Hacker News new | past | comments | ask | show | jobs | submit login
Firefox 30.0 (mozilla.org)
278 points by 01Michael10 on June 10, 2014 | hide | past | web | favorite | 193 comments

> Ignore autocomplete="off" when offering to save passwords via the password manager

Love this change. There's some good conversations in Bugzilla about it. [0]

[0]: https://bugzilla.mozilla.org/show_bug.cgi?id=956906

This has been one of my most reviled features of the modern web that autocomplete is almost universally turned off for passwords. This often even extends to integrated password managers. Could not be happier this has been changed, although for most of my life I'll still suffer behind an ESR version without it.

As one of the comments in the discussion notes, also possibly better for security. Manual entry is a negative incentive for complex passwords (reduces average complexity across the whole userbase). It also preferences keylogger attacks, which is one of the most widespread computer infections.

Copy and paste that code into a bookmarklet, and it will do what you want.

Why ESR?

Probably what's being forced on them at work. That's generally the only place ESR is used. It's actually all it's meant for (large scale corporate/organization rollouts where they need to test and peg a specific version for use with web apps).

Though you can have Firefox ESR installed and use it as your primary while still having a copy of Firefox Portable handy for other user on a flash drive or even right in My Documents.

I use it to avoid Australis (but still getting security updates).

You don't find themes like Simple White¹ or FT DeepDark² to be acceptable?

1: https://addons.mozilla.org/en-US/firefox/addon/simplewhite/

2: https://addons.mozilla.org/en-US/firefox/addon/ft-deepdark/

The themes don't change the arrangement of the UI.

Try Debian if you need something so rock solid that you can only get security updates.

I do use Debian for my desktop. So? I still have Australis. The themes don't change that fact.

If you're on Windows or Linux try Palemoon [0].

[0]: http://www.palemoon.org/

Glad you like it.

While I didn't make this change myself, I made the change that sparked this discussion (and was a part of the discussion). Been getting mails about it on both sides of the spectrum :P

It really was a illogical feature. Too much power to the website, and as one person put it, "When the browser fails to fill in my password for me, I must assume that the browser is broken".

Agree with the quote 100%. I think the really telling part was that IE11 is already doing this.[0]

[0]: http://msdn.microsoft.com/en-us/library/ie/ms533486

This is going to cause trouble with several websites that use "password" inputs for other sensitive data like credit card numbers and SSNs. The discussion mentions that this is a misuse of the password input, but it's a very common misuse of it.

The discussion stresses that Firefox is the third major browser to implement this feature, but what I don't think they understand is that their username/password detection algorithm is the weakest of the three browsers.

If I create a form that contains a dozen fields, one of which is labeled "Owner's Email" (type=text) and another that is labeled "Owner's SSN" (type=password) with several fields in between, Firefox thinks this is a login and prompts the user to save this information. Chrome and IE are smart enough to recognize that just because an email address and password field were somewhere on the same form, that this isn't login information.

We've addressed this issue in the past by turning autocomplete=off for the SSN field, but now we'll have to re-implement input type=password using input type=text with some javascript. Otherwise, our users are going to accidentally click "Yes" at some point when prompted to save their password and have the form auto-filled for each subsequent entry.

What about them wanting to save the field? Don't tell your users what to save and what not to. It's REALLY annoying!

Because the value will be different every time the user uses the application. These are basically data entry people keying in paper forms all day.

Why not use type="text" then?

I recently ran into an issue where the browser was auto-completing a mail server configuration form, assuming that it was the login for the site. Luckily, adding a value="" attribute to the password field fixed it for me (and still works in Firefox 30).

That's one less script in my Greasemonkey.

I heard from someone on the Chrome team that the reason that Chrome respects this behavior is that many of these websites will resort to "please use a supported browser such as: Safari" tactics if Chrome ignores autocomplete=off. Those were one of the worst parts of the web 5+ years ago and I'd hate to see them come back for FF users.

hmm, but didn't Chrome start ignoring autocomplete=off for password fields[1]? And Safari was already doing it, and now it's not even an option to turn it back on.

[1] https://groups.google.com/a/chromium.org/forum/#!msg/chromiu...

Hmm interesting, maybe they did. I heard this almost a year ago (Summer 2013) so they could have come around. If 2 or 3 of the major browser vendors would make this move it would put pressure on the webmasters (do people still say webmaster?) to just deal with it.

I love the change to prohibit non-whitelisted plugins. Together with the changes to Chrome to move away from NPAPI, hopefully we can kill off the majority of plugins across all browsers.

If we can get it down to just Flash and nothing else, hopefully a few years from now Mozilla's HTML5 implementation of Flash will take off (similar to PDF.js), which pushes Flash inside the browser sandbox, and ensures that it has no more privileges or capabilities than normal in-browser content.

Herm... I just want to point out the elephant in the room:

A new proprietary plugin is coming (which might reduce the need for Flash, but still), the EME CDM (content decryption module).

I'm afraid you'll never have "just Flash and nothing else". W3C EME is coming, unfortunately.

Note: If I'm not mistaken, most other browsers won't have CDM as a 'plugin' per se. Because they are proprietary browsers (IE, Safari, Opera, and Chrome, too), they can afford to make deals with devilish entities to make your machine execute code that makes your computer slower for no good reason (Because video decryption is useless. Come on, everything is already torrented anyway! This is so that CDM deciders can allow or disallow playback devices at will for the default user, and have power over device vendors). I don't know if Chromium will ever support EME, but it is in the same boat as firefox: plugin necessary. So the proprietary browsers will integrate directly the CDM in their code, while for open-source browsers this would be repugnant (and impossible).

Hopefully it will be easy to keep the CDM plugin from ever being installed in firefox. I don't plan on ever using it - if a website requires a DRM plugin, then I will just abstain from viewing their content. I just hope I don't have to recompile firefox on my own just to make this possible.

Even Flash I keep it on click to play. Doesn't bother me much, except when I want to view YouTube videos and such and I don't watch videos all day.

ClickToPlugin on Safari is reeeeally good at finding the html5 alternative for Flash videos. It's actually the only thing that's keeping me on Safari, if only someone could port it to firefox…

I tried those already, but It just won't work as consistently and as easily.

Actually click-to-play is what made YouTube usable to me. Now it is broken and I had to write a user script to fix it. When I brows YouTube and search for something, I want to open several search results/related videos in background tabs. But idiotic YouTube auto-plays videos. Autoplay is one of my most hated anti-patterns. I wrote a user script/chrome plugin that replaces all video page links with base64 URLs that insert a hop to the actual video page (including preview image) so I can keep using YouTube like I want it. I made it so that when i directly click a link it still goes to the watch page directly.

See: https://github.com/panzi/intercept-youtube-links

Between the HTML5 player and youtube-dl, I don't need Flash for YouTube at all, and I haven't noticed its absence in years.

The only problem with click-to-play is a lot of sites did their feature detect wrong and only try the HTML5 player if the browser doesn't list Flash support. If you use click-to-play, it still lists the Flash plugin as available so e.g. YouTube, Vimeo, etc. will load the Flash UI rather the faster, higher-quality path.

I allow my FF to have Flash click to play enabled on all sites except on YouTube. It can be set to be click to play for all sites and then you can add specific sites to be the exception.

I've looked for the interface to add exceptions in the plugin menus and couldn't find it...where is it? I'm currently using Flashblock, which is nice, but I'd rather deal with the problem "natively" if possible.

IIRC the site-specific permissions interface is getting an overhaul, but you can currently get there by right-clicking the page -> view page info -> permissions.

> IIRC the site-specific permissions interface is getting an overhaul

I had completely forgotten about that page but you're probably thinking about: about:permissions

Don't think there's any GUI way to get to it, it feels like years since I last saw it. Also, I don't have any plug-ins so can't check if it lists those there.

I find the Firefox built in Plugin click-to-play is horrible to use, and simply broken for the way I browse.

There is no way to disable / hide the "enable plugins" message. There is no way to temporarily enable plugins for a single page load.

Flashblock works great.

Why does everyone around here want to kill off plugins? There are some jobs they simply do much more efficiently than an html5+javascript solution. All of the Javascript-based PDF readers I've had the displeasure of using have been slow and buggy. Flash is nice for animations and some kinds of games (javascript + html5 games have in my experience always had little errors like misaligned text, key input issues with existing browser use, the browser highlighting parts of the game as if it's a text document, and the bigger issue of speed - they've always been slow on more complex games compared to the same amount of complexity in a flash game. This makes me highly doubt that an "HTML5 implementation of Flash" will take off within a few years. It would probably be just as bad as PDF.js.)

Plugins (well, mostly Adobe) have a bad record of crashing the browser.

No plugins are available for all OS/browser combinations. You can't really have even flash on a mobile device now.

Flash works well on my Galaxy S3.

Installers on Windows run with administrator privilege and can do anything they want, including modifying the Firefox binaries. We might end up with an arms race between adware vendors forcing their stuff into Firefox and Mozilla trying to disable it.

If an installer modified the binary, Firefox couldn't stop that. What installers actually do is move some plugin files into the global Firefox plugins folder, so they get loaded on next startup. Because you can't uninstall the global plugins from the user's account, they added a per-user setting that keeps track of which "global" plugins that user has allowed.

That wouldn't be anything new, and the system's malware detection should help. Although it's a hard problem if users insist on running random binaries, of course.

"Installers on Windows run with administrator privilege"

That's what's wrong with Windows and most desktop Linux distros.

If they ran with user privilege, they could still stomp on each other.

The OSX preferred app install process (used by FF) is simply to download the disk image, and move your app to the /Applications folder.

The Mac App Store likely also prevents apps from clobbering other apps' folders while installing.

I try to avoid software the requires an installer if at all possible.

There should be sandboxing / requesting priveleges like Android has it.

I'm still eagerly waiting for per tab volume control [0], a per tab activity monitor/profiler [1], the possibility to suspend tabs with practically no memory usage [2] and more options for searching the browsing history [3]. Besides that I find it counterintuitive that a revisit of an URL removes the entry of the previous visit. The result is an incomplete history. I wished they would change that.

[0]: https://bugzilla.mozilla.org/show_bug.cgi?id=728046

[1]: https://bugzilla.mozilla.org/show_bug.cgi?id=400120

[2]: https://bugzilla.mozilla.org/show_bug.cgi?id=675539

There are add-ons for suspending tabs but in my experience not very robust ones

[3]: Full text search and search operators for time intervals would be great.

I know it isn't necessarily the same, but volume controllers on Linux using Pulseaudio have per-source volume meters. I use them to turn off annoying banners and such.

I don't think tab volume control is trivial; NPAPI doesn't provide an audio API. So Flash on Win32 (for example) is just sending audio directly to the OS. (You can use the Windows volume controller to adjust Flash volume, at least.)

Per tab volume control is impossible with NPAPI. Unless Adobe does something, Shumway has to be the solution for that.

Technically, they could set LD_LIBRARY_PATH (or equivalent in Windows) and provide a sound API wrapper library that could control the volume. That sounds overkill, though.

Isn't that basically what pulse audio does (on an application level, not tab level)?

Wow, I'm surprisingly stoked about this change:

  Use of line-height allowed for <input type="reset|button|submit">
Firefox was the only browser who didn't allow you do that!

Yup. The same goes for dropdown list '<select>' elements. No mention of that in this release though.

That's https://bugzilla.mozilla.org/show_bug.cgi?id=454625 and the problem is that other browsers only sometimes allow changing line-height on them and some sites are depending on that (non-documented, not standardized) behavior...

This Firefox is already running bug is really annoying. I love Firefox but it's some poor UX when i manually have to shutdown the process.

Normally, it has been fixed in Firefox 30. This one was difficult to find, as it was due to a sophisticated combination: 1. preferences setup to cleanup history on shutdown; 2. no new thumbnails created during the session; 3. some specific scheduling of shutdown.

I'm one of the devs who fixed it, btw.

Sweet. Good job!

Thanks so much.

I wonder why this only seems to be a problem for some people... It has happened to me only once in the 1000's of times I have shutdown Firefox since version 29.

I know it happens to me because plugin-container never closes properly. The result is that the entire browser process stays open while the zombie plugin-container exists.

It happens for me more like five times a day. I am holding the rest of my machines on Firefox 28 till this is fixed. It is easier to cancel update message than to terminate the zombie process.

But still once in 1000 times is worse than none, isn't it? And it has happened more than once for me...

Yes, though in the same way that one yellow jacket is worse than none in the house. If you only have one every so often, you aren't that likely to hunt down every nest outside and around the house to kill them.

Well, I have needed to manually shutdown the Firefox process prior to Firefox 29 (every once in a great while) so having to do it once so far with the new version is not significant.

I am not saying it's not a real issue but why it's more a problem for some then others...

OK, now after my previous comments I have had to manually shutdown Firefox twice today. It's a problem...

Each update up to Firefox 28 improved this issue somewhat; there's a small bug in 29 that made it worse again (not by much, statistically), and that bug is fixed in 30. So you can wait for the 30 update in 6 weeks, or you can move to the Beta channel (which is 30) until it hits Release.

(Personally, I run the Aurora channel - v31 right now on my machine - and I never have any problems.)

EDIT: Here's the relevant bug. https://bugzilla.mozilla.org/show_bug.cgi?id=1006478 If that isn't your issue, definitely file a bug report!

Erm... this entire thread is about 30 hitting release... no need to wait 6 weeks.

In the meantime, I've noticed that it 'really quits' more often when using ctrl-q to exit firefox instead of closing the window.

Right, it should force-kill the existing process or something.

Well, it shouldn't do that automatically, as you might just genuinely try to run FF while it's running by mistake. But a button to do kill would be nice.

Running FF a second time works actually, all it does is signal to the current running FireFox to open a new window in the same process. The 'FF is already running' message comes-up when there is a zombie FF process going that's not responding to signals to open a window (or similar). I agree with you though, killing it off automatically isn't a very good solution, but having a button to close the current FF and restart would be nice.

If you click on the button/ launch the application it should make a best effort to show you a browser window. "Restore" a minimised window, raise a hidden window, offer to restart if necessary, etc..

Would it really be so hard to support a calendar?


I feel like a calendar input should probably be a custom element. There are too many possible variations.

"too many possible variations" sounds like a reason to me to have the browser support it - to add cross-site consistency to the element.

Once you know how the calendar on your OS/browser works, you know how the calendar on all the websites works. Also, adding accessibility for those with visual problems is a job to be performed once, by browser implementors, and can be completely ignored (at least for wrt calendars) by everyone who ever writes a website.

Learning keyboard shortcuts becomes worthwhile (or even just possible).

Overlaying the events from your personal calendar, say when hovering over a date, would make it possible to easily pick dates that coincide with (or avoid) the holidays associated with your particular culture - which your OS knows about, but J. Random Website doesn't - without leaving your browser. (Not all cultural holidays are as easily predictable 8 months in advance as Dec 25! Think of those based on lunar calendars, e.g. Easter)

Heck, I find it annoying when websites want to use custom drop-down lists or buttons. The drop-downs and buttons that my OS provides are beautiful, thanks very much, and easily recognisable to boot. I know just by looking at the page where the controls are and how they're going to act. If I want them to look and act differently, I can change that in one place, in my OS settings, and the controls all change in a totally consistent manner for every website ever written, except those that try to be clever and break my setup instead.

I can't believe I've heard some people complain that they thought that the standard controls are "too ugly". Well, get a prettier browser/theme/OS then!

I upvoted and tend to agree with you but I wonder if 90% of uses couldn't be addressed through a relatively small (hah!) amount of CSS customizability of the element.

Probably, if you only want to support the en-us locale. Of course, in the real world that's not 90% of use cases...

It's nice when a touch device can display an appropriate calendar selector. Even if the selector is barebones, it's nice to not have something you know will work, rather than to wonder through a gallery of the latest calendar widgets and then get disappointed that it's written for an incompatible framework.

Am I only one who thinks it is crazy that all the web browsers look the same now? http://jmoses.co/2014/06/10/which-browser-is-which.html

It's like asking "why are all these blank sheets of paper so similar?" Browsers are getting more minimal because browser chrome just gets in the way of the content.

Anyway they're not that similar. Firefox has a search bar, refresh button on the right, and no greyed-out "forward" button. Opera has the speed dial buttons. And Chrome would be the most "minimal" if it weren't for the extension icons over on the right.

It's irritating. I keep Chrome and Firefox both installed so I can test sites on them and it's not until I go to use an addon or Firebug that I realize I somehow ended up using Chrome as my browser for the day rather than my usual favorite Firefox.

It's crazy. Why don't they differentiate themselves like in the good old days?



Oh wait...

Design convergence?

Perhaps it's what is commonly understood as "what users want" on a windowed desktop OS... perhaps we need to look to new UI inputs/frameworks (mobile, voice) to break out of the current mold?

It's a trick! All three images show the same browser... "Google" :)

at least 50% of those images is the same web page!

Best browser just keeps getting better!

Hopefully this gets some more people over from the closed-source Google Chrome.

Firefox is getting more awesome with each update, but admittedly I'm kind of liking Chrome's implement first, standardize later approach to new features, which is why you can get a directoryReader in Chrome and drag and drop support for uploading entire directories. I wish Firefox had that, but it's not a standard so they're not implementing it.

Both Chrome and Firefox have the same approach of implementing first, standardizing later. For example, Firefox has had large swaths of ES6 implemented since 2006 or so.

Rather, it's not so much that they refuse to implement features until they're standardized, it's that each browser maker refuses to implement the features dreamed up by the other browser makers until they're standardized.

> Both Chrome and Firefox have the same approach of implementing first, standardizing later

>Rather, it's not so much that they refuse to implement features until they're standardized, it's that each browser maker refuses to implement the features dreamed up by the other browser makers until they're standardized.

I guess that's what happened with this. A Mozilla engineer explicitly argued against implementing something because it's not a standard in this issue: https://bugzilla.mozilla.org/show_bug.cgi?id=782233

Mozilla is doing the same. Take a look at the WebAPI overview for some examples:


True, but just as a note, that page also includes APIs available in Chrome and not Firefox, including directoryReader:


Another example is the, now deprecated¹, Audio Data API which had by far the most visible involvement I've seen yet from the community.

You also have the rather new Social API² which is still in development and what about the whole ASM.js spec³?

1: http://blog.mjg.im/2013/11/07/audio-data-api-disabled/

2: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/So...

3: http://asmjs.org/

Personally I prefer the "wait 'til standardized" approach better. Web standards have been dragged through the mud enough thanks to IE and its disregard for standards. We don't need Chrome running wild doing the same.

IE caused problems by not implementing standards (or not doing it correctly) On the contrary, Chrome is causing problems with implementing pretty much everything the devs come up in their offices or only partly implementing standards.

Or, at least, that is how I experience things.

I prefer Chrome/Firefox's way of implementing proof of concepts before standardization; it's more pragmatic, less ivory-towery. It's the difference between agile development (what people used to call XP) and waterfall.

Rather than being developed in a closed room by a committee, features emerge in a sort of darwinian sense, in that usable features survive (they're played with, commented on, blogged about, critiqued), and bad ones tend to end up being ignored. And it works because good developers won't touch features that would break a site's cross-browser compatibility, but might sneak in stuff that can gracefully fall back. Thus the whole world becomes an "agile" test bed for a potential standard until everything slowly coalesces into a stable status quo.

Based on the notes in #812695[1] the longstanding text-corruption bug that's appeared in past releases should be fixed thanks to a change in how the layout's handled.

[1]: https://bugzilla.mozilla.org/show_bug.cgi?id=812695#c414

CSS scale transition performance is still janky on OS X. Are they ever going to fix that?

Please post a link to a site where you see that happening.


It should hiccup on Firefox for Mac but virtually no other browser: http://jsfiddle.net/K7Ukb/8/

FWIW: On a 2011 MBP 17", it was silky smooth in Chrome, and very slightly slightly less smooth on FF and Safari.

Chrome is fast and smooth, IE doesn't do anything.

but this is Win7.

Do you have an example of this?


It should hiccup on Firefox for Mac but virtually no other browser: http://jsfiddle.net/K7Ukb/8/

I love Firefox, but since I upgraded from 28 to 29, it has been crashing for me on Win 7 on a daily basis. Looking in about:crashes I have close to 30 crashes reported. The moment I upgraded to 30, it crashed. sigh

do you happen to have the extension HTTPS Everywhere installed? I had that problem and disabled the SSL Observatory and it started working fine again.

Hopefully it will be fixed soon (if not already)

Yes, I have HTTPS Everywhere installed. I will disable SSL Observatory and see if that helps. Thanks for the tip.

This seems to have solved it for me, finally! Thanks a lot.

Same problem here, daily crashes. This started with Firefox 28 and I still have this problem with Firefox 30. I have no idea why, but some pages crash more often than others.

This happened on both OSX and Ubuntu(my laptop and workstation) at the same time when Firefox 28 was introduced.

You're not alone. I went years and years having Firefox never crash without an obvious reason (like a problematic page or plugin), but recently I've been having it crash once a day or so even with all plugins/addons disabled.

Would you mind linking to one of those crash reports?

If you would rather not do that in public, please feel free to e-mail me links: bzbarsky at mit dot edu.

Does it strike anyone else as odd that they don't highlight security updates as Chrome does? Example, http://googlechromereleases.blogspot.com/2014/05/stable-chan... Maybe it's psychological, but I like the reassurance security is a focus for Chrome.

You can see the security advisories here:


Maybe because it doesn't seem to be their main priority (where's my sandbox at?):



> The two major advantages of this model are security and performance. Security would improve because the content processes could be sandboxed (although sandboxing the content processes is a separate project from Electrolysis).

Sandboxing Bug:


Still no keyring/OS password storage support? I'm all for storing all passwords in the password manager (including those with autocomplete="off") but anything that can read signons.sqlite has access to all passwords in cleartext (no average user uses the master password)

Are you sure? I just did a .dump on my signons.sqlite. The login and passwords are not stored in cleartext.

ubuntu 13.10 firefox 27.0.1

There seems to be a bug on the dev-tools in the Network tabs, I cannot see the labels that are normally at the bottom ("All | HTML | CSS ... "). It seems that the container that's wrapping them doesn't have enough height to show the text. This is on OS X 10.9.3. Anyone else having this issue?

Why limit yourself to just firefox 30.0 I'm using their Mozilla Nightly currently at 33.0a1 (2014-06-10)

Awesome! We can always use more people using the Nightly or Beta channels. Just be aware that you are not getting production quality code.

In general Nightly has been very stable for me, but sometimes things sneak in that are annoying or simply broken. If you can live with that, then welcome to Nightly! :-)

The only time I ever have problems with nightly is the first release of a new version. I wish I could set a config entry to wait for the second release of a new version.

The Aurora release channel might be what you're looking for - it's between the beta and nightly channels. I find it to be exciting and fairly stable.


That might be considered the beta branch :)

i'd love to use nightly, but they don't enable gstreamer 1.0 by default yet.

I run Arch on most of my machines. It seems kind of contradictory to say this, but I like my official repo updated in system upgrades standard firefox, whereas all the other channels are in either third party repos or the AUR.

Why in the inspector does it convert the markup to xml?

So it adds < / input > etc

It's a sort-of serialized representation of the DOM.

I thought </input> was the proper way to write HTML.

It's either <input ...> (SGML flavor) or <input .../> (XML flavor).

Anyone know if array comprehensions are also supported in chrome?

    var xs = 1, 2, 3
    [for (x of xs) x * 2]
    SyntaxError: Unexpected token for
Chrome Version 35.0.1916.114

Not yet. Looks like only Firefox 30+ supports array and generator comprehensions:


Unfortunately no gstreamer 1.0 in official Mozilla builds yet.

It's item #3 in the release notes. http://www.mozilla.org/en-US/firefox/30.0/releasenotes/

It's available as an option at build time (build switch). But it's not used in the official Mozilla builds which are still built against gstreamer 0.10.

There is a telephone in Firefox Nightly.

It was only yesterday when Firefox was 3 and look at it now. Isn't it about time we start telling it to get married and have children or?

I've uninstalled Firefox since Mozilla ousted Brandon Eich

Sorry to here you hate homosexuals.

While it's quite off topic, what's with FF version numbers? I mean just a few years back it was FF 3, 4, 5, and while I am not using it daily, I don't think it's a major change every time.

I guess my kids are going to use Firefox 142...

As scott_karana mentioned, Firefox has been doing "rapid release" since 2011. https://wiki.mozilla.org/RapidRelease There are 3 channels: Aurora (alpha), Beta, and Release. Every 6 weeks, stable features are pushed into the next channel. So there is a new release every 6 weeks, and if you want to live in the future, you can use the Beta or Aurora channel. https://www.mozilla.org/en-US/firefox/channel/

Edit: do you really want your grandkids to be stuck with version 5? :)

And don't forget about nightly: http://nightly.mozilla.org/

Mozilla adopted a rapid release cycle, similar to what Google does with Chrome. Everyone is always automatically updated and version numbers are less significant.

Chrome does the same an no one ever complains about it.

Holy crap! I so need the power of the down-vote right now...

Update - Really? I am being down-voted and not gedrap?

His comment added very little to the conversation.

Yours added nothing.

Please try to avoid comments like this in the future.

Your opinion...

My opinion is his comment was a waste of time and mine was funny.

Very nice, but those designer tabs from FF29 still make my eyes bleed every time I see them, so I'm stuck on FF28. I wonder how many people are in the same situation :-|

Only someone who is completely unconcerned with the security of their computer since 29.0 and later fix critical bugs allowing for remote code execution. Seriously, I'd recommend doing one of the following:

1. Upgrade and use one of the theme and extension combinations to get a look you want.

2. Upgrade and just get used to the new look since it's similar to Chrome and others.

3. Downgrade to Firefox ESR 24.5.0 which IS fully secure.

Or you can simply run it under EMET - http://www.microsoft.com/emet

Blah blah blah, security! Oh, boo-hoo security!

If security is such a hot button worry wart issue, then it shouldn't be permissible for Mozilla developers to bind minor UI tweaks to security fixes. Firefox user interface changes should not be tightly coupled with essential security updates, since they introduce the hazard of many users refusing to comply with good security practices, simply because some asshole design wonk decided to enforce their tastes upon millions of users and disrupt existing, productive, habitual user interface behavior.

And by the way, it's absolutely possible to securely run an instance of Firefox 28 in a read-only, sandboxed, firewalled VM, restricted to connecting to specific trusted hosts.

Permitting a third party to control and modify your behavior by enforcing automatic updates in a manner that does not match your schedule can be an insidious security hazard unto itself. Organizations like Mozilla, Google, Apple and Microsoft have no interest in and no concept of what might be hugely disruptive to their end users, nor do they necessarily have any concept of a given environment's actual security posture. They simply cry "security" and then rampage all over everyone's shit with righteous entitlement.

Nope. I define my security practices (including whether I run a javascript-enabled browser at all), and I define my update schedule.

You should probably build your OS and all your software from scratch, cause it seems you have a problem with using software that doesn't meet your arbitrary guidelines.

Switched to Pale Moon, haven't looked back.

And a bonus of actually having a 64 bit build for my Windows partition without having to run Nightly.

Unfortunately, Pale Moon is significantly slower than Firefox due to it being based on the outdated ESR branch. See: http://portableapps.com/node/39509

Pale Moon, 24.5, Linux 32 bit, running on Debian squeeze 32 bit, on my system, is dramatically faster than Firefox 29.0.1.

Or rather, the latter is dramatically slower than 28.0, just about unusably slow. And this is true with a very minimum installation and usage, Session Manager and Track Package the only extensions, a version of Shockwave Flash auto installed the only plugin. As little as 3 windows with 7 tabs.

And it might just be my impression, but Pale Moon might have been faster than Firefox 28.0.

Have you tried the two side by side?

See my link. I performance tested Firefox, Pale Moon and CyberFox on the same hardware within Windows and posted the results. Maybe the current Debian build is a bit messed up. Debian does their own builds of Firefox through a special agreement with Mozilla (they aren't Mozilla builds).

Ah, I see.

However the Firefox builds I'm using are the generic ones from Mozilla, Debian doesn't supply Firefox due to IP issues, they do their own "Iceweasel" build (https://en.wikipedia.org/wiki/Mozilla_Corporation_software_r...).

Ah right. I'd confused it with Ubuntu. It's still odd, though. I wonder if other Debian users are seeing similar issues.

Out of curiosity, I ran the tests again on FF30 on Windows and Sunspider is about the same as FF28 was while PeaceKeeper and Dromaeo increased a couple percent.

It hasn't been notably slower for me.

And it's rather notably more lightweight in terms of RAM usage.

Who cares if javascript execution is slower? You can speed that bit up by not allowing it to run in the first place. I would accept any speed of browser to avoid Australis.

I don't know if this also restores the old tab look, I think not honestly, but I just installed and I wanted to share this here to hear your opinions https://addons.mozilla.org/en-US/firefox/addon/the-fox-only-...

classic theme restorer extension.

not the same.


I use the Chrome skin for FF and it's surprisingly fantastic.

Correction, it's Fw, not FF.

If we're being pedantic, it's Fx, not Fw or FF.


This is my favorite firefox specific "bug", still around in 30 I would guess:


Works fine in literally all other browsers. Oh well.

It should remain a 'bug'. That's an invalid URL in the IMG tag and should be treated as such. The problem is some browsers 'helpfully' fix it and designers don't know they're writing invalid HTML.

Browsers like Internet Explorer 'fix' it so designers never know. Browsers like Firefox show it as properly broken so designers fix their mistakes. That's why it's always important to test your site in a proper browser.

I know you have 'bug' in quotes, but man, you know perfectly well that's not a bug and it would be complete silliness to allow that.

Is it though? I know standards are important, but what does it really cost a browser maker to be able to resolve paths with backslashes? Similarly, is it really that big of a deal to support background-position-x and y? The prime example of something should have been a spec from the beginning.

That road of good intentions leads to maintenance problems like HTML quirks mode and security issues (especially when allowing invalid URLs).

nope, doesn't work in Chromium 36.

Nor in Opera 12.

I stand corrected!

What's supposed to happen?

There's an invalid URI within the IMG starting with http:\\ instead of http://. A mistake a beginner designer who's used to Windows directories would make. Some browsers like IE helpfully 'fix' this mistake and accept it so the beginner designers have no idea they're writing broken code. Other browsers like Firefox interpret it as written and show it as broken.

Hmm, with Chrome in W8 it shows an image, So I didn't see anything wrong...

The wrong slash has been used in the URL. It's supposed to be a broken image.

So I guess minor updates are how we do things now.

Yup! Release early, release often. Linux (kernel), Gnome, Ubuntu, Firefox, and Chrome (and lots more) are all on scheduled updates.

Edit: The advantage to rapid releases is that you can roll out minor updates when they're ready without having to wait for big ones, and you don't have to rush big ones for a deadline. If you miss one release, it's no a big deal because there's another one coming right up. Release when it's ready!

Rapid releases != rapid major version number increments. If you update the major version number too often it becomes meaningless.

The Linux kernel is on version 3.15, for example.

Yes, it is meaningless, and they intentionally hide the version number now - the download page doesn't even show it. But what could a major version number mean? GNU Emacs was on version 1.x for so long they dropped the leading "1." and promoted the minor version number to the major version. Ubuntu just numbers their releases after the date, e.g. 12.04 came out in April 2012.

> GNU Emacs was on version 1.x for so long they dropped the leading "1." and promoted the minor version number to the major version.

As did Java. Java 1.4 was released in 2002, and the next version was Java 5 in 2006.

Quote from Wikipedia that expresses my viewpoint on the subject:

> In principle [...] the major number is increased when there are significant jumps in functionality such as changing the framework which could cause incompatibility with interfacing systems, the minor number is incremented when only minor features or significant fixes have been added, and the revision number is incremented when minor bugs are fixed.

agree, these should be point releases I'd wager. However, they have to "keep up with the Joneses" (chrome, in this case) which has high numbered versions, I'm guessing...

The fact that you don't know what version you're on is intentional on both sides. Both Google and Mozilla realized that the version is meaningless and hid it.

Firefox has been doing rapid releases since April 2011 or so, it's not a recent thing. :)


I wasn't criticising. I just noticed from the changelog for this release in particular was pretty close to "changed whitespace in code"

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact