Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 31 Released

Posted by Soulskill on from the baskin-robbins-edition dept.

An anonymous reader writes Mozilla has released version 31 of its Firefox web browser for desktops and Android devices. According to the release notes, major new features include malware blocking for file downloads, automatic handling of PDF and OGG files if no other software is available to do so, and a new certificate verification library. Smaller features include a search field on the new tab page, better support for parental controls, and partial implementation of the OpenType MATH table. Firefox 31 is also loaded with new features for developers. Mozilla also took the opportunity to note the launch of a new game, Dungeon Defenders Eternity, which will run at near-native speeds on the web using asm.js, WebGL, and Web Audio. "We're pleased to see more developers using asm.js to distribute and now monetize their plug-in free games on the Web as it strengthens support for Mozilla's vision of a high performance, plugin-free Web."

35 of 172 comments (clear)

  1. Spyware companies will love it by Anonymous Coward · · Score: 5, Insightful

    No disabling Canvas tracking and they even included
    navigator.sendBeacon by default so "analytics" is easier to send using onunload handlers. thanks Mozilla , i cant tell you how many users asked for that feature

    Mozilla : comitted to your privacy*

    *not applicable in your area

    1. Re:Spyware companies will love it by mythosaz · · Score: 4, Informative

      Some background - since I was unaware:
      http://www.ghacks.net/2014/07/...

    2. Re:Spyware companies will love it by Anonymous Coward · · Score: 3, Insightful

      You mean the same thing that you could already do a number of ways, but had to be synchronous. You have to completely remove onunload and onbeforeunload to prevent such things.

    3. Re:Spyware companies will love it by roca · · Score: 3, Informative

      sendBeacon was already possible with JS using XHR, just in a slower and more user-unfriendly manner. And unlike XHR, you can disable sendBeacon without breaking the Web, so it's actually better for privacy.

      However, if you want to completely prevent any sendBeacon-like activity, you need to just disable JS on that page.

    4. Re:Spyware companies will love it by roca · · Score: 2

      Preventing canvas tracking isn't simply a matter of fixing a bug. A solution would require something like "don't use the GPU" or "don't use platform font rasterization", either of which are completely unacceptable for most users due to degradation of performance or visual quality.

      If you've got a simple fix to canvas tracking, let the world know what it is, OK?

    5. Re:Spyware companies will love it by Anonymous Coward · · Score: 2, Insightful

      Uhh, everybody should be disabling JavaScript. JavaScript is a disease upon the web, it's a disease upon privacy, it's a disease upon reducing power consumption, it's a disease upon good programming languages, and it's a disease upon computing in general. Just because Slashdot has fucked up and used JavaScript where it totally isn't needed doesn't mean that JavaScript is somehow acceptable.

    6. Re:Spyware companies will love it by Anonymous Coward · · Score: 4, Insightful

      Read again what I wrote: Don't let scripts read back the canvas content.

      Note that web browsers have previously removed features to protect privacy. For example, the ability to use arbitrary styles with the :visited selector was removed to prevent web sites from partially reconstructing browsing history.

      Another feature that needs to be removed is access to all locally installed fonts except for a minimal set of default fonts. With web fonts this is hardly a limitation, but access to local fonts enables a very effective fingerprinting technique.

    7. Re:Spyware companies will love it by Gadget_Guy · · Score: 2

      The average user shouldn't be blanket disabling Javascript, as doing so will break 99.9% of the internet (including this commenting system).

      That last part is not true. This reply was made with Javascript disabled. Just go into the options and switch to "Classic Discussion System (D1)". The only part that requires scripting is if you want to look at the individual mods by clicking on the message score. The rest (including performing moderations) work fine.

  2. We are wise to this by fnj · · Score: 2, Insightful

    All right. What features did they remove, hide, or obscure? What part of the established GUI did they fuck with?

    1. Re:We are wise to this by tepples · · Score: 5, Interesting

      If the "malware blocking" is anything like the analogous feature in Internet Explorer (called "SmartScreen"), then it's going to be harder for end users to download and install a newly compiled executable release of an application developed and self-published by an individual, even if that program is distributed under a free software license. IE repeatedly warns users that if an executable is "not commonly downloaded" by other IE users participating in SmartScreen, it should be deleted on sight, especially if the developer hasn't paid protection money to a member of the Authenticode CA cartel.

  3. no thanks by xeno · · Score: 3, Insightful

    I'll install it when that godawful Australis interface is rolled back or replaced with something less eye-bleedingly bad. (And no, the craptastic classic plug-in is not a long-term solution.) For now, I'm holding at v28 (on Linux Mint or Ubuntu: "sudo apt-mark hold firefox"), and pondering what to do re security updates in the long run.

    Firefox has gone down the ugly-UI-shuffle-for-the-hell-of-it route, Chrome sends an astounding amount of telemetry back to the hive-mind, and IE's performance is still a total joke even if I can see past the OS implications and numbingly-bad design. Are niche browsers all we have left?

    --
    I think not...(*poof*)
    1. Re:no thanks by xeno · · Score: 5, Interesting

      ...and I'm not alone. According to Moz's own dev feedback tools, the Australis phelgm-globber of an interface has been trending at 80%-dislike from day one after introduction..

      http://www.lifehacker.com.au/2013/11/less-than-20-per-cent-of-users-like-firefoxs-new-australis-ui/
      https://support.mozilla.org/en-US/questions/999831
      http://soylentnews.org/article.pl?sid=14/05/12/133214

      --
      I think not...(*poof*)
    2. Re:no thanks by Luckyo · · Score: 2

      Pale Moon on windows.

      Seamonkey sorta kinda on linux, unless you want to build Pale Moon yourself for it.

    3. Re:no thanks by Anonymous Coward · · Score: 5, Insightful

      My gripe about the new Firefox is not the Australis interface per se, but it's an example of the core problem: Firefox removes features without giving you a choice or a way to re-enable them without plugins. For example:

      Separate Stop/Reload buttons. I get shivers of terror when I think back on the days of slow dial-up when a page would seem to hang when it was almost loaded, so I would go to hit the Stop button, only to realize in horror that it changed to Reload an instant before I pressed it, and the page would start loading again from scratch. I don't want buttons to change functionality due to forces outside my control. But hey, at least it saves a few pixels. (More on that later)

      The Find bar. Without a plugin, it can no longer be made persistent across tabs. Whose genius idea was it to not only change the default behavior, but to make the previous default behavior impossible? Did it ever occur to them that I might want to look up the same thing on more than one tab?

      Then there are the defaults they changed that don't require a plugin, but you do have to go into about:config to fix them. Separate download folders for different sites? It took me 3 weeks to figure out why after downloading several files I couldn't find them. They were in the default Windows Download folder, which I never use. Then it took me another 3 weeks to figure out why it kept jumping back to that folder, seemingly at random. Finally I figured out that it "helpfully" separated the downloads by site, which is a horrible way of doing it. And not only do you have to go to about:config to fix it, but the entry to fix it isn't even there! You have to add it yourself!

      Since I'm on a roll, I might as well bitch about my other issues with Firefox. How about their schizophrenic design philosophy?

      They remove the menu bar because it's using up too much screen real estate. (Ignoring the fact that the menu bar is a GREAT place to put toolbar buttons so you don't need an extra toolbar) All right, I disagree with their philosophy of trying to save every pixel they can for the page itself, but at least I can understand that it's a legitimate philosophy. Then they go and make the Back/Forward buttons gigantic so that they waste pixels that could be used on the page. Not to mention the wasted space from the rounded tabs, which means you can fit fewer tabs on screen at once. They should at least be consistent. If they're willing to waste space, why not "waste" it on stuff that's functional, like the menu bar?

      In short, the designers are (willfully?) ignorant of the fact that not everyone uses their web browser exactly the same way they do. They could avoid all the gripes by all the users if they did one thing: Any time they change the interface, add an easy-to-find checkbox under the options to restore the old functionality. It shouldn't require looking through about:config (and especially searching the internet for the correct item to add), or worse, a plugin, to change things back to the way they were. EVER.

    4. Re:no thanks by Anonymous Coward · · Score: 3, Informative

      I switched to Pale Moon, and I am very pleased. I used Firefox and its Mozilla predecessors since about v. 0.92, and I was horrified and traumatized by FF v. 29. PM is the browser Firefox should have been. The following is taken from the Pale Moon home page.

      Pale Moon is an Open Source, Firefox-based web browser available for Microsoft Windows and Linux, focusing on efficiency and ease of use. ...
      Pale Moon offers you a browsing experience in a browser completely built from its own source with carefully selected features and optimizations to maximize the browser's speed, stability and user experience, while maintaining compatibility with thousands of Firefox extensions many have come to love and rely on. ... ... contrary to what Mozilla has done with their redesign of the user interface, Pale Moon will continue to provide a familiar set of controls and visual feedback similar to previous versions, including grouped navigation buttons of a decent size, a bookmarks toolbar that is enabled by default, tabs next to page content by default (easily switchable) and not in the least a functional status bar and more freedom in customization, to name a few things.

      I switched to Pale Moon right after FF v. 29 came out. I was able to copy my FF user profile into the Pale Moon user profile directory and it ran without any particular problems. I have not used FF since then.

      Four Stars and two thumbs up for Pale Moon.

    5. Re:no thanks by bigfinger76 · · Score: 3, Insightful

      Why not just get the Linux version of Pale Moon? I did just that yesterday when my bookmarks toolbar disappeared, and so far I really like it.

    6. Re:no thanks by jenningsthecat · · Score: 3, Informative

      I'll install it when that godawful Australis interface is rolled back or replaced with something less eye-bleedingly bad

      If enough of us move to Pale Moon, (it's all I've used since shortly after Australis first shat all over my computer screen), then perhaps Mozilla will get the hint that we love Firefox, but hate what it's become. And if they don't get the hint, well, then we're supporting a viable alternative for the time when Mozilla gets eaten by the shark it just jumped.

      BTW, although the Linux version of Pale Moon is 'unofficial' and maintained by somebody outside the organization, I've had no trouble running it under Debian Jessie with all of my usual addons.

      --
      'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
    7. Re:no thanks by jenningsthecat · · Score: 4, Insightful

      > In short, the designers are (willfully?) ignorant of the fact that > not everyone uses their web browser exactly the same way > they do.

      Aren't you make that mistake yourself?

      No, he's not making the same mistake. He's perfectly willing to let others use the new design and features - he just wants a way to keep the old behaviour, and so do I.

      > Any time they change the interface, add an easy-to-find > checkbox under the options to restore the old functionality.

      That leads to an explosion of difficult-to-understand checkboxes in the UI, and an unmaintainable mess under the hood.

      I'm not very well qualified to comment on the 'unmaintainable mess', but it smells fishy to me. If Pale Moon can keep the old behaviour while incorporating the new security enhancements, surely Mozilla can keep the old UI and the new one without compromising maintainability. Especially since addon designers have been doing pretty much that for your users for 25 or more releases. And as for the 'difficult to understand check boxes', scratch them. Just give us a well documented set of 'about:config' entries that are already present and prefixed with something like "old behaviour" so can go to one block of entries, change them all, and be done. Heck, you could boil it down to ONE entry called 'browser.pre_australis_mode'.

      I'm pretty sure that won't happen though, not because it's too much work, but because Mozilla is hell bent on me-tooing their way into the future with all the other browser makers whose attitude is 'screw the users'. So in the meantime I'm using Pale Moon. Yes, I see the apparent hypocrisy in that decision. I hope Mozilla sees the hypocrisy of bringing private corporation attitudes to their ostensibly FOSS organization.

      --
      'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
  4. Malware blocking for file downloads by Anonymous Coward · · Score: 5, Informative

    The "malware blocking for file downloads" is a severe invasion of privacy. It works by sending the URL of nearly every downloaded file to Google.

    When a binary file is downloaded, the user-agent extracts several pieces of metadata about the file, including:

            The target URL from which the file was downloaded, its referrer URL and any URLs in the redirect chain.
            The SHA-256 hash of the contents of the file.
            Any certificate verification information obtained through the Windows Authenticode APIs.
            The length of the file in bytes.
            The suggested filename for the download.

    ...

      Remote lookup (present in FF 32)

    The user-agent stuffs all file metadata into a ClientDownloadRequest protocol buffer and sends it to the remote service.

    This remote service is https://sb-ssl.google.com/safe...

    1. Re:Malware blocking for file downloads by antdude · · Score: 2

      Can it be disabled at least?

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    2. Re:Malware blocking for file downloads by Anonymous Coward · · Score: 2, Insightful

      Yes, it can be disabled. You have to use the "about:config" page, which means that disabling it is considered a completely unsupported operation. There is no checkbox in the main GUI to disable it!

    3. Re:Malware blocking for file downloads by Lennie · · Score: 5, Informative

      How to turn off this feature

      Do any one of the following:

              Turn off browser.safebrowsing.malware.enabled in about:config or in the Preferences > Security > "Block reported attack sites." This disables all Safebrowsing malware protection, including the warning interstitial that appears when the user navigates to a malware site.
              Replace browser.safebrowsing.appRepURL in about:config with an empty string. This disables application reputation checks but leaves other Safebrowsing malware protection intact.

      https://wiki.mozilla.org/Secur...

      --
      New things are always on the horizon
    4. Re:Malware blocking for file downloads by drinkypoo · · Score: 2

      It can be disabled, but can you trust that they won't "accidentally" turn it back on with an update? If you must use Chrome, use Chromium instead. The only practical difference besides that it doesn't spy on you for Google is that you need to install a Flash player (if desired) manually.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    5. Re:Malware blocking for file downloads by tgv · · Score: 2

      You would almost think that there was a relation between Google paying Mozilla large amounts of money and Google's desire to get as much information from users as they possibly can.

  5. Misfeatures by Arker · · Score: 3, Informative

    "Malware blocking" = yet another bad signature/reputation based scanner. If I wanted one, I would have one installed - and Firefox versions without this misfeature would still use it to scan, so in what universe was this worth doing?

    If you really want to do something about malware, disable javascript by default.

    "Automatic handling of pdf and ogg files" - I have a pdf reader already. I dont need another one, and I dont need one 'integrated' in my browser, period.

    "loaded with new features for developers." Pretty sure that means for advertisers.

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
    1. Re:Misfeatures by Anonymous Coward · · Score: 4, Informative

      Speaking of misfeatures, your entire post is in tt.

  6. Re:I would like (just) a web browser please by ultranova · · Score: 3, Interesting

    Any chance we can just have a web browser which just does normal browsing, doesn't take hundreds of MB to run, and starts in under a couple of seconds ?

    Next you'll be asking it to not leak memory like a sieve.

    --

    Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  7. Re:Memory hog on Linux by ArcadeMan · · Score: 2

    But is it really Firefox's fault? I mean, while I also think that Firefox is a memory hog compared to others, at least on OS X, something did change over the years: the weight of web pages.

    It used to be that most website would only require a few dozen kilobytes, or a few hundreds at the most. But these days, people who think they understand responsive design take the easy way out and just send 4 megapixel images and let the browsers resize them as needed.

    --
    Get free satoshi (Bitcoin) and Dogecoins
  8. With leadership like this, who needs enemies? by Hello+Kitty · · Score: 2

    As Stephen Elop to Nokia, so Google to Mozilla. We should have known. Actually, we knew and there wasn't a damned thing anyone could do about it.

  9. Re:We need a new browser by Anonymous Coward · · Score: 2, Insightful

    Same here. It has been one fuck up after another with Firefox lately. Each time Firefox updates, I feel like Mozilla has once again spread their collective asscheeks right over my face, and shit upon my eyes and down my nostrils and my throat. As much as I hate using Google software, I think I'm going to switch to Chromium. Although it and Firefox have the same shitty UI these days, at least Chromium isn't a slow hunk of lard like Firefox is.

  10. Re:We need a new browser by sd4f · · Score: 3, Insightful

    I certainly think so. It's a real pity that mozilla is just becoming a dud social justice warrior organisation now. I guess the people who work for them all aspire to work for google, which is probably why their trying to do an orange version of google chrome...

    Since the UI changes, and getting rather annoyed with FF29 (or was it 30) which would constantly block stuff or ask for permission (like vista) to enable things, I just moved to opera. Not sure if it's good on the security and privacy side, but at least the UI, for the most part is lightweight. Needs a few improvements. I'd stick with FF28, but not very keen on running unpatched versions, and it was having many issues anyway with stability, so I guess it's better to just move along.

  11. Re:GUI by cjellibebi · · Score: 2

    I am using Tab Mix Plus to arrange the tabs in multiple rows, and I can get multiple rows on FF 30. I am also using Classic Theme Restorer to get the tabs back to the way they were before.

  12. User stats are daft. Mozilla is being led by fools by bussdriver · · Score: 4, Insightful

    Mozilla asks for user data and people who do not opt-into that are not contributing data. Me being one of the many who do not-- I suspect intermediate and advanced users comprise the majority of this group. This means their data of people not using things like menu bars because they getting metrics from the most daft users of firefox.

    Good designers will use metrics only as a factor not as a mindless system to think for you. Simplistic metrics are a whole issue in themselves along with improper use of statistics (on metrics) which is a common problem as well. Menu bars are never used heavily but they are extremely useful - of all times, in 2014 when phones have more screen space than a desktop did in the 90s we suddenly become obsessed with screen space??

    Great designers also will accommodate advanced users and the large base of existing users by not arbitrarily pissing them off. Necessary changes can be done more gradually along with instructions on how to change the feature. (like making sure the user knows how to get to menus when you killed them... and to not foobar the pop-up menu version of the menubar... proper grouping and hierarchy make large things easier.) Also the current situation of "don't make me think" is likely a fad in the design world; I hope that users want to use their brains effectively in the future; otherwise, Edward Tufte etc. are irrelevant as we devolve.

    If Mozilla wants to REALLY be a community they will let users choose and try something democratic, such as opt-in or opt-out of a major interface change. Since opt-in would never gain a majority of the users on these recent changes; the designers would naturally push for an opt-out policy but at least they could measure their failure by making opt-out easy to do (like force the user to use it for a few months before presenting the option.) At least then users at all skill levels feel empowered and PART OF SOMETHING (mozilla could even use the opportunity to leverage altruism and promote an organization image unlike the top-down corporate browsers.)

    FURTHERMORE, it doesn't matter how many more daft users you have over the advanced users. Your software is not default like IE was. Users install Firefox because of people like slashdot readers. I have brought mozilla 100s of users and I can take them away, some already left for Chrome anyhow... but many do what their nerd or IT staff tells them to do (or whomever sets the default.)

    --
    Democracy Now! - uncensored, anti-establishment news
  13. Re:Trash by rnturn · · Score: 2

    I would welcome with open arms and tears of joy a Firefox release that could survive a day -- heck, even half a day -- without crashing. It's such a joy to come back from grabbing a cub of coffee or lunch to find that I have to restart effin' Firefox and reload all my tabs again.

    --
    CUR ALLOC 20195.....5804M
  14. Re:Trash by Jahta · · Score: 2

    I would welcome with open arms and tears of joy a Firefox release that could survive a day -- heck, even half a day -- without crashing. It's such a joy to come back from grabbing a cub of coffee or lunch to find that I have to restart effin' Firefox and reload all my tabs again.

    Have you considered that maybe it's you, not Firefox? Have you got flaky plugins installed? Or flaky extensions? Some extensions have been known not to play nice with others.

    I use Firefox heavily every day (always on the latest release) and I haven't had it crash in literally years. Nor have I found it a memory hog. As I type this I have 10 different sites open and Firefox is using ~400 meg.