Slashdot Mirror
Firefox Updated to 1.0.4
Exstatica writes "Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all javascript vulnerabilities. The Mozilla Foundation announced these vulnerabilities May 7th. 'There are currently no known active exploits of these vulnerabilities although a proof of concept has been reported." You don't have to upgrade, but it's recommended.'" We've reported on these vulnerabilities previously.
yes, I know the arguments behind it...but it would be relly nice if update didn't involve simply downloading installer (on mine 128kbps it's so so...and on slower?)
One that hath name thou can not otter
These issues were announced on Monday, and now a security release is available. This shows how professional the Mozilla Foundation has become and how serious they take security issues. Good work! Security problems will inevitably appear from time to time in all kinds of software, how these issues are handled is to me just as important as the software itself. Good job!
9/11: Never forget it was a false-flag operation
Posting from 1.0.4 right now. Funny thing, after I upgraded and restarted the browser, I still had the "updates available" little red arrow on the top right corner of the browser. After checking for upgrades (and finding none), it's disappeared. Bug? Leftover registry entry or config file from 1.0.3?
---- Take the Space Quiz!
This guy at work noticed I was using firefox (he's an IE user), and said, slyly, "You know, there's a couple of really bad security holes." Good think FF fixes their holes faster than MS.
Next time I try to help a friend out I'm not suggesting firefox. I'm suggesting Netscape! Wwwait.
Firefox 1.0.4 was posted sometime between 11 and 11:30PM last night EST. I got it about 11:40 :D (Yes, geek alert)
That aside, with all of these newfound vulnerabilities popping up so often, could Firefox become (later down the line) the new Internet Explorer? May seem highly unlikely now.. but as the New York Lottery says...
"Hey, you never know."
It should be noted that the Mozilla Suite has also relased an update, 1.7.8.
I don't have an upgrade arrow yet :P
Mozilla.org will probably get hammered!! Here's a google cache of the Firefox Mirror List
And while you're at it don't forget those extensions:
FoxyTunes: http:www.iosart.com/foxytunes/firefox/
AdBlock: http://adblock.mozdev.org/
Or you can just go get more at: update.mozilla.org
Happy Browsing!
Unfortunately there's no British English version of 1.0.4 yet.
It'll appear in the list of locales here when it's ready, but it looks like we limeys are stuck with 1.0.3 (or speaking American English) until then.
v4sw6HPU$hw5ln6pr5$ck4ma8u7LMO$w2m6l7DL$i2e3t4MWb9AHKMRTen5a29s0r1p-5.88/-8.36g5CST
While I don't care for the update process, I am exceedingly impressed that Mozilla makes fixes so quickly, and doesn't try to hide them (like another browser company has done in the past). Professionalism...very nice to see this from Mozilla. Kudos!
I'm not a troll, but I play one on Slashdot.
I copy the exe installer into a folder on a windows share, explorer crashes when I access the folder from certain clients. Same happened with 1.0.2 but not with 1.0.3
I wildly guess it's a race condition or something arising from reading the embedded icon resourse as that doesn't show? No I don't really have a clue what causes it.
All machines are fully patched W2K, thank buddha for memory sticks!
Why can't we have extensions that don't die just because they changed the release number?
Extension authors can't keep up.
Mozilla Update is slow to update itself.
and Users like me are left looking to google for help.
Silly me thought Mozilla Update there to centralized things.
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
Oh, and hats off to the Firefox devs for the scorching turnover on this flaw. When Firefox 1.1 comes out (with its more diff-style updated) the process will be even more streamlined and painless.
Damn. Can't upgrade to 1.0.4 since the English (British) version is not available yet :(
Can't be installing the American version ;)
"Why take life seriously, you're not coming out of it alive anyway."
I kick myself in advance for replying to an AC, but what do you define as "quite a few?" More than IE? How about resolution -- faster than IE?
This sounds suspiciously like flamebait.
Mit der Dummheit kämpfen Götter selbst vergebens.
Bullshit. Microsoft fixes a lot of problems quickly but the monthly release schedule that they have moved to means that you'll only get those patches every four weeks unless it's critical.
Just because the problem was only announced on security sites a week ago, does not mean it had not existed for years in the Mozilla codebase, plain for all to see. Microsoft on the other hand quietly releases fixes, then discloses what they fix. Practice has taught them one thing about vunerabilities, and that is that the sooner you release the fix the sooner the wolves will start chasing down the stragglers. In cases where a flaw is announced before a patch is out, the lag time for Microsoft isn't too shabby.
Until Firefox has an upgrade mechanism that doesn't feel like extracting teeth, the Microsoft approach, regrettably is going to win out.
-Steve
As a system admin for our company, every new Firefox release means that I will have to go around to 150 workstations and manually reinstall the browser again to keep it up to date. I wish there was some sort of way to remotely update the browser on all machines or a way to patch vulnerabilities without a full reinstall.
What does it matter if they fix it and we don't have it? I don't care whether it's fixed for them, I want it fixed for me.
Does middle clicking on a link open a new tab for OS X yet? The last I heard you had to patch FF to enable this feature. Middle clicking works fine on Safari, it's one feature I really miss when using FF on OS X.
--- if y cn rd ths y cn gt a gd jb n cmptr prgmmng!
My wife pointed out an article on Google News (that I had already seen earlier) showing that Firefox had some security vulnerabilities. She winced because I had just converter her to Firefox. I told her not to worry. I said, "Mark my words, there will be a security fix within a week." Well, today the fix was released and she was impressed. Not only has the Firefox development team improved the product, but they have made my wife happy! Life is good!
My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
We appreciate it.
Weaselmancer
rediculous.
You can check for updates from Tools>Options>Advanced>Software Updates. If you use some themes, e.g. Littlefox, there is a button next to the Firefox home page 'circle' that you can click to check for updates.
As for your observation regarding the red flag, I believe The Mozilla Foundation had disabled that feature on the website because of one of the critical flaws now fixed.
-clueless
(I need to create a login here, or did I do it previously?)
You jest but I find your comment spot on.
I have used a software firewall (Zone Alarm) with IE running on XP Home SP2 for the past 6 months.
All I had to do was set ActiveX to always prompt, set the security and privacy to high, refuse cookies (not needed but I hate them) and I have never had a piece of spyware on my system. I still scan for Virus, spyware and adware twice a week with Norton AV, MS anti-spyware, and AdAware.
All this "IE is the Sux04rz" talk makes it very apparent that the people getting infected either have no clue about how to configure a secure computer, or have no scruples on what they click "OK" to.
Then again when some sites says I need to download some ActiveX component to view it I say no and download my warez elsewhere.
It is embarrassing to encourage people to use Firefox and then when a security problem is announced they just let it fester like an open sore. Microsoft would have had something like this fixed in a matter of months. Or better yet they wouldn't have told anyone about the problems at all so therefore nobody could have exploited them. So rock on, you cancerous communists!
Will some one please post a .torrent? Highly apreciated thanks.
Sometimes I wish I was a plumber, then I'd know how to deal with other people's shit.
That sounds awful ominous and near impossible... perhaps instead the line should be 'all known javascript vulnerabilities'?
Help Brendan pay off his student loans
Not very easily accessible, but at least its there :)
I switched to Firefox because I was sick of using IE. Ever since I've switched, AdAware has found ZERO spyware/malware incidents!
To IE's meager defense, I'm sure there might have been a setting somewhere that might have tightened up the holes, but switching to Firefox has been easier. Plus, I'm addicted to the tabbed browing.
Why are there only 19 people folding@home for slashdot?
Although I've been an enthusiastic mozilla/firefox user & supporter since the late 90s (yes I was browsing with a 'naked' gecko control, HA! :P) I was surprised to find I'd lost track of development to the extent that I didn't realise the trunk builds have a much more up-to-date gecko engine. The gecko in the 1.0.x series (inc. 1.0.4) are a year old! Those users who prefer livin' on the edge might prefer to get a faster, smaller, much less memory-leaky build from:
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nigh tly/latest-trunk/
...FireFox downloads double to 100 Million!
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
... as soon as the first proof of concept evolves into a worm, they will experience what it means to be deployed on millions of internet-connected pc's of clueless users.
Rule #1: doesn't matter how fast you output a security update, if it's not being installed.
Unfortunately it's not enough for an update to _exist_.
I think if FF was starting to feel like IE, you'd be getting infected using vulnariblities which are still unpatched, but whether this is a result of MS's relatively slow patching routing (someone mentioned they only released patches once a month except in extreme situations) and Firefox not being limited by this, or Firefox patching quicker, or a combanation of both, I can't really say.
Linux Wireless Hardware in the UK
The tabbed browsing is pretty addictive, when i use IE i always try to press conrol+t to get a new tab, but it never works. Wonder why..hehe Firefox is maybe not bullet proof but it sure keeps your PC clean from spyware.
Bits of News Giving you the latest bits.
Back in the day when I first downloaded FireFox, one of my favorite parts of using it was how fast it would load up the first window when opened. It was almost instantaneous.
The more I use it, the longer this actions takes. It doesn't matter if I clear cache and cookies, un-install plugins, or just plain uninstall and reinstall the browser.
Is it simply the newer versions that cause it to load so slowly? My roommate has the same problem. Is anyone else experiencing this and is there an answer?
Responses greatly appreciated. Thanks.
With my hardware firewall, and ActiveX disabled I am not afraid to use IE. It's faster and smaller, and renders sites better than Firefox. I do, however, love the WebDeveloper extension for FF.
Just because you aren't afraid of using IE, doesn't mean you shouldn't be. I'm sure most people who's computer is riddled with spyware arn't afraid of using IE either.
"Flee at once, all is discovered."
All I had to do was set ActiveX to always prompt, set the security and privacy to high, refuse cookies (not needed but I hate them) and I have never had a piece of spyware on my system.
That's all you had to do? It sounds so easy, intuitive even. I mean the first thing anyone using a computer instinctivly knows is that they have to master every obscure setting and learn which ones to change.
All this "IE is the Sux04rz" talk makes it very apparent that the people getting infected either have no clue about how to configure a secure computer, or have no scruples on what they click "OK" to.
Or perhaps they are in the 99% of computer users who do not dig through every config option and research the implications of each to tune their system so that it is usable to browse the web. (I am, but most aren't).
I agree many computer users are frighteningly stupid, but not in this way. I get irritated when things like common sense go out the door when a computer is involved (people who fall for too good to be true email scams and such). However what you described is not by any stretch of the imagination common sense.
Rather than go through all the trouble you described, it is much easier for me to install firefox on friend's and family's PCs and alert them when to update it. Heck, most of them are thrilled with the features like pop up blocking and tabs anyway so for them it is a win win situation.
Finkployd
A whole swathe of them have been fixed in 1.1. Note that the 1.0.x series tend to be security fixes and minor bug-fixes only, so you won't be seeing these fixes in any of the 1.0.x updates. If you want to live life on the bleeding edge (and have none of your extensions work ;)) try downloading a nightly - there are apparently quiet a few speed & responsiveness tweaks, in addition to less memory leakage.
Bullshit. Microsoft fixes a lot of problems quickly but the monthly release schedule that they have moved to means that you'll only get those patches every four weeks unless it's critical.
Oh yeah, well Firefox fixes problems BEFORE THEY EVEN HAPPEN. Of course, due to their policy of not violating the flow of space time they are forced to wait a few days to release the fixes.
See how convincing that arguement sounds?
Finkployd
I assume that by 'better' you mean 'with more ads, popups and annoying flashing things all over the place.'
My Journal
Disclaimer: I like firefox. I use firefox.
Why is this news? Does this mean that every time firefox decides to update, it should be front page news? Can't you (slashdot) create a seperate field where the latest versions of popular products are announced? Like:
product | version | last update
firefox | 1.0.4 | today
Renders sites better? Actually IE renders sites very badly, the fact that some sites depend on ie's buggy rendering is disturbing enough. Firefox will render any site closer to what the site's html/xml code is specifying.
IE doesnt support xhtml atall, and only manages to render an approximation of it when you set the mime type to incorrectly identify it as html.
Also, you are more vulnerable to cross site scripting attacks when using ie.. mozilla will correctly url-encode requests, while ie will not.. therefore when the server returns the data, it will be url-encoded and mozilla won't accept any malicious html tags.. Also mozilla actually supports HTTP (ie doesnt, heres why) and uses the mime-type to work out how it should render a file.. ie on the other hand ignores it (the HTTP rfc 2616 states that any tool supporting http will use the mime type if one is present) so if an error is returned as text/plain and contains html tags, ie will render the html tags (leading to possible malicious code or cross site scripting etc) whereas mozilla will render it as plain text like it should.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
+++ Divide By Cucumber Error. Please Reinstall Universe And Reboot. +++
> With my hardware firewall, and ActiveX disabled I am not afraid to use IE.
That's what I thought, too, until about a year ago.
I caught a trojan on my "good" box - the one I use for online banking. Firewalled behind a hardware NAT router with SPI and with the XP firewall added in for good measure. No pr0n- or warez-sites visits. No e-Mail. All patched up according to Windows Update. I'm the only one who had access to that system. No warezed stuff installed. Antivirus and SSD active and updated.
That was scary.
I stopped using IE right there and then.
Unfortunately there are some sites where I still need to use IE for work, whether or not I want to. The issue is when I am browsing the internet with IE I feel like a lost tourist driving around the bad part of town with my windows only partially rolled up. Sure, if I am smart I can avoid trouble, but you just never know.
Firefox at least doesn't give me that feeling.
Small potatoes make the steak look bigger.
It deleted my hard drive! I opened my computar case and it was gone! Very mysterious!
Boy, I cannot agree with you more. If you have half a clue, then IE is easy to make secure. I just went into Tools - Internet Options and set the Security policy to Restricted Sites, turned on popup blocking (after I obviously installed SP2), set my Privacy level to High (because everyone except an idiot knows this is how to disable Cookies), and then installed all the hot fixes from MS. If you are too lazy to maintain your software properly then you shouldn't even have a computer. Just get a Mac or something.
It's like all those people who complain about safety problems in cars. My Pinto is safer than almost every car out there. All that with almost zero risk of theft. I strapped some padding onto the rear bumper and put some steel reinforcement plating around the gas tank. There is almost no risk to myself or my passengers of a ruptured fuel tank, all because I took the time to fix an inherent problem in the design of the ... wait .... err ... I gotta go.
Well, generally I agree with you. However, when it comes to correctly rendering UTF-8 pages, specially with Arabic characters, firefox has some very well known bugs that have not been fixed now for ages. The most annyoing one is a bug in rendering arabic decimal number: It shows all numbers like 1.4 as 4.1! Of course, IE renders such pages perfectly.
While I have had crashes, when I browse to the samba shared folder with the FireFox or Thunderbird installers, Explorer will show the default program icon (the empty window) and lock the folder window up for a while before showing the actuall installer icon (the box and CD) and becoming interactive again. Tis anoying. It also takes an unusual amount of time to get the first window of the installer after I double click the icon.
#include <signature.h>
Of course, there were settings you could change that would fix that. They were in Advanced>Settings>Options>Burning>Defaults>Input. You just had to uncheck "Always burn with error correction (may cause some discs to burn slower)" which simply fixed the garbled data, and "Always burn with high-precision laser" (so you don't get coasters). Checking those 2 boxes results in the application working perfectly every time.
Would anyone use that? No! People would laugh it off and comment on just how stupid it is. Why IE gets a free pass for almost the same transgressions is beyond me. Oh, wait, no it isn't -- it's because people started using it years ago and are afraid of changing to something better because it's "different." "I've already got those boxes checked."
Are you concerned with the large number of reported security holes lately? Somebody please feel to correct me if I'm wrong, but I do believe that the Firefox developers moved security to their highest priority during the 1.0.x releases in an attempt to catch most of the severe holes before the release of 1.1.x. If this is true, they're probably actively pursuing potential security holes as aggressively as they possibly can and correcting them even faster. Internet Explorer, though somewhat quiet on the security hole announcements recently, still has a few major security holes that Microsoft has known about for a couple of years.
My lame blog.
Upgrade to 1.0.4 still doesn't fix JavaScript issues. My biggest frustration with FF is how some links that reference JS popups do not work. Anyone know why? I wouldn't think it would have to do with the JS code, but maybe so? For example, clicking on any of these thumbnails is supposed to open a larger image but it just opens a blank window.
i on=Catalog.PerfectSeason
http://www.anders-bookstore.com/index.cfm?Fuseact
Once again, it's time for the "-1, Incorrect" moderation.
IE is not faster or smaller overall; it's preloaded and non-removable on Windows, so at least some of the space and memory is taken whether you like it or not. If you're interested, the IE package is several megs larger than the Firefox package on my Mac. While I will concede that the upshot of this is faster start times on Windows, I really don't think that waiting for FF to start is that much trouble (less than 3 seconds on my machine - I can live with that and I can't imagine it's much different on Windows machines).
As for rendering, as others have mentioned, FF is pretty close to W3C valid whereas IE is not even close. Neither are perfect, but in 95% of cases where Firefox doesn't render a page properly it's because that page uses proprietary, non-standard, IE only markup.
The same Dawn Kawamoto who wrote about the vulernabilities on CNET on the 9th has now written about the new release.
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
Absolutely. This point can not be stressed enough. M$FT is not innovative, M$FT is not responsive to its users, M$FT is not cooperative with anyone, and M$FT is not not your (or anyone else's) friend. It is lazy where there is nothing to prod it into action. It is aggressive beyond the limits of the law where it believes some else is cutting in on it's 'action'. It is arrogant, belligerent, and conceited. I for one don't trust it. Neither should you.
I just brought one simple example that FireFox sometimes do not render something correctly. You have a problem with that?
I typed my example using latin numbers but the bug is with the arabic numbers (that I could not use corrctly with
And before you get angry again, please note that I'm a FireFox user myself, and I know this bug is there and yet I'm continuing to use for OTHER benefits it has.
I have norton internet security installed on my computer and when I installed the new update for firefox I can no longer access the internet with firefox (using IE right now, something which I would like to stop as soon as possible). When I disable norton's firewall firefox works. Anyone have this problem as well and maybe know how to fix it?
Right away? It's been 10 days since the bug was added to the bugzilla database. 10 days!
If you need web hosting, you could do worse than here
I can't run the executable "firefox.exe" at work because it "has been disabled by the administrator." Solution? Rename to firefox2.exe.
The only pain comes when firefox is updated... it leaves the firefox2.exe executable from the previous installation, and adds the new firefox.exe to the install folder. It then becomes a dumb little task to update all the icons and shortcuts scattered about my system.
Wish there was some way to specify, during install, the resulting executable name. Of course, I have to be one of the maybe twenty people in the world who needs this, so maybe it's not worth the miniscule bloat.
IWARS.
People, in general, disappoint me. Politicians even more so.
leaves several vulnerabilities at LEAST as serious as the Firefox ones open UNTIL NEXT MONTH!
Who said something about "time to patch" favoring MS?
Firefox: vulnerabilities announced Monday.
Patched by Thursday morning.
Microsoft: vulnerabilities announced months ago.
Patched - "Next month - maybe".
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
None of the locale-specific stuff should have changed. Works for me.
thinking back when I was using Windows XP SP2 (the service pack being the only patch because I really didn't like the idea of autoupdating) I recall having maware problems maybe once or twice, during that half-a-year time, I had only one virus. (I have one virus on my Gentoo box now too, but I cant get it to work...).
Anyway, I haven't quite understood how bad hte security holes are, but I'll emerge the update "just in case".
The fact that popular browsers are being searched inside out for security holes is inevitable -- I'm just glad the existence of the breach was announced and fixed so quickly.
As far as I could tell Mozilla had a fix before the exploits where made public. I downloaded the nightly trunk version of FF a couple of days before the exploits went public and found that the issue was allready resolved =)
Ever since I've switched, AdAware has found ZERO spyware/malware incidents!
That is an excellent selling point for FF but the malware issue concerns more than just a browser. (With apologies to Dijkstra) AdAware and the like can be used to show the presence of malware, but never to show their absence.
Speak truth to power.
In a law school class, the professor was praising Firefox (for it's ability to do tabbed browsing, as well as it's right to left language support)..a student mentioned a news report that earlier the week new vulnerabilities had been found...everyone cynically laughs--Firefox, just like IE...
kinda sad how inured people have become to bugs--they expect them.
I'm getting really tired of this cycle:
n sions
1) Update Firefox (reinstall)
2) Run updated version of Firefox happily!
3) Close Firefox
4) Reopen Firefox - wait! It's hung apparently in the middle of loading extensions!
5) Delete all extensions from %APPDATA%\Mozilla\Profiles\gibberish.default\exte
6) Reopen Firefox - yay! it works!
7) Reinstall all extensions from [currently swamped and apparently insecure] update.mozilla.org
8) Wait a few months for next update; rinse; repeat.
I'm sure it has to do with a broken extension, but I'll be buggered if I can figure out which. Oh well! It beats the competition!
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
Hmmm, if Microsoft had attacked bugs and feature enhancements for IE as aggressively as I've seen for the Firefox crew, maybe IE wouldn't be in the straits it is in today. As a developer, the whole IE thing has been a disappointment because in the early days it really looked like MS was going to bring something great to the table, but after they killed Netscape, they just let it drop.
So yeah, all of the reinstalling the whole Firefox package to get the fixes is a little bit clunky (just a little), but I expect to hear less and less about security holes in Firefox in the near future at this rate. Go Firefox!
To the making of books there is no end, so let's get started
the only time 've ever had an issue is when the user agent extension buggered up.
Check the mozilla forums.
The 'smaller' this is nice, since I noticed a while ago that even with only the download window open, Firefox was using a total of 149MB of RAM. When it gets to be as big as all of Windows, you can no longer claim that the difference is just because IE is part of the OS.
Actually, had you really followed the story that bug had been discovered less than a week before being disclosed by a third party.
The bug was discovered and filled in Bugzilla by the discoverer
It was kept hidden while the Foundation was working on a fix (quite common for grave security issues)
a few days later (5? i think?) a third party (not the discoverer, not the foundation) fully disclosed the bug to the public
And the Foundation now releases the fix.
The bug has NOT "sit" for months in BZ, and the discoverer, being a member of the Full Disclosure list, wouldn't have allowed it anyway.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
It should be noted that 1.0.4 also features a JS bugfix which hastes said JS execution by around 20%.
...) is pure Javascript.
May sound like it suck... if you don't know that the whole XUL thing (basically everything in firefox but the Gecko engine itself: interface, extensions, userscripts,
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
I don't mind the freqent updates.
I don't even mind having to download the entire application again from scratch.
What really gets me is the checkbox at the end of the install process "Use Firefox as my default homepage". What if I actually *like* the homepage I've already set up?!
Perhaps I've fallen into the "Next > Next > Next > Finish" trap, but I'd like to see this checkbox turned off by default, especially if I need to reinstall the software every few weeks.
Please do pay a visit to the CSS Zen Garden and compare IE renderings to FF renderings.
the Special Effects Designs are the most interresting ones in terms of IE sucking badly, BTW...
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
I have used a software firewall (Zone Alarm) with IE running on XP Home SP2 for the past 6 months.
All I had to do was set ActiveX to always prompt, set the security and privacy to high, refuse cookies (not needed but I hate them) and I have never had a piece of spyware on my system. I still scan for Virus, spyware and adware twice a week with Norton AV, MS anti-spyware, and AdAware.
this is one of the main reasons i've stopped using windows unless absolutely necessary (and even then the rule is to try VMWare...rebooting is a last resort). i used to make a hobby of updating, scanning, securing, tweaking...uggh! Windows is a high-maintenance OS, and i have grown weary of it.
i use OS X and Linux, as does my wife, and my PCs run hella good. if you wanna spend all your time trying to figure out Security Zones (which i have NEVER fully understood, and i'm no slouch), Privacy Settings, and tracking down some obscure checkbox in a well-buried dialogue box, go right ahead. i'll be using my PC in the meantime.
I saw it on Slashdot, it must be true!
And therin lies the double-edged sword. Just about everyone on /. complains about Microsoft's auto-update feature saying that it's intrusive, and they don't want some company to have control of what is installed on their PC's.
/.ers tend to be libertarian-minded and tech-savvy, the combination makes Windows Update annoying and offensive to this audience--indeed it is annoying to all but casual and beginning users. Plus, Win Update is not nearly transparent enough--it gives little to no indication of what data it is sending to or receiving from your PC, nor does it indicate when it checks for updates. The default settings are for it to do everything without intervention, confirmation or notification--OK for home users but a nightmare for sysadmins (which is why corporate standard install images often turn off auto-install of updates).
I have no problem with the concept up auto update--I like having the latest stuff on my workstation. The problem is the IMPLEMENTATION of auto-update.
Mozilla's doesn't bring enough attention to it (however, contrary to some other posters arguments I have found it is NOT hard at all--my retired-farmer parents who are decidedly not experts picked it up immediately once they knew what the icon was).
Microsoft's auto-update is TOO intrusive. Given most
Here is what I would suggest for auto-update:
1. Make more of it driven by applications rather than the OS--more "distributed"--and contain the OS auto-update solely to kernel, system binaries/libraries, basic shared components.
2. Allow the process to be automatic, but make it more TRANSPARENT. Check for updates at predictable intervals (on login, maybe at midnight,etc) and have an unobtrusive but clearly labelled status box indicating what is happening (like when your buddy logs into your IM but in plain language says "retrieving list of updates" etc).
3. Allow for more granularity in settings for expert users or operation tailored to corporate deployments, and put in the control panel an easy-to-find "turn it all off" button. Windows has this "system restore" crap which comes in really useful when you want to re-install those worms and trojans accidentally, and the option to turn it off is buried in the most illogical place on Me, and it isn't much better under XP.
4. How about being more responsive with bugfixes Microsoft? Mozilla is non-profit and manages to fix critical issues within a week, and the process is quite transparent. Microsoft makes you wait at least a month 'till the next regular update cycle, and the process of making and testing fixes is pretty much unknown outside of Microsoft.
Just a few suggestions--there are more, but my point is that MS pretty much as long a way to go as Mozilla in this dept. A lot of MS's challenges have to do with the basic architecture of Windows being flawed (it is too monolithic, so bugs can have wide-ranging effects as can the patches).
As I am not a regular Mac OSX user, I am curious on how that platform handles updates. Could MS and F/OSS people learn something here?
If Slashdot wasn't so eager to sniff Firefox's hind leg this post would, and should, have mentioned Mozilla 1.7.8 as being released too.
Anyone else notice Gmail acting up ever since upgrading? Everytime I send/reply, etc., it drops me back to a compose screen after hitting [Send] (although the message does go out). If I go to the Inbox from that screen, it asks if I want to discard.
Paul Revere was a tattle-tale.
hide it anywhere you want. i'm still using 10.3, and don't have to upgrade to 10.4 anytime soon (although i'm anxious to get a new Mac). i can wait until there's a fix for it, thankyouverymuch.
I saw it on Slashdot, it must be true!
Jesus fucking christ, what more do you want?
Perhaps for it to come this way be default? Should every computer user assume that every piece of software they touch is insecure by default and needs to be insvestigated and tweaked to be secure? Would it not make more sense to ship it with this setting?
And yes jackass, mucking about with the control panel is obscure to many computer users. I'm sure you wrote your own OS and applications with nothing more than a magnet and some hard disk platters, but not everyone is as smart as you. You would think Microsoft would have figured that out by now.
Finkployd
Do you really mean to tell me that you read the line "all javascript vulnerabilities" and thought that they had fixed even the vulnerabilities they didn't know about? Do you really think ANYONE would come to that conclusion?
It's not possible to fix unknown problems (except maybe by accident), so adding "known" to that expression is pointless.
Sean
Obtuse, well you sir are a festisio. See I can make up words too :P
My point is that it from a user's perspective, it is completely irrelevent when microsoft claims to have fixed the problem, all that matters is when they release the fix. They can claim they fixed it quickly and had to wait for the arbitrary release date, or they can claim they fixed it a year ago. None of that matters one bit. For whatever reason, their history of timly releases simply sucks. They can excuse it however they want.
Finkployd
Well then jackass perhaps you shoudl expect the saem from others.
or wait, since it is MS are they held to an unachievable standerd.
You are a joke.
And your spelling sucks.
You know what, NOTHING is inheriently secure. However when you are making software for the masses (you know, like Microsoft does) it is inexcusable to HAVE a way to make it secure, but not ship it that way. There is no such operating system as Linux, that is a kernel. Perhaps you are taking about Fedora, or Ubunto, or something like that.
A default install of Fedora Linux, OSX, or Ubuntu is much more secure than a default install of Windows (perhaps not XP SP 2, they did finally do some things right with that one). They are basically locked down by default. However, comparing operating systems to web browsers is kind of silly anyway. So compare Opera or Firefox against IE. What is more secure by default? THAT is my point.
Finkployd
no problem :)
And yes, Arabic, Persian and languages like that read from right to left. However, the funny part is that the numbers are read from left to right! Now, the bug with FF is that when you write 314 (with arabic characters, that is) it renders it correctly as 314 but when you write 3.14 it swaps the two parts and render it 14.3 which can be a bit annoying if you have lots of such numbers in a text.
Yep. 1.0.4 still says 1.0.2 if you install
over an old 1.0.2.
Great QA.
Amen!!!
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
Had exactly the same - a colleague copied FF onto his desktop (a redirected folder, actually located on a server share), and then whenever he clicked or right-clicked on it, the PC locked completely. Weird.
"If he were a plant, people would roll him up and smoke him."
Is it filed as a bug with bugzilla?
Not being able to read such languages, i wouldn't have noticed such a thing.. But i'm sure there are plenty of indian coders who could lend a hand in fixing this.
Aside from that, firefox still does a much better job overall at rendering pages, and from a purely english speaking latin charset perspective it renders far better than ie.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Any news on whether 1.1 is also supposed to fix the non-standard text input windows that makes Firefox just about the only mainstream app that doesn't work properly in XP tablet edition?
(Most of the time, XP can't detect the text input box because it doesn't comply with the standard, meaning you need to use a keyboard rather than the pen, and on a tablet, you don't always have a keyboard...)
I've been running 1.8 with the newer Gecko engine to be deployed in FF 1.1, and see no sign of a new release for it. Is 1.8b not vulnerable, is it being ignored, or is its patch just really slow in being released?
Yeah, it's real hard to click next.
/. article. I know the basics of a web browser, and look through the menu for the options, other than that I didn't care to investigate further.
I think a lot of people are like me. They installed Firefox and maybe an extension or two. I didn't read anything, and didn't notice the arrow until the last
I have attempted numerious times to DL it only to get a partial dl when firefox says its done....
So I then tried using wget only to have it not give me the linux version but instead insist on giving me the windows version.... and it persist in dling the wndows version even after exiting the shell...
during all of this I have noticed more and more language versions come online...
Maybe they need to slow up and get it right...
I really don't need nor can I use windows version on Linux... And yes, I did in fact tell wget to get the linux version...
Installer not only loads whole installer, but still leave garbage in Add/Remove Program. I hope that some ff dev read this: you're fucking idiots.
What modern Obelix would say today? Of course, "Those crazy Americans!".