Slashdot Mirror
Firefox 3.5.1 Released
alek writes "A day after Slashdot reports about a self-inflicted vulnerability in Firefox 3.5, Mozilla releases 3.5.1. It addresses that security issue, but also fixes the annoying slow-startup on Windows. Bummer the UNIX wars have subsided, because apparently they also had to fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!"
You should try fixing some bugs in Sunbird, if Mozilla interests you but the hugeness of Firefox is intimidating. I was able to contribute code (granted, only two lines) to Sunbird that fixed a real live bug, and I was in high school at the time.
Le français vous intéresse?
From the link, it appears that files (probably having an excessive amount of files) in the IE cache was slowing down Firefox cache? Isn't the Firefox cache entirely separate? Does it look in the IE cache to try to be friendly and helpful, and if so, can that behavior be turned off?
This is true. I've had my share of complete freezes under Linux. Ironically though, SSH access to the box still typically works and I can kill X if ctrl+alt+backspace doesn't work. It's rare to have a freeze that completely evicts all sense of response from the system (though I've had this happen before).
Interestingly, the last unusual behavior I had under Linux was when a video card blew 4 out of 7 or 8 capacitors. That was a real treat.
He who has no
NSS (Network Security Services) 3.12.3 is using IE temporary internet files to generate seeds. Sounds thoroughly stupid to me, as it means that if you never use Internet Explorer, your cryptographic seeds won't change. How about using the process list or something not Hard Drive dependent to generate the seeds instead?
As I said in the "Blue screen" post, I can't even use the "Magic SysRq key". I've invested several days in solving this. I'm definitely not doing something stupid. It definitely isn't the hardware. It's a problem between ATI's drivers and the rest of the OS.
gpg --verify "Firefox Setup 3.5.1.exe.asc"
gpg: Signature made 07/15/09 19:56:19 using DSA key ID 17785FE8
gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>"
gpg: Note: This key has expired!
Primary key fingerprint: 8D6F 1BA4 A340 4DDB 3F2F D080 7447 4499 8123 47DD
Subkey fingerprint: 3338 E6BA FF10 3B3D A6A9 E424 B57B 5484 1778 5FE8
If you think that is bad enough, just use Process Explorer and click on Firefox.exe in the process list. You'll be extremely saddened by all the IE-specific nonsense that Firefox apparently is now reliant on.
Firefox even decides to load driver files (.dll files and others) for Windows services I specifically have disabled.
Firefox, do you honestly need to start winspool.drv, dnsapi.dll, rasadhlp.dll, rasapi32.dll, ieframe.dll, ieframe.dll.mui, etc? Really? Even with the associated services disabled? When the associated hardware is not installed (printer, 56k modem)?
Note: I've checked the process threads of Opera and other browsers, and they don't load half of the shit that Firefox.exe does.
We won't even go into why Firefox would load sound drivers. A second time. After the OS already has them loaded.
And people wonder why Firefox has memory leaks from hell.
Still, this is my browser of choice, because Opera is just horribly hideous to look at and doesn't work on half of the websites I visit. IE8 at least is a serious improvement over any previous version of IE. Chrome is just...let us just say I don't need Google recording every single link I click on and selling the information or providing me with targeted advertising 24/7. It's bad enough I use GMail (at least for unimportant things).
@Mindless Drivel: 100% of Twitter posts ever Tweeted.
I mean, I've given up on scaling fonts lager on the fly (as opposed to zoom), but how about 'paste and go' for urls - like opera has had for years (and now chrome)
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
That's cute, but missing the point.
The majority of us use Windows, and will therefore probably want to develop on that platform.
If you read the Windows section of the page you linked to, the very first line is "Building on 64-bit Windows does not seem to be supported."
If you read the rest, you get told about using Visual Studio Express Editions and Windows SDKs, but as anyone who's tried it will know, just finding and installing the right SDKs there can be tricky. (Microsoft's own web site had links to an out-of-date version for a while, which didn't help.)
Then you get to the MozillaBuild bit. What, yet another proprietary build system? At that point, I really start to shudder, because even if an experienced Windows developer might already have Visual Studio, .Net and the Windows SDKs installed, they won't have this. Using Mercurial isn't so bad (at least it's not Git) but it's still going to be different to what most Windows developers are familiar with.
Then there are the fiddly bits of actually building it, to do with the Windows user home directory stuff that approximately no-one actually uses.
Seriously, if you think this is a "simple" build procedure that's going to get casual volunteers contributing small fixes, you're not part of the solution, you're part of the problem. A simple build consists of "get_source_code <directory>" followed by changing to that directory and "make". If yours is more complicated, it's a roadblock to casual contribution, by which I mean contribution by those who don't make a full-time hobby of working on the project but would be happy to help fix the odd bug or implementing a minor feature they really want.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
If there is a browser/extention (they run at browser level)/plugin(yes even a flash or adobe exploit) or other program vulnerability they can perminantly modify your firefox binary to execute whatever code they want. In addition to having your user account, where all your data is, completely owned, no OS has a particularly good record on preventing malicious binaries from getting root (ubuntu with sudo is particularly bad as it can just request permisions just after you grant another process root using sudo) (and unless you've gone out of your way all your protection (apparmor in particular) is next to useless against a 3rd party binary).And I wouldn't dream of putting plugins in ~ either, even if it means it takes a few minutes they belong in /usr/share/mozilla/plugins/ (or /usr/lib64/m... for some reason on this fedora)
So in summary, as i have no clue about security, i make sure my 3rd party binaries are safely locked away in /opt and can only be updated by root.
IranAir Flight 655 never forget!