Firefox 1.0.1 Released

homeobocks writes "Firefox 1.0.1 has been officially released by the Mozilla Foundation, with some important security fixes. An announcement and release notes are available." Presumably this fixes the window injection vulnerabilities.

On this subject

[NoGuffCheck]

Have they released any info on new signups as a result of the Firefox 1.0 NY Times Advert?

Re:On this subject

[PeterPumpkin]

Not really, but it can be figured out from this nice chart.

The ad went out on December 16, 2004.

This is 37 days after the launch of Firefox. If you look to the downloads per day graph, there is a noticable increase afterward.

Re:On this subject

[MikeCapone]

www.spreadFirefox.com and Ada's blog at mozillazine.org have most of the information about Firefox's marketshare and marketing campaigns.

I just installed 1.0.1 and everything seems to be working... Except that they haven't fixed the slashdot rendering bug yet (well, to be fair it's probably slashdot's HTML's fault -- I don't know why they haven't switched to CSS yet. They'd save gigs of bandwidth).

Re:On this subject

[dotgain]

BTW the workaround for the rendering bug you encounter on /. is to increase the size of your text then decrease it again (Ctrl +, Ctrl -).

I dunno if it is a slashdot bug or not. It seems to me that if you can fix it with this workaround, then's it's a Mozilla bug (it does it there, too). Yes they definitely should use CSS, but since it's such an ugly site, it'll probably still look better in lynx.

Re:On this subject

[jrest]

Sorry, but I can't find such an increase. There is a small spike, but not really significant. Also, in the cumulative graph nothing major happens.
In fact, I come to the opposite conclusion: there was no noticable increase afterward.

Re:On this subject

[tehshen]

Or you could use SlashFix. I am using it on 1.0.1 and it is working as good as ever.

The main Slashdot rendering bug fix is going to be released with 1.1. This version 1.0.1 is only a security fix.

Re:On this subject

well, to be fair it's probably slashdot's HTML's fault

Every single time this bug is mentioned, somebody blames it on Slashdot. Every single time, somebody else corrects them. Most of the time there's a reply saying something to the effect of "okay, so it's a bug in Firefox... but it's still Slashdot's fault!". And people continue to post comments like yours.

What is it going to take to convince people that it's a bug in Firefox? Showing them the bugzilla entry doesn't work. Showing them valid HTML that exhibits the same problem doesn't work. Showing them Firefox developers talking about the bug doesn't work. Telling them that it's fixed in current nightlies doesn't work.

Where the hell does this irrational superstition that it's Slashdot's fault come from? And why do you fools continue to post comments like this?

Re:On this subject

It's quite simple, really.

The internet appears to be wearing a massive pair of rose-tinted specticals. These are remarkable things that shield the wearer from any bad things that might be wrong with their favourite piece of software, that rescued them from the evil clutches of Micro$oft (lol) Internet Exploiter (lol).

As a result of this, it means that Firefox can't have any bugs. I mean, how can it? It's open source! Everyone knows that the instant someone discovers a bug in any open-source software, the magical bug evles emerge from the woodwork and fix it instantly, and upgrade everyone's copies for them.

Unfortuantely, when you take the specs off, you see that the open-source model doesn't really work that way, and that software as monumentally complex and widespread as firefox can't just shoot out new point-releases every week and expect everyone to keep up to date.

Re:On this subject

[Skater]

Statisticians have a concept called "significance". In this case, we'd compare the number of downloads that week to the average of the previous weeks (excluding the first one since it's the first week of release and so was understandably higher - normally reputable statisticians are loath to throw away data but this time it's the right thing to do). Without running the numbers, by looking at the charts I can tell you that we can't say the downloads that week are significantly higher than previous weeks (I'm a trained professional with several years of experience; please don't try that trick at home).

There's no way to say what would've happened. We could fit a trend to the previous weeks (again excluding the first week) and try to guess (with a huge margin of error), and there might be slight decrease predicted. BUT there are several weeks before the ad where the count jumped back up, too, so I wouldn't be comfortable making any conclusion about a trend from that data.

Re:On this subject

[sepluv]

Except that they haven't fixed the slashdot rendering bug yet

This was fixed in Gecko in May 2004 on the trunk which is used by the latest stable version of Mozilla Suite (but not on the aviary branch which 1.0.1 is still based on. Aviary is now being exhumed back into the trunk, so hopefully, future builds (including releases) will all be based off the trunk (so Gecko fixes will propogate to Firefox).

To fix it in Firefox:

get a recent nightly build--I find them just as stable

just install the Slashfix extension.

BTW the bug only occured sometimes if your machine was fast and it was rendering /. too quickly--you could try reloading--it was a genuine bug as it occured intermittently, but the awful, hoggy, invalid slashcode HTML doesn't help (esp. their use of evil many-nested tables for layout--see the funny and informative Why tables for layout is stupid).

Re:On this subject

[say]

I agree on your analysis, but I do believe that there are some possible ways to determine whether the advertisement did cause more downloads. For instance, you could make a general trend by analyzing download statistics of other comparable software releases. Obviously, there aren't many comparable releases, but I guess there must be some. When we have that trend line, we compare it to the stats for Firefox. If the general trend line dives at about the day number when the advertisement came, and Firefox didn't dive (and this difference is significant, it could indicate that the advertisement worked. However, you can't draw the conclusion that it did or didn't based on this simple analysis. But in a real market analysis I would definitely use this as one of my strategies for analysis.

IDN Problems Fixed?

[michaelhood]

From changelog: International Domain Names are now displayed as punycode.

(wiki linkage mine).

Re:IDN Problems Fixed?

[michaelhood]

Did you even read the wiki?

The encoding is applied separately to each component of a domain name which is not representable solely within the ASCII character set, and a reserved prefix 'xn--' is added to the translated Punycode string. For example, bücher becomes bcher-kva in Punycode, and therefore the domain name bücher.ch would be represented as xn--bcher-kva.ch in IDNA.

Compare an ASCII 'punycoded' URL http://xn--tdali-d8a8w.lv/ (http://xn--tdali-d8a8w.lv/) (working) and its full Unicode counterpart that does include Latvian characters with appropriate diacritics: http://tûdaliò.lv (http://t%C5%ABdali%C5%86.lv) punycoded URLs are prefixed with xn-, and look like nonsense to those of us looking at Latin character sets. Look at the difference between those two sample URLs. Which one is easier to train to identify? Do you have a suggestion for a better solution to IDN spoofing concerns?

Re:IDN Problems Fixed?

[Edgewize]

Yeah, I'm sure they're really happy about domainnames like "xn--tdali-d8a8w.lv".

Um, you can still enter the full Unicode name in the address bar or use it in links. This only changes how it is displayed /after/ you type it in.

Re:IDN Problems Fixed?

[typhoonius]

Anyone who's bored can try out the original proof of concept.

In Firefox 1.0, it displays as "http://www.paypal.com/"; in Firefox 1.0.1, it displays as "http://www.xn--pypal-4ve.com/".

Re:IDN Problems Fixed?

[shird]

uhm... it is the use of unicode that causes the problem. Without it, there isnt a problem.

Its because some letters look exactly the same but are effectively different unicode characters that lets you register the same 'looking' address but point it to a different site.

Re:IDN Problems Fixed?

[Rits]

Hush, it's the ascii-reading world that needs protection. Or at least, they decide who needs protection from spoofing...

Re:IDN Problems Fixed?

[sepluv]

Actually, the problem is mainly a wetware bug (and maybe a font bug) caused by the lack of support in wetware for the entire Unicode character set. Computers have no problem knowing the whole of Unicode; people do.

It is suggested in the RFC (and is IMO common sense) that UAs should alert users (e.g.: by coluring characters by script and a dialog in suspicios cases) when there are characters in a URI from scripts they wouldn't normally use, or a strange mixture of scripts (esp. where characters that are similar to other characters are included).

Also, in my opinion the user should be able to access both the puny code and the unicode for all URIs displayed in UA GUIs (maybe with a switch if there isn't enough room). IMO, the status bar should default to punycode for now.

Another thing that would help (wrt to font problems) would be, where there are multiple fonts for a given character that the UA needs to display, for the UA to choose a font which uses distinct characters (either via an ordered list of chacters or AI grapheme comparison). A long-term solution to this might be for the Unicode/UCS standards to include descriptions of conformant graphemes (e.g.: "a Z should have only 3 straight lines with no curly lines (so it doesn't look like a 2)").

Mirrors

If the downloads for Firefox become overloaded today/tomorrow, Coral cache mirrors:

http://download.mozilla.org.nyud.net:8090/?product =firefox-1.0.1&os=win&lang=en-US Windows
http://download.mozilla.org.nyud.net:8090/?product =firefox-1.0.1&os=linux&lang=en-US Linux

Re:Mirrors

[iethree]

it would me much more convenient (and probably less bandwidth-intensive) if they allowed us to update Firefox through the built-in update feature.
At least Micro$oft doesnt make you totally re-download IE everytime they patch it.

Re:Mirrors

[PReDiToR]

I did that, I found that Session Saver and Foxy tunes have updates available, but Firefox doesn't.

I guess they haven't put the updates on the server yet?

Screw it, I downloaded the whole thing and it took 20 seconds. I closed FF, Zipped up ProgFiles\MozFF and DocSet\User\AppDat\Moz, installed FF 1.0.1 and loaded it up.

Took less thAn 2 minutes to do all that, I'm updated and no extensions broke.

Pretty cool. Didn't even need a fricken reboot like IE would have.

Re:Mirrors

[joeldixon66]

From Asa's Blog:

"We're still working on some with the application update infrastructure and the installer so for the first few days, we'll only be offering the release via full download at the website and then turning on the automatic update system hopefully sometime next week."

Re:Mirrors

[Myen]

Since you're linking to the en-US version anyway...
BitTorrent links in case the servers really go to crap. (Theirs, not mine)

Re:Mirrors

[p0rnking]

Of course it didn't require a reboot like IE ... FF isn't "tied into" the OS

Re:Mirrors

[Rirath.com]

I installed 1.0.1, then reinstalled 1.0 because I like the Textzoom extension. This hasn't been officially updated to 1.0, but extensionsmirror has a link to a version patched for 1.0 installs.

Since it's not being maintained, I'll probably eventually have to give it up, but I won't for such a minor Firefox update.

Actually, no you don't. Changing extension maxlimits is trival.

- First, find your profile. In Explorer find: %appdata%\Settings\\Application Data\Mozilla\Firefox\Profiles\\extensions

- Second, open Extensions.rdf with notepad, metapad, etc.

- Third, find and replace any of:
em:maxVersion="1.0"
With em:maxVersion="5.0"

And you're good to go. You can put any number you want, but I like 5.0 just to make it easier, especially with nightlies in the past. You could also use about:config to lower your version number, but that could have other side effects. Now, if doing this makes your extension not work because of code changes (rarely) or somehow borks your profile (highly doubtful), use at your own risk. :)

And Extensionsmirror.nl is a great place to find prebumped extensions.

Re:Mirrors

[Rirath.com]

No sweat, glad it worked for you. I messed the application dir up a bit trying to cut my data out of it, and Slashdot took a bit out... just to clarify it should be soemthing like:

%appdata%\Mozilla\Firefox\Profiles\(random)\extens ions

(No space, Slashdot does that.) Also, for new downloads... you can save an extension to your hard drive, rename the .xpi to .zip (or .rar if I'm wrong), unzip it, find the file with the same maxversion line, and edit that higher. Then just rezip the folders and rename it .xpi again. Instant bumped version.

Re:Mirrors

[CarbonUnit_718]

DOWNLOAD THE TORRENTS FOR FIREFOX 1.0.1 at: http://bittorrent.mozilla.org/ I wonder why the built in software updater in Firefox doesn't download updates with the bittorent method.

How do I automatically kill history in Firefox?

Let's say someone is finished browsing pr0n for the night and wants to clear the cache, history and cookies automatically on browser exit. Is this possible with Firefox via a setting or script?

Re:How do I automatically kill history in Firefox?

[PReDiToR]

Grab the Kiosk extension from extensionsmirror.nl.

Or you could go to Tools > Options > Privacy > Clear all (under Windows).

Re:How do I automatically kill history in Firefox?

[Bagels]

Set it to accept cookies for current session only, have it remember history for past 0 days. Don't worry about the cache, as IIRC it's encoded such that it only means something to the browser (not left with the same title as the cached webpage item or even its extension).

Re:How do I automatically kill history in Firefox?

[Green+Salad]

Here's a simple way. Boot with Knoppix CD or other "live Linux" disk.

I used to travel with a laptop, now I travel with a Knoppix CD. (much lighter & no theft worries)

Yeeehaaa (but...)

[A_Non_Moose]

from tfa:

You can now make links opened by other applications open into a new tab, reuse an existing tab, or open a new window.

Does it play well with Tabbrowser extension?

Usually any app that does this kills off my saved session. (grrrr).

Here's hoping.

And, isn't msi support supposed to be available?
(if it is there I did not see it)

How does this get posted instead of...

[astyanax]

the breaking news about Mandrake acquiring Connectiva??

Re:How does this get posted instead of...

[NiceGeek]

You're new here aren't you? (See...another terrible joke)

Re:How does this get posted instead of...

[YU+Nicks+NE+Way]

In Soviet Russia, you aren't new here, are you?

Re:/. rendering

[vurg]

Nope, the center column still goes off to the left.

Re:/. rendering

[bunratty]

Firefox 1.0.1 is supposed to have only security and stability fixes. Unless an unstable engineer feels insecure about Slashdot fans complaining about the Slashdot bug, I don't think it'll be fixed until Firefox 1.1.

Re:seems like only yesterday

[michaelhood]

Hello FUD.

From changelog:
International Domain Names are now displayed as punycode. To show International Domain Names in Unicode, set the "network.IDN_show_punycode" preference to false.

It's just no longer the default, which is what most have been crying for, right? Better security by default so our less web-savvy family and friends don't get owned online?

Re:/. rendering

[damiam]

Oops. On further exploration, I see that it's fixed in the trunk, and the fix will be included in the 1.1 release (I guess must have misread that to say 1.0.1). In the meantime, there's always the SlashFix extension.

Check Updates...

[adam31]

How come it doesn't work in the Options->Advanced->Check for Updates tab?

It says no updates available... Do I need to actually update from the site?

Re:Check Updates...

[asa]

We'll be turning on the application update mechanism starting next week. Given the daunting task of updating all 27+ million people who have downloaded and are using Firefox today, we've elected to stagger the update over several days.

--Asa

Re:Check Updates...

[mcn]

Thanks. But this delayed mechanism may not be acceptable to general users. We (IT users) may understand the rationale behind. But in order for FF to be accepted widely, the "automatic update" or "check for update" should work before any announcement of such updates.

Re:Check Updates...

[cshields2]

It will most likely not be staggared for the next release, as we will have a major infrastructure upgrade by then allowing the update service to survive the hit all at once. The staggaring had to be done at this point in time.

Cheers!

Whew!

It's about time they fixed those security issues. I was getting tired of using Internet Explore in the meantime.

Security Fix

[krikat]

Does the security fix remove internet explorer?

OS X-specific fixes?

[moosesocks]

Any word on if this includes fixes for the massive memory leaks in the OS X port? I know they were on track for 1.1, but it's possible they could have made their way into 1.0.1......

Better Release Notes

... over at the burning edge.

Re:seems like only yesterday

[jdkincad]

They removed default compatibility for international domain names. I wonder how much of an impact this will have on foreign adoption of Firefox over IE

None. IIRC they just turned off IDN support, and did not remove it. If someone needs it, the can turn it back on.

IE has no IDN support without third party software, so Firefox is still a better choice if you need IDN support.

This version doesnt fix some new type of popups

Try this site: It shows a sarcastic popup saying "your browser has successfully blocked a popup!" http://www.indianmasala.com/
How insulting!

Actual list of changes

[timealterer]

Here is the full list of changes and related bugs for Firefox 1.0.1.

You'll note that it's quite terse - this is not the 1.1 update from trunk that will get us rendering fixes, etc. that we'll see in June or so. Almost all security fixes here.

Re:seems like only yesterday

[jeffg]

They removed default compatibility for international domain names.

Your statement is misleading.

Support for IDNs is still present, it's just that after inputting a URL using an IDN domain name like http://www.göögle.com/, it is displayed as the punycore representation in the address bar: http://www.xn-ggle-5qaa.com/

The merits of this work around are certainly up for debate (hint: the debate started years ago).

I wonder how much of an impact this will have on foreign adoption of Firefox over IE.

Seeing as no currently shipping version of Microsoft Internet Explorer supports IDNs... you can probably stop wondering. :)

Re:It'd be nice if XSLT+XML = HTML kept info on pr

[Lord+Bitman]

I submitted a feature request / bug report regarding the lack of a true "back" button which actually keeps a true page history instead of just a list of URLs (ideally the server would have no idea you hit "back" and would recieve no request at all).
It turns out problems like this are actually put there on purpose because banking sites have threatened to block Firefox if it doesnt do this.

As for why there's no about:config option, that's for Jesus to figure out.

Re:/. rendering

[Jonny_eh]

If not, get this in the meantime:.

Be kind to the mirrors, use official bittorents!!!

[Jedbro]

Be friendly to the Mozilla.org mirrors, they
have set up an official Bittorent seeder.

-Jed

( http://bittorrent.mozilla.org/ )

Re:But can I upgrade using Software update?

[bersl2]

They are going to enable that in a few days, after those who know about the upgrade have cleared from the servers, lest they be fried.

Re:Is a .0.1 dot release really newsworthy

[homeobocks]

As I mentioned in the story, 1.0.1 contains fixes for 9 security holes, some of which allowed spoofing.

Major crashing Bug

[kyhwana]

Is anyone else getting the type a URL into the URL bar crash?
It doesn't matter what URL I try to enter, with tabs or without, *boom* it crashes.

Slashdot bug?

[Maskirovka]

Hopefully Slashdot will render correctly in this version.

Re:Slashdot bug?

[VargrX]

If your using Ad-Block, there's a very easy way to fix this - add

http://images.slashdot.org/pix.gif

to your block list and the problem go's away.

I would imagine that this could also be added to a proxy easily enough also.

Too bad it still doesn't fix the RAM problem

[Kip+Winger]

I downloaded it a few minutes ago, and despite its claims of being a faster browser, it still has the issue of it consuming 48,324K of RAM to simply view this webpage, after a fresh install and start of it. I don't have many bookmarks, RSS feeds, or anything. Opening up a few tabs instantly balooned that amount to 69,424k.

Even the original Mozilla, which is bloated, uses a mere 20,482K to open slashdot.org, while it can open up my loads of e-mail only using 24,223K of RAM. Using Thunderbird in addition to Firefox, since they don't share the same instance of the Gecko rendering engine, causes another 28,292K of RAM to be used. Internet Explorer 6 even with SP2, on the other hand, only consumes about 3,840K of RAM to open up slashdot.org, and Outlook Express only consumes 2,248K.

I recall it even being worse on Linux due to the fact that it loads quite a large amount of libraries with it, that runs slowly under older machines even under Fluxbox or the ultra-minimalist evilwm.

Whatever Firefox does, it should have made it a priority before the 1.0 Release to clean up the amount of RAM it abuses to do what it does. Even after waiting months for 1.01, it seems to have gotten worse than I recall, and I haven't put it in debug mode or developer mode or anything -- I disabled anything like that in the Custom Installation.

But fortunately, I've got 1GB of RAM, and there's barely any spyware, so I'm ok with it now. I just wish I didn't have to put either Dillo for Linux or IE6 on Win98 for those old late Pentium Is / early Pentium IIs I fix up for people in my spare time, since Firefox is a nice browser despite its flaws. Too bad it won't run decently on anything less than a Pentium III with 256MB of RAM.

Re:Too bad it still doesn't fix the RAM problem

[zxnos]

interesting, on my leet 334MHz celeron 230 MB RAM i have firefox using 18,964K on a slashdot, IE using 15,112K and opera sitting at 18,600K. w/ five tabs in firefox i am at 34,000K... IE and opera have gone doen to 3k and 4.5K respectivley the only problem i have is that firefx has a habit of scrolling the page as it loads. i blame the 2 MB video card...

Re:Too bad it still doesn't fix the RAM problem

But fortunately, I've got 1GB of RAM, and there's barely any spyware, so I'm ok with it now. I just wish I didn't have to put either Dillo for Linux or IE6 on Win98 for those old late Pentium Is / early Pentium IIs I fix up for people in my spare time, since Firefox is a nice browser despite its flaws. Too bad it won't run decently on anything less than a Pentium III with 256MB of RAM.

Do try K-Meleon, as it performs much better than Firefox on older computers. Its RAM usage should be somewhat lower as it doesn't use XUL for the GUI, but still has Gecko underneath.

My computer is 4 years old now and Firefox is not a dream to use as it keeps freezing up for 2 seconds whenever its CPU usage maxes out. K-Meleon is much lighter, though not as pretty ;)

Re:Too bad it still doesn't fix the RAM problem

[Owndapan]

Mine is at 37K with several tabs opened, 5 RSS feeds, heaps of bookmarks, and with a few extensions installed. This is less than IE opening to a blank page on my PC. Maybe you have a lot of extensions installed? I have never actually seen it higher than 40K (even with heaps of tabs open), but maybe I'm just lucky.

Note that on Windows, I believe the task manager only reports the maximum amount of memory used, not the current amount.

Re:Too bad it still doesn't fix the RAM problem

[darkmeridian]

There may be something wrong with your setup. When you uninstall Firefox, you have to delete all the stuff in your Profiles folder. I am running Windows XP SP2 with six tabs, one of which is this website, and there's only 28,288K of memory usage.

Delete all the stuff in your \Mozilla\Firefox folder when you uninstall Firefox when installing a newer version. There may be extensions getting in the way of your setup.

Re:Too bad it still doesn't fix the RAM problem

[Datasage]

You CANT use task manager to get the full memory ussage of any app. It only displays the ussage of the physical memory, it doesnt say how much page file space it uses.

Though I do agree that Firefox could use a bit better memory managemnt, after opening a bunch of windows or tabs, closing them doesnt free up all the memory it used to show the windows.

Re:Too bad it still doesn't fix the RAM problem

[Myen]

Firefox 1.1 (/Mozilla 1.8) should be better - they very recently fixed a bug where (some?) closed tabs, with whatever content on it, got leaked. Not in 1.0.1 / Mozilla 1.7.6 because they're afraid of sticking too many changes into a security release and breaking stuff.

Bug 283063 if you want to check and know how (to prevent all of /. killing Mozilla's bug database).

Re:Too bad it still doesn't fix the RAM problem

[shellbeach]

Too bad it won't run decently on anything less than a Pentium III with 256MB of RAM.

I run it on a Cyrix-133Mhz with 40Mb of RAM and Win95 - it runs better (less memory usage, faster) than IE5. Still slow to start up, of course, but I'm not expecting much from an old machine like that ...

Re:Too bad it still doesn't fix the RAM problem

[kawaichan]

yes you can.

go to -> Windows Task Manager -> view -> select column -> check virtual memory size

Re:What's Firefox?

[ICA]

Wow, I'm guessing this was an attempt to be funny, but it missed so badly I had a hard time figuring out what it was trying to say. Thanks for the useful post.

A few bugs in this release

[CaptBubba]

After installing 1.0.1 on WinXP I could not navigate anywhere. Everytime I would hit enter after typing something into the location bar firefox would crash.

I've gone back to 1.0 and there are no problems. here's a link to the windows 1.0 versions in case anyone else similarly needs to revert back.

Re:A few bugs in this release

[dveditz]

This crash is bug 280084. We have tracked this down to people who install 1.0.1 over an earlier .zip build. The file structure is different: never, ever mix the two.

Solution:
- don't use .zip builds
- if you must use .zip builds you must always install each build into a new directory. There is no installer to do any cleanup of obsolete files.
- if you've already mixed the two uninstall and re-install 1.0.1 into a virgin directory. If the crash persists anyway delete "xpti.dat" from your profile.

Re:/. rendering

[gstoddart]

Unless an unstable engineer feels insecure about Slashdot fans complaining about the Slashdot bug

Some of those self-same Slashdot fans are unstable engineers.

Awesome news!

[realmolo]

I'm gonna read about it tomorrow on Slashdot! Or maybe even later tonight!

Bittorrent!

[GarfBond]

Official BT Torrents here!

Now if you're worried about putting too much strain on the Mozilla download servers, use the BT links!

Alternatively, this page lists translations and direct download links

Now in more languages

[teslatug]

They upped the number of localized versions.

Update button?

So why is there a software update "Check Now" button in the FireFox options, when it doesn't find and install this? Is it a feature that has yet to be implemented, or is there some other configuration setting I need to do first for it to work?

Not that it's tough to manually download & install the update. It'd just be nice if I could tell my co-workers to "click on this button and it'll update itself."

Re:Update button?

[hyu]

As someone else mentioned earlier, though it's worth repeating, in order to stagger the downloads and not overload the servers the update feature from within Firefox will not be enabled for roughly a week.

Re:seems like only yesterday

[theguyfromsaturn]

I think a better approach to this issue would be an "intelligent" punycode display. For instance, if any ASCII character is respresented using IDN characters then AND ONLY THEN should punycode be used.

As I understand it, there is only one IDN representation of non ASCII characters, if the only characters using IDN are non ASCII, then the address cannot be spoofed. However if an ASCII character is being represented using IDN representation, then spoofing is likely taking place, switch to punycode. This would preserve the ease of use for end users (punycode url are incomprehensible however much more comprehensible than other things they may be) without affecting the security since unnecessary use of IDN codes would trigger the "fishy" flag.

What do you think? Does this approach make sense. If so what is the best way to transmit this view to Firefox developpers?

Of course, I could be out to lunch on this one too, since I don't know in detail how the IDN thing works.

New Download Count?

[Denver_80203]

I would be interesting to see how many people download 1.0.1 over time vs 1.0. Statistically it would be hard to say how many people upgraded, didn't upgrade, first copy of firefox was 1.0.1 but, I would like to see the number seperately.

Good Experience

[CarlinWithers]

It's nice to see so much enthusiasm in the computer world. Personally, I've loved Firefox. It's nice to have the same browser in both Windows and Linux. Got it late (about 2 months ago), but it's done me good. I couldn't go back to non-tabbed browsing and no nested searches window. Also, scanned with ad-aware today. Only two files!!! Both in IE cache from the few times I've had to use IE for ActiveX integrated sites. Used to think 500 was normal. Thanks Firefox, and I expect more good coming from this.

Re:This version doesnt fix some new type of popups

[mrnobo1024]

That's not actually a popup, it's just an image inside an with CSS "position: absolute". There's no way to stop this unfortunately, blocking absolute positioning would screw up a lot of site's layouts.

Re:This version doesnt fix some new type of popups

[LnxAddct]

It blocks fine in 1.0 and 1.0.1.
Regards,
steve

Re:Ah, so this software does have vulnerabilities

[freitasm]

Secondly, FF is NOT faster, despite the FUD that FF zealots like to spread. I've timed both and it takes FF several seconds longer to start up as well as to render a complex page.

Well said... Check previous /. story with browser speed comparison. Opera is faster, but IE is actually faster than Firefox in most operations.

horrible themes?

[SweetAndSourJesus]

Have you seen the GrApple themes?

Über secks.

Re:seems like only yesterday

[jeffg]

However if an ASCII character is being represented using IDN representation, then spoofing is likely taking place, switch to punycode.
[...]
Of course, I could be out to lunch on this one too, since I don't know in detail how the IDN thing works.

It might be time for you to do a little more reading...

The issue isn't an ASCII letter being "represented using an IDN representation" in the way that you seem to imply.

It's a matter of an ASCII character being replaced with a unicode letter that LOOKS the same. It's not just a different way of encoding the same character, it's an entirely different letter that just LOOKS like the letter it is impresonating.

That's why it's called a homograph attack. :)

Crashing problems.

[Captain+Scurvy]

Sadly, this update doesn't fix the crashes I've been experiencing lately. Firefox crashes with me on certain URLs, especially those crappy xanga/myspace pages that are heavily-laden with video and sound. Before 1.0, I never experienced a crash. I make sure to submit the crash reports, though, so hopefully someone can figure out what's on.

Re:404

[rincebrain]

It's just not on some mirrors.

Why not use the torrent?

No more mr. Memory Hog

[Daedalon]

Windows users who have problems with Mozilla software (Firefox, Thunderbird or Suite) being too slow or using too much memory and CPU, check out the Moox optimized builds.

One of my friends reported having constantly about 100 MB more free memory after switching to Moox M2 in his Athlon XP. A bit of a warning though: I tried to install original 1.0.1 over Moox M2 1.0, and it now crashes every time I press enter in the URL bar. Now typing in Internet Explorer, I'm anxiously waiting for Moox optimized 1.0.1 builds to come out and solve the situation.

Re:What's new in 1.0.1

[mcc]

To show International Domain Names in Unicode, set the "network.IDN_show_punycode" preference to false.

Please tell me to do it there's a more intuitive way to do that in the GUI.

Re:How can I find out?

[IWannaBeAnAC]

Wow. This statement epitomizes everything that has gone wrong with slashdot!

Re:Did you have the flash blocker?

[CaptBubba]

Interesting. I do not have that plugin installed, however I do have another (adblock) that overlays flash animations with a clickable tab. Perhaps that could be what is causing the problem.

Re:This version doesnt fix some new type of popups

[mcc]

That's, um, not exactly a popup. That's a picture of a windows popup, in the webpage itself.

Somehow the illusion is less convincing when you use a Macintosh and you find yourself looking at a Windows XP window border...

Not quite.

Don't worry about the cache, as IIRC it's encoded such that it only means something to the browser

Not so. Type in "about:cache" (not the quotes). From there there are links to view the contents of the cache.

Re:STILL GETTING POPUPS...

[digitalchinky]

Seriously, you need to spend a little more quiet time with google. +firefox +popup +blocking +tutorial

It's not hard. I see nothing except for the odd tiny fraction of css crap.

Fix it yourself because - 'they' - will never hold your hand until it works just nice and peachy the way you personally want.

If a site you like has more advertising than actual content, then maybe you need to go elsewhere. The net is a pretty big place, apparantly with lots of duplication...

Here is an example.

[maotx]

Here is an example how Firefox 1.0.1 shows IDN names.*
Click the Fake and Real link to see the difference.

The Fake site will not work with Internet Exporer with the latest service pack.

*Requires Firefox 1.0.1

Spreadfirefox.com

[hazzey]

How is this going to affect the download stats? Will we now have double the numbers because everyone has to download it again?

Re:I'm excited

[tritonic]

True, some people seem a bit worried that Slashdot.org is turning into FireFoxNews.org. But I'm with you

Remember that it's not just one geek-friendly browser we're talking about here - the future of the entire internet's at stake. The popularity of this one browser could be the only thing that prevents the web turning into a microsoft-dominated proprietary system a few years down the line, destroying any chance linux might have had on desktop machines.

And if that's not an exciting and important Slashdot story, I don't know what is.

Re:Change Log

Firstly, don't plagarise. Cite your sources. Your list is an exact copy of http://www.squarefree.com/burningedge/releases/1.1 .html.

Secondly, if you do plagarise, make sure you steal the right frigging document! You posted a changelog for the not-yet-released Firefox 1.1. This is Firefox 1.0.1. Its changelog can be found at http://www.squarefree.com/burningedge/releases/1.0 .1.html.

Doesn't require 1.0.1

[Theatetus]

Actually you don't need 1.0.1 to see how it works; spoofstick on 1.0 displays the bogus URL as xn--blah-blah-blah...

Porn browsing tips for firefox =D

[H3g3m0n]

You can also simply set the number of days in the History option under privacy to 0. An even better idea is to start firefox with the -profilemanager commandline paramater, create a special profile called somthing such as "noprofile", and set all the cache, history, cookies etc... to not be stored. You can then make a script/shortcut file that runs "firefox -profile noprofile" which will load that profile.

You can do things such as put an obviouly diffrent skin on it to make sure you arn't running the wrong profile and install flashgot to allow you to grab entire image/movie gallerys.

You can have a custom adblock filter list to remove nonrelevant images such as those backgrounds, banners and image borders that sites have which slows down your browsing.

Under linux I have everything setup to use an highly encrypted filesystem so nothing can be accessed without the password, if you have your images, firefox profile, and its starting script in there then noone will beable to find anything also because its encrypted and only accessable by you, you can leave the history to be saved and create bookmarks etc. Just remember to unmount the filesystem and clear the loopback device.

Re:Be kind to the mirrors, use official bittorents

[trawg]

I've been seeding these for about 1/2 hour with only 30mb uploaded (--max_uploads 100) - I'm sure there's a lot of people seeding, but it would have been great to see a link to the BitTorrent mirror page in the news post to spare the mirrors. I can't figure out why more slashdot news posts aren't edited when there is a BitTorrent link added for the content referred to in the item (especially when its an official torrent provided by the content creators!)

it should bittorrent the autoupdate

[cheekyboy]

I wonder if they thought of using bittorrent to download the latest update. Or does bittorrent not scale to 27m users? :)

You could always have a seperate tracker for each country or each major region.

Re:Firefox sucks

[billmustdie]

by Anonymous Coward on Thursday February 24, @10:35PM (#11773968) Firefox Sucks! It's so slow to load. Much slower than IE. It doesn't even render pages properly. IE has always been perfect. What's this about Firefox vulnerabilities? IE with SP2 is much safer. Who uses Firefox? Only Linux zealots, hippies, and Mac users. Real computer users use IE. Us real computer users that actually have jobs will not deal with third-class software like Firefox. The moderating system did not hinder me from posting this. -Computer Expert.

Rofl
Who comes up with this stuff?

Re:Be kind to the mirrors, use official bittorents

[kinema]

As Bittorrent has become so popular one has to wonder why FF doesn't support it natively or via plug-in as a download method.

about:cache

[cheekyboy]

Memory cache device

Number of entries: 208
Maximum storage size: 31744 KiB
Storage in use: 7436 KiB
Inactive storage: 7127 KiB

List Cache Entries
Disk cache device

Number of entries: 312
Maximum storage size: 50000 KiB
Storage in use: 18025 KiB
Cache Directory: C:\Documents and Settings\Development\Application Data\Mozilla\Firefox\Profiles\fd8vwgvl.default\Cac he

Spoiler

[CowsAnonymous]

Just so you know, if you're going to reinstall from scratch, I already read the EULA and no; there's no $1000 prize.

Since when did the links....

[tod_miller]

...Make us download the files from the same place as the unwashed masses? Man, go back to linking to rough and ready nightly CVS snapshots ok! :-) ;-)

Congrats FF peeps, I hope the popup blocking works now... will install at work, fusk that pute first, then try at home. :D heheh :D have a good day everyone.

Re:/. rendering

[jals]

Can someone explain to me why Firefox has to create fixes for the Slashdot rendering problems. I was under the impression, and please correct me if I'm wrong (it happens a lot), but I thought the problems were with the Slashdot code? Isn't making /. render properly in Firefox just giving the people at Slashdot one less reason to bother fixing their code?

I could be way out of line if it is partly Firefox's fault, so sorry if that's the case...

Re:Ah, so this software does have vulnerabilities

[Mant]

Of course FireFox patches only fix Firefox, becuase that is all it is. That also means any problems in it only affect Firefox.

Ask anyone with a clue about computer security and they will tell you that is a good thing, unlike IE flaws causing problems all over the place becuase it is integrated into windows. It isn't like using Firefox stops you using windows update you know.

It definately is slower to start, as IE is loaded up when windows is. You don't notice IE's start up time as a seperate thing. As for spped in use, it depends on what the page is, images, script, CSS, complex layout and so on as too which one is faster.

I'm sure we will see lots of security updates for it, although so far it doesn't seem close to IE in terms of patches. I've never seen anyone claim it wouldn't need security updates. The argument has always been as open source the security would be better and the updates quicker.

I do suspect you a really a troll.

here in germany...

[boeserjavamann]

...they also had a big advert in the most important german newspaper "faz". http://www.zeitform.de/download/041202-firefox-faz -anzeige.pdf -- moz1.8 rulez ;)

The other way around

[Khali]

Wouldn't it make more sense to do it the other way around? Make the update available first, then after some time make the new, complete package available.

By releasing packages before the update is made available, you are almost asking for current users of Firefox 1.0 to download the full 1.0.1, which will result in a higher load on your servers.

The best part..

..is how the Windows installer is now signed with a code signing cert.

Now Peter Torr can trust it!

Known bug! (bug 280084)

[prandal]

It is usually caused by installing over an unpacked .zip build.

You need to delete <install directory>/components/autocomplete.xpt and try again.

The fix is checked in for Firefox 1.0.2

Upgrade?

[Snarfy]

So do they allow you to upgrade from 1.0 to 1.0.1? All I read is this:

"Prior to installing Firefox 1.0.1, please ensure that the directory you've chosen to install into is clean and doesn't contain any previous Firefox installations."

So why do I want to uninstall my old version prior to installing a new version? Can they not handle a simple upgrade?

(Seriously, I'm asking a question. I like Firefox, so this isn't flaimbait.)