Hacker News new | past | comments | ask | show | jobs | submit login
Firefox 36.0 released (mozilla.org)
368 points by Smibu on Feb 24, 2015 | hide | past | web | favorite | 247 comments

Meanwhile, in firefox 39a (current nightly), a reader view (readability/printfriendly)


About time! I've been using it a lot on FF mobile where it's super useful. This feature was announced long time ago. I've been using the Enjoy Reading extension for a while and found no good replacement when it was abandoned.

For desktop I use the Readability Bookmarklet[1]. Gets the job done.


I use Evernote's Readly. Quite lovely, but the customization isn't the best compared to Readability.

I prefer having an extension/built-in tool to a bookmarklet, though.

Personally I use a Firefox keyword shortcut to printfriendly (I don't remember why I stopped using readability, it's a lot fancier, but PF never failed so I kept going back to it.)

Yes, plus you can send the extracted articles directly to the kindle.

Why's that added to the main program, though? I mean, there's extensions that do the same thing, right?

(I'm sure others have made similar remarks about other features that were added over time that were originally in extensions)

I seem to recall that Readability required transmitting the page I was viewing to their servers, so I found myself avoiding it. I don't know if there were good alternatives, but I do have faith that Mozilla's will be good (although I haven't tried the nightly or anything), so I'm excited about that. Once I used it for a while, it felt like something a browser should just have.

We've put the source we're using up on github ( https://github.com/mozilla/readability ) and plan to use the same library on all platforms. Any contributions are welcome.

Good point, also useful in and out of itself without being out of place (much less than webrtc audio chat)

How did you enable this? I'm on 39 as well and I can't find the option?

Enable 'reader.parse-on-load.enabled' in about:config

Here's what I did : absolutely nothing.

A little icon appeared in the url bar on some website (it's orange when reader view is active, otherwise it's pale blue). I don't know how or why Firefox decides to show this icon. Even better, I just revisited the webpage in the screenshot annnd... no more reader view icon. SoFTWare.

ps: the reader view icon doesn't show anymore. FTWustrating.

Maybe I can stop zooming all the way in all the time soon :)

speaking of zooming, and if any Moz devs are watching, please finally fix radio and checkbox control zooming. it's been 7.5 years.


What? You don't like the challenge of trying to click on a micron wide checkbox on your new 4k laptop screen? That's half the fun, I say.

In many cases, I use a fontawesome glyph linked to a hidden <input> element to work around this limitation :(

On a 4k screen I find that setting layout.css.devPixelsPerPx to ~2 works better than zooming.

yeah, but that doesn't make checkboxes any bigger either.

Good shout, this seems like a pretty major accessibility bug, bit saddened that as a professional web dev I wasn't aware of it, otherwise I probably would've been applying a standard workaround like @sarciszewski.

A similar feature has been available on mobile FF fore a while now and I use it pretty regularly.

What OS is this? Or what user interface?

Looks to be Arch running i3 (my own current setup as well, actually)

Looks like Linux with Openbox: http://openbox.org/wiki/Openbox:Screenshots

I doubt that's Openbox. It would be one of the many tiling / dynamic WM's out there (DWM, Awesome, i3, Xnomad, etc).

As for which WM specifically, it would be impossible to say for certainty since every one of them can be configured to look like the other - so only the OP would know for sure.

I'd speculate that you're right about Linux, but only because the article exampled was about ArchLinux. However that could be a red herring and the aforementioned WMs would also compile on most modern *nixes (or at the very least, a few of the notable BSDs)

archlinux (you could have guessed from the page shown;), wmii as WM, no customizations whatsoever.

Obviously false. They could not guess from the screenshot.

I did customize wmii default theme colour too. Twice falsified.

It's a shame that the "readable" mode has #333 body text instead of #000.

That is poor advice which doesn't account for the difference between computer screens and ink on paper. The deepest black you can get on a monitor will not be as dark as certain inks on a page.

I'd argue that it does account for that difference, just not in an immediately obvious way. Screen displays are an additive color model and print is a subtractive one; screens shine light at you, paper has light shined on it. This makes for a very different perceptual feel; (completely) black ink on white paper is way less "contrasty" than #000 text on an #FFF background. WCAG accessibility guidelines suggest a minimum contrast ratio of 7:1 luminosity -- #000 on #FFF is a 21:1 contrast ratio!

In practice, I think we'd be better off darkening the background a little and lightening the foreground just a touch; #333 text on #F8F8F8 background still "feels" like black and white, but (assuming you've chosen a reasonable text size) it'll be a lot easier to read if you're dealing with long-form text.

I find it difficult to believe that the relative difference between #F8F8F8 and #FFFFFF matters at all relative to the the widely varying screen brightness settings on everyone's very different computers, tablets and phones in very different lighting conditions.

It's (generally) bad 'design' to fill areas with black, sure- but #000 outlines and text is just getting proper use of the limited dynamic range we're provided with.

#000 needs to be used tastefully, otherwise it can be visually overbearing.

Do you find this page visually overbearing because all of the non-downvoted comments are #000? I have never seen a page of text on a computer screen look overbearing because its color was #000 and not lighter.

What stands out more? The comments, or the names of those who comment?

Experiment, write this css into your dev tools:

    body * {
      color: #000 !important;

No, but I probably would if the background were white.


#000 is easier to read on devices with that have dim backlights.

I see font rendering in linux is still pretty horrible.

You know, you might be looking at a screenshot that has font settings (hinting etc) which work on the originating display and fail on yours. No reason to jump to snarkiness.

You do realize the screenshot is an image right?

That doesn't matter. The pixel output of subpixel rendering only works on monitors with the pixel layout it's intended for.

whoa, that is something i never thought about before.

Take a screenshot and zoom in on text, chances are that you will see lots of subtly colored pixels around it.

Yes, but font hinting takes advantage of the specific subpixel layout of your LCD (e.g is the order RGB left-to-right, top-to-bottom, two greens and forming a square, etc). If you take a screenshot and look at it on another monitor, it's quite possible for it to look awful because your RGB subpixel layout and the source differ.

Don't be so quick my dear, sometimes screenshots differ dramatically from what the user sees.

Yes, a JPEG image :)

Font rendering is as configured. See https://wiki.archlinux.org/index.php/Font_configuration

Yeah, I know you can make fonts look nice in linux, but distros ship with horrible defaults.

First, who do you think you are to question my font configuration skills (hint: nil), second, as mentioned earlier, there are ways to have 'better' font rendering. The thing is it requires a PhD in Linux display stack and frankly I don't care. I tried to care though, and it backfired at me (emacs was fubared, and that's a deal breaker), and this default config, even subpar, is pretty enough and stable enough. Lastly, chromium manages to set up itself better and fonts look better in it. SoFTWare.

> there are ways to have 'better' font rendering. The thing is it requires a PhD in Linux display stack

Not really. Just learning about how to adjust preferences for FontConfig. Antialiasing, hinting and subpixel rendering have a lot of effect on the visual appearance especially. You can read about it here:


There can be also some monitor specific tweaks like LCD filtering.

More feature rich DEs give quite easy to use interfaces for managing all that (for example KDE). So if you are using some barebones DE / WM, then you should be ready to do all that manually in the config files.

I did try arch wiki advices, I got some results but I didn't really understand what I was doing and had lots of undesired side-effects (emacs buffer redraw failed, screenshot aliasing failed,...) so I dropped everything and used stock config.

The xml config files seems overly complex (I admit, I suffer from acute xml ad-formatem) for my tastes.

I tried to diff manjaro linux /etc/fontconfig actually, just to see what they were doing right to have such nice visuals and couldn't find anything.

It's in the same basket as some famous audio server, which I replaced by it's very naive ancestor.

On Debian defaults are all under /etc/fonts

About general idea of what all those settings are, here is a brief overview: https://en.wikipedia.org/wiki/Font_rasterization

FontConfig rules can even be applied to Web fonts, which at times can be messed up by default. Example of such rule for fixing some mess on DuckDuckGo:

    <match target="font">
      <test name="family">
      <edit mode="assign" name="autohint">
      <edit mode="assign" name="lcdfilter">
The difference it made for me (note the word Wikipedia and messed up letter i):

Without the rule: https://i.imgur.com/SsicEFJ.png

With the rule: https://i.imgur.com/Ehh0rZU.png

I didn't know this worked against web fonts as well. Is there any chance you could share your webfonts config in its entirety? Maybe post it on github or some whee? I'd be hugely grateful :)

That's really the only such setting that I have :) I use DuckDuckGo as my primary search engine and that messed up i was irritating me a lot, so I was digging for a way to improve the look of Web fonts and discovered that Fontconfig can affect them.

Thank you, I appreciate the time you took for the screenshots.

" The thing is it requires a PhD in Linux display stack "

agreed ;)

>distros ship with horrible defaults.

I guess you haven't used Ubuntu lately, which ships with better fonts than my Windows machine.

Or, you know, people have different subjective preferences in fonts.

From another comment:

Is not about font taste, is about brokenness, you can clearly see in the screenshot that the fonts are rendered poorly, some letters are lighter than others, half of a letter is lighter than the other half, some don't look smooth, etc...

Yes, to me, Ubuntu has the best defaults.

Fonts configuration is always rather subjective. I often don't like defaults. This applies to any system. Good ones allow greater flexibility. Bad ones assume they know best and force "best defaults" without any way to improve them.

Is not about font taste, is about brokenness, you can clearly see in the screenshot that the fonts are rendered poorly, some letters are lighter than others, half of a letter is lighter than the other half, some don't look smooth, etc...

Firefox renders text using whatever text rendering settings you have set up on your computer. These differ from platform to platform, and from monitor to monitor. If you don't like sub-pixel rendering, you just turn it off and all the programs on your machine, Firefox included, stop using it.

Others have also mentioned that the subpixel order differs from monitor to monitor, so if the screenshot was taken on a monitor with BGR subpixels and your monitor has RGB subpixels, the text will look much, much, worse than if there had been no subpixel rendering at all. Or perhaps you, like me, have a CRT and subpixel rendering always looks wrong. It's hardly Firefox's fault.

Not sure about that system. I'm using Debian testing and it has very good quality defaults (visually) which I change anyway to suit some of my preferences. So the claim about that "distros ship horrible defaults" is not universally applicable.

I don't see anything wrong with the font rendering on that.

Perhaps you could be more specific?

I was going to saw the same thing, but didn't because I figured I'd get downvoted for it on HN. Seems I was right.

I use debian and arch with http://www.infinality.net/blog/ and the fonts have never looked better.

Wow this is a big release! HTTP 2.0, phasing out 1024 certs, sync, will-change.

BTW, is there already support for 4096 certs? Or is that coming later?

Yeah, the full HTTP/2 support was a pleasant surprise! Wonder if Google's (and other prominent ones) web properties have switched over to HTTP/2 from SPDY yet.

Yes. According to Patrick McManus (owner of Gecko's networking stack), 9% of Firefox requests are already using HTTP/2 with the draft implementation enabled for Google (and now Twitter). With Google alone, HTTP/2 usage is already higher than SPDY.


According to http://spdycheck.org/#google.com google.com supports "h2-14" and "h2-15" which I'm guessing are drafts of HTTP/2?

Right. "h2" is what the final spec should give.

firefox 36 will negotiate any of {h2, h2-14, h2-15}

Using FirefoxDevEdition with SPDY indicator shows me Google, Youtube and Twitter over HTTP/2.

Anyone know of a brief list of workarounds/schemes/optimizations that probably won't be needed (or will be less needed) with http2?

(or just add to this list)

- css sprites

- monolith js/css-files

- rotating through 'alias'-subdomains for resources

- trimming cookies / cookie-less domains (for request-headers)

Sprites and concatenated js/css are still useful. HTTP/2 lets you make 100 requests over a single connection, and that's a lot better than making 100 requests over 100 connections, but it's still not going to beat one request over one connection.

That would be an interesting thing to benchmark, particularly since separate resources can be cached independently.

If you're using every single image, line of JavaScript, etc. as soon as the page loads, a single large file will probably still be faster. If, however, you have a mix of things which are only used for optional features, not on every page, etc. there's room for some nice improvements because independent resources can be loaded immediately whereas a huge concatenated JavaScript file has to wait for the entire transfer before it can be safely executed. If your site really needs jQuery and 90 plugins to work at all, that doesn't help, but if a fair amount of your code can be loaded independently the overall load time can be shorter if some of the code executes while other resources are still fetching rather than waiting until it has everything.

The independent fetch + caching is also more valuable for repeat visitors who have cached copies of everything which didn't change – i.e. if you only touched an icon in the footer of your page, the experience is better if your header logo displays instantly out of the cache rather than having to wait for an entire sprite to reload.

One image with 100 icons also still compresses better than 100 files with 1 icon each.

Sprites are way more demanding memory wise than smaller images.

Performance on the Web isn't RAM-bound at this time, unless you're running on a Raspberry Pi or somethin. Network performance is a much stronger limiting factor, which is why protocols like HTTP/2 are being made in the first place.

I'm also skeptical that sprites must necessarily be significantly more demanding memory-wise than smaller images. Implementations may vary, but at least in current browsers, when you make an Image tag/object with the same source as one you've already loaded, the second one loads instantly. This at least makes it appear that both image tags are getting some kind of lightweight view into the same image data -maybe just a pointer to the same bucket of bits- as opposed to having to re-download and/or re-copy the image data for each instance.

You probably have fewer tabs open than I do...

The memory usage of CSS sprites (which are implemented as css background images rather than Image objects) was definitely an issue a couple of years back. Inlining the images as base64 data uris seems much better.

I think he means the empty space that is demanded by sprites, in memory it occupies space as a bitmap. If you use a smart sprite builder that optimizes stacking, it will probably be less than 10% overhead, but still relevant.

Why 4096-bit RSA certs when you can have ECC certs?

There are installations which don't support ECC, usually due to hardware limitations, but do support RSA-4k. Often this cert is the trust anchor for various other uses than just SSL, so the result is you end up using RSA-4k instead of ECC.

There's also folks who don't entirely trust ECC because it's "too new". To be fair, RSA isn't broken, and 4k is sufficiently big to be safe even with a partial break.

> There are installations which don't support ECC, usually due to hardware limitations

Isn't RSA much more computationally expensive than ECC? What hardware can do RSA but not ECC?

/me sits down to be schooled

Since I can't edit:

EDIT: Unless you're referring to embedded systems that can't be updated?

Bingo :)

Actually, not just embedded systems. There's HSMs (hardware security modules) which also can't be updated to support new functions. Often this is because the underlying primitives have been implemented in fixed-function hardware to prevent timing, power and even RF analysis.

I for one welcome our EdDSA-ECDHE-AES-GCM overlords.

(I know we're not there yet :P)

I recently switched back to Firefox from Chrome. They have done a nice job in speeding it up. My Chrome seems like more of a bottleneck than my internet connection.

my concern with firefox, at least on the mac, I tend to find video play back just stops whereas I can take the same video to Safari and have zero issues.

I really wish there were a way to more easily identify if the problem is an addon or inherent to Firefox.

You can quickly test without add-ons by restarting Firefox in Safe Mode from the Help menu > Restart with Add-ons Disabled.

You can also restore Firefox to its default settings with Help menu > Troubleshooting Information > Give Nightly a tune up > Refresh Firefox button. It will uninstall your add-ons but retain your bookmarks, browsing history, and saved passwords.

It's pretty easy to create a blank profile. That isn't magic wand easy, but it's a low bar.

  firefox.exe -p -new-instance
Should open a new instance of Firefox in the profile dialog, where you can create a new profile.

I'm not sure about "-new-instance". I've only used -no-remote but the release notes say remote commands have been removed. Some quick research turned up -new-instance as a substitute.

-no-remote is the same as -new-instance except that the instance won't listen to remote commands.

I'm presently in the middle of an experiment to use Firefox (and its Developer Edition) as my primary browser when performing my duties as a web developer. So far... It's been kind of rocky. Daily usage of the browser isn't that bad, but the developer tools are lacking compared to Chrome.

A good example is the Network tab. In Chrome, I need only have the developer tools open to capture information about requests. In FF, I must not only have the tools open, but I must also be viewing the tab.

Another minor annoyance is the state of add-ons. It seems that new versions of the add-ons I use regularly are several versions behind their Chrome counterparts. And have you tried to develop an add-on? Wow. The docs are kind of harsh. They could really use a guided example.

You should install Firebug. It's better than the integrated dev tools in almost all areas.

About writing extensions we had this on HN in September 2014 https://news.ycombinator.com/item?id=8285744

I'll definitely give Firebug a try. I hadn't even considered it to be honest. I thought I remembered reading a while back that it was no longer important after Mozilla decided to brew their own.

I feel like adding Firebug adds unneeded weight to FF now that FF's dev tools have matured so much. There's still a lot of work to catch up to Chrome, as you stated, but for the most part it's very capable and Firebug just feels like bloat and adds memory consumption that's not necessary.

I sometimes use the dev tools but I prefer Firebug. Maybe it's only better looking but there are some real advantages. I'm on a phone now and can't make a side by side comparison. Relying on my memory won't work :-) The dev tools are faster, that's for sure but Firebug is not slow enough to switch. I'd like the two teams to merge.

You should install Firebug. It's better than the integrated dev tools in almost all areas.

Really? I uninstalled Firebug not so long ago, having concluded that it offered little added value any more, while measurably, repeatably, and dramatically reducing Firefox's performance. Has either or both of these things changed in the last few months?

Yes. Last spring Firebug rewrote its script debugging tools on top of the new JS debugging APIs in the then-upcoming FF nightlies[1][2]. Firebug was painfully slow for me on JS-heavy sites about a year ago. This year it's perfectly responsive, on the same computer.

[1] https://blog.getfirebug.com/2014/03/26/firebug-2-0-alpha-1/ [2] https://blog.getfirebug.com/2014/06/10/firebug-2-0/

The only thing that irks me is that there is no native dark theme for it.

FF's built-in developer tools are still pretty sad, but nothing quite compares to full-blown Firebug on Firefox. The only place anyone else's tools outdo it, IMO, is Chrome's profiling (Firebug's is nearly useless.)

As I understand it, add-ons are updated more slowly than their Chrome counterparts because Mozilla actually reviews the code of each add-on offered from their store to attempt to validate it's not doing anything naughty. Google and Apple make these types of promises, but really they approve things after a cursory glance and then respond to any user complaints that may come in.

Which is really what Firefox needs to do as well. This is one of my main pain points as a Firefox Extension developer and a turn off for most I know. Rather than keeping people wait for 15 or so days for approving their add-ons, they should rather improve their automatic code checking tools as much as they can, and stop at that (and have a better extension flagging system).

The problem with current system is more if our add-ons are based on a specific website like mine. When that website changes, it breaks my add-on and I upload the fix immediately. But Firefox takes days to approve it, making my add-on look bad in public.

On the other hand I read that the review process is quite slow (as in painfully slow)

Yeah, this is the tradeoff. It takes a long time to audit code. Supposedly Mozilla is doing this every time an add-on update is sent for review. Google and Apple just pretend like they do, and I guess Mozilla didn't get the memo that you're supposed to pretend.

Yes, FF/Mozilla trying to be perfect delay lots of things. They should ship fast, fix later (and not be perfectionists).

One minor grievance I have with the Firefox console is the input line is all the way at the bottom. I quite like Chrome's approach of starting at the top.

Firefox has a few of these irritating UX quirks that I just can't get over. Having to restart after installing an extension is another. Every time I see the request, I can't help lose a bit of respect for it.

"Having to restart after installing an extension is another. Every time I see the request, I can't help lose a bit of respect for it."

Restart-less add-ons have been around for long years, so if you see one that wants you to restart Fx, you can blame it on the addon's creator (I know there may be some edge cases where it is a must, but those are pretty rare).

> One minor grievance I have with the Firefox console is the input line is all the way at the bottom. I quite like Chrome's approach of starting at the top.

This is such a small thing but it drives me insane (and keeps me on Chrome, among other things).

> Having to restart after installing an extension is another. Every time I see the request, I can't help lose a bit of respect for it.

Yeah, I've enjoyed the last few years with not having to worry about restarting idk if I could go back...

>Having to restart after installing an extension is another

Because it's part of your everyday workflow to install extensions one after another, right?

> Having to restart after installing an extension is another

It depends on the extension. Only some (particularly, older) extensions require restarting.

> Firefox has a few of these irritating UX quirks that I just can't get over.

Another one is not being able to use shift-home or shift-end to select to the beginning or end of a css property.

Wow, this drives me insane. I've always meant to file a bug report about this but I'm not sure if its supposed to be a feature instead. It appears to let you cycle through valid properties but I really wish it was assigned to another key.

File a bug if you want to request devtools improvements.

Also the detail provided is not as informative... I was recently migrating a website and while doing this needed to modify my local DNS. To verify the site still worked on the new infrastructure before putting all traffic. So, I was able to use the network tab in Chrome to confirm that I was loading the site from the new servers and not the old servers. In the network tab in Chrome it shows you the IP address of the requested site. Very useful when loading from multiple servers as well... I couldn't find the same information when trying in Firefox.

I assume you've already installed the web developer toolbar and firebug? FWIW, I do all my primary web development in FF, and don't have that network problem.

How about filing some bugs for your concerns?

That's my intention. The first step is always to ensure that you're actually dealing with bugs though, it may just be something I'm not used to.

Not quite related to this particular release, but I kind of wish sync for extension data wasn't Opt-In.

Having to hunt down the option to turn on Sync for each extension explicitly and not even having that option for some extensions makes for a rather poor user experience.

Also, as someone who customizes the browser layout rather extensively, I'd like to see layout settings included in Sync as well (which toolbars are visible/how buttons are organized on toolbars/etc).

Totally disagree I find the present trend towards opt-in-by-default to be an anathema.

It's totally unreasonable that I should have to start up applications in a sandbox after each upgrade and/or hire a team of lawyers to go over the EULA/TOS to find what new & interesting ways have been found to sell my personal info.

(Responding to your general point btw rather than specifically against Mozilla, who compared to the alternatives do seem to care about their users privacy, nor Sync which which you have to opt in for)

For what it's worth, I was talking specifically about Sync's behavior for extension data, and wasn't trying to make any general point about opt-in-by-default.

I switched back to Firefox and stopped using Chrome when it wanted me to 'sign in'. Even IE does not make me do that. I have to say their technical people are top notch, but their business leadership not so much. If they keep in this direction soon Chrome will look like the old AOL app.

If you are unfamiliar, I recommend you also checkout firefox developer edition.

Chrome SignIn is basically the same thing as Firefox Sync. It keeps your bookmarks, extensions, and stored passwords (all controllable) in sync between the different devices you use the browser on.

The key difference being that Firefox's implementation gives you all this without having to let Google rifle through the data you want to sync.

Not anymore: as I posted last night[1], Mozilla could choose to give themselves access to your password, when you create your account or when you change its password. Anyone who is able to successfully MITM you & Mozilla (say, someone with a Komodia cert if you're infested with Superfish, or any of the CAs in the world, or anyone who can compel them to certify a MITM cert) can do the same.

Google do allow you to use your own passphrase, so conceivably at this point Chrome is at least somewhat more secure than Mozilla.

It's a crying shame.

[1] https://news.ycombinator.com/item?id=9098459

A crying shame indeed. Thanks for the update.

Recently switched back to Firefox. Their search engine selection option is so easy and excellent.

On Chrome, non-technical people won't be able to change default search engine.

Thanks Mozilla.

> On Chrome, non-technical people won't be able to change default search engine.

By design. Thanks Google.

Really? It is just a drop down in the Chrome/Preferences on my Mac. I have it currently set to Bing.

See the bottom of this screen shot:


I strongly prefer the previous search bar UI, and thankfully it's still available through a setting. about:config -> browser.search.showOneOffButtons = false.

Thank you! The new design makes my various Arch Linux-related search options impossible to use as they all have the same icon (which shouldn't be a problem – I don't want to have to design a unique icon for every possible thing I want to search).

Aside from that, what is the benefit of the new design supposed to be? It looks like it's designed for touch, but Firefox on touch-based platforms has a completely different UI anyway. And even if someone were to use the desktop version of Firefox with touch input, the targets look a bit small. So I don't understand the point of making the UI worse for keyboard and mouse input.


There are downvotes because your post is obviously antagonistic, or it wouldn't use terms like "religious zeal".

The benefits of open, non-profit motivated software are clear. So it's entirely understandable that people wish Firefox well despite it having some flaws in comparison to Chrome.

OSX Voiceover support has "improved" but is still pretty broken. Anyone know if Voiceover support is on the roadmap? Would ditch Safari in a minute if Firefox had proper Voiceover support. Considering how much attention Mozilla gives to accessibility...

Firefox accessibility bugs are listed here:


The share and hello icons reappeared in FF 36 after I removed them, this is annoying.

This was not intentional. I've filed https://bugzilla.mozilla.org/show_bug.cgi?id=1136300.

I've had this problem with Readability before (the icons appeared by default to the left of the back button, which I didn't like; they kept reappearing). I want to say I solved it by going to about:support and resetting things.

Pretty astounded at the changes they made to ES6 generators. Twenty-two times faster[1] is incredible

[1]: https://wingolog.org/archives/2014/11/14/generators-in-firef...

> No longer accept insecure RC4 ciphers whenever possible

What do they mean with "whenever possible"? If there is a downgrade attack ongoing, will it be possible to avoid RC4?

Here are more details, with links to the discussions on specific issues. https://developer.mozilla.org/en-US/Firefox/Releases/36#Secu...

Fix some unexpected logout from Facebook or Google after restart

What sort of bug is this that only affects Facebook & Google?

Looks like it's probably this bug, which (to my reading) was a problem handling domain cookies:


This would of course affect any site, but the two common instances were FB and google.

Here is the corresponding bug on Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=950399 This what related to the way Facebook and Youtube sends cookies for all their subdomains, and not just www. (see https://bugzilla.mozilla.org/show_bug.cgi?id=950399#c55).

The kind that affects a lot of users and is likely to be reported and fixed.

Good to see they fixed this security bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1095859

A proxy could inject cookies on a 407 response and even bypass the authentication prompt - could have been used for session fixation attacks.

Semi-OT: is anyone on HN using a "alternative" Browser such as Midori or Vivaldi on a daily basis? I love what Midori is doing but it still crashes on me to often.

I use Conkeror http://conkeror.org/.

Me too! The "f" command is sweet bliss for keyboarders.

Every time I consider using something like this I immediately snap back into my reality which, as a web developer, means I can't use browsers like this unless I want to use Chrome/FF for dev and a different browser for personal/browsing. At least for me these two overlap too much to do this.

I used dwb for months now, and only today switched to Vimium (Chromium addon) after finding alternatives like qutebrowser, uzbl, conkeror lacking. If dwb would still be maintained and wouldn't crash on bitbucket.org on me i'd still use it :(

I've had crashing problems with both DWB and LuaKit, both on the same set of websites (most notably with Jira). I've also switched to Conkeror and have been pretty happy.

On Android I use Javelin: http://javelinbrowser.com/

> Requires Android

> 4.0 and up


Are you still on 2.3 Ginger Bread? When did you buy your phone? 2011?

2010. Still works perfectly.

Is Vivaldi out yet? I thought it was only just announced a couple weeks ago.

Thank you for the best browser out there!

Years after switching to Chrome, I've given FF 35 another chance as my main browser in the past week.

The major drive was Chrome's poor handling of dozens of open tabs, which was slowing down my Macbook to a crawl (8GB Core i7 2012 13" Retina on Yosemite) way too often. "The great suspender" extension helped somewhat, but it felt like a lot of manual work for something I believe the browser should handle much more smartly on its own.

Firefox is better in this respect, with sane native behavior like not trying to restore 100+ tabs in parallel upon restart, and extensions like UnloadTab that automatically suspend tabs after some timeout.

However, I'm about to switch back to Chrome :

- I only have 3-4 active tabs in FF at the moment, but as I type this I can feel noticeable lag, and firefox+WindowServer fighting for CPU.

- Embedded video is jerky and looks like it's 10-12fps no matter what the site. Going full screen fixes it, but still..

- No FF extension I've found integrates Google Translate as seamlessly as Chrome does.

I'm not looking forward to handling dozens of tabs in Chrome again, but its baseline performance for everything else is noticeably better for me.

Opera has built in tab hibernation that seems to work pretty well: http://www.reddit.com/r/operabrowser/comments/2vkdjr/tab_hib...

Just tested FF Hello. A very nice experience! Too bad it didn't work with a recipient on osX/safari. I will be using this more often!

The immutable Symbol is interesting, I wonder if React and such would benefit from it (using polyfills for the browsers that do not support it yet)

As an OS X Yosemite user I'd love to go back to Firefox from Safari, but the memory usage just isn't good enough. i get over an hour more battery life with Safari compared to Firefox. Please do something about this.

Unfortunately MSE are still broken: https://bugzilla.mozilla.org/show_bug.cgi?id=1129039

Why was -remote removed?


tl;dr there are other command line options to do everything -remote does in a more sensible way.

How can you tell if you're using HTTP2?

The "HTTP/2 and SPDY indicator" add-on adds lightning bolt icon to your address bar: blue for HTTP/2, green for SPDY:


In Firefox, HTTP responses using SPDY will have an added X-Firefox-Spdy header you can see in the inspector.

This question is obviously asking about Firefox, but for Chrome users, here's how (starting in version 41, a few weeks from stable): http://ma.ttias.be/view-httpspdyhttp2-protocol-google-chrome

Can we please get a non horrible scrolling behaviour in the Android build regarding rest of the platform ?

I don't recall FF asking to accept incoming connections upon upgrading to a new version, 36 does.

Interested in testing out HTTP/2

Still now swipe animation (or "scroll bounce") on OS X sigh.

Wow, Damn Hello is back even though I disabled it.

Gee, Thanks.


I just updated and it broke my selenium scripts.

thanks for the downvotes, but I've literally spent all day trying to fix my QA environment after updating to firefox 36.

It seems to be a known issue with Selenium 2.44. Hopefully it gets fixed ASAP

Your web, the way you like it.

Great release, but not so happy about HTTP/2 being used by people now. I mean they kind of have to implement it, but the standard is still rather awful in many regards, like no caching by default (but at least headers get compressed?), bad security, ...

See also: https://lists.w3.org/Archives/Public/ietf-http-wg/2015JanMar...

I really wonder whether there is a measurable change in traffic and whether it goes up or down.

Yay! Time for another firefox rant. I love the idea of firefox and I used to love it a lot. But not now. I keep trying it and always go back to chrome.

It crashes. A lot. Like, at least once a day I have to ctrl+alt+del and restart it on my laptop. It freezes and the window stops responding, it doesn't even paint.

In the inspector, the DOM breadcrumb area scrolls and moves around. It's like the blink tag, only worse.

JS debugger feels worse and clunky compared to Chrome.

Element inspector feels like duplo to chromes lego (does that make sense?)

I opened firefox yesterday and found a new speach bubble icon asking me to connect to O2 for something. WTF?! WTactualF is that all about?


Your bugs are probably in extensions and not Firefox proper. Try starting in "safe mode" by just holding the Shift key while FF is launching. If it's still a problem, try asking in #firefox on irc.mozilla.org. They're great at helping users troubleshoot, and they'll help you file a bug report if it comes to that.

The speech bubble by the way is a way to video chat from the browser itself. It uses WebRTC which is already in modern browsers so its not like they've added a ton of code to get that feature baked into the browser.

Not sure why you saw O2 but I saw Telefonica which is the company that works with Firefox to deliver their Firefox OS phones. I suppose Telefonica/O2 is needed because even though WebRTC is a real-time direct connection between you and somebody else, you may need a 3rd party to help you connect to one another at first.

>The speech bubble by the way is a way to video chat from the browser itself. //

You know there are a myriad of ways to use the browser to do video chat already - websites that offer WebRTC video chat. You follow a URL, maybe from a bookmark, and use the one you want (eg http://appear.in).

None of that requires modifying browser chrome nor forcing buttons on to established users toolbars.

This is a marketing deal disguised as browser development.

It's just that chrome devtools are really, really well made in many dimensions. But keep in mind that Mozilla has been catching up a lot (impressive knowing the budget difference) both in devtools and under the hood (memory usage).

Don't forget about FireBug which is pretty awesome.

I heard it was an unmaintanable mess, that's why Mozilla added in-house devtools. I liked FireBug UX more, but I like that Firefox has metalevel coding/debugging capabilities out of the box (the smalltalk fan speaking).

It was, it also was slow as hell. Now it's much better. I don't see any issues, but then again I run pretty fast pc.

I would start by thinning the crap that you probably have in the form of extensions... I've been running Firefox since 1.0 on all OSes and I can't remember it crashing on me once (it probably happened, a long time ago, but I honestly can't remember.)

I'd love to know what you do for a living.... As a web developer I've had more FF crashes than I can count. Chrome has extensions as well and I have WAY fewer crashes with Chrome, if "having extensions" im FF means that you can't complain about crashes then FF is useless as extensions are a MAJOR selling point.

I'm not sure why you're being downvoted so much. I assume the usual FOSS fanboyism that rules HN.

I used Chrome, IE11, and Firefox all day. FF is the only one that locks up and crashes on me. Its so rare in the other browsers I'm shocked when it happens in FF. I run almost no extensions and I think my copy at work has zero extensions and I don't even have flash installed, so the idea that it must be a plugin problem is questionable. Once a day lockups or crashes are still, unfortunately, common. I really wish it was a better QA'd project. Its such a nice piece of software, but I imagine its reached the point where it can and should be forked to a lightweight browser the same way FF forked from the big ugly Mozilla suite. Current leadership at Mozilla just don't seem to make crashes and resource usage a priority.

I also dont like how it switched on me from google to yahoo as my default search engine. If MS did this in IE people on HN would be losing their shit, but because this project is a FOSS darling, everyone just made excuses for it. At the very least it should have asked me if I wanted to change to whatever search engine they've gotten into bed with this year.

This sounds very different from my experience. Have you ever looked at about:crashes and checked into any bugs hanging off your crash signatures? (And if not, please file bugs!) If you make a list of your crashes available, I'd be happy to take a look and see if I can dig out some explanation for your problems, or make sure the appropriate bugs are on file with Mozilla.

I know for a fact that Mozilla leadership does prioritize crashes and resource usage (in fact, this is one reason for all of the work on the process separation feature called Electrolysis), but of course they will prioritize crashes that affect lots of users. For various reasons, it could be that your crashes are different from those. (I'll assume that you're on the most recent version of Firefox already.)

THIS. Developers on HN with problems have the requisite skills to be able to file good bugs.

I've been filing bugs for years yet the QA of the product is still at unaccepatable levels. FF's constant passing of the buck is bothersome. When they can't blame extensions they blame people for not participating. Yet somehow Chrome/Chromium exists just fine without me writing big reports for it, same for Safari, IE, etc.

FF just has poor QA. That's a problem and all the excuse making actually hurts the product as FF leadership isn't seeing enough complaints apparantly, when an army of nerds are refusing to acknowledged these problems.

"When they can't blame extensions they blame people for not participating."

Extensions are commonly blamed because of the way that Firefox implements extensions.

They essentially become a fully integrated part of the browser with full privileges. When extensions do things that they shouldn't be doing (but can anyway, because what's stopping them?), the extensions are blamed.

Of course there have been many lessons learned from a decade-old extension ecosystem. Other, newer browsers have benefitted from those lessons (ie. Chrome). Mozillians know the problems with the current extension model but the hard part is having the resources to do something about it.

"Yet somehow Chrome/Chromium exists just fine without me writing big reports for it, same for Safari, IE, etc."

SOMEBODY is writing bug reports. FWIW, there are what, 50000 Google employees, a majority of which could be dogfooding prerelease Chrome and filing bugs. Mozilla has 1/50 of that to dogfood Firefox and depends heavily on its community to make contributions.

Links to specific Bugzilla bugs and crash reports please.

>I also dont like how it switched on me from google to yahoo as my default search engine. If MS did this in IE people on HN would be losing their shit, but because this project is a FOSS darling, everyone just made excuses for it. At the very least it should have asked me if I wanted to change to whatever search engine pimp they've gotten into bed with this year.

No need for excuses, I use FF and my default search engine is Google. It was two "clicks" to change back but sorry if that was to dramatic for you. Most people realize Mozilla is not going to make someone's search engine the default for free and that contracts end.

People will complain about anything...

> If MS did this in IE people on HN would be losing their shit

If they changed people that had set it to google, sure.

But changing the default? That's not something to be mad about.

> FOSS fanboyism that rules HN.

It's this, people HATE when you criticize FF (as I found the other week when I got downvoted for raising, what I thought were, valid points about crashes, lockups, and not being multi-process). I upvoted you and your parent but it won't be enough to stem the tide of downvotes (this is probably going to get downvoted as well).


Dear downvoters,

How about you actually respond with your reasoning instead of proving my point perfectly.

While it's nice to see the progress being made here, it's a little bit.. what's the word here? Strange? Disheartening? Annoying? Infuriating?

..to see long-standing issues being ignored or back-burnered in the march to add all the new features. Duplicate SSL certs still cause sites to be unviewable without stupid and security-breaking workarounds that are not necessary in other browsers, for nearly 7 years now[1], making the browser completely unsuited to enterprise administration uses. One misbehaving tab can still kill your entire session. I understand that they're working on this with the electrolysis project, but end of 2015 goal?[2] I don't mean to be overly snarky here, but congratulations on getting to where Chrome/ium was back in 2008.

I seriously question how the priorities are being decided at Mozilla. These are basic usability things that were solved in other browsers a long time ago.

[1]: https://bugzilla.mozilla.org/show_bug.cgi?id=435013

[2]: https://wiki.mozilla.org/Electrolysis

Adding multi-process to a large project that was not designed for multi-process is an astronomical amount of work. And Firefox's approach has advantages over Chrome's, so they're not simply playing catch-up.

Even Internet Explorer has been multi-process since IE8. All other browsers do it, except Firefox.

Which is one of the main reasons I still use Firefox.

Please explain this line of reasoning. As is it reads as "I still use Firefox because I like that 1 tab can bring down the the whole browser"

Chrome is utterly unsuited to the use case of leaving hundreds of tabs open, which happens often to me, as I only bother updating/cleaning my bookmarks a couple of times a year. There's three main issues with Chrome:

1) Nothing I've found that works nearly as well as Tree Style Tab.

2) Chrome always reloads all tabs when the browser starts up. Firefox, at least with Session Manager, will only load old tabs when I activate them.

3) Chrome takes up way more memory. That's partly due to #2, but partly inherent in the multi-process model.

The Chrome UI also gets weird under load. With Firefox, it's easy to tell when it's laggy. With Chrome, the UI seems asynchronous, but there's no consideration for actions taking a long time, so you can get the annoying feeling of clicking with nothing obvious happening.

Chrome chews through a lot of resources on my machine. Firefox is a lot lighter. And I think it will still be lighter since they're targeting a 2-process model instead of Chrome's (let me count) 17 that it just launched on startup.

Thank you! That makes sense, I still think I'd rather have per-tab isolation but I was genuinely interested in why FF would be preferable in this use-case.

Understood, but I'm speaking from the viewpoint of a user, here. It's a massive annoyance for a crashed tab to annihilate the other 49. (And the session restore being activated is generally grounds for a smoke break, because your system will be tied up for a while...)

Session restore in Firefox has been lazy for a long time now (the tab only loads when you activate it). It doesn't take longer than loading a single page.

How often do tabs crash for you? That's the real issue if you ask me. I'm on Nightly (with Electrolysis!) and the last crash was over 2 months ago.

I have a crash probably every day. Usual culprit is Flash.

Counter-anecdote: I use Firefox all day every day and usually have 100s of tabs open. I haven't had a legitimate full-browser crash in years. I've had a hang that resulted in me having to kill the process probably 3 times in the last year. I usually don't enable Flash, but when I do, it usually doesn't crash, and when it does, it just takes out all instances of Flash currently running; doesn't bring down the whole browser. I'm on Linux.

If you're getting a lot of Flash-induced crashing, you may want to check into alternate implementations of Flash, like Gnash, Lightspark, or even Mozilla's Shumway.

That's weird, since Flash runs on its own process (plugin-container). Is it actually crashing the whole browser?

It shouldn't. At least on Windows I've gotten used to killing the plugin container about once ever 2 days. Firefox itself crashes once per month, maybe less.

Firefox = rock solid. Flash = porous rock, at best :)

I find when Flash (plugin-container) goes down, it takes both Firefox and Chrome down with it. Running Windows 7 at work.

It locks up the entire browser so I have to force kill it. I'm on Windows 7.

You should go to about:support and use Refresh Firefox which will probably fix most of your crashes (outside of Flash-related ones which should only be affecting the plugin and not the browser).

>It doesn't take longer than loading a single page.

Yeah, because it only loads a single page. It doesn't actually restore anything. Sometimes the pages it restores aren't even the live version but a cached one, I have no idea when or why it does that. It's absolutely infuriating.

Infuriating? It's one of the main reasons I've switched back to FF (that, and tab groups)! I didn't like have every single tab reload on restore as I don't need 90% of them until much later.

Right-click any tab -> Reload All Tabs. If you want a permanent solution, go to about:config and double-click browser.sessionstore.restore_on_demand.

No need to use about:config, it's on the first page of options.

Oh! You know I was staring at that... Yeah, just click "Options" and then uncheck "Don't load tabs until selected". Thanks!

Speaking as a different user, one who looks at the task manager a decent amount, I really appreciate not having 49 different Firefox processes. This is definitely an issue of personal preference as it's been debated back and forth here a good amount, so no side is really "right" regarding single process v. multi process, but I'm firmly in the former camp.

Firefox multiprocess, by default, has just one process for all the tab content and one for the "chrome". You can increase the number of processes used for tab content manually in about:config.

What's the preference name?


Since 38a (previous nightly) electrolysis e10s is enable by defualt IIRC. That's the main reason I favor Firefox instead of Chromium these days, since I'd love to provide them with automatic user feedback as much as possible. Multithreading isolates from crashes half the time, but some times everything will go down. Also there seem to be concurrent issues and threading overhead, for mundane page loading can become very very sluggish.

I'd rather they make the code more robust to make crashes unlikely enough that they can actually debug and fix them when they occur, rather than going multi-process as a band aid to make recovery easier on a user

That said, it is easy to recover from simply by re-opening FF and you're right back where you were and I haven't had a total browser crash in a long time. I do experience lock up issues though

There are other users you probably don't represent.

But the issue isn't ignored or back-burnered.

That was more directed at the F-ING SSL issue, but still, end of 2015 to have a feature that's considered standard nowadays and introduced 7 years ago?

How much of the work that went into deprecating certs and removing obscure command line flags and setting up HTTP/2 (which isn't even really used by anyone yet) could have went into electrolysis?

None of it. The work on multiprocess Firefox is primarily an issue in the front end UI code (written in JS), and does not have much to do with networking or crypto.

Another thing to keep in mind is that patch notes are a list of user-facing changes, not a breakdown of where the engineering effort went in a particular 5 week release cycle. Removing the command line flag probably took an engineer an hour or two to do. In the same time frame, I spent weeks analyzing and fixing a variety of leaks that only show up in multiprocess Firefox, but none of that shows up in the patch notes.

SPDY indicator[1] tells me that HTTP/2 is active on all Google properties, including YouTube. That's a nice chunk of the web right there.

I agree with you on older bugs just lingering around. This is a serious issue for many open source projects. JWZ was complaining about it years ago[2]. My favourite example is the problem of putting the tabs at the bottom of the window in gnome-terminal[3], which has been reported over 12 ago, has a patch available posted in the bugzilla, and it's still not fixed.

[1] https://addons.mozilla.org/en-US/firefox/addon/spdy-indicato...

[2] http://www.jwz.org/doc/cadt.html

[3] https://bugzilla.gnome.org/show_bug.cgi?id=75420

Chrome's first public release, which included multiprocess tabs, was on December 11, 2008. There has been more than enough time for Mozilla to catch up.

They didn't have an addon ecosystem to contend with back then.

Note the words "first public release". Not to knock Chrome's achievements in this area, but it's an inescapable fact that they did not have any previous architecture to migrate from. Taking any nontrivial program that has had years to assume a single-process architecture, and updating it to work in a multiprocess manner, is hard. It takes time to do properly.

Your complaint seems to be that they haven't shipped a huge project which a bunch of people are working on and adding a backwards-compatibility hack for people who use older network hardware which generates incorrect self-signed SSL certs but also choose not to install valid certificates on this device.

I mean, it would be great for a few people if they added the ability to ignore this check but it's not a surprise that it's a lower priority compared to implementing HTML5/ES6 features which will provide a better web experience for millions of people.

For the curious, the duplicate SSL cert issue is in regards to some buggy routers and wireless printers with broken firmware. They send out invalid SSL certificates. Firefox doesn't have a way to provide an exception to allow access when security is compromised in this way but the user doesn't care and wants to access it anyway.

The only reason tabs generally misbehave is if Flash crashes. Firefox separates Flash out to a separate process so it won't crash the browser, even the tab the crashed Flash plugin is in. It just takes it a few more seconds than I'd like to realize the crash. (You can adjust the timing yourself, though). I haven't had a non-Flash-related Firefox issue in a very long time.

No, the certs are otherwise valid, but the problem is that once Firefox has seen a cert for a given address, if another address presents an identical cert, the second address cannot be browsed to without shutting down the browser and deleting the entire cert store.

Other offenders off the top of my head: BMC interface on Intel boards, HP iLO for blade management, F5 load balancers.

Yeah, they shouldn't be doing that, but the only thing being asked for here is a bleeding override button.

I find it curious that the people complaining about this don't instead install valid certificates. That was routine for us even a decade ago because otherwise you're literally training your admin staff to ignore errors and enter sensitive passwords every time a security warning pops up.

That's never good and it feels dangerously close to professional negligence when it's a password which gives privileged access to a server.

EDIT: just to be clear, I don't think this is “these people are crazy” so much as “what reason is good enough to justify leaving yourself exposed like this?” Even the cheap devices I bought in the early 2000s allowed you to install SSL certs and installing something real was a routine part of the first-time install.

People probably don't install valid certificates because they can't. Consumer routers (think Linksys) are locked-down devices and things like SSL certificates are baked into the firmware. I'm curious what sorts of cheap devices you bought supported custom certificates; were they consumer-oriented? (That wasn't rhetorical; actually interested.)

Personally, I usually end up using plain unencrypted http instead, which is a net negative in terms of security (doesn't even protect against passive adversaries), but that seems to be what the SSL implementers prefer.

I've definitely run into consumer devices which allowed me to upload an SSL cert somewhere in the advanced settings but mostly I was thinking about the people on the bug commenting that their enterprise network, server management, etc. gear had bad certs. Even in the late 90s you could do this because .mil/.gov and many corporate purchasing contracts tended to require it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact