Mozilla Announces Long Term Support Version of Firefox

mvar writes "After a meeting held last Monday regarding Mozilla Firefox Extended Support Release, the new version was announced yesterday in a post on Mozilla's official blog: 'We are pleased to announce that the proposal for an Extended Support Release (ESR) of Firefox is now a plan of action. The ESR version of Firefox is for use by enterprises, public institutions, universities, and other organizations that centrally manage their Firefox deployments. Releases of the ESR will occur once a year, providing these organizations with a version of Firefox that receives security updates but does not make changes to the Web or Firefox Add-ons platform.'"

Good

This is a nice solution to the problem everyone has been complaining about.
I really see no complaints to this move.

(inb4 shill)

Re:Good

[freedumb2000]

I hope they will do the same for Thunderbird.

Re:Good

[deadsquid]

The Thunderbird team is talking about an extended support released on their mailing list. There's more info on the Mozilla Wiki, but it is being planned.

Re:Good

[Hadlock]

ESR's support is only for a year though, it seems? It might take institutions 2-3 months to decide it's worth upgrading to. A 2 year solution seems like a better, long term plan. In 2002-2009, having your web browser being a year out of date meant losing out on a lot of features and security fixes, but in the last 2 years innovations have really slowed down and I think 2 years support (as opposed to 1) would give institutions a lot more reason to stick to Firefox. Think of it - the many 4 year undergrad students (perhaps the less technically inclined student) would only have to experience one change in the web browser in their college career in school computer labs, etc. By changing this yearly, you're just adding another thing to the pile of the "annual make sure it all works together without crashing checklist".

Re:Good

[BZ]

Er... Browsers are adding security improvements and features at a much much faster rate now than in the 2002-2009 timeframe. This is true at least for Microsoft, Mozilla, and Google.

In the specific case of Mozilla, it has about 60x more employees now than in 2002 (and 3x what it had in 2009). It would be _really_ odd if improvement rate were actually slower as a result, since the codebase was already quite mature in 2002.

Re:Good

[Hadlock]

I would assume LTS would include security fixes, but would be a feature freeze with only security updates (improvements)? Did I mis-read the blurb when it said "providing these organizations with a version of Firefox that receives security updates but does not make changes to the Web or Firefox Add-ons platform"?
 
Honestly I could care less about most new features, 99.99% of the time features add extra clutter and are better executed as plugins anyways.

Re:Good

Could you care less?

How much less could you care?

How important is this topic to you?

Personally I couldn't care less, even if I tried. I have no interest.

Re:Good

[BZ]

The LTS would include critical security fixes. It wouldn't include all minor security fixes or general architectural improvements that improve security-in-depth, because typically those have visible effects and the whole point of the LTS is to avoid such effects. Or put another way, "does not make changes to the Web or Firefox Add-ons platform" excludes a wide range of security improvements.

To be more specific, fixing an exploitable crash is LTS material. Adding JIT hardening or process separation or something like HTTP Strict Transport security or UI changes to improve the ability of users to make informed security decisions are all not LTS material.

Re:Good

[RoLi]

Exactly!

In fact I think they only did the Firefox-LTS version because people got the idea to fork it, not because they really listen to their users. Maybe somebody could threaten to do a Thunderbird-fork...

However, Thunderbird is not as profitable (important) as Firefox. Firefox brings in AFAIK 100 Million/year while Thunderbird probably brings close to nothing.

Re:Good

[hedwards]

I like Firefox, but all the constant short freezes are really aggravating. Despite what the trolls say, Firefox doesn't use that much RAM on a typical desktop and is reasonably quick, but those regular freezes are really annoying and ought to be something that they can be fixed, those weren't a problem before Mozilla switched to this asinine release schedule.

I honestly have no idea whether it's just a coincidence or there's a causal relationship, but it is really annoying.

Re:Good

[Hadlock]

You've got to draw the line somewhere though. I would be very nervous to have a bunch of untested updates running around on my network, especially if my job/performance review/bonus depended on the quality of someone elses' untested code.
 
I'm not especially keen to answer my boss about a security exploit in a new feature that ruined the company by saying "yeah we just let it update itself, i don't really get involved in all that. it seems to work ok most of the time, I'm sure we'll catch it in time NEXT time". At least in the real world if something happens you can fall back on "we're using the secure version that we've tested against known exploits; this new exploit was out of our hands. Since we're familiar with the software we have, we were able to reduce the damage by X".

Re:Good

[BZ]

Oh, I understand perfectly why a managed deployment environment might want an LTS release, both to ease deployment and for the practical "well, we tested it against the things we knew about" bit.

My point was that not updating your browser for 2 years right now will leave you with a browser that's considered hopelessly insecure by the standards of the day (not preventing entire new classes of attacks, etc), even if you patch actual exploitable security holes that come up.

Re:Good

[RebelWebmaster]

There's a lot of work underway now to improve cycle collection times, which is where many of the pauses come from. Also, work is underway for both Generational and Incremental GC, which should improve things on the GC side. At least with a rapid release schedule, those improvements will ship when they're ready rather than waiting for other things to finish up first like they would have in the past.

Enterprises Will Like This!

[americamatrix]

This will be good news for Enterprises that want(ed) to deploy Firefox but didn't because of Mozilla's release schedule.

Now if there was only a way to control/deploy this through group policy, then Firefox in the Enterprise will really take off.


-th3r3isnospoon

Re:Enterprises Will Like This!

[grahamlee]

Then, at some point in the future, Mozilla will run a campaign explaining that 10% of the interwebs is on Firefox 11 ESR, but there have been loads of new features and enhancements since then so we should all tell people to upgrade to Firefox 17. Friends don't let friends use IE 6^W^WFF 11.

Re:Enterprises Will Like This!

[acoustix]

FrontMotion Firefox Community Edition has a MSI version that can be pushed out via GPO and also has adm/admx templates available.

Re:Enterprises Will Like This!

[SteelZ]

Now if there was only a way to control/deploy this through group policy, then Firefox in the Enterprise will really take off.

Run "Firefox Setup.exe -ms" to do a silent install or if you must have a .msi, download it from these guys

Re:Enterprises Will Like This!

[Hatta]

This will be good news for everyone who just wants to browse the web and doesn't need their browser to change every other week. In other words, just about everyone. I expect most users will be on ESR before long.

Re:Enterprises Will Like This!

[Luckyo]

Not only this, but mozilla officially stated in their blog that they will actively work to prevent people from getting ESR version, so only the corporations have access to it "because it shouldn't be the fix for add-on breaking problem".

Basically, "you will have the problems we shove down your throats and you will like them", once again.

Re:Enterprises Will Like This!

[deniable]

They still support their old versions. Making new ones isn't the problem. Dropping the old ones that mission critical apps depend on is the problem.

Re:Enterprises Will Like This!

[deadsquid]

It actually says "The ESR is specifically targeted at groups looking to deploy it within a managed environment. It is not intended for use by individuals, nor as a method to mitigate compatibility issues with addons or other software. Mozilla will strongly discourage public (re)distribution of Mozilla-branded versions of the ESR." Mozilla software will remain freely available. The ESR is not targeted at individuals, and the changes to addon compatibility (compatible by default) and updates (silent/background) in the next 18 weeks will hopefully address a lot of the issues people have with the regular release. In the end, it's up to the individual to choose, but the installers will be available to download if you really want them.

Re:Enterprises Will Like This!

[Chaos+Incarnate]

"In the next 18 weeks" is about eight months too late for them to fix those problems. They needed to have all that worked out before Firefox 5.

Re:Enterprises Will Like This!

[bigrockpeltr]

This year will be the year of Firefox in the Enterprise!

Re:Enterprises Will Like This!

[owlnation]

Absolutely correct. However, I wonder why Mozilla is trying to prevent the ESR version from having widespread access.

There's no commercial gain in so doing, it's built anyway -- so people may as well use it, it won't affect support particularly -- just move questions perhaps. So where is the harm in giving people freedom of choice? Is freedom of choice not intrinsic in the philosophy of open source software?

I suspect the only reason for limiting the ESR version is vanity and arrogance. FF's arrogant developers know fine well that the ESR version would quickly become the default version of FF out there. It is exactly what everyone wants, a stable version of the software without new, worthless, feature-bloat ever two weeks.

FF developers, why not just have balls to admit you fucked up? Give people a free choice between ESR or the rapid-deployment constant-flux FF versions. See which people prefer -- and then run with that, and concentrate more on that version.

Really, what is the fucking point on forcing your idiotic ideas on users who really want something else? That's why you are too cowardly to make ESR freely available. And we know it.

Re:Enterprises Will Like This!

[icebraining]

No, the problem is developing mission critical apps tied to a single Firefox version (or to Firefox, period). Supporting older FF versions is just putting make-up on the pig.

Re:Enterprises Will Like This!

[jdgeorge]

The reason for limiting the ESR version as much as they propose is almost certainly resource (people) limitations.

By the way, insults to the actual developers who work on code for software that you evidently like (or presumably you just wouldn't care about this issue), only discourage those developers from being interested in your opinion.

Re:Enterprises Will Like This!

[unixisc]

I know that you're (probably) being facetious, but why would enterprises go back now? Particularly the ones that had moved to 4, and suddenly saw version numbers being changed on them before they knew it? The damage is done - those who put a lot of effort in migrating to 4 and suddenly found themselves high and dry would by now have moved to something else - be it Firefox, Chrome or Safari, and wouldn't bother spending the time & money in going back to Firefox. And of the others - people would probably either be happy w/ IE, or w/ Chrome. In fact, if they are on XP and IE, the last upgrade they'd have to do is IE8.

Even on Linux where Firefox previously had a bit of a monopoly, now there is Chrome, in addition to Opera, Konqueror and Epiphany. Yeah, I know companies probably won't go w/ the latter, but they can certainly go w/ Chrome as far as Linux browsers go.

Re:Enterprises Will Like This!

[hairyfeet]

What you are advocating is basically the "shit sandwich" approach to programming, where someone lays a hot steaming turd sandwich on your plate and says 'Don't complain because its free!" which kinda ignores the fact its...well shit. if the ESR gets massive downloads while nobody touches the "regular" release, doesn't that tell you something? Like maybe the DEVS ARE ON THE WRONG TRACK and aren't listening to the users? This seems to be a real problem with FOSS in general, just look at KDE 4 and Gnome 3 and how many are working to keep the old version working because hey! Its vetted and solid and not buggy as shit, who'd a thunk it?

in the end numbers don't lie and after years of steadily increasing numbers FF has been nosediving for nearly two years now and I'd argue it AIN'T because of Chrome, because i can tell you supporting consumers 6 days a week we humans are lazy creatures and don't like to change unless we have to. No their numbers have been bombing because the devs are going off on a track where the users don't want to go! The new UI sucks and feels like a chrome ripoff, I don't know if others are seeing the same but in my case FF runs like shit on AMD CPUs, the memory usage if anything is worse, CPU spiking has gotten a tiny bit better in 9 but not much and it still slams the CPU when opening new tabs, but since the devs don't listen to the users its all "itch scratching' and "fuck you because we're going THIS way" and the numbers show what the result of that attitude is. Its not like the bad old days when we had IE or a shitty broken netscape, we have a myriad of choices now, Chrome/Chromium/Dragon/SWIron, QTWeb, Safari, Opera, Kmeleon, IE, just a ton of choices so if the devs don't listen we vote with our feet. I'd say the numbers do the talking better than I ever could and if they were on the right track they'd be going up instead of down.

Re:Enterprises Will Like This!

[grahamlee]

On the "bizarre system" (or perhaps "bazaar system") called GNU. http://www.bigsmoke.us/readline/shortcuts

Re:Enterprises Will Like This!

[idontgno]

Moz' approach to product improvement is like clearing a minefield. Not by careful detection and painstaking removal. By herding livestock through the field.

Giving sheep the option of staying in fields which have already been cleared of mines is counterproductive.

Re:Enterprises Will Like This!

[broken_chaos]

Uh, Chrome's even worse than Firefox when it comes to forced upgrades...

Re:Enterprises Will Like This!

[bendodge]

a chrome ripoff

That. I wish I could buy a billboard in front of wherever Mozilla's people work and put up:

If we wanted Chrome, we'd use Chrome. Bring back Firefox.
Sincerely,
Everyone who used Firefox before the versions numbers went haywire

in MASSIVE text as a daily reminder of the old glory days.

Seriously, I shouldn't have to rearrange and twiddle with everything to get Firefox as much like 3.6 as possible every time I install it. What true UI improvements have we had since then? I can think of two: tabs that don't resize while I'm hovering on them, and tab groups. Why was the rest of it randomized?

Also, what's with the stupid launch defaults? I close Firefox when I want a clean slate, not a glorified minimize. "Restore my windows and tabs from last time" is antithetical to the whole idea of closing all the tabs! Can you imagine if Windows restored all your programs and junk from last time? People would come unglued.

Also, we live in an age of large LCD displays. I can spare a few pixels of screen space to keep the bookmarks and buttons I use all day long visible instead of burying them somewhere underneath gloss and shiny.

One last gripe: Tools > Add-ons should take me to Extensions, not the "Wonderful World of Stuff You Could Bloat Your Firefox With." I go to Add-ons to remove extensions other programs installed without asking far more often than I feel the urge to add bloviated toolbars. Speaking of which, can we finally make Firefox ask before allowing programs (like nearly every AV, Skype, whatever) to hang their useless (or worse, Google-search-invading) lampshade in Extensions?

Re:Enterprises Will Like This!

[dbug78]

Also, what's with the stupid launch defaults? I close Firefox when I want a clean slate, not a glorified minimize. "Restore my windows and tabs from last time" is antithetical to the whole idea of closing all the tabs!

I've just spent 5 hours experimenting with customizing the installer for a company deployment and so I've repeatedly uninstalled and reinstalled Firefox, deleting %appdata%\Mozilla each time. Every time I started it up, it would open about:home and nothing else. It puts a button at the bottom of that screen to restore your last session, but that's it.

Also, we live in an age of large LCD displays. I can spare a few pixels of screen space to keep the bookmarks and buttons I use all day long visible instead of burying them somewhere underneath gloss and shiny.

The bookmarks toolbar? Click the Bookmarks button and check View Bookmarks Toolbar. In the time you took to whine about it, you could have turned it on and off 20x.

One last gripe: Tools > Add-ons should take me to Extensions, not the "Wonderful World of Stuff You Could Bloat Your Firefox With."

Again, based on my work with the installer today, it only defaults to Get Add-ons if you don't have any already installed. If you have extensions, it goes there by default. If you don't, what would the point of going there be?

Speaking of which, can we finally make Firefox ask before allowing programs (like nearly every AV, Skype, whatever) to hang their useless (or worse, Google-search-invading) lampshade in Extensions?

This was added in 8.0.

Re:Enterprises Will Like This!

[lennier]

> but will _not_ get architecture changes

I wish they would not change the architecture ever 5 weeks...

This. Isn't "architecture" supposed to be something you do once, do right, and then leave the heck alone? If it was supposed to change rapidly, it'd be "fashion". And your architecture should have been designed to accommodate extensions (not fundamental rewrites) from the beginning. If you have to rebuild your foundations every six weeks in a way that breaks existing stuff, that's an admission that you got the design totally wrong.

No, don't say "but we have no way of testing whether our fundamental underlying design is correct! we have to just extremely iterate it until we crowdsource the eyeballs!" That just means that we shouldn't believe you when you tell us that you've got it right this time either. Go back to school until you can learn how to do it once, do it right, and then leave it the heck alone. You've built a platform, now build on that platform, don't keep yanking it away. There's a word for what happens to real architecture when it undergoes rapid forced change: disaster. Try not to take earthquakes and tsunamis as your development model for software, hmm?

(That's probably something the entire software industry needs to do, sadly, not just Mozilla. Go back to school until we actually have a formal science of software engineering that can detect Titanic-sized disasters before they're shipped to the entire Internet. I'm not hopeful it will happen before botnets turn us into a smoking crater though.)

Re:Who is paying?

[meow27]

Mozilla needs a high market share in order to convince search engines to give it a better contract.

meaning Mozilla will try to get a larger userbase for firefox, so that the next round it needs more money, It can ask for more money from bing/google/yahoo or whoever is willing to pay for the defualt browser spot for firefox.

so do they have paying customors outside north america? no, it doesn't matter, its the market firefox is trying to expand into to get money later

ESR?

I'm going to keep reading this as the Eric S. Raymond release.

Did they fire Asa?

[xenoc_1]

This is still reactive damage control to foolish arrogance by Asa "we don't give a crap about enterprises" Dotzler.
That's what you get why you hire a fanboy to become the voice of your company.

Re:Did they fire Asa?

[Rogerborg]

Sadly no, the ADHD Kid is still jumping up and down and shrieking about how great it is that there are (at least) 4 major versions currently on the go. I only wish I were joking about that.

Hope they are serious

[linebackn]

I just hope they are actually serious about this extended support version. Their other "enterprise" efforts in the past have mostly just been talk.

And then there is still the problem that even if you, the company, are now on the new long term supported version, the beta testers^h^h^h^h^h^h^h^h^h^h^h^h general public will be on newer versions that potentially may do things differently. If your corporate application is also public facing then you still have a problem.

Personally I would encourage regular users to stick with the long term supported version as well.

Re:Hope they are serious

[BZ]

Then you would be hurting those regular users, since the ESR will almost certainly be less secure than the regular version; the longer into its year of life you get the more this will be true.

Re:Hope they are serious

[RebelWebmaster]

bz pointed out elsewhere in this thread that while ESR releases will get critical security updates backported to them, they won't be receiving any major architectural updates/refactorings that inherently improve security. So in that respect, ESR releases will be more limited security-wise than the mainline release.

GP Integration?

[Troke]

Don't get me wrong, love Firefox for smaller sites but the lack of Mozilla handled Group Policy integration (I know there's an add-on somewhere) makes it a no no for me in my larger environments. Perhaps the use of ESR will force the change when they realize more enterprise environments begin to use Firefox.

Re:Oh good. ANOTHER browser to support.

[Lennie]

1. It is only one version to support and you can run it next to the latest version of Firefox. I would think this is a good thing if it keeps the people that do not what all those changes on the same older version instead of, some users on 6, some users on 7, some users on 8.

2. What you are looking for is called the "Add-on Compatibility Reporter":

https://addons.mozilla.org/en-US/firefox/addon/add-on-compatibility-reporter/

It was obviously meant for a different purpose, so with that name it makes it kind of hard to find.

Re:Oh good. ANOTHER browser to support.

[deadsquid]

The ESR is going to be based on Firefox 10 (which, incidentally, changes addons to be compatible by default), and most of the core rendering will not be affected. It is Firefox, but it won't get new features. It'll be "standard", but new additions will not be available, and that's a compromise that corporate deployment groups ere willing to make. Chrome's silent updates present the same problems to these orgs, in that the browser is changing rapidly and orgs have problems with testing and certification on the schedule.

I kind of like Mozilla fumbling...

[HBI]

My reasoning is as follows: I don't want to be using what the mass of the Internet is using in terms of browser. I want something with strong plugins and the ability to filter out dynamic code embedded in pages. That means Firefox.

When it looked like Firefox was going to gain 50% share, I was worried. First, my browser gets targeted. Second, people would be motivated to detect and block those using the script and ad blocking plugins I use. The decline in FF market share is pretty good news to me.

Keep at it, Asa!

Re:SSL Security Ignoring version?

[icebraining]

Just use sslstrip locally as a proxy; as the name says, it'll strip the SSL from the connection (while leaving it encrypted from the ssltrip software to the server), so Firefox and Java will only see unencrypted HTTP.
Don't forget to disable the proxy (there are nice addons for 1-click toggling) before browsing the big bad web.

Now, can I have my fifty? Oh wait, Paypal. Thanks, but no thanks.

Re:major versions are not for minor releases

[RebelWebmaster]

So you're going to switch from one browser that rapid releases to another browser that rapid releases, over......rapid releasing?