Actually, I believe 0.9.3 (and 0.9.2 before it, 0.9.1 as well) were branched from the previous point release and are missing things that are on the aviary branch. As in, aviary branch nightly the day before 0.9.3 release had more fixes in it.
(I wish they'd start using a binary patcher or something... Or at least use an auxilary app that would uninstall, reinstall and open the new version for you, instead of having to do this manually)
Hmm, it seems upon RTFA'ing that the four things mentioned are all browser-level holes; that is, whether IE was integrated into the OS or not would have no bearing upon the existence of them.
Does it really matter (in this specific case) if IE was integrated?
It seems that, [1] could potentially work in other browsers with JavaScript support; [2] is unclear, and I can't find the example they're talking about; [3] is plain bad security checking; [4] is by design - whether the design is good is something else entirely. But none of them really depend on what OS you run on (assuming IE runs).
Plus the encoding overhead (unless you whip up your own MTA to send unencoded 8bit data - in which case you pretty much just hope it gets to the other end intact).
Can you even fit a 800MB CD image in a GMail account?
Yeah, I agree IE does some things that really just can't be explained; no argument there. I was just curious about the design flaws in the hopes that I won't come up with similiar stuff in things I do.
Do you mind actually stating which design flaws those are? (I'm seriously curious, that's all.)
As far as I know, ActiveX ~= XPInstall, and BHOs ~= extensions. And yes, Mozilla extensions can deploy binary components, which means they can do anything BHOs can do anyway, including installing BHOs to mess with Explorer. Not allowing extension installs from being triggered from certain events (such as document load) is still just covering up the problem - I have seen sites that ask you nicely to manually trigger ActiveX installs to help "support" them. It happened to have been one of the nastier ones (3721.com stuff) too.
There is simply no way to make sure that users don't do things that mess up their computer. It's a fight between convenience of letting the users do things they want (such as installing that nifty feature) and inconveniencing the user enough that only things they really want gets installed.
Possibly also because Netscape 5 is still sitting around on mozilla.org - the code that actually was open sourced and discarded.
Appearently some people inside Netscape actually wanted to release 5 based on the old code, and concurrently work on 6 based on the new code (NGLayout/Gecko). See interview on ars technica with Scott Collins.
Actually, going by the window icon, as well as the buttons in the bottom left corner (naviagtor, messenger, composer, address book, and ChatZilla) it's probably Navigator (from Seamonkey, the suite) using the Modern theme.
But then, the NS4 interface actually looked bad in comparision to the IE one. I remember getting IE4 and thinking that it looked much cleaner compared to Netscape.... But then, being bundled helped a lot back then, considering I was on dial-up and (IIRC) without a CD burner.
2) is fixed in the source tree, and should be no more in the following releases (for both Mozilla Suite, and Firefox).
Or at least, bug 217527 (on bugzilla.mozilla.org) is. It certainly seems to have been fixed for me anyway, and I was seeing the left side overlap stuff.
(Hmm, I didn't know Firefox 0.9 was actually released - I thought they were at RC, considering that both the mozilla.org front page and the Firefox 0.9 release notes don't know about it...)
Since there is no actual Mozilla for KDE (QT), there's only the GTK version which follows the Gnome guidelines - including the backwards buttons. They need to do it this way to be a good Gnome app (which makes it a bad KDE app).
Unfortunately, it looks like they just don't have enough people to keep the QT version up to date (it is, AFAIK, totally broken at this point).
From what I've seen on the MozillaZine forums (where most of the Firefox fans seem to gather; its Firefox Help forum is in the default Firefox bookmarks)...
In the 36-page thread about the theme change, two people who have commented in that thread have been tempbanned, for (I think):
Sure, he can switch themes, but that's the DEFAULT and it's ugly as a horse's ass.
What's to convince the user before he deletes it that the features aren't just as ugly? Hrm?
Just scrap it, it's the ugliest shit ever made, looks like the works of a 5 year old half retarded kid
Also, the people behind the MZ forums, AFAIK, are not directly related to Mozilla itself (though definately very close).
Appearently the people designing the theme agrees too...:) AFAIK they just want to make sure the two platforms share some design elements, not drop the Mac skin directly into Windows.
If they did, it probably wouldn't look this ugly right now; it would look out of place, yes, but not ugly.
This seems to be in the current Win32 installer (don't have a Mac, can't tell what that looks like; no Linux installer yet AFAIK). For example you can select to install DOM Inspector, IIRC.
... But then, it's also been in the Seamonkey (suite) installer for a long time. Which the Firefox installer is based off of.
IIRC, Ben Goodger mentioned on the MozillaZine forums that safe mode temporarily disables both extensions and themes. I wonder if it could work around bad profiles as well...
Slashdot Mirror
Please see bug 3157 on bugzilla.m.o
Fix was chcked in near 2004-07-16 - any nightly / milestone after that should work (excluding the security updates; that's from different code)
Actually, I believe 0.9.3 (and 0.9.2 before it, 0.9.1 as well) were branched from the previous point release and are missing things that are on the aviary branch. As in, aviary branch nightly the day before 0.9.3 release had more fixes in it.
(I wish they'd start using a binary patcher or something... Or at least use an auxilary app that would uninstall, reinstall and open the new version for you, instead of having to do this manually)
Hmm, it seems upon RTFA'ing that the four things mentioned are all browser-level holes; that is, whether IE was integrated into the OS or not would have no bearing upon the existence of them.
Does it really matter (in this specific case) if IE was integrated?
It seems that, [1] could potentially work in other browsers with JavaScript support; [2] is unclear, and I can't find the example they're talking about; [3] is plain bad security checking; [4] is by design - whether the design is good is something else entirely. But none of them really depend on what OS you run on (assuming IE runs).
The just found vulnerability is the passing of untrusted URIs (in this case, shell://blah) into the OS.
Hmm, anyone know if there's anyway to actually indicate to the OS that the URI you're passing in is untrusted?
It's a pretty standard metasyntactic variable - names for things you don't really care about (in programming).
See: jargon file. Also check the entry for foo; interesting reading, at least.
Plus the encoding overhead (unless you whip up your own MTA to send unencoded 8bit data - in which case you pretty much just hope it gets to the other end intact).
Can you even fit a 800MB CD image in a GMail account?
Thank you, for actually replying :)
Yeah, I agree IE does some things that really just can't be explained; no argument there. I was just curious about the design flaws in the hopes that I won't come up with similiar stuff in things I do.
Do you mind actually stating which design flaws those are? (I'm seriously curious, that's all.)
As far as I know, ActiveX ~= XPInstall, and BHOs ~= extensions. And yes, Mozilla extensions can deploy binary components, which means they can do anything BHOs can do anyway, including installing BHOs to mess with Explorer. Not allowing extension installs from being triggered from certain events (such as document load) is still just covering up the problem - I have seen sites that ask you nicely to manually trigger ActiveX installs to help "support" them. It happened to have been one of the nastier ones (3721.com stuff) too.
There is simply no way to make sure that users don't do things that mess up their computer. It's a fight between convenience of letting the users do things they want (such as installing that nifty feature) and inconveniencing the user enough that only things they really want gets installed.
Possibly also because Netscape 5 is still sitting around on mozilla.org - the code that actually was open sourced and discarded.
Appearently some people inside Netscape actually wanted to release 5 based on the old code, and concurrently work on 6 based on the new code (NGLayout/Gecko). See interview on ars technica with Scott Collins.
Actually, going by the window icon, as well as the buttons in the bottom left corner (naviagtor, messenger, composer, address book, and ChatZilla) it's probably Navigator (from Seamonkey, the suite) using the Modern theme.
But then, the NS4 interface actually looked bad in comparision to the IE one. I remember getting IE4 and thinking that it looked much cleaner compared to Netscape. ... But then, being bundled helped a lot back then, considering I was on dial-up and (IIRC) without a CD burner.
2) is fixed in the source tree, and should be no more in the following releases (for both Mozilla Suite, and Firefox).
Or at least, bug 217527 (on bugzilla.mozilla.org) is. It certainly seems to have been fixed for me anyway, and I was seeing the left side overlap stuff.
(Hmm, I didn't know Firefox 0.9 was actually released - I thought they were at RC, considering that both the mozilla.org front page and the Firefox 0.9 release notes don't know about it...)
7zip compression applies to the installer; the installed result is the same as before. All it does is give you a smaller download.
Blame Gnome and their HIG.
Since there is no actual Mozilla for KDE (QT), there's only the GTK version which follows the Gnome guidelines - including the backwards buttons. They need to do it this way to be a good Gnome app (which makes it a bad KDE app).
Unfortunately, it looks like they just don't have enough people to keep the QT version up to date (it is, AFAIK, totally broken at this point).
Bigger Picture
You want the second section (what's new since 0.8 on the 0.9 branch).
Tools -> Options on Windows, Edit -> Preferences on *nix, and appearently somewhere in the Apple menu for Macs.
I believe the official guess is the 14th. (By way of Ben Goodger being quoted by Peter(6) on the MozillaZine forums)
... So my personal adjusted guess would be two weeks ;)
In the 36-page thread about the theme change, two people who have commented in that thread have been tempbanned, for (I think):
Also, the people behind the MZ forums, AFAIK, are not directly related to Mozilla itself (though definately very close).
Agreed.
:) AFAIK they just want to make sure the two platforms share some design elements, not drop the Mac skin directly into Windows.
Appearently the people designing the theme agrees too...
If they did, it probably wouldn't look this ugly right now; it would look out of place, yes, but not ugly.
Telnet wins.
Getting HTTPS to work is a tad harder... How good are you at entering and reading binary data, and doing encryption/decryption in your head?
This seems to be in the current Win32 installer (don't have a Mac, can't tell what that looks like; no Linux installer yet AFAIK). For example you can select to install DOM Inspector, IIRC.
... But then, it's also been in the Seamonkey (suite) installer for a long time. Which the Firefox installer is based off of.
Yes, and it's even called safe mode :)
IIRC, Ben Goodger mentioned on the MozillaZine forums that safe mode temporarily disables both extensions and themes. I wonder if it could work around bad profiles as well...
It's coming. Actually, it's being worked on right now, and is going to break all existing extensions.
Unisys had one on LZW (compression, LZ77 variant) for a while, didn't they? Acquired from Sperry Corporation, it looks like.
/. had multiple articles on this.
I wouldn't be surprised if this was marked redundant though - I was under the impression that
So the big companies would fork multiple wholly owned subsidiaries to hold patents with?
That would probably be able to harm only the smaller companies that can't spawn that way...