

Mozilla Discontinues Security Updates For Firefox 4 - dkd903
http://digitizor.com/2011/06/23/no-security-updates-firefox-4/

======
JadeNB
I would like to whinge about this aggressive expiration policy leaving PowerPC
users like myself in the dust (since they gave up support for the PowerPC
architecture in Firefox 4.0), but I can't really; they just released Firefox
3.6.18 yesterday, which I found an impressively long-term support period.

(For folks like me who have trouble hunting it down—the Firefox landing page
just says “Unfortunately, the latest version of Firefox isn't compatible with
your operating system”—it's at the misleadingly named
<https://www.mozilla.com/en-US/firefox/all-older.html.>)

P.S. If you're stalking me, then you may wonder how to reconcile this post
with yesterday's about upgrading to Firefox 5.0
(<http://news.ycombinator.com/item?id=2680536>). That was on my work computer.
:-)

~~~
lordgilman
FYI there is a fork of Firefox 5 for PPC here
<http://www.floodgap.com/software/tenfourfox/> .

~~~
thaumaturgy
Yeah, I just discovered this today, and it's _great_. YouTube videos actually
play smoothly on my 1.5GHz G4, for the first time in at least 3 years.
Everything else feels smooth and snappy again. Whatever this guy is doing,
he's doing it better than the Mozilla team has in a long time.

------
MichaelApproved
At first I thought:

 _"Why would they go with such an aggressive release schedule before getting
the auto update to work? People like my parents will never upgrade."_

But then I realized that if they won't upgrade from 4->5 then they probably
won't upgrade from 4->4.1 anyway. Either way, they're exposed to bugs and
security holes. It's mainly tech geeks like me that think there's a major
difference between 4.1 and 5 and postpone upgrading to major releases. Perhaps
my parents think _"An upgrade is an upgrade. Who cares what the version number
is?"_.

I'll have to ask them.

------
ggchappell
Well, this is bizarre. I was planning on upgrading my 3.6 to 4.0 shortly. I
guess I won't. Better stick with 3.6 until the dust settles (?).

Can anyone point me to a concise-but-thorough explanation of just what I can
expect from the new FF release plan?

I take it they're moving to something like the Ubuntu normal vs. LTS normal
distinction. The thing is, Ubuntu explicitly labels some releases as LTS
("10.04 LTS" vs. "10.10"). FF doesn't even put version numbers in their press
releases anymore. (What's the logic behind that?)

~~~
azakai
4 and above will work like Chrome's release process: New stable release every
6-12 weeks. Releasing version N means N-1 is EOL and gets no further updates.
No version numbers in press releases (they are meaningless, except as a
convenient identifier for bug reports and such). Nightly, Autora (alpha,
basically) and Beta channels to test unstable versions.

There is talk about having an LTS version, just like Ubuntu, yeah. I think
it's a good idea. Don't know if it will happen, though, but I am guessing it
or something similar to it will.

~~~
ggchappell
Thanks for the info.

> No version numbers in press releases (they are meaningless, except as a
> convenient identifier for bug reports and such).

Meaningless? Maybe. That depends on how automatic updates are handled. I have
3.6. Updating to 3.6.x is done without asking me. Updating to 4.0.x asks (and
so far I've always said no). There is a difference between these two: same-
version updates that I get automatically, and next-version updates that ask
for permission first. The difference is traditionally expressed using version
numbers. If we get rid of version numbers, then it still needs to be expressed
_somehow_.

One solution is to make _all_ updates automatic. Perhaps that is what they are
doing? Is an update from 4.0 to 5.0 done without asking for permission? If so,
then installing 4.0 really means installing the latest version forever.

But if not, then how is the difference going to be explained to a nontechnical
user? "A new Firefox is available, and has been installed for you" vs. "A new
Firefox is available; do you want to install it?" does not, IMHO, explain
things well enough.

------
awakeasleep
The downside I see:

Crap companies that used to develop for IE exclusively had just started to
throw in FF 3.6 support, and now FF has moved onto distant pastures leaving
'the enterprise' back in 'this version and this version only' land.

So, as a tech-support wage slave... actually we're not allowed to complain.

------
keyle
So they are still supporting Firefox 3.X but not 4? I find that terribly
confusing for users, like my mum.

~~~
azakai
It's confusing, yeah. The reason is that the release schedule is completely
changing between 3.X and 4.

4 and above will work like Chrome: When version N is released, N-1 is EOL and
will not get further updates. There is no simple way to make the transition
from 3.X to that, so it ends up being confusing.

~~~
guptaneil
Does Firefox support autoupdating? I feel like Chrome's aggressive update and
EOL cycles only work because it updates in the background, so users never have
to worry about what version they're running.

~~~
azakai
The goal is to autoupdate silently like Chrome. This is being implemented in
stages, it isn't all there yet, but updates are already simpler than before.

~~~
thaumaturgy
I think Mozilla has seriously mis-predicted what this is going to do to their
adoption in the very large user base of people who were convinced to move from
IE to Firefox by some well-meaning computer tech.

Considering that the majority of our clients _really_ dislike it when software
changes without their specifically asking it to, we can no longer recommend
Firefox to our clients. ...which is unfortunate, because AB+ made a really
nice first line of defense against malicious ads on websites.

~~~
ghshephard
"Considering that the majority of our clients really dislike it when software
changes without their specifically asking it to" - I suspect that's going to
change, it's unclear to me why your clients they they are more sophisticated
than Google/Firefox's release engineers when it comes to determining when to
upgrade their browser - software _should_ automatically eliminate security
flaws and update bugs.

I'm not saying your clients don't have dislikes right now - I'm saying they'll
need to be educated to stop having them.

~~~
thaumaturgy
This is pretty much the most common response from the tech literate:
"everybody should be tech literate".

My little company has had insane year-over-year growth for the last three
years, almost entirely on word-of-mouth referrals, in a largely stagnant
industry (IT support for SMB & individuals), in part because I think that most
of our clients have better things to do than spend their time being educated
on how they should appreciate frequent software updates.

It seems to be a nearly impossible challenge to convince software developers
and others on the leading edge of tech that tech is _not_ the most important
thing in most peoples' lives.

There is probably at least one thing in your life that you are only sorta-
kinda OK at. For me, it's cooking. Actually, I'm worse than sorta-kinda OK,
but I try sometimes. So, I try to keep in mind just how much it would
infuriate me if, every single time I went into the cupboard and pulled out a
frying pan, the frying pan came with an entirely new set of instructions
versus the last time I used it.

People who have used computers for long enough have developed a skill that
they don't even realize they have: they can glance at a screen and take in
everything on the screen, and sort out what's important and what's pertinent
and what's relevant and what's not, on a subconscious level.

For infrequent computer users -- by far the bulk of our market -- that skill
doesn't exist. They have to _consciously read every single word on the screen_
to find what they're looking for.

So when things change _even in the slightest_ , it is _extremely_ disorienting
to them, and the fact that things never stop changing is a source of extreme,
frequent, and serious frustration for them.

What may be, for you, a UI change that is so minor that you don't even notice
it -- a change in the background color of an alert box, say -- is a change
that makes the software into something completely new for our clients.

I think it is tremendously arrogant to leap to the conclusion that users don't
want security updates because "they [think] they are more sophisticated than
Google/Firefox's release engineers". No, they _want_ security updates. They
_love_ security updates -- when security updates _only_ fix bugs, patch holes,
and don't cause any other problems or incompatibilities whatsoever.

No, the problem is that Google & Firefox's release engineers don't distinguish
between UI and behavioral updates, and security updates, and then think that
software updates are a matter of sophistication -- and not simply a matter of
serious annoyance for a very large number of people.

I argue these points frequently. It almost always fails to have an impact on
the person I'm talking to, even though I'm merely communicating with the voice
of many very frustrated computer users. I am beginning to think that the only
way to get this point across will be to lead a mob of everyday computer users
to the offices of various software companies.

------
st3fan
Firefox 5 _is_ the security update for Firefox 4.

Don't get too attached to version numbers. Firefox is a work in progress with
rapid release cycles. Before you know it you will be updated to Firefox 7.0.

~~~
wvenable
I hate the new version scheme -- for Firefox, version numbers still meant
something; the numbers gave you some indication of how much stuff had changed
and how painful (or not) the upgrade was going to be.

Why go from a scheme that gave out _some_ information about the level of
change expected to a scheme that gives little to no information at all?

~~~
ryannielsen
I suspect that's because they're attempting to move to a scheme like Chrome's:
all you need to know is you're on the latest, most secure, most capable
version and there's extremely little pain from having upgraded.

~~~
wvenable
The sort of assumes that Firefox is exactly like Chrome and historically that
hasn't been true. For example, Firefox 4 has a very different UI from Firefox
3. Extensions are much more involved in Firefox than in Chrome and major
versions tend to be indications of whether or not they'll break (which is an
important consideration for upgrading). Extension compatibility is checked by
version number, and it seems the greatest problem in moving to Firefox 5 has
been that extensions don't think they're compatible (even if they are).

They're trying to copy what Chrome is doing without considering how they're
different from Chrome and without having a completed auto-update scheme.

If version numbers are meaningless, does it even matter what scheme they're
using. If they're merely counting upwards isn't 4.1 just as valid of choice as
5?

~~~
ryannielsen
It does assume that Firefox will become more like Chrome. In fact, the Mozilla
foundation has explicitly said they want features that are very similar to
what Chrome offers today. They're working towards a transparent auto-update
mechanism, they just shipped a new add-on mechanism in FF5
([http://blog.mozilla.com/addons/2011/06/21/add-on_sdk-
builder...](http://blog.mozilla.com/addons/2011/06/21/add-on_sdk-builder-
_beta/)) that is much like Chrome's and is thus less likely to break on major
upgrades, and they have explicitly stated they plan to release major new
versions every three months. Just as with Chrome, they're de-emphasizing the
major version number.

Expect FF6 soon and FF7 before the year's end. Expect the version number to
become less meaningful.

