
Firefox 37 Release Notes - footpath
https://www.mozilla.org/en-US/firefox/37.0/releasenotes/
======
DangerousPie
> Implemented a subset of the Media Source Extensions (MSE) API to allow
> native HTML5 playback on YouTube

This is great! Actually just today I was wondering why Firefox was still using
the Flash player for Youtube. Now it isn't anymore :)

~~~
JoshTriplett
As far as I can tell, HTML5 playback has worked just fine in Firefox for a
while (including HD), for any video that doesn't have ads. MSE just allows
additional features in HTML5 playback, such as DASH (which dynamically adjusts
bitrate to match available connection bandwidth/quality).

(Personally, whenever it fails, or sometimes even when it doesn't, I use
youtube-dl.)

~~~
shmerl
No, it didn't work for anything higher than 720p. For those Youtube requires
using DASH + MSE.

~~~
jfreax
I read this everywhere, but I am able to watch 1080p Youtube videos with html5
just fine since, yeahh... always, at least it feels like that. I tried it just
a second ago. So it works definitively with Firefox 36 on Gentoo Linux.

What am I doing "wrong"? What am I missing here?

~~~
shmerl
_> I am able to watch 1080p Youtube videos with html5 just fine since,
yeahh... always_

Did you enable media.mediasource.enabled in about:config? Check it for Firefox
36, and if it's true, see if it's highlighted or not. If yes (and you are
using the stock Mozilla build and not Gentoo custom one) it means you don't
have the default.

Sure, you could enable it already for a while there, but it was buggy. For me
the default was false. Strangely, it's false even in Firefox 37, which
contradicts the release notes. But at least it works well now in actual videos
when enabled.

~~~
lelandbatey
You are correct. This is a screenshot taken on Firefox 36.0.4 on Ubuntu
14.04.2: [http://i.imgur.com/XMIgQfi.png](http://i.imgur.com/XMIgQfi.png)

As you can see, media.mediasource.enabled is disabled by default.

------
TazeTSchnitzel
Opportunistic encryption's really the big news. Will make the NSA's job
harder.

Edit: Unfortunately, you _must_ be using SPDY or HTTP/2 to use it. That's a
real shame. I already had self-signed TLS and added the header, but then
discovered it doesn't work with HTTP/1.1 (and with no good reason, either).

~~~
shawabawa3
>(and with no good reason, either).

From their site:

OE is not available with HTTP/1 servers because that protocol does not carry
the scheme as part of each transaction which is a necessary ingredient for the
Alt-Svc approach.

~~~
TazeTSchnitzel
Ah, alright. That's a shame. I hope they can come up with some way to do it.

------
Silhouette
The new Security Panel on the Network Monitor display seems helpful.

Even better, it seems that Firefox has finally stopped erroneously reporting
that some pages with multimedia content served properly over HTTPS were only
partially encrypted. This had been a long-standing issue and the early
comments from developers were not promising, so kudos and my personal thanks
to whoever has fixed this one.

------
droope
It's frankly ridiculous how you guys criticize Mozilla for all these things,
when they are practically the only organization in the whole internet which
continues to value privacy.

~~~
lomnakkus
Who is "you guys"? I personally applaud Mozilla for their stance on many
things. Especially for allowing/enabling things like NoScript. However, I must
admit that this has a practical limit, at least for me. Without per-process
tabs (or similar) Firefox will start to lag more and more behind modern
browsers and at some point the deficit will become insurmountable. (I realize
the difficulty of achvieving this, but as a practical matter, it _must_
happen, otherwise...)

EDIT: I should say that I usually keep Firefox open for days (with only ~30-40
tabs) and at some point it starts consuming unreasonable amounts of CPU
just... idling (apparently).

~~~
Amezarak
> Without per-process tabs (or similar) Firefox will start to lag more and
> more behind modern browsers and at some point the deficit will become
> insurmountable. (I realize the difficulty of achvieving this, but as a
> practical matter, it must happen, otherwise...)

Why? Setting aside that, as the sibling comment points out, Electrolysis is on
the roadmap, why? I use Firefox every day with dozens to hundreds of tabs in
1-2 windows and the fact it's not process-per-tab has never bothered me or
even been something I noticed. Sure, it's nice to have _theoretically_ ; if
the browser crashed all the time then sure, I'd like to have just one tab go
away instead of session-restoring the whole thing, but that's a minor
convenience, and according to about:crashes, it's only happen about two dozen
times in two years anyway. On the other hand, it's nice that, despite having
32 tabs open right now, Firefox is only using 210MB of memory.

There are advantages (stability, sandboxing) and disadvantages (memory usage)
to the process-per-tab model. I think there's a fair argument that Mozilla
should implement it in Firefox, but I don't understand in what sense Firefox
would be lagging behind other browsers if they didn't implement it. The Ideal
Browser does not necessarily require process-per-tab nor is there some Ideal
Browser all the browsers are converging to that Firefox is further behind on.

~~~
lomnakkus
It's not the "process-per-tab" thing _per se_ that's important. It's just that
(as I believe I mentioned in my OP) Firefox starts to just constantly consume
non-trivial amounts of CPU after some amount of time[1]. Not sure why it does
this, but process-per-tab would at least mitigate the problem by offloading
the whole "free resources" problem to the OS (which _must_ be able to do these
things reliably).

(I have oodles of memory and CPU, so it's not just a lack-of-resources
problem.)

[1] EDIT: I'm talking about something like 30-50% of a single CPU. In extreme
cases it would use 100% of one CPU, but those are admittedly outliers.

~~~
Amezarak
While it would be nice for Firefox to have something in-place like per-process
tabs that could mitigate the problem, I think what really needs to happen in
this case is that they fix the underlying issue - which, true enough, might be
a while; it doesn't happen for me, even though I leave Firefox open for about
a month at a time (rebooting on patch Tuesday), so I assume it isn't easily
reproducible and therefore might go some time without being fixed. Even if you
had per-process tabs, I'd expect that one tab would still be using 30-50% of
the CPU and thus be a major nuisance, even though it might make the rest of
the browser more usable.

~~~
lomnakkus
It's completely trivial to write a "consumes-100%-CPU" JS script. I'm sure
people usually don't do it intentionally, but I happened to encounter two such
scripts on two _separate_ domains today[1]. The surprising thing is Firefox
managed to kill the first one, but not the second one -- after being
_completely_ unresponsive for 30s, mind you. It just hung when I pressed the
"Stop script" (or whatever the button was labeled). Had to kill the whole FF
process and restart it, being quick to close the two tabs that were causing
trouble.

This is absurd. Apart from anything else FF needs to be better at protecting
its users, and that includes separate-process-per-tab. (Ideally, it should be
sandboxes, but honestly I'd settle for "separate processes" at this point in
time.)

[1] One of them was [http://www.xojane.com/](http://www.xojane.com/)

------
drzaiusapelord
>Yandex set as default search provider for the Turkish locale

Interesting. Looks like Putin's relationship with Erdogan gets cozier all the
time. Yandex has a very strong connection to Russian intelligence services:

[http://www.bbc.com/news/business-13274443](http://www.bbc.com/news/business-13274443)

~~~
k__
This may be, but what has it to do with Firefox?

Doesn't Mozilla decides for itself, which default it sets?

~~~
walterbell
Is Yandex paying Mozilla to be the default for Turkey?

~~~
dublinben
That's usually how these deals come about. No figures were revealed in the
press release, but it should eventually become public in their yearly IRS
filing.

------
super_mario
So, Mozilla wants to change the ad industry, while preserving user privacy?

[https://careers.mozilla.org/en-
US/position/oXqA0fwH](https://careers.mozilla.org/en-US/position/oXqA0fwH)

I am extremely curious to find out what exactly do they have in mind here?

~~~
azakai
Perhaps relates to sponsored tiles,

[https://www.mozilla.org/en-US/firefox/tiles/](https://www.mozilla.org/en-
US/firefox/tiles/)

I believe those allow advertising without tracking of users.

------
erichurkman
Don't forget to check the Firefox 37 for developers [0] page which has more
detailed info (it's linked from the sidebar of the public release notes).

[0] [https://developer.mozilla.org/en-
US/Firefox/Releases/37](https://developer.mozilla.org/en-
US/Firefox/Releases/37)

------
publicfig
I understand that the Heartbeat user rating system can be disabled, but I'm
still very much against it and think it will drive a lot of less technically-
savvy users mad. I honestly thought it was an April Fools joke at first
through reading it.

~~~
johnchristopher
I wondered what that `Hearbeat` thing was so for once I checked the release
notes and
[https://wiki.mozilla.org/Advocacy/heartbeat#Experience_Flow](https://wiki.mozilla.org/Advocacy/heartbeat#Experience_Flow)

> Every day a random subset of users are offered a rating widget

> After rating Firefox, an ENGAGEMENT page _may_ open in a background tab.

That's... not the phoenix I signed up for.

~~~
maxerickson
Even when it was Phoenix, the branding or whatever you want to call it was to
focus on users. Compared to Mozilla/Navigator that meant stripping out a whole
lot of stuff, but an effort to find out what their broader set of users want
is not incompatible with the original mission.

(I'm sure I'll toggle this off)

------
pkrumins
I just added Firefox 37 to Browserling. If you don't want to install it, you
can try it live in your browser at this address:

    
    
        https://www.browserling.com/browse/firefox/37/news.ycombinator.com
    

We've 3 servers handling demo sessions so you may have to wait in the queue to
try it.

------
shmerl
MSE on Youtube at last.

UPDATE: Strangely, media.mediasource.enabled still remained false for me in
Firefox 37 (Linux). I had to manually set it to true, and it's highlighted,
meaning that default is still false... Not sure how it fits with release notes
then.

~~~
doublec
MSE is only enabled by default on Windows for this release. You can enable it
manually for other platforms via the about:config setting.

~~~
shmerl
Was it still buggy on Linux? Release notes mention some other points as
relevant to the Windows version only, so it probably made sense to mention it
for MSE too to avoid confusion.

~~~
doublec
Release notes have been updated to say Windows only now.

~~~
shmerl
Thanks!

------
mmastrac
"display: contents" is an interesting addition. It appears to take an element
out of the tree, replacing it entirely with its children.

Anyone have any thoughts on what that could be used for?

~~~
dguaraglia
I imagine you can use it to ensure that elements that are added simply for
semantic purposes (like, say, containers for other elements that are there
just to group them logically) do not create any boxing side effects, like
default padding and similar non-obvious CSS buggery.

~~~
taeric
I fear that now we will just replace it with another set of non-obvious CSS
behavior. Consider, does this property nest well? How does absolute
positioning work against something like this? Do they just ignore the parent
box, since they are replacing it?

Undefined or Browser specific. Or just a further explosion of the spec?

~~~
bzbarsky
All of this is defined in the spec. display:contents just means that in the
box tree the box is elided and its child boxes are placed where it used to be,
and then things proceed as normal.

If you have nested display:contents things, it just works: you end up with a
box and what used to be its great-nephews/nieces in the same flat list is all.

~~~
taeric
My point is really that I am not even sure what I would expect to happen in
such cases. To the point that I will find it hardly surprising when developers
on a browser inevitably makes a mistake in implementation.

So, yes, this may all be there in the spec. But this is really just making the
spec larger and larger with what seems to be nominal, if not decreasing,
gains.

~~~
bzbarsky
> My point is really that I am not even sure what I would > expect to happen
> in such cases.

The same thing as happens if you just delete the parent element from the
source (if we ignore for the moment selector matching and inheritance).

> with what seems to be nominal, if not decreasing, gains.

display:contents was pretty commonly requested by component authors who want
their component to fit into a larger layout framework (flex, grid, table) as
more than one layout unit. I agree that if you're not trying to author
components it's of pretty limited utility.

------
yuhong
They disabled insecure TLS version fallback. Older versions of the Certicom
TLS stack used in older versions of WebLogic are affected for example (change
to JSSE).

~~~
Tobu
The next release (in six weeks) will also disable RC4 fallback, except for a
few sites which are on a whitelist for one release after that.

------
blinkingled
Working great on Lollipop here. Prior version was crashing quite a bit.

~~~
darklajid
I'm about to give it up on Android again.

Nice browser. Better than Chrome. But the UI sucks. First they managed to have
a different UI on tablets (phone: Tab button in the upper right corner, upper
left on the tablet). Then they iterated and came out with a new (and soon to
be if not already) mandatory tablet UI that just .. well .. it's bad.

I still regularly try to open a link in a tab and hit 'share', because at some
point in the past they decided that the menu on a link should be

\- share

\- open in tab

\- open in private tab

etc.

I'm a fan, use it on the desktop, wish that FxOS succeeds - but Fennec is a
constant nuisance and complete UX failure for me.

~~~
miraks
> I still regularly try to open a link in a tab and hit 'share'

You can use this add-on to fix it (Yes, I'm author of it)

[https://addons.mozilla.org/android/addon/share-to-
bottom](https://addons.mozilla.org/android/addon/share-to-bottom)

~~~
darklajid
I cannot even begin to express how great this looks. I hit that again and
again and .. it's a papercut, but so damn annoying. Thank you. Very much
appreciated.

(Now, is there an addon to fix the tablet UI back to 'simple'?)

