Slashdot Mirror
No Additional Firefox 4 Security Updates
CWmike writes "Unnoticed in the Tuesday release of Firefox 5 was Mozilla's decision to retire Firefox 4, shipped just three months ago. Mozilla spelled out vulnerabilities it had patched in that edition and in 2010's Firefox 3.6, but it made no mention of any bugs fixed in Firefox 4 on Tuesday, because Firefox 4 has reached what Mozilla calls EOL, for 'end of life,' for patches. Although the move may have caught users by surprise, the decision to stop supporting Firefox 4 has been discussed within Mozilla for weeks. In a mozilla.dev.planning mailing list thread, Christian Legnitto, the Firefox release manager, put it most succinctly on May 25: 'Firefox 5 will be the security update for Firefox 4.' Problem is, users are being prompted to upgrade now but are hesitant because the new rapid release of updates means many add-ons are not compatible. And without security updates in between, many could be left exposed with unpatched browsers."
For Firefox 6.0
I would not be surprised if their new release cycle causes their marketshare to start shrinking in a significant fashion.
I have been a long-time Firefox user (ever since it was Phoenix) and their current release philosophy is really turning me off. They just seem so misguided and detached from reality.
Are they trying to kill their user base ?
Anybody serious deploying system WILL NOT ship a mozilla product. Obsoleting a software 3 month after its release is ridiculous. You can't try to get market share and killa release in 3 month. If you don't plan to give any support, call that a development version!
I am SO disappointed in them!
Slashdot story
No big news, except that the Mozilla Foundation has gone out of its mind. I think I'll stick with Firefox 3 until it reaches end of life, and then upgrade to Firefox 25.
I really don't want to have to push out a brand new version of FF every few months and risk breaking my users' plugins that they use.
"A plan fiendishly clever in its intricacies"- Homer Simpson
This whole version number thing is insane and pissing off anyone who needs a singe stable version that is supported for a reasonable length of time.
If they wanted to up the version number they should have just skipped 4, 5, 6, 7, 8, 9, 10 to 11 or 12. Or since everyone skips 13 anyway just go directly to 14 and be done with it. Then keep it there for at least a year.
Except that the version numbers do matter when it comes to plugins and the maxVersion string. They are going to be breaking add-ons left and right with this shit.
Who, exactly, is the rapid release schedule helping? It's certainly not helping web developers and organizations who try to list their supported browser versions and actually try to code towards those versions. The quickest path to get the corporate PHBs to stop supporting your browser is to have the IT staff say "Guess what, the next version of Firefox is already out so we need to make updates." At some places, support for browsers other than IE is tenuous at best, so making it more difficult to support these browsers only hurts the browser manufacturers.
Want to gain more support? Release a stable product, with wide support for standards and add-ons, and do so on a sane, well-publicized schedule. People don't care about version numbers; updating software isn't something people want or like to do. Why are you making it more difficult and cumbersome for users to use your product?
Dear Mozilla: Pull your head out of Chrome's ass.
Conservative, mod down for violating
But that is merely a symptom, not the cause.
If nothing else, the new release philosophy causes the incredibly stupid approach to add-on compatibility to be highlighted.
People have complained about add-ons 'breaking' for years with other (point) releases, usually stating that after updating the maxVersion string manually, or using Nightly Tester Tools to override, the add-on continues to work perfectly fine.
Perhaps it's wishful thinking.. but part of me is hoping that the new release schedule forces Mozilla, and the community, to re-think add-on compatibility reporting; flagging add-ons as 'broken' not by default, but after testing.
They make it sound as if it is the users fault. The users are not there so you can code. You should not code despite of the users.
I now need to run firefox with the -P option, because they do not allow me to run two instances at the same time (No, I do not mean a second window). Running it over ssh needs an extra parameter.
It does a lot of other things against logic, like updating itself instead of letting my distro do that.
With everything they do I get a feeling that the developers think they are holier then thou. They do things because they can and/or because it is fun to do for them.
At this moment the only thing that keeps me with Firefox is the add-ons, but I will making a list of the importance of all plugins and see if there is an alternative elsewhere.
They, of all browsers, should know how fast people can switch and loose everything again.
Don't fight for your country, if your country does not fight for you.
Christian Legnitto, the Firefox release manager, put it most succinctly on May 25: 'Firefox 5 will be the security update for Firefox 4.' Problem is, users are being prompted to upgrade now but are hesitant because the new rapid release of updates means many add-ons are not compatible. And without security updates in between, many could be left exposed with unpatched browsers."
Came to say that.
Don't the people in charge think these things through? It appears not.
The new versioning schema is the new security hole in Firefox.
And all done for no real gain or benefit.
Idiots.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
How the hell do you work that into the new versioning system?! The only way would be for the browser itself to "know" that Firefox 5 is basically Firefox 4 and not flag addons written for "4.0+".
Am I supposed to assume that an addon I write against Firefox 4 will work in Firefox 5 and Firefox 6, when the same was certainly not true for Firefox 1 to 2 - and 2 to 3, and 3 to 4? When will they be changing the API again? Am I supposed to be psychic when setting the maxVersion number?
Two things they could do. The one they probably should do right away is to decouple the API versions from the program versions, since those have become meaningless. Heck, even Windows did this when their marketing department got the clout Mozilla's seems to have - developers could still query the real (meaningful) version number even though the box had a year or stupid name on it. They could leave things as they are now for addon developers or they could introduce a new maxAPIVersion check, one time.
If they were feeling energetic, they could teach the browser how to introspect its API changes and make smart decisions. Say, an addon uses foo() and bar() - those did not change since the maxVersion release, so run the addon. Another addon uses foo() and baz() and declares the same maxVersion. The browser knows that baz() changed semantically, so it prevents baz() from running.
I'd probably rather see that approach since it takes the weight off of thousands of developers and puts it onto one or two.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)