Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ubuntu 16.04 LTS Available To Download; Mozilla To Offer 0-Day Firefox Releases Via Snaps

Posted by msmash on from the firefox-becomes-default dept.

Reader prisoninmate writes: The latest, and hopefully, the greatest version of Ubuntu is now available to download. On the sidelines, Mozilla today announced the availability of future releases of its popular Firefox web browser in the snap package format for Ubuntu 16.04 LTS. Earlier today, Canonical unleashed the final release of the highly anticipated Ubuntu 16.04 LTS (Xenial Xerus) operating system, bringing users a great set of new features and improvements. Also today, it looks like Canonical has renewed its partnership with Mozilla to offer Firefox as the default web browser on Ubuntu 16.04 LTS and upcoming releases of the Linux kernel-based operating systems. As part of the new partnership, Mozilla is committed to distributing future versions of Firefox as a snap package. Having Firefox distributed in the snap format means that you'll have 0-day releases in Ubuntu 16.04. Yes, just like Windows and Mac OS X, users are enjoying their 0-day releases of Mozilla Firefox and don't have to wait for package maintainers of a particular GNU/Linux distribution to update the software in the main repositories. For Mozilla, having Firefox as a snap package means that they'll be able to continually optimize it for Ubuntu.

5 of 74 comments (clear)

  1. No. Just no. by TangoMargarine · · Score: 5, Insightful

    The constant usage of "zero-day" is annoying enough already without taking it and applying it to something completely different.

    Unless literally Mozilla is going to release builds of Firefox to exploit unpatched vulnerabilities in Ubuntu...

    --
    Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
  2. Already so by F.Ultra · · Score: 4, Insightful

    The problem with this announcement is that Firefox where already available in the Ubuntu repositories practically at the same day that they released binaries for Windows and OS X. A long long time ago Firefox where frozen just like the rest of the software but since then you got the newest version even if you used 12.04LTS so this only means that Mozilla will now do what Ubuntu have been doing but with a snap instead of a .deb

  3. Looks good! My Tiny review. by BrookHarty · · Score: 2

    Downloaded the mate spin, and so far, looks really nice. No virtualbox guest issues, the virtualbox boot resolution error is gone. Installed zfs and partitioned and made some zpools, flawless.

    All I had to do apt-get install zfsutils-linux zfs-initramfs and modprobe zfs, and it was good to go.

    I tried loading zfs in the live cd, and checked if gpart showed zfs, but it didnt. That would have been the icing on the cake, create a zfs for a boot/root/swap and go.

    I didn't have the restricted repo installed, so i just apturl apt://ubuntu-restricted-extras and had all the 3rd party installed.

    Mate seems to be locked at 1.12.1 when 14 is out, prob not a big issue.

    GTK is 3.18, so no 3.20 issues to worry about. Noticed clearlooks is now named tradtionalok, assume thats to fix the gtk2/gtk3 meta theme, no need for clearlooks-phenix anymore. Firefox Beta/Dev doesnt support GTK 3.20 yet, so nice to see. (And breeze theme is broken in 3.20 if your a KDE user, so wanting themes to match across gtk2/gtk3/qt, nice to see no issues there. Bring on unix themes!

    Software Boutique would not work with my proxy. The rest of the system appeared to use the proxy just fine.

    Looks like a good Mate spin to me! And LTS, my co-workers will be happy.

  4. Re:.deb repositories by SumDog · · Score: 5, Insightful

    It's a regression, and a bad one. You can push 0-day updates via the standard ubuntu/debian package repository. Firefox doesn't even really have that many dependencies (it has an amazing amount of shit compiled into it. libjpeg, libpng, gzip..it links to the system libraries for almost nothing). This is for stability, but it also increases the risk of security holes quite a bit. A researcher at RMIT did a talk at Ruxcon one real about tools he wrote to scan manjor software projects to find vulnerable versions of embedded libraries.

    In any case, snappy are a regression. Linux package management was always way superior to Android/Apple monolithic self contained apps. Linux now has svchost (systemd) and monolithic packages (snappy). How else can we fuck it up even more?

  5. Re:.deb repositories by Aaden42 · · Score: 2

    I need somebody to give me a sanity check on this snappy thing. Sounds like you're packaging your app and all it's dependencies in one archive, and installing that in a sandbox/chroot or just funky LD_CONFIG so that the binaries in the snap access their own private libraries. Is that about right?

    So now with system-installed libraries like OpenSSL, if there's a vulnerability in OpenSSL, you patch OpenSSL, maybe kill/restart everything linked to it on the system, and life goes on.

    If I'm groking snaps properly, the next OpenSSL vuln means we need to update EVERY SINGLE APP that uses OpenSSL since they all have their own private copy of it. And we have to depend on each of the developers of those apps to ship updates w/ new OpenSSL instead of depending on the distro maintainer to ship one copy of it.

    Am I missing something? And sorry (not sorry...) to pick on OpenSSL, but in terms of libraries that practically everything links to & has had multiple serious issues in recent memory, it was either that or glibc...