Slashdot Mirror
Firefox 27 Released: TLS 1.2 Support, SPDY 3.1, SocialAPI Improvements
jones_supa writes "Mozilla has released Firefox 27 for Linux, Android, Mac, and Windows (download). One of the big changes is enabling support for TLS 1.1 and 1.2 by default. Firefox 27 also supports the SPDY 3.1 protocol. Developers got some new toys: support was added for ES6 generators in SpiderMonkey, the debugger will de-obfuscate JavaScript, and style sheets can be reset by using all:unset. Mozilla also announced some new social integration options. In addition to all these changes, the Android version got some UI improvements and font readability upgrades. For a future release, Mozilla is currently testing a new approach for Firefox Sync in Nightly builds. They recognized the headaches involved with how it works, and they're now opting to use a simple e-mail and password combination like Google Chrome does. In the old system, users were forced to store an auto-generated authorization code, which, if lost, would render their bookmarks, passwords and browsing history inaccessible. "
Recent Firefox versions supported TLSv1.1 and TLSv1.2, by setting security.tls.version.max=2 in about:config. It is nice to have it by default now, but the missing bit was GCM ciphers support. They are important because CBC ciphers are more and more under attack (BEAST was CBC-specific). Do they implement GCM now?
I sincerely hope these are optional and not going to get rammed down our throats so Mozilla can collect more ad revenue.
Because, quite frankly, I have no interest in having my web browser trying to integrate with social media.
Lost at C:>. Found at C.
I want to see WebPayment lift off. This could be a huge enabler for small internet businesses. Any news on that?
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
Firefox has gradually turned into a bloated, buggy piece of crap. I finally gave up, and started using Chrome instead. Yes, the Great Google is watching my every browsing move. But at least it works.
I see they haven't reversed the horrible misfeature of the "awesome" bar being restricted to whatever's specified in the search bar (e.g., Wikipedia) instead of using your default search engine regardless.
Or is there an about:config setting for that which I don't know about?
Maybe it's me, but Firefox 26 would crash at the drop of a hat (and that's on Windows and Linux). I would sincerely hope that 27 is somewhat better in that respect.
I'll give FF another shot when there's a GTK3 port.
But, uh, hey... apparently we got us some Saavn (?) integration.
...the first thing I think is, "Oh God, what have they broken this time?"
Mozilla really need to stop fucking around with things that aren't broken and fix the things that are.
I'm hoping support for DANE will show up soon...
I only sync Bookmarks and Addons (for security reasons I don't even store passwords). But I've never had a problem with the way sync works now. You need to have a synced device on had to generate a code to feed into the device you want to add. As long as you have 1 accessible synced device you're good.
If you were using it to back up bookmarks on one machine and you are rebuilding that machine, then you may be in trouble. So I guess that's what they're referring to here.
I have it on my phone, so I can always have that one on hand
I refuse to sign
Am I the only one who could care less about social media integration?
One of the biggest changes in Firefox was that JavaScript was permanently enabled.
But a side effect of the removal of "Enable JavaScript" checkbox was the removal of the "Advanced" button which limited what scripts could do - move/resize windows, bring windows to front/back, allow scrpits to write to status bar, disable context-click (right click), etc.
Which is annoying because those options were good to have - especially sites that disable right-click.
On Firefox, it's possible to re-enable right click if you hold down Shift then right-click - this will force Firefox to display the proper right-click menu. But that's a PITA
While extensions like NoScript work, they don't prevent permitted sites from playing around with stuff like that - a site needs javascript ot work and then they promptly open a bunch of windows or disable right-click while it's enabled.
So, just curious to know. The previous sync version had client-side encryption, i.e., Mozilla did not know what data you upload on their servers. In order to do authentication with a Mozilla account, I presume this has to be changed and now the Mozilla people have full access to an unencrypted version of your bookmarks/passwords etc.
Is this correct? That seems a worrisome change.
My first program:
Hell Segmentation fault
https://addons.mozilla.org/en-US/firefox/addon/settingsanity/ It even restores the 'Advanced' dialog but does not restore all it's options.
Curious if the folks who got the update saw this feature. I thought it would be a pretty desirable setting in a mobile browser, but the last version didn't seem to have it, even in about:config.
Back under the bridge...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Last year I was running Firefox on Win7-32, on a machine with 4GB RAM, and it would crash five times a day. Now that I'm running Win7-64, on the same hardware but with a lot more swap space enabled, it still crashes occasionally, but maybe once or twice a week.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I breathed a sigh of relief upon reading this headline.
The latest TLS version Firefox supported until now has been broken in principle--and increasingly in practice--since almost a year ago
Here's Matthew Green, JHU cryptography engineering professor/researcher, with a full account: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
Firefox Classic? What about some previous version. Here you go, take your pick: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/
de-minify, not de-obfuscate. Obfuscated code generally replaces named variables with random letters, thus making it hard to read. Obviously there's no way of restoring the original code. But minified code can be restored by a parser. That seems to be what they are referring to.
You know what they say about opinions. They're all fabulous!
So, what useful UI elements were removed this time? I think they're starting to run out of things to axe, but pretty much every time there is "UI improvements" in patch notes, it meat a useful element of UI was removed from the browser, often with no real means of putting it back in.
Well, good thing that 3.6.28 is still quite functional, and for all other needs, there's pale moon.
Can I turn off the tab bar again? What other new bugs have they added this time?
They need to go back to square one and stop programming for Windows 1.0. By Windows 3.1 Microsoft had nearly fixed the broken programming model which required Windows programs to be single instance. After that you could actually write applications which kept proper data separation. No more silly reading of data from other application windows.
The Windows 1.0 single instance programming has crippled computers for over 30 years now.
Windows 1.0 programming did introduce many people to object oriented programming (but didn't call it that). In the long run, that ight not even have been a good think, now we are stuck with programmers who only know java.
This kind of crap is why I want to go back to 3.6
Thanks, UnknownSoldier, for this: "I just want FF's memory leak to be fixed instead of the devs ignoring it version after version, year after year."
I first reported that problem about 10 years ago.
Mozilla Foundation
Top 20 Excuses
for Not Fixing the
Firefox Memory and CPU Hogging bugs
These are actual excuses given at one time or another. They are not all the excuses, just the top 20.
1) Maybe this bug is fixed in the nightly build. [The same memory and CPU hogging bug has been reported many, many times over a period of TEN years.]
2) Yes, this bug exists, but other things are more important. [The bug eventually causes Firefox to take 100% of the power of one CPU, and makes Windows 7 unusable, even after Firefox is killed. The bug affects the heaviest users of Firefox, those who do a lot of research online.]
3) Yes, this bug exists, but it is not a common occurrence. [Numerous users have reported the bug. See the links.]
4) Works for me. [The bug is complicated to reproduce, so the developers did a simplified test, which didn't show the bug.]
5) No one has posted a TalkBack report. [If they had read the bug report, they would know that there is often no TalkBack report, because the bug crashes TalkBack, too, or a TalkBack report is not generated. TalkBack does not generate a report if Firefox is hogging the CPU. TalkBack cannot generate a report if the bug takes 100% of the CPU time.]
6) If you would just give us more information, we would fix this bug. [They didn't bother to reproduce the bug using the detailed information provided.]
7) This bug report is a composite of other bugs, so this bug report is invalid. [The other bugs aren't specified.]
8) You are using Firefox in a way that would crash any software. [But the same use does not crash any version of Chrome or Opera.]
9) I don't like the way you worded your bug report. [So, he didn't read it or think about it.]
10) You should run a debugger and find what causes this problem yourself. [Then when you have done most of the work, tell us what causes the problem, and we may fix it.]
11) Many bugs that are filed aren't important to 99.99% of the users.
12) If you are saying bad things about Mozilla and Firefox, you must be trolling. [They say this even though Firefox and Mozilla instability is beginning to be reported in media such as Information Week. See the links to magazine articles in this Slashdot comment: Firefox is the most unstable program in common use.]
13) Your problem is probably caused by using extensions. [These are extensions advertised on the Firefox and Mozilla web site, and recommended.]
14) Your problem is probably caused by a corrupt profile. [The same bug has been reported many times over a period of five years. One of the reports discusses an extensive test in both Linux and Windows that used a completely clean installation of the operating systems, not just a clean profile. The CPU hogging bug and instability was just as severe.]
15) If you are technically knowledgeable, you can spend several hours (or days) trying to discover the problem: Standard diagnostic - Firefox. [Firefox has "Standard Diagnostics". It has become accepted that some users will have severe problems. !!! ]
16) I won't actually read the (many) bug reports, but I will give you some complicated technical speculation. [This pretends to be helpful but, on investigation, is shown to have nothing to do with the bugs.]
17) It's understandable that Firefox developers become defensive when users report so many problems. [Translation: Firefox management is childlike, not adult.]
18) To spend smart developers' time going over reports of bugs generated by analysis tools would be a
The Firefox Memory and CPU Hogging bugs are NOT fixed in Firefox version 26.0. I had 2 crashes last week. One of them did not trigger a crash report. My system is very stable in all other conditions. (Windows 7 Ultimate)
Firefox is the most unstable software in common use.
The problems occur when using many windows and tabs and sleeping and hibernating the OS.
PLEASE don't bore everyone by saying you don't have the problem, but not listing your usage patterns, OS, and extensions.
When? Until Firefox gets that, it's not getting a place back on my desktop.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Why do I waste my time. Mozilla cuts me off after a dozen or so suggestions to improve their web pages (even after clearing cookies).
Likewise slashdot is now pushing the beta on more than just the first page.
Why go to light grey on white color scheme? Do they not want people to be able to read their site?
Google Chrome can't be trusted and just because they used to say they'd do no evil doesn't make them safe to trust with everything you do online.
Firefox isn't that horrible, even on a computer from 2006. Splitting hairs. They'll have their up and their downs like the others and I don't mind they are not focused on the same priorities google is. I don't approve of SPDY, I'd rather they not waste the time and help HTTP 2 move forward faster. They should put more time into privacy since that is a weakness for the others.
Democracy Now! - uncensored, anti-establishment news
It amazes me! Every time there is a discussion of the instability of Firefox, someone posts an irrelevant comment. I imagine that everyone who does extensive research, and therefore opens many windows and tabs, is willing to buy plenty of memory. Whether it is for Chrome or Firefox makes no difference.
It's the instability of Firefox that is the problem. Firefox becomes unstable and makes the Windows 7 operating system unstable.
Again, avoid irrelevant comments. Yes, the Windows 7 OS has huge flaws. I've never seen Firefox make Linux unstable; I haven't done a huge amount of testing. An Apple computer typically costs 3 to 5 times as much. Linux costs nothing. However, there is software available for Windows that is not available for other operating systems.
Latest version of Firefox: 27.0. Crashes: Over 7 days, currently 5 crashes per 100 "active daily installs".
See for yourself. Go to this URL:
https://crash-stats.mozilla.com/home/products/Firefox/versions/27.0
(Mozilla does not allow links from Slashdot.)
Those are NOT ALL the crashes! Those are just the crashes that don't also crash the Crash Reporter.
Earlier version, 26.0 is crashy, also:
https://crash-stats.mozilla.com/home/products/Firefox/versions/26.0
What is an ES6 generator, anyway? I read the linked article, but you'd have to already know what it was to understand it. The article never says what an ES6 is. Is it like IE6? Some kind of browser? Why is this being treated like a major, important new feature of FF27 when it can't even be explained coherently?
I can say that my request FINALLY made it into FF!
When using the "Inspect Element" function, all colors in the 'Rules' column were expressed in 8-bit RGB --a pain which forces designers/developers to use another app to convert the values to 8-bit hex. Now all values default to 8-bit hex and have a small 'swatch' filled with the color. Very handy!
Thank you to all the people that worked on this feature 'upgrade' --I read all of your posts on Bugzilla and stayed as active with it as needed.
No sig for you! Come back one year!
I installed this thing and my computer became extremely bogged down. I looked at the % of CPU and it was constantly hitting 79 to 89%. This was happening even when the browser had nothing in it. I uninstalled it and went back to 17.