Hacker News new | comments | ask | show | jobs | submit login
Firefox 15 available to download, finally fixes add-on memory leak (extremetech.com)
188 points by mrsebastian on Aug 28, 2012 | hide | past | web | favorite | 183 comments



If they did finally solve this, I might be nearly back to using FF as a primary. With Chrome I have had more and more problems with certain sites (not all legacy either) the last few months. Also, I've been impressed with the improvements in speed and reliability of Firefox in the last couple of releases. Everyone remembers the days of 15 second FF startup because you had a handful of add-ons turned on.

Now, I've gained some discipline and stopped installing 50K plugins, but Firefox has done the heavy lifting here. On FF 15 I only have a small amount of plugins (partially because I abandoned its usage) but on my work Mac, it goes from shutdown to usable in 685ms.

If anyone you know is delusional enough to think that competition doesn't improve products, just point to FF. The existence and popularity of Chrome has turned FF from a decrepit bloatware to a sleek modern web racehorse. I'm proud of those guys because in all honesty, I was convinced they would fail. Kudos.


>The existence and popularity of Chrome has turned FF from a decrepit bloatware to a sleek modern web racehorse.

Please don't spout this crap. Firefox has definitely improved a lot in some areas recently, and I'm sure competition helped, but this idea that it was getting worse before chrome is an artifact of websites getting more complicated.

Try to browse gmail or facebook with firefox 1.0 and it won't feel as slim or fast as you remember...


Well it's a little bit of both so I think he has every reason to also attribute competition. Firefox has definitely borrowed a few ideas and motivation from Chrome, and vice versa.


You might want to try reading posts before commenting. I was clearly pointing towards startup time and general app respnsiveness, not actual speed browsing websites. But thanks for saying please.


I applaud the Mozilla team for its huge effort in squashing the FF memory leaks. That must have been such a huge pain to solve and it took many years. Well done and congrats.

That said, I really hope the authors of plugins like Firebug, Adblock Plus, and LastPass among many others will do their parts to get rid of bad memory leaks.

Using OSX 10.7.4, I opened up FF 14.1 to about 325MB-350MB of memory. After downloading FF 15 and restarting, I saw no change in my memory consumption. Once I disabled the three I mentioned above, I was only then able to start FF around 250MB, still really high but better.

I want Mozilla and Firefox to succeed as I really want there to be solid competition for Chrome. Please, add-on authors, do your parts too!


By just starting Firefox and looking at the memory consumption, you are measuring exactly that: Consumption. Not leakage.

Leaking implies a continuously increasing memory usage. By just opening, measuring and closing again, you don't even get a chance to measure an increase in consumption, so you can't say anything about leakage.

Also, 100MB for Firebug, Adblock and LastPass doesn't seem that far off - especially Firebug is huge and has to do a lot of work, so I would expect that to require quite a bit of memory.


Good point and I will continue to monitor the browser as I use it. Just in initial browsing, I'm still finding the memory consumption increasing at the same alarming rate it was before sadly. :( But you are correct that I need to give it some time to really measure correctly.

That said, even with the 9 add-ons I'm using, I was hoping I could see a total memory usage on startup to be closer to 225MB.


Also having the lowest memory consumption is not always the best indicator for how good a browser is. For example, I think Chrome uses more memory per tab than most other browsers, because of its individual sandboxing system. But that seems to be a pretty fair trade-off. Has Firefox started using sandboxing yet?


Maybe you're right about lowest memory consumption, but what keeps me going back to Chrome is consistency in good performance and the fact that I can easily shut down one tab without having to restart the whole browser to reduce memory if that ever happens.

All browsers do have memory leaks but the fact that FF's memory continually increases to the point where I have to restart the whole browser every day is mentally tiring. This is where Chrome just got it right.


FF's memory continually increases to the point where I have to restart the whole browser every day

That’s really not the case any more.


This was fixed for extension-free firefox. Today this is fixed, for extensions as well.

What was happening was that extensions had references to dom-nodes of a page, that prevented the page from being unloaded when you close the tab. Unless of course, the extendion author bothered to fix this from their side. Now, an extension has essentially "weak references" to dom nodes. (think: symlink)


I second this. On Ubuntu 12.04 Unity crashes after approximately 20 days of uptime and that's Almost the only time I restart Firefox. I regularly have a single session open for weeks.


That’s really not the case any more.

So far in my testing and browsing, it is.


Just to update, after a couple of hours playing with it, I am finally noticing it fluxuates up and down. It appears to let go of consumed memory after a period of inactivity. That's great news!


Glad to hear it! But as implied above, memory consumption is only interesting because of its effects on performance and stability (both of the browser and other programs running on the system). Don't choose your browser by looking at the memory consumption, choose your browser based on how it feels when you use it.


Firefox only sandbox plugins like Flash, but they have plans for more sandboxing. No idea what the status is though.


If you want to know what it's using memory for, hit about:memory.

This is also a useful way to start looking at a suspected leak: visit a page and hit about:memory to see what it's using, then close the tab and check about:memory again to see whether it's freeing everything.


I'm using Firefox 17a1 on Linux and with 6 tabs open plus NoScript and Adblock, I'm getting about somewhere in the low 200s for mb of RAM used.


Unfortunately I'm still sticking with Chrome. I love Firefox but Chrome loads "instantly" while Firefox: even 15 still has a noticeable lag when you launch it.

Firefox has always felt very unresponsive in terms of the UI and loading times. The only browser I've found less responsive is Safari (IE, is very responsive).

Memory consumption was an issue at one stage in Firefox's history but they mostly fixed that (from 1 GB/usage down to like 200 MB~ after a day of browsing).


I'd consider switching to Chrome if it weren't for the nightmarish way it expects you to manage tabs. I typically have 30 or so tabs open at any given time, and in Chrome that means a horizontal row of very tiny tabs with only icons (no text...therefore no context) across the top. They used to have sidebar capabilities (on Windows, which didn't help this Linux user) but for some reason I can't fathom they removed them.

Contrast this with Firefox, where I can easily get a tab bar down the side via a plugin (I use this: https://addons.mozilla.org/en-US/firefox/addon/tree-style-ta...). Even without a plugin, FF gives me the Expose-like functionality (ctrl+shift+e) which will show me all open tabs and their titles.

How Google can think the current tab situation in Chrome is useful is a mystery to me.


The one thing Chrome tabs have going for them is that they're oh so fast and smooth. I think tabs in Chrome are like the Dock for Mac OS X.

When OS X was first released, the Dock was an object of ridicule. (Among some of us, it still is, but we all realize that by now it's not going away.) It was demonstrably worse than previous mechanisms at just about everything, and it make OS X look like a toy. Eventually Tog[1] came around, sort of:

> Contrary to my previously-held position, I no longer believe Apple should get rid of the Dock. It's just too pretty [...] You want a visibly-apparent manifestation of the personality of the underlying technology. That's why automakers spend milliions making the outside of the car project an image of what's underneath the skin.

The supersmooth tabs in Chrome are probably a significant portion of what makes Chrome feel faster, even when it isn't. Like the Dock, their outrageously high demo value probably exceeds their limited scalability for more experienced users.

[1]: http://www.asktog.com/columns/044top10docksucks.html


I still use Chrome despite it not behaving very well with 10 or so tabs open. It either starts getting slow or will keep the previous page's cache and will refuse to load the new (URL) page. The ways around this are annoying. Close unresponsive tab and open new one, restart the browser or empty cache. FF seems not to suffer from this problem but it still feels a bit slower in general.


What's worse is when you have enough tabs open, they start becoming hidden under the open-new-tab button on the right. This has been a bug for a long time. I suspect it's gotten tied up with the furor over the removal of the side/vertical tabs, which have been hacked in via addons since. What's sad is that Firefox already has an elegant solution -- maintain a minimum useful tab width and enable horizontal scrolling of the tab row when the mouse is over it.


30 tabs ? really ? man, how do you keep your focus.


Ill bet he just opens every link in a new tab and uses tabs as readme-later list and navigation history. Both usecases are better served differently.

In general there is lots of overlap between tabs/tabgroups/bookmarks/history/readmelater/systemtaskbar/sessionrecovery.

Most people need all use cases but pick one or two features and emulate the rest themselves. Most tab related firefox plugins essentially duplicate functionality already present on top of the tab system.

For example: hierarchical tabs on the left with tab recovery is identical to having a bookmark list on the left.

It is my opinion that these concepts should all merge, preferbly at the desktop shell level. Ubuntu is movng is this direction, but they add this functionality on top of all the existing functionality. We can only hope that they will in the future consolidate all the overlap.


> Both usecases are better served differently.

They're really not. Not with any alternatives I've found, anyway. Tabs aren't just navigation history; they're curated, temporary history. Unworthy of the permanence of bookmarking, yet too important to regulate to the dense, rapid flow of history.

I use Pocket and Delicious to keep things in check, but they don't help as much I'd like. The most effective tab management tool for me has been Firefox's tab candy/expose feature. It's much easier to get an overview of what's open and spot unnecessary tabs with the grid of thumbnails.


> Tabs aren't just navigation history; they're curated, temporary history. Unworthy of the permanence of bookmarking,

You might enjoy this?

https://addons.mozilla.org/en-US/firefox/addon/toomanytabs-s...

https://addons.mozilla.org/en-US/firefox/addon/tree-style-ta...

Also, the person who thinks 30 tabs is a lot should get a look at what I do to myself:

http://heybryan.org/shots/2008-01-15-tabs.png


I don't think tabs with tab recovery is always equivalent to a bookmark list. Personally, I have 30-40 tabs open. This is because I have several projects I work on, any of which I may research in 10 or more tabs. When I switch between projects, I don't want to have to close all the tabs and reopen them. I don't care if they are swapped out of memory, but the access should remain easy. Having to manually bookmark these to come back to them isn't easy.


I was not claiming the problem exist with the user.

Im claiming there is lots of overlap in functionality. The differences are in the default behavior and the UI elements. In the end, it should all be one big directed graph.

I would rather state it the other way around. The fact that people use tabs, means the bookmark functionality is broken from a UX perspective.


If I'm doing some kind of research, I'm quite likely to have over 100 tabs open. In Firefox, I use Tab Mix Plus to get 3 rows of 10 tabs with the option to scroll the rows. 30 tabs is a good working set really.

Whenever I'm stuck with another browser, I'm still in the habit of launching lots of tabs but then I immediately get lost.


On my machine with standard 5400RPM drive - the difference between Chrome and FF startup is barely noticeable. May be it is some addon that's slowing FF down for you?

No matter how better Chrome gets - speed and security wise, I just don't seem to be able to give up FF. Addons, cross platform consistency (I use OS X, Windows and Linux all 3 in a typical day), Font rendering, continuous memory usage improvements, less site specific issues etc. seem to be all keeping me on FF.


Conversely when you have a bunch of tabs open Chrome will be gobbling up memory whilst firefox is quite svelte these days- much better than Chrome here.

I can't say I have an issue with load times for either, although i rarely wouldn't have a browser open so it is becoming like the 'irrelevance' that some people claim boot times are, to some extent.


Comparing the differences in memory consumption between Firefox & Chrome is apples & oranges. Chrome will always use more memory because it has the overhead of sandboxing (almost) every tab into separate processes. It's a tradeoff of that design -- security & stability is enhanced, at the expense of increased RAM use.

Check out the Google Chrome Comic, which goes into detail on the browser architecture: http://www.google.com/googlebooks/chrome/


Even if it took 0.1 seconds for Chrome to start up, and 1 minute for Firefox to start up, I'd still use Firefox...

I don't get why people care about start up times. I start Firefox up at the beginning of the day when I turn my machine on, and that's it.


This always puzzles me too. I start firefox maybe twice a week across 2 or 3 machines, then just let it run until an OS update requires a reboot (or in some cases when it's using > 1.5G of memory which is rare and may stop once I upgrade to ff15).


It would be instructional to understand what the actual difference in cold startup times are between Chrome and Firefox on your machine. Would you take some wall-clock measurements of cold startup and post a comparison for the HN community (and FF developers)? Chrome uses tricks that create the perception of speed; please measure how long it takes for the browser to be "usable", which is defined by when you start typing in the address bar and auto-complete results appear.

Just a prediction, but you will realize that the difference in startup performance is but a perception.

Thanks!


For me Chrome also starts instantly but then it starts churning on the disk so hard that it is basically unusable for the first minute. Kind of reminds me of windows XP.


I used Chrome for quite a while because Firefox's interface felt unresponsive, as you echoed. However, starting with version 14, I have been finding it snappier than Chrome. Just my 2 cents.


Do you quit and restart Chrome many times during the day?

   >> Firefox has always felt very unresponsive in terms of the UI and loading times. The only browser I've found less responsive is Safari (IE, is very responsive).
Part of the point is that recent FireFox has improved this.


Have you tried the "Don't load tabs until selected" option? It's under "Tabs" in the options/preferences. It causes restored tabs to load lazily, which can speed up start-up significantly.


I'm also still sticking with Chrome. Firefox's processor usage is really problematic for me. It keeps on utilizing ~15% of CPU even if only one new tab is open.


This isn't normal behavior, did you file a bug?


Thanks for pointing it out! It came out an extension(India Rail Info) causing this.


I have observed the same in my colleague's macbook as well. It could be some of the add-on causing this.

But surely, I need to dig down further to find the cause.


I've seen this too. However, they seem to have made improvements in Firefox 15. Previously, Firefox would take around 3% CPU with just the start page open; visiting a page with an animated GIF would push it to 12%; and, most troubingly, CPU usage would stay around that level even after the page was closed. Now, the same page still takes around 11%, but Firefox stays at 0% with just the start page open, and it goes back to 0% once you close other pages.


For me its firefox extension causing it. If anybody facing this kind or problem try disabling India Rail Info App extension.


question: is there a flash ad running?


It is 2012. Please install Adblock Plus, and add a subscription to one of the many Annoyance blocking filter lists.


Its firefox extension - India Rail Info App


firefox used to be the light, zippy alternative to mozilla.

Back when it was called Phoenix. When they renamed it, I guess they changed focuses - firefox became the new hulking monster that was mozilla.


There used to be a time when firefox was considered "the light browser"...


Here's some detailed information about the addon leak fix from the developer who fixed it: http://blog.kylehuey.com/post/21892343371/fixing-the-memory-...


Unfortunately I got addicted to pentadactyl after a couple of threads here. Which broke on 15 and made me go back from beta to stable.

I wonder what changed internally to lead to irc comments that in effect said 'it's a major undertaking to make pentadactyl work for this new version' and this commit: http://code.google.com/p/dactyl/source/detail?r=2557fa601030...

Really don't want to miss that addon anymore.


This made me switch back to Vimperator and I haven't looked back.


How is Vimperator these days? Is it comparable to Pentadactyl? I remember switching because of some deficiency, but I don't remember exactly what.


It is absolutely comparable to Pentadactyl. I switched from Chrome to pentadactyl and then to vimperator after getting fed up with all the bugs.

http://www.wikivs.com/wiki/Pentadactyl_vs_Vimperator


I tried out Vimp because of this very thread and it's almost identical. Even the docs look the same. Which makes sense since Penta is a fork of Vimp.

Worthwhile to spend the 30 seconds installing it, typing :mkv (to create the .vimperatorrc), and copying your .pentadactylrc into it.

FF15 is feeling great and I'm glad I didn't call it quits at the lack of Pentadactyl. I'm used to FF eating a gig on my 2012 Macbook Air. Now it's sitting at less than half that for the same set of tabs.


I switched to Pentadactyl because of passkeys, but now Vimperator has ignorekeys which I think might actually be even better.


Thanks for the warning, I'll try not to upgrade.


I'm really loving their fast release schedule. There is noticeable improvement in performance with each release (may be placebo effect ? :) )


It's the same as Chrome's - 6 weeks. What I think made a lot of people before attack Mozilla for it was because: 1) the "Firefox user" wasn't used to this kind of fast updates, the way the "Chrome user" was - and 2) Firefox' updates were not silent, and therefore you knew you got an update and some users may have been getting annoyed having to update it so often, instead of silently upgrading in the background. But apparently they now have silent upgrades starting with this version.


This is one of the biggest problems to tackle when updating software: How can the user be uninterrupted? This is one of the biggest problems I have on my WP7. My apps stay out of date for a long time until I manually go update them. I don't think to manually update them very often (maybe once a month). I'd much rather the app be updated silently in the background, and when I re-open it after the updates have been downloaded/applied, I then notice that things have changed.

This is pretty much the same way websites operate and you don't have much control over it. You may be able to prolong the update while they are "beta" testing it (a la Google/Facebook), but eventually you get the update and have to deal with it.


I like silent updates when they're not likely to be huge user-visible improvements, mostly performance enhancements and bug fixes. In the case of Firefox or Chrome, for example, I'm perfectly happy with the current feature set and just want them to keep getting faster and more stable. On the other hand, most of the Android apps I use are missing a couple of functions or have some annoying visisble bug I am waiting to be fixed. Then I prefer updates to be automatic but not silent so I can read the change list and if something I am waiting for has been added or fixed I know (and rejoice) right away.


FYI Android has automatic updates for apps (you can enable it individually or globally).


How many releases of firefox have we had now that claim to have fixed its memory problems? I make this at least four, which is a few too many for me to believe it this time.


Yes, it's an ongoing project, now in week 62. To see details of what's been fixed, and where, read this:

http://blog.mozilla.org/nnethercote/category/memshrink/

This latest fix is for misbehaving addons. Other, previous fixes, have solved a lot of problems with FF itself. For me, it's less memory hungry than Chrome.


It is unfortunate that nuance can be lost as the description of improvements moves from bugs, to technical blogs, to release notes, to the press, and finally to the reader, but I assure you that there are a number of memory-related improvements that have been made over the last year or so. These are all real, quantifiable improvements, but because modern web browsers are complex pieces of software it is not possible to fix all memory problems in a single patch.

If you look at various comparisons of browser memory usage (which are admittedly somewhat tricky to do), Firefox has, in the last 6 months or so, consistently been at or near the top of the ratings. This was not always the case, and is the result of cumulative improvement over many releases.

To the topic immediately at hand, what Firefox 15 does for memory usage is that it eliminates the single most common source of unbounded memory leaks in addons. The problem was that addons would accidentally leave behind a reference to pages, keeping them alive after they were closed, using up gobs of memory. Now, if addons try to do that, the link is killed, preventing the leak. Arguably, this is a bug in an addon and not the browser, but this has affected literally dozens of addons used by millions of people, so it called for a hardening of the browser itself to prevent this error.


Firefox never claimed to "fix the problem". The press tends to simplify things.

What is true is that multiple releases addressed separate, significant problems. It's important to remember that there is no 100% solution to a complex problem like memory usage in a large program that runs arbitrary code (the web).


Well, the fix is to have a simpler API that allows less rope for developers to hang themselves. This is how Chrome manages it. Firefox was built with this vision of XUL-based apps, big modifications, etc which never panned out. A lot of what needs to get done by extensions really can be done via simplified API like Chrome's.


A lot of the people still using Firefox instead of Chrome are sticking with FF exactly because they use extensions that can't be implemented on Chrome.


> A lot of what needs to get done by extensions really can be done via simplified API like Chrome's.

A lot of useless stuff yes, the useful stuff? Not really. Good luck building something as wide-ranging as Firebug through Chrome's API.


That's not a fix, it's a different tradeoff.

The important thing is you have choices and can pick the browser that makes the tradeoff you prefer.


Firefox has that simplified API in the Add-on SDK (aka Jetpack). However, they're stuck supporting all the traditiional XUL and XPCOM based extensions as well.

https://addons.mozilla.org/en-US/developers/tools/builder


Please demonstrate your credentials to back your claim that "done via simplified API like Chrome's". I ask because this is certainly a false statement.

Are you an extension developer? Have you ported an extension from Firefox to Chrome? Opinion is one thing; please don't misrepresent facts.



Please tell me which four releases you are talking about. I'm the MemShrink project lead. It's a common misconception that we claim memory improvements all the time, but it's just not true and it drives me crazy.

If you look at the release notes, we claimed improvements in add-on memory consumption for Firefox 15, and general improvements for the browser itself in Firefox 7. (And also Firefox 3, I think, but that's ages ago predates my time working on the project.)

I know this because I wrote the accompanying blog posts for those two releases (https://blog.mozilla.org/nnethercote/2012/07/19/firefox-15-p... and https://blog.mozilla.org/nnethercote/2011/08/09/firefox-7-is...) and liaised with marketing about the release notes.

I really want to understand where this misconception comes from. I think repeated reporting in the tech press of the same improvement as it moves from Nightly to Aurora to Beta to release might be the cause.


To be fair to them, I think this is the first that claims to fix problems specifically to do with the extensions.


I think the press (overly) publicized the add-on leak fix as it progressed through Firefox's 6-week release pipeline (Nightly -> Aurora -> Beta -> Release).


This is the case, this particular news has been reported and HN frontpaged when it came in Aurora and when it came in Beta, iirc.


That's my working theory, too. So the same improvements get reported four times, and people don't remember which channel the improvement was released on.


It has gotten better each time. Now the only things I have that leak are a few choice plugins, which I leave disabled unless I need them specifically.


If they leak from a common pattern we've identified and fixed, you should be able to enable them and no longer have leaks. If you do continue to have leaks (you can watch in about:memory) then please report them to us so we can work with the authors to correct the problem. Thanks!


This is a common misconception. You should read https://blog.mozilla.org/nnethercote/2012/08/29/debunking-a-....

(Forgive me for replying twice to your comment; this comment prompted me to go do some research and write that post.)


> a completely silent background updater

This is not an improvement. I do not like it when my computer changes itself without asking.

- Does no one question this anymore? - Why should we blindly accept every single update unquestioningly? - Why should we be forced to deal with the problems they introduce after the fact? - Why will no one contemplate that constant automatic updates are an attack vector unto themselves?

The more you force your feedlot of end-user livestock to tolerate potentially disruptive updates, the more they will grow accustomed to not being in control of their own machines, and the less likely they will be to notice a real problem as a signal amidst all the noise. Honestly, why even bother pretending to have control of our machines anymore.

When people ask me for help now, my eyes glaze over, and I am often forced to respond "I don't know what the fuck that thing is doing. It clearly has a mind of it's own."

This, my friends, is an affront to the very sensibility of the control an "open source" project, should ostensibly extend to it's community and user base. And spare me your bullshit about "Oh, hay guyz, you can just go on GIT or SVN and look at the code yourself!"

It's time-consuming, technical, and inaccessible to normal people, never mind the complications of different platforms, and the shifting sands of dependencies, commits and continuous integration.

YOU KIDS STAY OFF MY LAWN!

/rant


Yes, automatic updates can be technically risky. The worst-case scenario is a buggy automatic update that breaks the updating mechanism itself so you can't recover. This has happened to companies the size of McAfee and Skype. But of course users also hate automatic updates that disrupt their experience, changing around the UI or enforcing a new registration scheme or breaking some piece of compatibility or just generally bloating the program.

But what's the lesser evil? The risk associated with automatic updates, or the headaches associated with many versions of software existing in the wild and security problems in them going unpatched? The software industry seems to be discovering that automatic updates are better off for the bulk of users in the bulk of situations.

Just as one example, what if IE6 silently updated itself to IE7 then IE8? The web might be years ahead of where it is now if we'd gotten off supporting that buggy dinosaur in 2007 instead of 2011.


What’s time-consuming, technical and inaccessible to normal people is updating their software. No-one in my family bothers apart from the people who actually work in the software industry. This isn’t necessarily a problem when it comes to features (apart from version fragmentation) but it’s a nightmare when it comes to security. The more silent and automatic security updates the better for them.


I disagree. There is a difference between not knowing what to do, or how to do it, versus simply not doing it out of laziness or negligence or an unwillingness to take on the responsibilities implicit in owning your own device.

The learning curve for keeping software up-to-date is not particularly steep.


> I disagree.

You can disagree all you want, objective reality does not care.

> There is a difference between [stuff]

When the end result is that the vast majority of your users don't update their software, there isn't.

> The learning curve for keeping software up-to-date is not particularly steep.

Which is irrelevant, the vast majority does not care, has no incentive to care and can't be arsed to care. You won't make them care by caring more yourself they do not want to know about such technical details.

The Mozilla team did not build mandatory auto-update because they found it fun, they did it because people don't update their software and scary popups are just that: scary popups.


Of course it's an improvement. You know what I used to do when new versions of my browser came out? Update manually. Now to get the same result I do nothing. You know what my parents used to when new versions of the browser came out? Nothing. Which after a few years can be a problem.

If you don't want the computer saving you work then (1) IMHO you're not really getting the point of having one, (2) you can configure Firefox to not update silently.


There are preferences to make updates not silent, if you like.


> I do not like it when my computer changes itself without asking.

There is a pref you can flip to disable silent automatic updates. This is Firefox after all ;)


>[auto updates are] inaccessible to normal people

Right, asking people to update their OS and browsers is totally accessible. They get it and definitely do do it.


Spot on. Even when that's as easy as clicking a bloody button, you see screenshots of iOS with hundreds of updates waiting in their store application.


I think some of you may have misinterpreted the "It's time-consuming, technical, and inaccessible" bit. Sorry, but I should have been a little bit clearer about precisely WHAT is time-consuming, technical, and inaccessible.

Browsing and understanding the source (and even the release notes, and bug trackers) of open source projects is frequently time-consuming, technical, and inaccessible. Particularly when it's ensconced solely in a GIT or SVN repo, with no user-friendly web front-end, and is only accessible via a command line.

I disagree with "robin_reala".

Updating software at your leisure, ON YOUR OWN SCHEDULE AND NOT SOMEONE ELSE's, by downloading installers, patches and packages is often a pretty reasonable task. Especially when it's a browser like Firefox or Chrome. It's also better to have redistributable offline copies of installed software and updates that you can retain as backups (uninfected backups, of course), in the event that network connectivity is unavailable, or because the network was essentially the source of the infection in the first place.

Yeah, yeah, yeah... good security practices dictate that we are ALWAYS on someone else's schedule. Live in fear. Okay, yeah, that's great, I get it, we all get it.


Hello- Mozilla employee here, though not a Firefox developer. The good news is it's easy to change how we apply updates from completely silent to "download and choose" to "only check when I tell you". The bad news is, unlike many situations of security theater, we frequently ship security updates due to known existing and actively exploited security vulnerabilities. Staying up to date is the easiest and most practical way of keeping your browser secure. If you want the security updates but find the frequent feature changes jarring, we offer our Extended Support Releases here: http://www.mozilla.org/en-US/firefox/organizations/all.html. I hope you'll adjust your update settings to something that works well for you- we really are trying to keep users in control.


You're in the massive, massive, massively minor minority. People like you have plenty of options for suppressing auto-updates and updating on your own schedule. You can deal with the effects of doing so. Most people can't. I'm having a hard time believing that you're advocating what you are in honest good faith.


Mouse lock support for FPS games is really exciting for me. I've wanted to make first-person WebGL games, but before this was available it simply wasn't feasible.



Nice! But what are the security implications of giving web pages access to the GPU?


The WebGl demo video is impressive though. Not just the execution, but the fact that this isnt made specificlly for webgl.

Its c++ code compiled to Javascript. This seems to suggest PS2/Wii era games can easily be ported to fully native fully crosplatform html5 applications.

I do wonder about security. The videocard drivers are not hardened against abuse: yet they live completely outside of any sandbox. And WebGL is just passing these OpenGL commandos unfiltered to the drivers.

Good news for Intel, with their open driver stack. And bad news for NVidea and ATI with their messy legacy drivers and firmware full of unchecked liscenced closed-source 3rd party code.


As someone working on Mozilla's WebGL implementation, I assure you that WebGL is not just about passing OpenGL calls "unfiltered" to the driver. In fact, an implementation doing that could not even pass the standard WebGL conformance tests.



Does anyone know how these "silent updates" handle add-on compatibility? I prefer being "hassled" by update notifications if an update is going to break my favorite add-ons.


There has been some talk about ubuntu here-- what is the best way to keep up to date with browsers on ubuntu (/linux).. there is no 'check for updates' within firefox, and the repositories are often out of date [1]

1. to be fair, i don't know about FF, i can't really complain that it might be a day out of date.. but chromium is way behind. Also what about living on the beta/aurora channels?


The Chromium package in Ubuntu is several major versions behind, and I would definitely not suggest using it. Debian has up-to-date versions in sid. Firefox on Ubuntu gets timely (within a couple days of upstream) updates, and the official Chrome PPA (from Google, installed when you use their .deb package) is kept up to date.

Edited for correctness, thanks xfs.


"effectively unmaintained"? It has 21 updates till now in this year, probably just one release behind chromium stable channel. http://packages.debian.org/changelogs/pool/main/c/chromium-b...

Of course you need sid, because of too many bugs.


I'll edit my post, you're absolutely right.


Is the "official Chrome PPA" the same thing as the APT repository that the Chrome .deb (downloaded from google.com/chrome) adds to your sources.list?


Also 16b1 and 17a2 coming out sometime tomorrow.

October 9th: Firefox 16 desktop/mobile, 17b1, 18a2

November 20th: Firefox 17 desktop/mobile, 18b1, 19a2

Schedule pace seems insane but getting used to it and I'm fine with the way it doesn't seem to break anything.

Firefox 99 in 2017?


Why does it seem insane? "Release early, release often" has been around for years. Both Chrome and Firefox both update every six weeks. That means over half of the Internet is now upgrading at a nice clip.

http://gs.statcounter.com/#browser-ww-daily-20120828-2012082...

The big question is how to get more people on a 6 week cycle.


Because the major version number is now the minor version.

In theory we should be on Firefox 9.15 or something.

Now big number changes mean small improvements.


No, big number changes mean that six weeks have passed. That's all. The scale of the change doesn't affect the number at all.


Which is kind of the problem. The standard way of doing it is major release.minor release.build

If it wasn't for this whole "Let's start bumping our version number to match Chrome's insanity" thing, we'd still be on Firefox 9 something.


It has nothing to do with Chrome, and everything to do with 6-weekly updates.

Think of it: You have no way to know, going in, whether the changes in any given update will be big enough to "warrant" a major version change. Worse, what if those features aren't stable enough to release and are turned off? It's very difficult to go from version N to version (N-1).

For these reasons (and others), it's a lot easier for us to unconditionally bump the major version every 6 weeks.

Source: I am a Firefox developer and a Mozilla employee.


That's his problem: The numbers in versions have traditionally (and more usefully) been used to denote levels of feature change and bugfix. A time-based arbitrary version number is pointless; it'd make more sense to use a timestamp for a version number if they're going to do it that way.


The big number change means we're breaking binary compatibility which does happen every 6 weeks now. The version isn't meaningful to most users these days but it does matter to developers who must adapt and adjust as Firefox progresses.


So what?


> Firefox 99 in 2017?

8.6 releases/year (release every 6 weeks), 2013 will start at Firefox 18, so Firefox 99 will be released in the first half of 2022.


IMHO with this kind of steady release schedule, it'd make more sense to go to year.month version numbers.


Why? What's even the point for the year.month version numbers? I know ubuntu uses that, but as far as I'm concerned it's a completely useless complexity, the first half increments half the time, and the second half repeats non-stop, parsing that is actually more annoying than a straightforward "is 22 bigger than 19?".

Not to mention the ultimate goal (of Chrome and Firefox both) is probably to have "version number" fade away for everything but debugging/problem checking, users shouldn't have to care, the browser is "always up to date" and that's that.


> "version number" fade away for everything but debugging/problem checking

That's exactly why. Doesn't even need to show an explicit number to users, just "You are running the August 2012 stable release" would do.


17a2 is out now (or at least my Aurora just updated itself).



A feature that no one has touched on is the JS debugger included with FF15, you can now set break points and walk through JS calls.


If Firefox really have fixed the issues with memory leaking, I might go back to using it more again. I was one of those developers that switched over to Chrome like the majority, I have a feeling for some it's a little too late for Firefox to be fixing an issue that has plagued the browser since around version 1.5.

I still recall years ago Mozilla even denying that there was a memory leak and were always quick to blame plugins for the leaks and while that's true in some instances to an extent, Chrome showed us that bad plugins can be managed correctly and not break your browser performance.

Giving it a shot now, Firefox can't afford to blow this again.


Please give FF15 a try. We've made lots of improvements. See https://wiki.mozilla.org/Performance/MemShrink and https://blog.mozilla.org/nnethercote/category/memshrink/ for details.


I guess this hasn't been seeded everywhere? 15 is still in beta according to the website.


Mozilla "soft" releases new versions of Firefox over a couple days to manual updaters, then a few million auto updaters, and finally all auto updaters. This allows them to watch for any major issues ("chemspills") that were not found during beta. The general public often reveals different bugs than self-selected early adopters using the beta versions.

For now, you can manually update from the About Firefox dialog.


Yeah, I tried that but it would never install (kept trying to connect to the update server). I went to the website to manually download and that's when I noticed it wasn't updated.


The press tends to jump the gun a little, because each blog and news site wants to be "first".

The actual launch is planned for sometime today.


me too, and the new downloads panel is still not in this build, I wonder what the hold up is.


The hold up is that the person working on this has higher priorities. It is progressing. If you want to use it, move to the nightly channel.


And it breaks pentadactyl, I feel entirely helpless.


I said this elsewhere, but I switched over to vimperator and order was restored to the universe.


Give Vimperator a shot. I found it to be 100% compatible with my usage of Pentadactyl (bmark bookmarklets, etc.) and it's working just fine with FF15.


Didn't know Vimp was the common ancestor. Copied my .pentadactylrc into .vimperatorrc and most of it works.


Finally.


Just for the record: Old people don't like changes, so when Firefox silently changes and updates the wording of a menu, or changes the new tab behavior, etc., my 70 year old dad bitches and calls me to find out what is wrong with his computer.

Silent updates: only for bugfixes. Sure would be nice if version numbers meant anything these days.


Actually, I think the effect is better this way: changes are relatively small and incremental (and every release does not have significant user-visible change). This is easier than a huge change all at once (like Firefox 3.6->Firefox 4)


I don't like to use Chrome. Updates for IE are not available because I am still on XP. Safari is also not updating itself for Windows.

So what are the options left any more?

It seems things are getting pathetic in the browser market.


When you chose to stay on a decade old OS, 3 major revisions behind what is currently out there, you sort of chose what sort of support you were going to get.

Nobody is supporting Ubuntu 6, yet you seem to expect people to support the Windows equivalent.

I know XPers refuse to admit it, but they run an antiquated OS, and if you insist on running antiquated operating system software, don't be surprised when the rest of the software you can run starts rusting as well.

Sorry.


Firstly, Windows XP isn't three generations behind, it's two. The current version of Windows is Windows 7, and if you buy a new computer today, that's what you're going to get.

Secondly, Vista doesn't count. Microsoft screwed up severely, and now they have to pay the price for it in terms of PR and market attitude. Windows 7 has been out for just over 3 years, and anyone technically literate who bought a PC 3.5 years ago probably had Windows XP installed on it (and with Microsoft's blessing).

I know XP bashers refuse to admit it, but XP was installed, legitimately and with Microsoft's support (and to their profit), well within the useful lifetime of a typical home PC that is still running today. If MS choose to end support in an attempt to push people onto newer software platforms, that's up to them, and either the market will accept it or it won't.

But calling XP antiquated is just denial. Sorry, but we don't just throw away working systems after a couple of years and climb back on the upgrade treadmill any more.


XP is antiquated in terms of its technology, in particular its security model. Vista, while not a hit with consumers, was a major step forward in security for Microsoft. In fact the massive improvements in security were part of the reason it was a flop, as it suddenly started throwing warnings on all the terrible application security practices that XP tolerated.

If you can upgrade from XP, you should.


XP is antiquated in terms of its technology, in particular its security model. Vista, while not a hit with consumers, was a major step forward in security for Microsoft.

There is a certain irony in making an argument based on the security model in recent versions of Windows while we're in the middle of a thread discussing web browsers. Both Chrome and Firefox go out of their way to circumvent that security model, despite providing arguably the most obvious attack vector on many modern computers.

And frankly, the modern Windows security model isn't that great anyway. We can solve a privileged execution problem by nuking the machine and reinstalling from back-ups. It's a hassle, but it's a controllable risk. This is the sort of thing that the UAC measures help to prevent.

But if you don't have back-ups of your personal files, you're toast if they get deleted by malware. And since you probably have write access to those files even if you're logged in as a low-privilege user, and Windows doesn't separate which applications can access what data to that extent, the likes of UAC won't help you here. Sure, everyone should keep back-ups, but we all know that many people don't.

And the really bad stuff these days isn't destructive anyway, it's about data harvesting. If someone gets in and starts uploading sensitive data, or perhaps sending out phishing e-mails to people who trust the compromised machine's owner and think that's where the messages are coming from, UAC isn't much good there either. You need firewall and antivirus tools for this sort of threat, and we had those with XP, and if you're doing it seriously you don't run them on the same computer you're trying to protect anyway.

If you can upgrade from XP, you should.

Sorry, but I don't think you're anywhere near making a case for that yet.


Most malware does not seek to just nuke user files; it seeks to set up a permanent hidden presence in the machine. Windows 7 makes this much harder to accomplish with technologies like ASLR.

Security depends on layers. Chrome is more secure than IE, but you can run Chrome on Windows 7 too. If Chrome--or one of its plugins--are compromised (it is not perfect software after all), then the security features of Windows 7 will give you better protection than XP.

Maybe you don't believe me, because I'm just some guy on the Internet. That's fair. But I would challenge you to find a computer security professional who thinks XP is as secure as Windows 7.


Most malware does not seek to just nuke user files; it seeks to set up a permanent hidden presence in the machine.

I don't know whether "most" is true, but sure, a lot of malware does that. But that's not why it's dangerous. If you manage to install something that changes my wallpaper to a cute cat picture every few days, it's probably going to be mildly irritating after a while, but I'm not going to lose any sleep over it.

Chrome is more secure than IE

Again, I feel the need to point out the irony of your example: Chrome actively circumvents the more recent Windows access control mechanisms by not installing itself properly so that it can do the silent auto-updates without any further UAC-style prompting.

But I would challenge you to find a computer security professional who thinks XP is as secure as Windows 7.

Well, now you're moving the goalposts. But as a guy who spent this afternoon working on security code that's going to be run by the likes of banks and government institutions, I prefer to make my judgements based on evidence rather than hear'say, and so do they. Incidentally, many of those clients are still running Windows 2000 and IE6, obviously along with many other security measures, and installing Chrome in some of those places would probably get you formally disciplined.


Totally agree. As an OS itself, let's just look at it objectively first. Without Internet, you can keep using your OS for a very long time if your usage of daily software doesn't change a whole lot. What could be the basic functions? Writing, printing, maintaining files. All this can be achieved without worrying too much about upgrades. So just on this account, there is no need to disregard XP.

However, we cannot divorce Internet from the OS, and consequently you need necessary updates to keep up with the changing time.

You make a good argument that XP is not really that old (it isn't as old as Win95/98/Win2K) and honestly speaking, from my experience, if you are a owner of a reasonable processor (Pentium 4 and above) and if max out on your memory slots (4 Gigs is relatively possible) than I really don't see a reason to buy a new PC if I can hold on to what I have as long as I technically can.


Can you give me one legitimate reason to move off of this OS when 99% of my use of this OS is only through the browser?

I made my hardware compatible by upgrading the memory to the max and my computer (browser in fact) runs as good as any Windows 7 or anything else "new" out there.

I simply see these OS upgrades as marketing ploy to generate more income (nothing wrong with that but I have to have my choices too).

People are simply being suckered in to buying newer hardware which they don't really need.


Newer OS versions aren't just marketing ploy, they also include major security features. This is very important if everything you do is in the browser. There are a world of browser exploits that can compromise your system, and the majority of them target Windows XP due to its security holes (some of which cannot be patched without moving to 7 or 8).

You can continue to make your stand against Microsoft's evil plans, but saving yourself $100 by not upgrading could end up costing you everything in your bank account when you end up with a rootkit that steals your account information.


Don't want to pay for an upgrade? Get Ubuntu. If 99% of your use is through the browser then this choice shouldn't effect you much. Its just as easy to install as Windows for most OEM's as well.


> Can you give me one legitimate reason to move off of this OS when 99% of my use of this OS is only through the browser?

How about so you can use browsers that are supported on your OS?


I guess one reason would be that you struggle to find a browser


A web browser is easily one of the most complex software out there today. Not "just a browser"


>Can you give me one legitimate reason to move off of this OS when 99% of my use of this OS is only through the browser?

That's a perfect reason to get off that OS.

Or, you know, you could use Firefox, Chrome, Opera, etc rather than whine non-specifically.


Presumably, and topically, you might try Firefox. Alternatively, you could try to rally developers to write a native-behaving browser based on the Cairo webkit port. It needs substantial love but it would be a project that would really better the options for a modern browser on Windows.

Writing a new web rendering engine is, of course, both virtually impossible and foolish.


Or role your own off QtWebKit, which is surprisingly full featured and works mostly pretty well.


Opera is a pretty decent browser, and it runs particularly well on older hardware (which, if you're running XP, may be relevant).

I think a lot of people are still on Windows XP because it was the first version of Windows that was really "good enough" for most needs. That said, Win 7 really is better and is totally worth the ~$100.


I don't really have a clunker, so I upgraded the memory to 3Gigs and my XP is using the least minimum services and startup EXEs, hence I am really happy with the host OS to run my browser which is what I use all the time anyway.

The bare bone XP with least minimum running services is as good as Windows 7. But if only people could see.


It's really not. You seem to be hiding behind the browser, thinking that as long as you have a secure browser, your OS is secure as well. This isn't the case. Windows XP is a major nightmare, especially if "minimum services" doesn't include an active firewall, AV, anti-spyware, and anti-rootkit tool. If you're running XP without all of that (as well as occasional one-off, offline scans with a different AV tool), you're asking for trouble.

Windows XP is seriously bad news when it comes to being online, with any browser.


I think you've been drinking kool-Aid, or you don't know how keep the running OS secured with the least minimum requirements (assuming you are talking about a home PC which is mainly used for leisure and sometime typical banking needs).

You can very well (still) run Microsoft's security software which has virus scan. You can occasionally run (still) freely available good spyware scanners. The firewall that came with the XP does its job.

The point I am making, which seem to be lost on everyone here, is that, if you upgrade your relatively decent hardware with enough RAM, and if you remove all the crappy services and EXEs from the startup, you can have a reasonable experience with older OSs and there is no need to go buy new PCs every other year from Walmarts.

But Microsoft is in the business of selling OSs and they knew what they were doing by removing IE9 from XP and they also know what they sell with every new updates of Office (go back to Office97 or 2003 and you can still use the basic function as same as today's Office).

So when it comes to the browsers in today's time, it really does look pathetic with very few choices on hand. You have a corporation owned Chrome which wants to know when did you pee in the morning and what did you eat last night and where. Then you have a decently run Firefox but that is the only choice right now and it is troubling that it is the only choice right now.


As I mention quite often here on HN, I'm an information security professional. I'm not talking out of my ass, I'm talking from direct, first-hand experience. No one is saying you should buy a new computer, you can upgrade an OS on the same hardware. Use Windows 7, use Ubuntu, use Unix if you want to. Just please don't use Windows XP.

For my own sanity, I'm just going to assume you're 13 years old.


There's also SRWare Iron, which is Chrome stripped of all Google "spyware."

https://en.wikipedia.org/wiki/SRWare_Iron


I wouldn't trust Iron. I read that it wasn't made with an eye towards privacy, but towards self-promotion: http://neugierig.org/software/chromium/notes/2009/12/iron.ht... I can't find the feature-by-feature takedown I read, but it looked really counter-productive.


just use chromium, it is too (but without 'controversy' the sibling post mentions)


No. YOU don't know what running an OS secured with least minimum requirements are until you are running a linux server with all ports blocks from the command line. Then at that point you can use lynx to browse the web if you want the most secure, minimal web browser. Older versions of IE, especially on windows XP are nothing but security flaws.

So when you want to get off of your high horse, feel free to update your OS and install a modern browser. The browser market absolutely does not look pathetic as there are at least a hundred browsers that you can try if you put in any effort. Until then, you actually don't have a valid opinion on this matter.


You are not following my initial lament. I mentioned Walmart. Does it give you any clue? The people who buy Microsoft's "upgrades" does not have the word Lynx in their consciousness to begin with.

People here bring out strawman at every opportunity (or they feel gratified clicking a downvote arrow - big deal!).

I have nothing against Firefox and I use it daily. But people on the Internet are better off adopting the diversity of browsers and the one which is providing more innovative and evolutionary services, should be adopted. The ones which are status-quo (Chrome is really a bazaar of products being sold) and the ones trying to maintain their race (Firefox: we-want-to-be-the-only-nice-guys), should get enough pressures to compete. But obviously I can only speak for myself.


It sounds more like you're bringing out the strawman when you start talking about the average person who buys a computer at Wal Mart. We're not talking about them. We're talking about you. There's a plethora of competitive browsers in the market. You just happen to be using an OS that is not competitive in the market anymore.

The only developers who still see a return from going out of their way to support Windows XP are malware authors.


Last I checked, almost all applications I have on my XP is being supported by software developers (given that I don't have many). From the perspective of Office, all open-source alternatives to MS are supporting XP. Firefox is still supporting XP. Chrome and Opera does as well. So are you suggesting that they are breaking the security model by supporting XP. Why would they? I have yet to see any disclaimer from any of them that says that I should use their software on AS IS basis.



As I said, I think XP is a fine OS for most people, but you don't use it in a vacuum (obviously, since you're posting here). Support for XP at the OS, application and driver level is only going to get worse. And this will become a bigger and bigger problem.

Also, Windows 7 is actually just a better OS. In my experience the kernel is more stable and the memory management is better.


Well, I don't disagree. With every passage of time, things expire and new things evolve. But you can already imagine that by the time people like myself get to using the Windows 7, the Microsoft, along with the whole cabal of browser makers and websites, would want me to upgrade to Windows 13, and by then, there will be security professionals not talking from their ass trying to convince that Windows 7 is a security nightmare.


It might be "as good as" if you're just using it to run a browser. But in my experience Win7 has been snappier to use than XP on the same machine, software vendors are starting to stop supporting XP, the UI is more pleasant (subjective), and the 64-bit support is much better. Just a few things.


I wonder if you'll have problems with SNI as IPv4 exhaustion runs out. XP can't - ever - access SNI-protected SSL sites.


XP has IPv6 support.


Why dont you consider installing Ubuntu for a change ? I'm not sure if antivirus/firewall vendors are even supporting XP and you really dont want to be running XP without protection.

Perhaps you use a lot of Microsoft Word - Google Docs is a fine replacement. For basic Excel use, Openoffice/Google Docs is good enough (problem happens when you are doing advanced macros).

Perhaps you use Photoshop - Gimp is a fine replacement unless you are using it professionally.

Why dont you mention your specific OS software needs and we will be happy to suggest alternatives.

FYI, my entire family (wife, parents) use Linux and are pretty happy with it.


Nothing wrong with Ubuntu and I'd use it eventually if I really have to. But in order to just use a browser (which is what I use mainly) I don't have a great need to move to Ubuntu from XP.


You seem to do, considering you cannot find an up to date browser to your liking. It also seems to be a valid alternative considering you do not want to buy software upgrades (OS).


http://en.wikipedia.org/wiki/List_of_web_browsers

There are plenty! If you want a specific one, Midori's pretty good.


Opera, Chromium, WebKit (yes, there's a Windows build ... no idea if it's OK on XP). Plus derivatives of the popular browsers. Safari. What are you looking for?


Safari is not supporting latest version on Windows, and if they were to support, I'd assume they'd also want people to have the latest OS. I have not gone the Opera route yet in a substantive way.

People above seem upset that there are still people out there using XP. My main point is that there should be multiple choices of reasonable browsers including even for older hardware.

The way I have seen things move, the Firefox is as same as anything else when it comes to utilizing a whole lot of memory.


All browsers except IE9/IE10 work on XP, I am not sure what on earth your complaint is about.

I use XP exclusively too, I only fireup vmware to test IE9/10


I am debating this notion of all browsers. There is Chrome, there is Firefox, there is IE and there is Safari.

Chrome is a marketplace, so they'll be there selling you products (and yourself to the products) as long as they can.

Microsoft doesn't want you to use XP anymore, so they are not providing you updates. Safari for Windows is pretty much the same story now. Which practically leaves Firefox and Opera. Two choices.

I am arguing for more credible and substantive choices. I have not used Opera substantively but Firefox to me seems stuck in the past. If I were to add further thoughts, I see that the basic use and function of browser has remained the same for very long time. Just look at the bookmarks manager. Have you seen any browser provide native innovation to their bookmarks manager? The last upgrade in Firefox was several years ago when they introduced Live Bookmarks, but things have gone quiet.

This is just one example of basic functions of everyday use of browser. Has anyone seen any innovation in browser functionality in a long time? It used to render HTML websites in the beginning, and it is still rendering websites (so what if the websites have evolved - the browser has practically not evolved for the daily usage of average users).


Firefox ESR




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: