Slashdot Mirror
Firefox 27 Released: TLS 1.2 Support, SPDY 3.1, SocialAPI Improvements
jones_supa writes "Mozilla has released Firefox 27 for Linux, Android, Mac, and Windows (download). One of the big changes is enabling support for TLS 1.1 and 1.2 by default. Firefox 27 also supports the SPDY 3.1 protocol. Developers got some new toys: support was added for ES6 generators in SpiderMonkey, the debugger will de-obfuscate JavaScript, and style sheets can be reset by using all:unset. Mozilla also announced some new social integration options. In addition to all these changes, the Android version got some UI improvements and font readability upgrades. For a future release, Mozilla is currently testing a new approach for Firefox Sync in Nightly builds. They recognized the headaches involved with how it works, and they're now opting to use a simple e-mail and password combination like Google Chrome does. In the old system, users were forced to store an auto-generated authorization code, which, if lost, would render their bookmarks, passwords and browsing history inaccessible. "
I sincerely hope these are optional and not going to get rammed down our throats so Mozilla can collect more ad revenue.
Because, quite frankly, I have no interest in having my web browser trying to integrate with social media.
Lost at C:>. Found at C.
What makes you think that the ciphers available in TLS were chosen for the benefit of users?
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
I want to see WebPayment lift off. This could be a huge enabler for small internet businesses. Any news on that?
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
I used Chrome for quite a while but just switched back to Firefox. Chrome restricts things like downloading media (especially from YouTube) and doesn't work correctly on some ecommerce sites that I use. Firefox isn't (subjectively) that much slower than Chrome any longer and clearly has the widest choice of add-ons.
I see they haven't reversed the horrible misfeature of the "awesome" bar being restricted to whatever's specified in the search bar (e.g., Wikipedia) instead of using your default search engine regardless.
Or is there an about:config setting for that which I don't know about?
I have only had one single crash while running Firefox Aurora (the alphas) in years. Are you using any misbehaving Extension or plugin?
Maybe it's me, but Firefox 26 would crash at the drop of a hat
Tried running it in "safe mode" without addon's and see how that goes?
Firefox still crashes for me when it runs out of memory due to buggy javascript in either an addon or on a page. For example we use FinalBuilder at work, and the build control page has a massive memory leak in the javascript (sucky dom handling in web 2.0 crap) causing FF to run out of memory if I leave the page open over night.
Other than that it's been very stable on all the machines I've used it on for many years now (and that's both Windows and Linux).
I'll give FF another shot when there's a GTK3 port.
But, uh, hey... apparently we got us some Saavn (?) integration.
Had this as well in Firefox 26 on Linux with Nvidia drivers, but Firefox stopped crashing when I updated to Nvidia driver 331.38.
Chrome uses almost 300% more ram than FF or IE 11 on my system when I have +40 tabs opened.
Tomshardware.com did some benchmarks that can confirm this. It even hit slashdot that FF 13 used the least amount of ram a year and a half ago.
FF 4.0 != FF 25 and later and a lot has changed since 2011. I am tempted to switch back to Firefox as it is so light and quick now.
http://saveie6.com/
What we really need is "Firefox Classic": a maintainable fork that takes the Firefox code base and strips it down to the essentials, without social networking add-ons or any of that garbage. Sort of like how Firefox itself originally forked off of the Mozilla Application Suite, come to think of it.
Am I the only one who could care less about social media integration?
One of the biggest changes in Firefox was that JavaScript was permanently enabled.
But a side effect of the removal of "Enable JavaScript" checkbox was the removal of the "Advanced" button which limited what scripts could do - move/resize windows, bring windows to front/back, allow scrpits to write to status bar, disable context-click (right click), etc.
Which is annoying because those options were good to have - especially sites that disable right-click.
On Firefox, it's possible to re-enable right click if you hold down Shift then right-click - this will force Firefox to display the proper right-click menu. But that's a PITA
While extensions like NoScript work, they don't prevent permitted sites from playing around with stuff like that - a site needs javascript ot work and then they promptly open a bunch of windows or disable right-click while it's enabled.
I switched over from Chromium to Firefox mainly because of how Firefox Sync worked back then - in the way that it encrypted your sync data with a secret that Mozilla would never know. Now, with the new sync that just requires a tuple of email address and password, I wonder what - if anything - they use to encrypt the data so they cannot know what I store there (which is a strict requirement for me to even consider any kind of "cloud"-y offering). Given that email/password is used for authentication and authorization only (I'm pretty certain they'll have a routine for users to "reset" their password...), I'm worried they'd left out the one thing that made Firefox Sync usable for folk concerned with privacy...
:%s/Open Source/Free Software/g
YTARY!
I'm not sure a "Classic" version would help much, it's the Internet itself that's bloated. You can have the fastest browser ever, but you're still downloading all that social media crap with Javascript pulled from all corners of the globe. The fastest web browsing experience? Firefox with Adblock and NoScript.
http://en.wikipedia.org/wiki/D...
"Mozilla Firefox via add-on" - a start at least...
Yeah, I knew about that possibility before, but since the data to be stored on Mozilla servers was being properly encrypted on my device and in my client, I opted out of the usual "maintain my own infrastructure" chores that one time. Now, the "old" (read: current) Firefox Sync system is going away completely in the not too distant future, and you'll probably have to install some kind of add-on to keep your existing, self-hosted infrastructure functional. Meanwhile, I asked some Mozilla people/developers what the change was about, and how the new system is supposed to keep users' data confidential. The transcript of the IRC session is available here, on Debian's inofficial pastebin - enjoy! :)
:%s/Open Source/Free Software/g
YTARY!
The browser could at least help, by not automatically assuming that everyone wants JavaScript support and re-enabling it even for anyone who willfully turned it off in the first place, while at the same time removing the GUI, requiring digging through the bowels of the hell that is about:config just to find the option to re-enable. The first step to cutting web bloat is to disable JavaScript, but ironically Mozilla seems to be directly against this idea.
https://addons.mozilla.org/en-US/firefox/addon/settingsanity/ It even restores the 'Advanced' dialog but does not restore all it's options.
Back under the bridge...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I breathed a sigh of relief upon reading this headline.
The latest TLS version Firefox supported until now has been broken in principle--and increasingly in practice--since almost a year ago
Here's Matthew Green, JHU cryptography engineering professor/researcher, with a full account: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
Only because she's Free AND Open.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
The new server code/service building blocks are already (at least in part) available: https://github.com/mozilla/fxa... https://github.com/mozilla/fxa... - there's probably more, but mozila shares so much on github I don't really know what to look for.
:%s/Open Source/Free Software/g
YTARY!
I'm actually working on a fairly JS intensive algorithm right now. FF's JS engine is, on this test, *slightly* faster and a bit less memory intensive. Subjectively chrome has a faster layout engine (I'm not testing that right now and , honestly, I try not to anger that particular demon since reflow is the slowest thing one can do in JS!) .
Right now it is a bit of a wash. *This is a good thing.* Everyone chasing each other, trying to out-perform, out-do, etc. Remember before the browser speed wars? How slow it was be default? Sub-second laoding-procesing-rendering times wasn't always the norm!
Pick whichever browser you want. IE10+, FF, Chrome, etc etc. They are all relatively compliant, fast, and will serve you well. Choose on features!
Isn't the future awesome?
md5sum
d41d8cd98f00b204e9800998ecf8427e
At least I know what happens on servers I manage.
Here is an Apache setup which blocks no modern client, and achieve 97% of AES256 with PFS enabled at mine:
SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL
Thanks, UnknownSoldier, for this: "I just want FF's memory leak to be fixed instead of the devs ignoring it version after version, year after year."
I first reported that problem about 10 years ago.
Mozilla Foundation
Top 20 Excuses
for Not Fixing the
Firefox Memory and CPU Hogging bugs
These are actual excuses given at one time or another. They are not all the excuses, just the top 20.
1) Maybe this bug is fixed in the nightly build. [The same memory and CPU hogging bug has been reported many, many times over a period of TEN years.]
2) Yes, this bug exists, but other things are more important. [The bug eventually causes Firefox to take 100% of the power of one CPU, and makes Windows 7 unusable, even after Firefox is killed. The bug affects the heaviest users of Firefox, those who do a lot of research online.]
3) Yes, this bug exists, but it is not a common occurrence. [Numerous users have reported the bug. See the links.]
4) Works for me. [The bug is complicated to reproduce, so the developers did a simplified test, which didn't show the bug.]
5) No one has posted a TalkBack report. [If they had read the bug report, they would know that there is often no TalkBack report, because the bug crashes TalkBack, too, or a TalkBack report is not generated. TalkBack does not generate a report if Firefox is hogging the CPU. TalkBack cannot generate a report if the bug takes 100% of the CPU time.]
6) If you would just give us more information, we would fix this bug. [They didn't bother to reproduce the bug using the detailed information provided.]
7) This bug report is a composite of other bugs, so this bug report is invalid. [The other bugs aren't specified.]
8) You are using Firefox in a way that would crash any software. [But the same use does not crash any version of Chrome or Opera.]
9) I don't like the way you worded your bug report. [So, he didn't read it or think about it.]
10) You should run a debugger and find what causes this problem yourself. [Then when you have done most of the work, tell us what causes the problem, and we may fix it.]
11) Many bugs that are filed aren't important to 99.99% of the users.
12) If you are saying bad things about Mozilla and Firefox, you must be trolling. [They say this even though Firefox and Mozilla instability is beginning to be reported in media such as Information Week. See the links to magazine articles in this Slashdot comment: Firefox is the most unstable program in common use.]
13) Your problem is probably caused by using extensions. [These are extensions advertised on the Firefox and Mozilla web site, and recommended.]
14) Your problem is probably caused by a corrupt profile. [The same bug has been reported many times over a period of five years. One of the reports discusses an extensive test in both Linux and Windows that used a completely clean installation of the operating systems, not just a clean profile. The CPU hogging bug and instability was just as severe.]
15) If you are technically knowledgeable, you can spend several hours (or days) trying to discover the problem: Standard diagnostic - Firefox. [Firefox has "Standard Diagnostics". It has become accepted that some users will have severe problems. !!! ]
16) I won't actually read the (many) bug reports, but I will give you some complicated technical speculation. [This pretends to be helpful but, on investigation, is shown to have nothing to do with the bugs.]
17) It's understandable that Firefox developers become defensive when users report so many problems. [Translation: Firefox management is childlike, not adult.]
18) To spend smart developers' time going over reports of bugs generated by analysis tools would be a
I can buy more RAM. I can't buy process-per-tab for Firefox.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Yes, AES-GCM is now supported in Firefox 27
What's wrong with just using the Mozilla Application Suite? It got renamed to SeaMonkey a long time ago and development has continued ever since. It's got a mail and news client in addition to the browser, but apart from that there's no bloat or garbage. If, like me, you don't want to use the mail and news client, just don't open that window, and you'll never even know it's there.
The first step to cutting web bloat is to disable JavaScript, but ironically Mozilla seems to be directly against this idea.
What world do you live in? I have to agree with the previous AC, it's a lost battle. Sure, for casual websites I can do without Javascript, and even opt to not look at blog X if it's done in such a crippled way that I'd need JS to read test. But my bank has such a web interface that I can't do without JS. Should I just start changing banks every time they do such a move? My time is more precious than that!
Hell, the nearest cinema has such a crippled webpage (recently upgraded to being a lot more JS-abuser) that I can't do anything (not even look at the schedule) without accepting a cookie for which is my preferred location (it's from a national chain of theaters). Almost feel like never going there again...