×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Firefox 27 Released: TLS 1.2 Support, SPDY 3.1, SocialAPI Improvements

Soulskill posted about 3 months ago | from the onward-and-upward dept.

Firefox 167

jones_supa writes "Mozilla has released Firefox 27 for Linux, Android, Mac, and Windows (download). One of the big changes is enabling support for TLS 1.1 and 1.2 by default. Firefox 27 also supports the SPDY 3.1 protocol. Developers got some new toys: support was added for ES6 generators in SpiderMonkey, the debugger will de-obfuscate JavaScript, and style sheets can be reset by using all:unset. Mozilla also announced some new social integration options. In addition to all these changes, the Android version got some UI improvements and font readability upgrades. For a future release, Mozilla is currently testing a new approach for Firefox Sync in Nightly builds. They recognized the headaches involved with how it works, and they're now opting to use a simple e-mail and password combination like Google Chrome does. In the old system, users were forced to store an auto-generated authorization code, which, if lost, would render their bookmarks, passwords and browsing history inaccessible. "

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

167 comments

Ciphers (1)

manu0601 (2221348) | about 3 months ago | (#46152615)

Recent Firefox versions supported TLSv1.1 and TLSv1.2, by setting security.tls.version.max=2 in about:config. It is nice to have it by default now, but the missing bit was GCM ciphers support. They are important because CBC ciphers are more and more under attack (BEAST was CBC-specific). Do they implement GCM now?

Re:Ciphers (-1)

Anonymous Coward | about 3 months ago | (#46152731)

A GCM client is a GCM-enabled app that runs on an Android device. To write your client code, we recommend that you use the GoogleCloudMessaging APIs. The client helper library that was offered in previous versions of GCM still works, but it has been superseded by the more efficient GoogleCloudMessaging APIs.

A full GCM implementation requires both a client implementation and a server implementation. For more information about implementing the server side, see Implementing GCM Server.

The following sections walk you through the steps involved in writing a GCM client-side application. Your client app can be arbitrarily complex, but at bare minimum, a GCM client app must include code to register (and thereby get a registration ID), and a broadcast receiver to receive messages sent by GCM.

Re:Ciphers (0)

Anonymous Coward | about 3 months ago | (#46152857)

What the hell does that have to do with anything?

Re:Ciphers (1)

TechyImmigrant (175943) | about 3 months ago | (#46153001)

GoogleCloudMessaging != Galois Counter Mode

Galois Counter Mode != Offset Codebook Mode

Offset Codebook Mode != Counter Mode with Counter Block Chaining Mode

So from the field of block cipher modes we can extrapolate that:
              X != Y for all X and Y.

What is really at work? (-1)

Anonymous Coward | about 3 months ago | (#46152693)

Recent Firefox versions supported TLSv1.1 and TLSv1.2, by setting security.tls.version.max=2 in about:config. It is nice to have it by default now, but the missing bit was GCM ciphers support. They are important because CBC ciphers are more and more under attack (BEAST was CBC-specific). Do they implement GCM now? So what is it?

Do not want ... (5, Insightful)

gstoddart (321705) | about 3 months ago | (#46152695)

Mozilla also announced some new social integration options

I sincerely hope these are optional and not going to get rammed down our throats so Mozilla can collect more ad revenue.

Because, quite frankly, I have no interest in having my web browser trying to integrate with social media.

Re:Do not want ... (4, Informative)

0racle (667029) | about 3 months ago | (#46152859)

Did you see them before? This release didn't add them, it added more. Personally I have no idea where they are.

Re:Do not want ... (2, Insightful)

Anonymous Coward | about 3 months ago | (#46153409)

The fact that you do not see it is irrelevant.The code is there, increasing the attack surface of Firefox and thus adding risk for the user without giving him choice.

This is especially annoying because 'social' is not a core function of a browser and should not be an integral part of it. This is what add-ons are for.

Re:Do not want ... (1)

Anonymous Coward | about 3 months ago | (#46153527)

It's not even enabled until YOU (as in: user) decide to turn on the social stuff. So no, it is not an attack surface if you leave it disabled.

Re:Do not want ... (0)

Anonymous Coward | about 3 months ago | (#46153981)

Then I suggest you review the default settings. Merging the browser with those sites (facebook only, by default) occurred a long time ago, but since then they have hidden it in the background.

This is why I use my firewall to block Facebook's IP-ranges.

Re:Do not want ... (1)

Jane Q. Public (1010737) | about 3 months ago | (#46154489)

I've used Firefox for years, and I have been very privacy-conscious. So I am curious what "default settings" you mean. Your comment is not very informative.

Re:Do not want ... (0)

Anonymous Coward | about 3 months ago | (#46154107)

Care to actually give an attack scenario? Someone else suggest blocking Facebook's IP, but if you don't use Facebook, and don't have a Facebook account, what does it risk compromising?

Re:Do not want ... (0)

Anonymous Coward | about 3 months ago | (#46154223)

Maybe "social" isn't a core feature to us old fogies, but there's a LOT of people who like it. Just like a LOT of people like how intimately Chrome is tied to Google's ecosystem. There's absolutely no reason to care if you're not using it, and therefore haven't enabled it. There are worse things to worry about in terms of security, which almost nobody uses by comparison to social media features.

Re:Do not want ... (0)

Anonymous Coward | about 3 months ago | (#46155021)

Maybe "social" isn't a core feature to us old fogies, but there's a LOT of people who like it. Just like a LOT of people like how intimately Internet Explorer is tied to Microsoft's ecosystem. There's absolutely no reason to care if you're not using it, and therefore haven't enabled it. There are worse things to worry about in terms of security, which almost nobody uses by comparison to social media features.

FTFY

Re:Do not want ... (2)

dysmal (3361085) | about 3 months ago | (#46153033)

On the plus side, the social integration probably won't work until version 30!

Re:Do not want ... (3, Funny)

Anonymous Coward | about 3 months ago | (#46153423)

you mean, next Tuesday?

Re:Do not want ... (0)

UnknownSoldier (67820) | about 3 months ago | (#46153175)

I don't use social media so could care less about bloatware.

I just want FF's memory leak to be fixed instead of the devs ignoring it version after version, year after year.

Chrome's "Task Manager" that shows per tab it's Name, Memory, CPU Usage, Network Traffic and FPS still lacks any counter part in FF.

Re:Do not want ... (5, Informative)

Billly Gates (198444) | about 3 months ago | (#46153373)

I don't use social media so could care less about bloatware.

I just want FF's memory leak to be fixed instead of the devs ignoring it version after version, year after year.

Chrome's "Task Manager" that shows per tab it's Name, Memory, CPU Usage, Network Traffic and FPS still lacks any counter part in FF.

Chrome uses more ram than any other browser according to benchmarks. FF the least. A lot has changed since 2011.

Re:Do not want ... (-1)

Anonymous Coward | about 3 months ago | (#46155465)

A lot has changed since 2011.

You mean something like the version number?

Re:Do not want ... (2, Informative)

Anonymous Coward | about 3 months ago | (#46153567)

"I just want FF's memory leak to be fixed instead of the devs ignoring it version after version, year after year."
Do you happen to have a bug number on bugzilla? Also, please start reading Nicolas Nethercote's blog, they fixed a sh*tload of leaks already.

"Chrome's "Task Manager" that shows per tab it's Name, Memory, CPU Usage, Network Traffic and FPS still lacks any counter part in FF."
Content elements of separate pages can be shared in FF, making a per-page memory report much harder than in the per-process Chrome.

Re:Do not want ... (4, Informative)

complete loony (663508) | about 3 months ago | (#46155867)

It's called "about:memory" and it shows you memory allocation in all kinds of fine or coarse grained ways. And it's been almost continually improved for the past couple of years, while the big issues this page has revealed have been fixed.

Re:Do not want ... (2)

Drew617 (3034513) | about 3 months ago | (#46153477)

With you on social media, but I'll go further and say the browser shouldn't really be integrated with anything external to the OS.

The concept of browser-as-platform (looking at you, Chrome) seems wrong and disruptive to me, but it should be especially unnecessary for a browser to integrate with a service that's normally delivered in a browser to begin with.

When I want to integrate with something, I'll let you know by punching in the address, thankyouverymuch.

Re:Do not want ... (1)

paziek (1329929) | about 3 months ago | (#46154955)

Well, we've got internet search engines integrated into almost any browser nowadays. Difference would be that you can choose what search engine you want to use.
Seems like they added some support for Delicious and whatever India streaming service; what you need to do in order to get integrated, beats me, but I bet on $. I guess its sad, but then again Mozilla in its manifesto never mentions neutrality or any such thing and they need money to pay staff.

Re:Do not want ... (1)

Drew617 (3034513) | about 3 months ago | (#46155107)

Good point. I guess my concern isn't so much for neutrality, but good design. In general I want a browser to do one thing well, and otherwise get out of the way.

I do understand the technical difference, but looking at it functionally: I expect "apps" to run in the OS. I do not also want a separate set of "apps" to run on the browser, or inside any other application for that matter. For example, in OSX or Windows I can have both a native Evernote binary "app" and a separate Evernote "app" running in Chrome. That's confusing and, to me, messes with the whole paradigm that most of us understand.

Re:Do not want ... (2)

reikae (80981) | about 3 months ago | (#46154491)

The integration features certainly don't seem intrusive in any way, because I have no idea how to access them. There is nothing in the main menu about social media integration, nor in the options dialog. Which is nice.

Too late, switched to Chrome (0)

PvtVoid (1252388) | about 3 months ago | (#46152939)

Firefox has gradually turned into a bloated, buggy piece of crap. I finally gave up, and started using Chrome instead. Yes, the Great Google is watching my every browsing move. But at least it works.

Re:Too late, switched to Chrome (5, Informative)

chipschap (1444407) | about 3 months ago | (#46153037)

I used Chrome for quite a while but just switched back to Firefox. Chrome restricts things like downloading media (especially from YouTube) and doesn't work correctly on some ecommerce sites that I use. Firefox isn't (subjectively) that much slower than Chrome any longer and clearly has the widest choice of add-ons.

Re:Too late, switched to Chrome (0)

Anonymous Coward | about 3 months ago | (#46153185)

Your mom's become bloated and full of bugs (crabs) but we have the decency to stick with her.

Nobody cares, kid. (-1)

Anonymous Coward | about 3 months ago | (#46153221)

What are you, 13 years old? Did Firefox betray your fragile heart by not being flawless? It's a free web browser, it didn't run over your dog. We largely have a choice of fine browsers these days because Firefox came along. The least you do is be thankful, and not some pathetic attention-seeking whiner who has to tell the world they use someone else's browser.

Re:Too late, switched to Chrome (1)

Anonymous Coward | about 3 months ago | (#46153261)

Thanks to weaklings such as you, our society turns into 1984.

Re:Too late, switched to Chrome (5, Informative)

Billly Gates (198444) | about 3 months ago | (#46153413)

Chrome uses almost 300% more ram than FF or IE 11 on my system when I have +40 tabs opened.

Tomshardware.com did some benchmarks that can confirm this. It even hit slashdot that FF 13 used the least amount of ram a year and a half ago.

FF 4.0 != FF 25 and later and a lot has changed since 2011. I am tempted to switch back to Firefox as it is so light and quick now.

Re:Too late, switched to Chrome (1)

SammyIAm (1348279) | about 3 months ago | (#46153531)

Does Chrome's RAM usage cause problems on your machine? If the RAM is available, I don't see why Chrome shouldn't be taking advantage of it to improve browsing performance.

Have you looked at the hard drive usage of Chrome versus FF? I haven't looked, but it would be interesting to see if Chrome's increased RAM usage results in lower hard drive usage.

Re:Too late, switched to Chrome (0)

Anonymous Coward | about 3 months ago | (#46155859)

The way I see, Chrome's just using far more memory to do basically the same job. Why waste memory, if all you're going to get is a sliver of performance (which may not be the case at all, as we don't know WHY Chrome is using so much more memory).

Your hard drive question is genuinely interesting, though Firefox is changing their entire caching engine over the next few releases so the results may change drastically over the next half a year.

Re:Too late, switched to Chrome (0)

Anonymous Coward | about 3 months ago | (#46153637)

I had the opposite experience and I tested it out only 2-3 versions ago. After leaving FF opened with 20+ tabs, like Chrome, it gobbled up my memory much quicker and eventually become unstable to interactions. I was running both with no plugins/extensions.

Re:Too late, switched to Chrome (0)

Anonymous Coward | about 3 months ago | (#46154611)

The ram usage comes from a 1 instance per object invocation process Chrome has. each tab/plugin etc has it's own process running in task manager each with it's own private working set.

Re:Too late, switched to Chrome (4, Interesting)

JDG1980 (2438906) | about 3 months ago | (#46153555)

What we really need is "Firefox Classic": a maintainable fork that takes the Firefox code base and strips it down to the essentials, without social networking add-ons or any of that garbage. Sort of like how Firefox itself originally forked off of the Mozilla Application Suite, come to think of it.

Re:Too late, switched to Chrome (5, Insightful)

archen (447353) | about 3 months ago | (#46154409)

I'm not sure a "Classic" version would help much, it's the Internet itself that's bloated. You can have the fastest browser ever, but you're still downloading all that social media crap with Javascript pulled from all corners of the globe. The fastest web browsing experience? Firefox with Adblock and NoScript.

Re:Too late, switched to Chrome (3)

UltraZelda64 (2309504) | about 3 months ago | (#46154781)

The browser could at least help, by not automatically assuming that everyone wants JavaScript support and re-enabling it even for anyone who willfully turned it off in the first place, while at the same time removing the GUI, requiring digging through the bowels of the hell that is about:config just to find the option to re-enable. The first step to cutting web bloat is to disable JavaScript, but ironically Mozilla seems to be directly against this idea.

Re:Too late, switched to Chrome (1)

Anonymous Coward | about 3 months ago | (#46156773)

It's a lost battle. The best you can do is give people the option to properly manage Javascript, which requires something finer-grained than what they had implemented in the Firefox UI. Since few users care about this kind of thing, and there's already at least one world-class addon dealing with it that gets regular updates, there's really no reason for Mozilla to continue doing an inferior job of it.

You can argue all you want about principles, but Mozilla can't just cater to YOUR principles. They have to remain a viable option for lots of users, and if removing a dumb checkbox that's too convenient (as in, many users toggle it accidentally) is the easiest way to go, then so be it. Someone else can (and does) handle the more advanced UI for users who want it.

It mostly seems that some people can't quite grasp that Mozilla isn't able to do EVERYTHING, and sometimes an old feature that's convenient for some of us has to be let go. The people who really need that feature should be the ones who figure out how to make it work, not one company with limited resources who are already maintaining what's required for us to maintain such addons.

Re:Too late, switched to Chrome (0)

Anonymous Coward | about 3 months ago | (#46154549)

What we really need is "Firefox Classic": a maintainable fork that takes the Firefox code base and strips it down to the essentials, without social networking add-ons or any of that garbage. Sort of like how Firefox itself originally forked off of the Mozilla Application Suite, come to think of it.

This. Use a modern JS engine, and the Fx 3.6 UI. Book it,done.

Re:Too late, switched to Chrome (1)

Anonymous Coward | about 3 months ago | (#46155245)

What we really need is "Firefox Classic": a maintainable fork that takes the Firefox code base and strips it down to the essentials, without social networking add-ons or any of that garbage. Sort of like how Firefox itself originally forked off of the Mozilla Application Suite, come to think of it.

You should have a look at Pale Moon. [palemoon.org] It is not exactly what you asked for but it is a slightly slimmer version of Firefox that still has compatibility with the plugins.

Re:Too late, switched to Chrome (0)

Anonymous Coward | about 3 months ago | (#46156531)

Came here to say exactly this. Been using PaleMoon for almost 2 years now, and I love it.

Re:Too late, switched to Chrome (0)

Anonymous Coward | about 3 months ago | (#46156095)

That only happens once when the crowd of poorly behaved coders first refuse to improve coding style, and then, when the slim version proves to be more popular rebase on that and port their cruft. What would be the motivation for the original break aways to break away again?

Firefox previous releases (0)

Anonymous Coward | about 3 months ago | (#46156949)

Firefox Classic? What about some previous version. Here you go, take your pick: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/

Re:Too late, switched to Chrome (0)

Anonymous Coward | about 3 months ago | (#46156955)

Been using Pale Moon since Australis was announced. Windows only, but your welcome to fork it...

Re:Too late, switched to Chrome (0)

Anonymous Coward | about 3 months ago | (#46153871)

You could try Opera.

Re:Too late, switched to Chrome (0)

Anonymous Coward | about 3 months ago | (#46155391)

You could try Opera.

Opera pre 15. Because 15+ is as shit as Firefox.

Re:Too late, switched to Chrome (1)

porjo (964384) | about 3 months ago | (#46154363)

Firefox is my browser of choice and I find it does everything I need with the small, but irritating, exception of Flash. Adobe Flash plugin on Linux is horribly glitchy with Firefox and it's replacement, Shumway, is not supported on the websites I visit. I use Chrome for any Flash-heavy websites.

Re:Too late, switched to Chrome (0)

Anonymous Coward | about 3 months ago | (#46154507)

Weird, my experience is just the opposite. Firefox has been rock solid stable and has gotten less bloated, while Chrome has been and still is extremely buggy. I tried Chrome for a month and in that time I reported many bugs, none of which I would consider minor. Most if not all have yet to be fixed and it's been almost two years now since I reported them. Chrome does a lot of quirky things too that aren't really bugs per se but are really annoying.

Search engine misfeature still there (2)

ebh (116526) | about 3 months ago | (#46153097)

I see they haven't reversed the horrible misfeature of the "awesome" bar being restricted to whatever's specified in the search bar (e.g., Wikipedia) instead of using your default search engine regardless.

Or is there an about:config setting for that which I don't know about?

Re:Search engine misfeature still there (1)

Anonymous Coward | about 3 months ago | (#46153725)

No about:config entry whatsoever. Maybe this will help: https://addons.mozilla.org/en-US/firefox/addon/foobar/ You may find this to be handy: http://kb.mozillazine.org/Using_keyword_searches

Also, blame Alex Limi.

Re:Search engine misfeature still there (1)

Anonymous Coward | about 3 months ago | (#46153741)

No. There were viable security reasons to remove your pet search feature from the default installation, but it's still available if you use an addon.

And now I'll sit back with my popcorn and watch the idiotic cries of "they're dumbing it down for the filthy casuals!"

Yes, but have they fixed the crashes? (1)

rjmx (233228) | about 3 months ago | (#46153105)

Maybe it's me, but Firefox 26 would crash at the drop of a hat (and that's on Windows and Linux). I would sincerely hope that 27 is somewhat better in that respect.

Re:Yes, but have they fixed the crashes? (2)

gigaherz (2653757) | about 3 months ago | (#46153237)

I have only had one single crash while running Firefox Aurora (the alphas) in years. Are you using any misbehaving Extension or plugin?

Re:Yes, but have they fixed the crashes? (1)

jones_supa (887896) | about 3 months ago | (#46153939)

But then again, it's bad if an extension or plugin crashes the whole browser.

Enough RAM vs. crashes? (1)

billstewart (78916) | about 3 months ago | (#46156217)

Last year I was running Firefox on Win7-32, on a machine with 4GB RAM, and it would crash five times a day. Now that I'm running Win7-64, on the same hardware but with a lot more swap space enabled, it still crashes occasionally, but maybe once or twice a week.

Re:Yes, but have they fixed the crashes? (3, Interesting)

Lord Crc (151920) | about 3 months ago | (#46153269)

Maybe it's me, but Firefox 26 would crash at the drop of a hat

Tried running it in "safe mode" without addon's and see how that goes?

Firefox still crashes for me when it runs out of memory due to buggy javascript in either an addon or on a page. For example we use FinalBuilder at work, and the build control page has a massive memory leak in the javascript (sucky dom handling in web 2.0 crap) causing FF to run out of memory if I leave the page open over night.

Other than that it's been very stable on all the machines I've used it on for many years now (and that's both Windows and Linux).

Re:Yes, but have they fixed the crashes? (2)

tyle (1243518) | about 3 months ago | (#46153291)

Had this as well in Firefox 26 on Linux with Nvidia drivers, but Firefox stopped crashing when I updated to Nvidia driver 331.38.

Re:Yes, but have they fixed the crashes? (1)

dkman (863999) | about 3 months ago | (#46154473)

I'm with the other guys. I almost solely run FF current builds on multiple machines (work 6GB ram with intel graphics. home main 16GB with AMD. home media server was 2GB with nvidia - very recently upgraded). I haven't had crash issues on any of them. I definitely would have switched or investigated the cause, but I would have to say you have a bad addon. Potentially you have bad ram, but I would imagine that using a different browser wouldn't have fixed the issue.

Re:Yes, but have they fixed the crashes? (0)

Anonymous Coward | about 3 months ago | (#46154879)

I'm with the others in potentially blaming iffy drivers, since I've had two boxes struggle with them recently (nvidia drivers on Linux especially). I've managed to mitigate that by upgrading the drivers, disabling hardware acceleration or changing the acceleration backends in about:config from cairo to skia (or the other way around, I don't recall).

Another potential reason is (as always) Flash. I'd suggest checking if you're running an up-to-date version (along with disabling/updating/removing other plugins that you don't use).

Also, there HAVE been a lot of things changing with the Javascript engine in Firefox that are finally starting to come together and get resolved since around Firefox 24 or so. The nightlies would crash on me a lot a few weeks ago, due to strange glitches with certain websites (especially with Zimbra or Trello and large amounts of data). Then suddenly it all got better (and Trello even optimized their site, which was nice of them). It might simply be that kind of thing. It seems like Mozilla's been working day and night to get their new JS engine working consistently well, not to mention optimizing the hell out of their garbage collector.

Re:Yes, but have they fixed the crashes? (0)

Anonymous Coward | about 3 months ago | (#46156173)

Disable hardware acceleration?

Re:Yes, but have they fixed the crashes? (0)

Anonymous Coward | about 3 months ago | (#46156469)

Unreliable ram/bad caps/bad power supply?

Even passing all modules memtest86+ tests for some reason found that with 1.5GB ram FF crashed as crazy when browsing heavy JS sites. With 1GB had no crashes in months running 24/7.

Still waiting for GTK3 (2)

Drew617 (3034513) | about 3 months ago | (#46153289)

I'll give FF another shot when there's a GTK3 port.

But, uh, hey... apparently we got us some Saavn (?) integration.

Re:Still waiting for GTK3 (2, Informative)

Anonymous Coward | about 3 months ago | (#46153481)

The GTK3 support seems to be coming along nicely. They're actually supposedly pretty close, if I'm reading the bug tickets correctly. They mostly just have to support spinning off GTK2 process for plugins like Flash that don't support GTK3, and I believe there are some GTK3 widget glitches to iron out. I even remember seeing a Red Hat/Fedora test binary with GTK3 support that you can try out, though I don't have a link handy.

Re:Still waiting for GTK3 (0)

Billly Gates (198444) | about 3 months ago | (#46153487)

Ain't gonna happen.

One of the weaknesses of Linux is you can't have more than one library with dynamic linking for .so objects like you can with .dlls starting with Windows 7 and later.

This means gnome2 users and Mate users will be fucked as you can't have GTK2 and GTK3 on the same system. Since CentOS comes with gnome 2 by default it means Firefox can not be made to work with it until they downgrade to GTK2.

Re:Still waiting for GTK3 (0)

Anonymous Coward | about 3 months ago | (#46153593)

LOL your concern was answered a minute earlier by someone just reading the bug comments!

Re:Still waiting for GTK3 (0)

Anonymous Coward | about 3 months ago | (#46154545)

I run gtk2 and gtk3 programs side by side using bits of xfce for a desktop, it works just fine. I take your point about mixing gtk 2 and 3 in the same application but a gtk2 desktop can happily run gtk3 based programs.

Re:Still waiting for GTK3 (0)

Anonymous Coward | about 3 months ago | (#46154745)

Key word was port.

Re:Still waiting for GTK3 (0)

Anonymous Coward | about 3 months ago | (#46156411)

Fedora has been moving this along. http://copr-fe.cloud.fedoraproject.org/coprs/stransky/FirefoxGtk3/

Whenever a new Firefox is released... (0)

Anonymous Coward | about 3 months ago | (#46153401)

...the first thing I think is, "Oh God, what have they broken this time?"

Mozilla really need to stop fucking around with things that aren't broken and fix the things that are.

Re:Whenever a new Firefox is released... (0)

Anonymous Coward | about 3 months ago | (#46153751)

So you're saying TLS 1.0 isn't broken? Then why does TLS 1.1 and 1.2 exist?

Re:Whenever a new Firefox is released... (0)

Anonymous Coward | about 3 months ago | (#46155761)

I completely agree with you. It is sad, that after each FF release one needs to spend time searching for plugins and hacks to get even some of the previous functionality back.

Sync (1)

dkman (863999) | about 3 months ago | (#46153625)

I only sync Bookmarks and Addons (for security reasons I don't even store passwords). But I've never had a problem with the way sync works now. You need to have a synced device on had to generate a code to feed into the device you want to add. As long as you have 1 accessible synced device you're good.

If you were using it to back up bookmarks on one machine and you are rebuilding that machine, then you may be in trouble. So I guess that's what they're referring to here.

I have it on my phone, so I can always have that one on hand

Re:Sync (1)

jones_supa (887896) | about 3 months ago | (#46154047)

As long as you have 1 accessible synced device you're good.

And if you don't, you're fucked. So that's the problem.

Re:Sync (1)

rts008 (812749) | about 3 months ago | (#46154079)

If you were using it to back up bookmarks on one machine and you are rebuilding that machine, then you may be in trouble.

For that specific issue, try FEBE(Firefox Extension Backup Extension)
I highly recommend it for this.(and a whole lot more useful stuff)

FEBE allows my Firefox experience to be almost exactly the same between Windows and Kubuntu(dual boot), and having a current backup of the FEBE folder allows me to painlessly restore Firefox to my liking after a fresh install, or a new PC.

Re: Sync (2)

c0l0 (826165) | about 3 months ago | (#46154099)

I switched over from Chromium to Firefox mainly because of how Firefox Sync worked back then - in the way that it encrypted your sync data with a secret that Mozilla would never know. Now, with the new sync that just requires a tuple of email address and password, I wonder what - if anything - they use to encrypt the data so they cannot know what I store there (which is a strict requirement for me to even consider any kind of "cloud"-y offering). Given that email/password is used for authentication and authorization only (I'm pretty certain they'll have a routine for users to "reset" their password...), I'm worried they'd left out the one thing that made Firefox Sync usable for folk concerned with privacy...

Re: Sync (1)

c0d3g33k (102699) | about 3 months ago | (#46154617)

I switched over from Chromium to Firefox mainly because of how Firefox Sync worked back then - in the way that it encrypted your sync data with a secret that Mozilla would never know. Now, with the new sync that just requires a tuple of email address and password, I wonder what - if anything - they use to encrypt the data so they cannot know what I store there (which is a strict requirement for me to even consider any kind of "cloud"-y offering). Given that email/password is used for authentication and authorization only (I'm pretty certain they'll have a routine for users to "reset" their password...), I'm worried they'd left out the one thing that made Firefox Sync usable for folk concerned with privacy...

I have the same general concerns you did but am less trusting, so I set up my own sync server. Check out Run your own Sync Server [mozilla.com] at mozilla.com.

If you're technically inclined, familiar with general LAMP server management and have a personal linux server handy, it isn't that hard. There's a time investment up front, but once I got it running, it's been working flawlessly across several platforms and multiple browser profiles. I hope they deprecate the old sync behavior but keep it in place for awhile to give time to migrate to the new sync behavior. It's been working so well it's been "set it (up) and forget it" since I first got it running, so it will take a little time just to remember the details so I can migrate to the new server code (assuming there is even a viable migration pathway).

That said, the old sync that required the code to add new browser instances (ie. Firefox on another device or OS) was a little cumbersome, so making that a little simpler would be welcome. That would make it easier for other members of the household to manage their own devices without requiring me to set up and manage it for them.

Re: Sync (4, Informative)

c0l0 (826165) | about 3 months ago | (#46154775)

Yeah, I knew about that possibility before, but since the data to be stored on Mozilla servers was being properly encrypted on my device and in my client, I opted out of the usual "maintain my own infrastructure" chores that one time. Now, the "old" (read: current) Firefox Sync system is going away completely in the not too distant future, and you'll probably have to install some kind of add-on to keep your existing, self-hosted infrastructure functional. Meanwhile, I asked some Mozilla people/developers what the change was about, and how the new system is supposed to keep users' data confidential. The transcript of the IRC session is available here, on Debian's inofficial pastebin [debian.net] - enjoy! :)

Re: Sync (1)

c0d3g33k (102699) | about 3 months ago | (#46156925)

Thanks for that transcript. It seems to clarify some things (the questions you were asking and the answers) but raises others. Such as why the desperate push to move to an entirely new infrastructure that's apparently incompatible with the old, requires Firefox Accounts and introduces "recoverable" keys (in the hands of Mozilla) alongside the current non-recoverable keys that only the client has. The rather vague answer was the 'recoverable' keys were for some nebulous future service of benefit to the user (Mozilla can recover their data for them), but my tinfoil hat tells me it also allows Mozilla to recover user data for another party like the NSA. It smells a bit too much like a back door, because we can't have user-only encryptable and decryptable data in the cloud now, can we? They claim that it doesn't touch the data encrypted with the non-recoverable key, but that's just a claim.

I'm not optimistic about an addon to maintain current sync functionality (at the current breakneck pace Mozilla is moving it would be difficult to maintain), so perhaps they will release their new server code as open source. We'll see.

Enough of the social media garbage (4, Interesting)

TheMadTopher (1020341) | about 3 months ago | (#46153843)

Am I the only one who could care less about social media integration?

Re:Enough of the social media garbage (2)

Anonymous Coward | about 3 months ago | (#46154075)

Am I the only one who could care less about social media integration?

No, I'm pretty sure there's a lot of people who couldn't care less.

Re:Enough of the social media garbage (0)

Anonymous Coward | about 3 months ago | (#46156873)

Logic fail. Let A be the set of people who could care less about social media integration. Parent asks:

Is A = {TheMadTopher} ?

And you reply "no", and justify it by claiming that complement(A) contains a lot of people. Sorry but that doesn't justify it.

Re:Enough of the social media garbage (0)

rts008 (812749) | about 3 months ago | (#46154719)

I see this frequently...*sigh*

I personally couldn't(could not) care less about social media integration.

I think that was what you meant...if so, then the answer would be no, but the two statements are opposite in their actual meaning.

Your version: "I could care less about it, but I don't."

My version:
"I could not possibly care less about it, as I don't care for it at all."

Think about it a little, and it is very clear that 'could' and 'could not' have opposite and specific meanings.

Re:Enough of the social media garbage (0)

Anonymous Coward | about 3 months ago | (#46155449)

You are too verbose. Next time just reply "Yes, you're the only one. Everyone else couldn't care less".

Re:Enough of the social media garbage (0)

Anonymous Coward | about 3 months ago | (#46155623)

aspergers' detected...

Re:Enough of the social media garbage (0)

Anonymous Coward | about 3 months ago | (#46156639)

That depends on who (or what) you could care less than.

Bring Back Javascript Optoins (3, Informative)

tlhIngan (30335) | about 3 months ago | (#46154045)

One of the biggest changes in Firefox was that JavaScript was permanently enabled.

But a side effect of the removal of "Enable JavaScript" checkbox was the removal of the "Advanced" button which limited what scripts could do - move/resize windows, bring windows to front/back, allow scrpits to write to status bar, disable context-click (right click), etc.

Which is annoying because those options were good to have - especially sites that disable right-click.

On Firefox, it's possible to re-enable right click if you hold down Shift then right-click - this will force Firefox to display the proper right-click menu. But that's a PITA

While extensions like NoScript work, they don't prevent permitted sites from playing around with stuff like that - a site needs javascript ot work and then they promptly open a bunch of windows or disable right-click while it's enabled.

When will they fix the memory leaks? (-1)

Anonymous Coward | about 3 months ago | (#46155209)

I'm currently at 307MB (internal FF measurement) and 374MB RSS (ps).
A minimize circle gets that down to ... 313MB (wtf) and 402MB RSS (ps).
Hitting any of CC or GC bring it down to ... 327MB (WTFFFF?) and 410 RSS (ps).

While a tab may bloat the process, closing it must shrink it again; also a lot of JS objects (gmail) is not properly collected and destroyed with the accompanying tab.
Until this is fixed FF is essentially broken by design.

Sync changes (1)

fph il quozientatore (971015) | about 3 months ago | (#46155375)

So, just curious to know. The previous sync version had client-side encryption, i.e., Mozilla did not know what data you upload on their servers. In order to do authentication with a Mozilla account, I presume this has to be changed and now the Mozilla people have full access to an unencrypted version of your bookmarks/passwords etc.

Is this correct? That seems a worrisome change.

Android version let you start in privacy mode now? (1)

trytoguess (875793) | about 3 months ago | (#46155731)

Curious if the folks who got the update saw this feature. I thought it would be a pretty desirable setting in a mobile browser, but the last version didn't seem to have it, even in about:config.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...