Slashdot Mirror
Nine Reasons To Skip Firefox 2.0
grandgator writes, "Hyped by a good deal of fanfare, outfitted with some new features, and now available for download, Firefox 2.0 has already passed 2 million downloads in less than 24 hours. However, a growing number of users are reporting bugs, widening memory leaks, unexpected instability, poor compatibility, and an overall experience that is inferior to that offered by prior versions of the browser. Expanding on these ideas, this list compiles nine reasons why it might be a good idea to stick with 1.5 until the debut of 3.0, skipping the "poorly badged" 2.0 release completely." OK, maybe it's 10 reasons. An anonymous reader writes, "SecurityFocus reports an unpatched highly critical vulnerability in Firefox 2.0. This defect has been known since June 2006 but no patch has yet been made available. The developers claimed to have fixed the problem in 1.5.0.5 according to Secunia, but the problem still exists in 2.0 according to SecurityFocus (and I have witnessed the crash personally). If security is the main reason users should switch to Firefox, how do we explain known vulnerabilities remaining unpatched across major releases?"
Update: 10/30 12:57 GMT by KD : Jesse Ruderman wrote in with this correction. "The article claims that Firefox 2 shipped with a known security hole This is incorrect; the hole is fixed in both Firefox 1.5.0.7 and Firefox 2. The source of the confusion is that the original version of this report demonstrated two crash bugs, one of which was a security hole and the other of which was just a too-much-recursion crash. The security hole has been fixed but we're still trying to figure out the best way to fix the too-much-recursion crash. The report has been updated to clear up the confusion."
Update: 10/30 12:57 GMT by KD : Jesse Ruderman wrote in with this correction. "The article claims that Firefox 2 shipped with a known security hole This is incorrect; the hole is fixed in both Firefox 1.5.0.7 and Firefox 2. The source of the confusion is that the original version of this report demonstrated two crash bugs, one of which was a security hole and the other of which was just a too-much-recursion crash. The security hole has been fixed but we're still trying to figure out the best way to fix the too-much-recursion crash. The report has been updated to clear up the confusion."
It's not always the most glamorous part of coding an app, but it needs to be done.
Personally, I haven't upgraded (and I won't until everything - esp. my extensions - "just work").. and reports like this suggest that this may be the prudent action.
I am the maverick of Slashdot
1) The new theme is too bulky, inconsistent on different platforms, and inferior to the highly refined and very user friendly theme of 1.5 (this is despite late efforts by Mozilla to spruce up the icon set and improve consistency)
2) Antiphishing technology is both weak (blacklist based) and a potential privacy problem. The privacy issues are raised because Firefox 2.0 Antiphishing Features employ an engine previously released by Google, which has been shown to potentially cause privacy risks.
3) The new Options dialog box is confusing, poorly designed, and illogically hides important features
4) There are many reported compatibility issues with the large existing libraries of extensions, themes, and plugins currently avaialble for earlier versions of Firefox. While this can, to some degree, be expected, the loss of this huge user contributed extension base is a non-trivial problem with Firefox 2.0, and could be a deal breaker for some people all by itself
5) The well known memory leak issue, which causes the Firefox browser to consume ever increasing amounts of RAM, eventually leading to sluggish performance and crashes, has been carried over into yet another generation. This is despite an enormous amount of public commentary and user requests for resolution prior to release of a new version of Firefox
6) There are reported problems with the CSS engine in Firefox 2.0, affecting various websites, and making certain features unavailable to surfers. Notable among these is a continued problem with certain aspects of Yahoo! mail
7) Reports indicate that episodes of random freezing during use are worse with the 2.0 version, though a cause has not yet been isolated
8) Numerous users have reported that the History bar is buggy, and that in some instances - for unknown reasons - will not display recent items when the history menu is opened as a side panel
9) RSS feed handling has taken a step backwards, and is inferior to that of IE7.
I upgraded and was pleasantly surprised to find that of the 14 or so extensions that I use, only about 3 were "incompatible" with the new version - not nearly as bad as I had thought.
That said, I've had it freeze a couple of times on me (however the session-restore worked, and put me right back where I left-off when it started up again). Javascript is still a major stumbling block - it's really damn slow. Aside from fixing bugs, hopefully they put a lot of emphasis on optimizing their JS engine, as it really is sluggish on sites that use a lot of it (Digg and the like).
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
The ability to close and continue sessions later removes a major reason why many people kept their browsers open for long periods of time. Before when you close your browser you had to open your tabs again and get it in the same configuration, now it goes to being the same as before immidiately.
So even if some leaks remain, the problems they cause are reduced.
// MD_Update(&m,buf,j);
> I do not want my browser to remember that I had ten pages open and then reopen them when it starts. I'd be running Opera if I wanted that.
Then use the simple switch they provide to make it not do that.
You didn't look very hard - the very first dropdown on the first panel of the options dialogue has the option you're looking for.
Advanced users are users too!
When the number of tabs increases more than 5 or 6, new tabs are not visible only by clicking a tiny arrow to the right of the tab bar.
:)
Yeah, annoying me too. But, this is not IE, so there's a way to change: go to about:config and change browser.tabs.tabMinWidth. You're welcome
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
I find Firefox a huge resource hog on my P4, taking away ever increasing amounts of memory in what are probably leaks.
I use Mozilla and am very happy with it.
Sounds to me like Mozilla really need to get their act together, especially given the revenue they are supposed to be generating through Google, there isn't really an excuse for this.
This might help if you have crashes:
http://kb.mozillazine.org/Firefox_crashes
Opera fanboy alert: Opera doesn't have ad supported mode anymore. Yes, that's right. It's free (cost), even though not free (speech)
I have installed the latest ver of firefox on my machine running Linux and I can vouch that this new version is not buggy. It has never crashed even once and I found it to open quicker than firefox 1.5.
Having said that, if you are using a lot of extensions including del.icio.us and many prominent ones, then it could consume some memory and might significantly slow down the machine. I think it has got to be some problem with the extension you are using rather than firefox itself.
Linux Help
for all things on Linux
Go to about:config.
Filter on "tabs"
Find the entry for "browser.tabs.closeButtons". It'll probably be set at "1". Setting it to "2" makes the close button only visible on the active tab. Setting it to "3" makes the close button the right appear again (1.5 behavior).
Hope this helps.
It's not actually a security issue.
A few months ago, someone reported a security hole using a testcase that caused two types of crashes, one exploitable and the other not. The security hole was fixed reasonably quickly, but the other crash is a hard-to-fix collection of too-much-recursion crashes, so it hasn't been fixed yet. The security hole is bug 348514 and the too-much-recursion crash is 323394.
I can understand a few people getting confused due to an old security-hole testcase still causing a crash, but having it come up in mainstream news articles and Slashdot articles as "Firefox 2 might have shipped with a known security hole" day after day is getting annoying.
The shareholder is always right.
I have been using Firefox 2.0 on Windows and Linux for a while now (RC1)
1. It is faster than 1.5
2. It is more stable than 1.5
3. It is smaller than 1.5
4. It does more 'out the box' - requires less extensions
5. It looks better than 1.5
7. I love the spell checking
8. It is more secure than 1.5
9.If it uses more memory, it is because it remembers
the previous pages and the back button works instantly.
The reasons not to quoted in the 'story' are moronic
Cheers
Sygin
Don't make your problems my problems!
I am a Firefox developer, so I can comment with some authority on these points.
First, as to the "critical security hole", as we've already stated in numerous other places, the actual exploitable hole was patched long ago. A non-exploitable crash does remain and will eventually be fixed. Anyone who reports this as a security hole has not done their due diligence.
Second, the summary posted here is a bit surprising. The feedback we've seen so far is quite the opposite of this summary: most users are, in fact, reporting better performance, lower memory usage (we fixed some of the most egregious leaks), and an easier-to-use browser. Additionally, we fixed far more bugs, especially old, longstanding bugs, in this release than in any previous Firefox release. So even if none of the new features flotas your boat, this release *should* be a polished step forward, once you start poking around a bit.
Third, as to the nine points this article raises:
# The new theme sucks
As this is a matter of personal preference, I can only encourage those who dislike the new theme to download one of the many alternative themes available. There are updated versions of the 1.5 Winstripe/Pinstripe themes, as well as many others, whatever suits your fancy. I will note that the majority of editors reviewing Firefox 2 have felt that the new theme is a step forward; so clearly not everyone believes this is a negative point.
# Antiphishing technology is both weak (blacklist based) and a potential privacy problem. The privacy issues are raised because Firefox 2.0 Antiphishing Features employ an engine previously released by Google, which has been shown to potentially cause privacy risks.
This argument is unclear. One of the antiphishing modes uses a blacklist and the other submits URLs to Google. So it at worst is not both weak and privacy-violating at the same time. Going further, however, I would ask for a less vague argument about privacy. Switching on full antiphishing protection displays a warning notice to the user specifying exactly what sorts of data is sent where, and for what purpose. I hardly consider it a violation of privacy to allow people to explicitly choose to send their data somewhere else. (Of course, given that Google doesn't actually do anything with this data other than feed it into their anti-phishing database, I don't consider it a violation of privacy regardless, but we have options precisely because not all users will feel this way.)
# The new Options dialog box is confusing, poorly designed, and illogically hides important features
Especially given the positive feedback we've gotten on the redesigned pref window, I'd suggest explicitly naming problems here rather than making such a vague and general argument. The new options box is IMO a vast improvement on the old one: it reduces the number of tabs containing embedded tabs to one (the Advanced tab), it rewords many options for grammar and clarity (especially where the old wordings had generated bug reports), and it slightly modifies the default set of options to better fit actual usage. Name the "important features" being hidden and I suspect the list will consist of features that are very important to a tiny fraction of our userbase.
# There are many reported compatibility issues with the large existing libraries of extensions, themes, and plugins currently avaialble for earlier versions o Firefox.
Actually, since the Gecko engine remained at version 1.8, with almost every XPCOM interface backwards compatible with Firefox 1.5, this release has by far the _fewest_ number of incompatibilities of any release in Firefox history. Most extensions are compatible once their version numbers are set properly, and only a small fraction actually broke. Additionally, we contacted the authors of the most popular extensions in advance of the release to explicitly ask them to test their extensions, and filed bugs to track the upgrading of popular extensions. While we can always do more here, I think this has been th
I can confirm that. Runs just as nice as Firefox 1.5 on three very different machines and has more well-rounded features, so no complaints here.
Someone is wrong on the Internet!
Same here (using a very outdated built though, 0923, because Places was dropped), no memory leaks, super stable, every feature one could dream of, perfect rendering of every web page on the planet and in the universe, perfect extension compatibility, etc, etc, etc.
I truly cannot understand why people willingly choose to download and install known unstable versions (1.0 and 2.0 series, soon 3.0 when it branches off) of Firefox.
Well, there are more options than Internet Explorer or Firefox. Opera for instance. I myself hate the fact that if you specify firefox to always open links in a new tab, and not a new instance, it still now and then opens up a new browserwindow. :) :)
Amaya is a browser made by the w3consortium. I haven't tried it yet, but a browser made by them, well I'd expect it to adhere all the standards
You've also still got Netscape but that browser hasn't been a serious competitor for a while now'but it's still available if someone'd like to try
I'm afraid I'm still an opera fanboy. Like the looks, like the usage, like that it's crossplatform, like that it had tabbed browsing back in 1999.
If I had the time I would've tried amaya and would have written something more like a review, but I'm afraid I'm quite short on time at the moment.
Manuals are your last resort only
I must pick you up on one thing. A smart pointer is a good thing - and about the best compromise you can get if you pass pointers around and can't reliably predict their lifetime (if you can predict it of course the standard alloc/free is far more efficient). A properly written one is *not* subject to threading issues... the one in the article merely sucked.
The central assumption of C/C++ is that once allocated, memory cannot be moved (because there are or could be unknown pointers to that memory anywhere). If you remove that assumption (as a high quality memory-compacting garbage collector does) then you'll see that actually smart pointers are really a very inefficient type of garbage collection, commonly known as reference counting. The problems with reference counting are well known.
Garbage collectors have the same problem that FF has - they eat memory.. they're basically big caches (if you think FF is bad try running a largish java app for any length of time - I've seen one take out a server with 2gb of ram!).
Just because Java is a crappy language with a poor implementation does not mean that all garbage collectors are bad. Emacs also has a terrible garbage collector, and I guess because a lot of coders use emacs and have waited in front of it while it hangs doing a collection, they get the impression that all garbage collectors must therefore be bad. There are excellent GCs around for functional languages, which make them perform on a par (and sometimes faster) than tightly coded C programs.
Rich.
libguestfs - tools for accessing and modifying virtual machine disk images
(taken from here)
1. Not true. The theme is perhaps not consistent, but this does not matter to the casual user who downloads Firefox for use on 1 platform.
2. Not true. Antiphishing technology privacy issues are clearly noted when the user ENABLES the (by default DISABLED) feature. This makes it completely by users' choice, and defeats this issue completely.
3. Little bit true. There are certain options hidden which should be visible. But it's a choice made towards new users, not towards old users that still remember releases such as Firefox 0.9. So it's actually a good thing. And user interfaces tend to address the most common denominator anyway, which is also a proper thing to do.
4. Little bit true, but to be expected ! Extensions access XPCOM-exported functionality. It is by default that many of the XPCOM interfaces are not stable - this is known to developers and this is clearly noted next to the interfaces you want to develop upon. If extensions use unstable interfaces they know that it could break in future releases. Short story: this issue is no issue at all.
5. 50% True. But this is a bug that could just as well be fixed in Firefox 2.0.1. Memory leaks are however not easy to fix, and it is by no means sure that it would be even fixed in 3.0, so pure speculation to make this an issue not to upgrade to 2.0.
6. True. But this also represents a transitional problem that will most likely be fixed (or worked around) in the 2.0-branch
7. Unverifyable. The author refers to some blog that mentions presumably a Firefox 2.0 RC3-version. But there are no details on the setup of the person's Firefox, nor on the extensions he had installed (see 4). This makes this issue unverifyable and strikes it off this list.
8. True. Again not something major that couldn't be fixed in the 2.0 branch - have patience.
9. Untrue. The article author states that RSS feed handling takes a step backwards - in the linked article there is no mention of this: it says that RSS feed handling has never been so good in Firefox as it is in IE7. This is a feature that Firefox may be lacking, but as it has never been present in earlier releases this is NO REASON not to upgrade. Stricken, your honour.
My judgement from the issues he stated ? He mentions 2 issues that would qualify as a "no-go" for upgrade, the history bar and the CSS issues. But both these issues are minor in that they could be fixed in the 2.0 branch. I clearly show why the other issues are not so true, and sometimes clearly dead-wrong. In my eyes, the author is writing a big fat troll, and slashdot should know better than to post this. Now the damage has been done, this discussion can quickly be silenced, hopefully.
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
"Or is it a misguided attempt to "cache" stuff in memory, which is about the stupidist thing you can do given that today memory is very slow versus processors, so usually it's faster just to recompute what you need when it's needed."
Don't be retarded. Parsing HTML into a DOM, parsing CSS and applying that to the DOM, then actually computing all of the page's layout takes considerably longer than just pulling a pre-computed DOM out of memory. Caching pre-computed values in memory is hardly a rare thing, most software does it in one way or another.
When I restarted, it was able to resume the session (after asking nicely if it should).
I tried again and succeeded in setting it to "2", and now there are no close buttons at all, not even on the active tab. Setting it to "3" does bring back the single button on the right, which I'm used to.
I dislike "1" because the extra buttons take up space but aren't useful, though it's a nice idea, and shows the user how it's used. "2" would be interesting if it worked. I'll set it to "3" just because that is what I'm used to.
When it crashed I got a feedback form, but only after submitting it did I realize it was for Apple. Then I got one for Mozilla after that.
"Education is not the filling of a pail, but the lighting of a fire." -- William Butler Yeats
Another Opera fanboy alert: AdBlock equivalent? Opera v.9+ has a sophisticated, built-in per-site ad-blocking feature. Right-click/Context menu on any site and select "Block content" to select what to block. Selections can be further edited during creation or later via Preferences.
I have memory leaks on my Macintosh OS X 10.4 system.