (ie. anything based on Mosaic code), but manifests more or less depending on the exact version, and the OS under it. (Mozilla sometimes exhibits the same bug, which makes me suspect it uses the same core Mosaic code.) IE5.5 or 6.0 on Win9* is one of the more-affected combinations, along with NS3.04 (on Win16 or Win32) and NS4.6x.

The Bug: Certain elements, when displayed *inside table cells*, cause a resource leak. Tons of links that display *a lot of text as part of the link* are the most common culprit, but flash *placeholders* and sometimes dropdown boxes also do it.

That's why with very long comment pages, sometimes you'll find you can't moderate -- the dropdown boxes are the final straw.

Win9* with an IE version *prior* to IE5.5 will usually recover resources once you leave the triggering page, but IE5.5 and later cripple resource recovery, exacerbating the problem.

I've been tracking this bug for about 5 years now. In my observation, its various manifestations cause nearly all resource leaks while running NS or IE, thus cause most consequent crashes. Often it seems "fixed" for one minor browser version, but returns in the next update. (Good reason to keep your old browser version around when you upgrade.)

Do yourself a favour: run Resource Meter (windows\RSRCMTR.EXE, if you installed it) in your systray, and when it goes yellow, back out of whatever page you're on (and try it with another browser, which might not manifest the bug). It'll save you a lot of annoyance.

Re:That's not just an IE bug.

[jesup]

You may be referring to bug 39573, which is about pages with a large number of drop-down (or other) widgets. This isn't due to legacy Mosaic code per se. The problem with recent IE's may be due to code that's meant to give fast "Back" and "Forward" speed by keeping recent pages around in laid-out form - which means a lot of memory and (OS) widgets. Spyglass (which IE2 was based on) had such features.

The problem in Mozilla is based on the number of widgets that need to be created. A solution (which requires a fair bit of coding - care to help?) is to instantiate popups and the like lazily. Another thing that would help with responsiveness would be to have a more-interruptable reflow.

If you're really interested, get involved. http://www.mozilla.org/

Users are Idiots

[JanusFury]

In my experience, as well, a few developers on the Moz project have gotten the idea that all users are idiots.

Just this bug in particular (I'm sure there are more similar ones, but I participated in that one way back when before I quit using Moz), shows how the team has gotten the idea that users are idiots and do not deserve the ability to customize simple aspects of their browser. It seems that bugs take the back burner when the dev team has to choose between fixing bugs and adding kewl new features. :(

Build error (was Re:1.0.1 and 1.1 too good!)

[isdnip]

A release candidate is a place to look for the last few critical bugs, no? In this case, the bugs that were going to be squashed were squashed, and everything was ready to go. They just had to do a final build and let it go.

But oops, the build process went awry, and the binaries were built against the wrong sources. So the RC process wouldn't have worked, because it would have put fixes into the tree, which would have been ignored in the erroneous build.

BTW, 1.1 was very unstable for me under Linux, while 1.2 (as released) is rock solid.

The real cause of the DHTML bug

[jesup]

The DHTML bug was caused by an 1-character-incorrect backout of a patch that I did in too much of a hurry (removed the entry from the list, but didn't adjust the count). Mea Culpa. This happened 2 weeks before 1.2 final, but most testers were working on 1.3 by that time, and the ones that weren't didn't visit the type of DHTML that causes the problem (most DHTML doesn't have the problem). There was a separate problem where the wrong files were tagged (some recent fixes weren't included).

We're fixing these and will have an updated build up soon. How long would Microsoft take to fix this sort of problem?... (Let alone tell you why the problem happened.)

Re:Oh, the OSS zealots would say this is a "featur

[jonadab]

> Call me nuts, but I'd rather have an actual working product

It is an actual working product; has been since... well, for
some time now. Sure, it's buggy, but all software is buggy.
If anything, Mozilla is less buggy than the average browser.

> DHTML working is very, very basic.

DHTML is not quite so basic as you imply, but even if it were, DHTML
is basically working. There's just a bug in it that causes a few
sites to fail. FWIW, I've been using the buggy release since some
time yesterday and haven't managed to find a site where I can
reproduce the bug yet. Sure, I'll upgrade to 1.2.1 when it comes
out, and meanwhile if I happen to run into a DHTML site that's
broken, that I need to access, I can change my symlink back to
the previous release temporarily (though, unfortunately, that would
mean exiting my browser and restarting it, which means finishing
with all the tabs I currently have open, which would be something
of a pain).

> You can't have a security problem until you at least have a
> working product.

Interesting. I'll have to keep that in mind next time I'm doing
any security checks; things that don't work right are immune to
security problems. I bet a lot of so-called security experts are
unaware of this axiom; perhaps you should write up a white paper.

Re:Oh, the OSS zealots would say this is a "featur

[jonadab]

> Tell me, did you roll out IE6 within two days of release? Nobody
> in their right mind rolls out a release before it's seen a few
> weeks of action in the wild.

Right. I tend to use myself as the guinea pig, testing stuff like
new releases on my own workstation before I deploy it for anybody
else. The only thing is, this doesn't catch OS-specific bugs, since
our network (at work) is heterogenous, and I only usually test under
one OS. If our network were larger, I'd probably test on multiple
OSes before deploying, but with the relatively small number of nodes
we have, it's not a huge problem.

This policy (testing on myself) also fails for stuff I never use,
that other people ask me to install, such as Real Player. (I have
yet to figure out what purpose that one serves... I have never
once visited a site that uses it, despite spending hours a day on
the web. When people say they use it all the time, I have to wonder
what kind of sites they're going to; must be something in which I
have absolutely no interest, whatever it is.)

Re:no matter

[spike+hay]

I've tried both already. :-(

Re:Oh, the OSS zealots would say this is a "featur

[jonadab]

> Well, the only thing is that the security flaws we've > seen in IE have been relatively minor.

Sure. Minor. A dozen lines of javascript on an untrusted site can do quite literally anything (within the permissions the user has, which tends to be pretty lax on NT), and it's minor.

Well, I guess it's a good thing there Aren't very many of these minor bugs.

Re:Mozilla 1.2 - The Release that Shouldn't Have B

[Kanasta]

That's the problem

It's too hard to get a problem noticed by someone who has the skills to fix it.

Say I have a problem with feature X because of my condition Y. Unless I can find a developer with the condition Y, it's going to be marked WONTFIX or for future release v5.0 or whatnot.

There's no sense of responsibility there, cuz they're not paid. And because they're not paid, with any criticism, users are treated like ungrateful bastards who should shut up.

Not even a paperclip

[driehuis]

Regardless, usually the IE method works out.

It sure does. It's the same misfeature that causes lookOut to show foo.bmp.pif as foo.bmp, and that causes Windoze to look inside the .pif to see that it is in fact a .exe. Which is precisely what the virus author intended.

This has been pointed out years before the actual viruses started to hit. This "intelligence" in the name of user friendliness is one of the bigger design flaws in Windoze.

The web server tells the browser what the content is supposed to be, and IE then cheerfully starts to to its own thing, with no override or even a warning. Not even a paperclip that tells the user that he is "correcting" the info.

Here's a hint if you want to download a URL as a bag of bytes with no interpretation: right click on it in Mozilla, select "Copy link location", type "wget " into a window and paste the URL.

An even better hint: tell the good folks at divx.com that their web server is misconfigured.

Re:Not even a paperclip

[Sivar]

IE's implementation may be flawed (imagine that), but it should not be difficult to read the first few bytes of a file to determine its type. It is easy to tell the difference between text files and, say, RAR files. Most media types have a header which can be used to determine the type within the first 20 bytes. For example, GIF images start with "GIF8xx" (xx is the version). PNG files begin with "xPNG" (where 'x' is 89h). .RAR files begin with "Rar!". It would not be difficult to examine the next few bytes for verification, and would not be difficult to keep a little database of known filetypes.
No, it should not be necessary, but neither should dialogs asking "are you sure you want to format this disk drive." People aren't perfect, webmasters are bound to make mistakes, the best that can be done is to make your program intelligent enough to realize when they are being made.
Displaying a RAR archive as text is not the proper response to RAR download, no matter what the webserver says.

Re: Ha.. no humor left on slashdot

[Jimithing+DMB]

Man.. back in the day the parent post would have been +5 funny. It's not a goatse.cx link, just a decent looking girl (being penetrated in an awfully strange position, but yes, it is porn after all). Besides, linking to CoolSweetGirls.com might be a tip-off that it is porn... just maybe

Please.... please... have a sense of humor once in a while.

The original comment follows (without the link, which originally went to an image on a porn site)

I actually tried and downloaded Mozilla 1.2.1 for Windows today. Having installed it on my computer, I tried going to some DHTML-based sites. However, I still keep getting the same error message as 1.2.0 :(

For example: this site won't work

Of course now the joke is completely ruined.. dickhead trolls and moderators