If you were to construct a graph of all the features implemented by one browser and then copied by the others, after a while it would look like a chain link fence.
As correct as you are you'd be surprised how many features we use where implemented in Opera first. Surprisingly large amount, which they then threw away...
I give the Opera guys a lot of credit (I met a few engineers years ago at a conference and they seem like awesome dudes too), but one can hardly blame them for "throwing it away."
-3 points for an honest opinion? Please, relax. When Opera introduced this feature, computers had far less memory than they do now. I known because I raised an Opera bug report when that delay-decode feature regressed in one of their releases. Only Opera made my low-end workstation useful. it was cool. I'm sorry if I hurt your feelings.
I do not think this is a good solution. This is once again just smashing another security trade-off in the face of the end-user. Once the user is responsible they can be blamed and the browser is considered secure with stupid users.
If the developers at mozilla can't verify the security of the applet, how on earth would my grandmother be able to?
Note: This is not an attack against mozilla in particular, almost all vendors does this (e.g. "antivirus: wanna allow suspicious file?" or "browser: invalid certificate". These questions are asked as if everyone is a computer scientist. We developers need to start formulating these questions so they can be answered by a normal person.
Note 2: I guess it's better than doing nothing at all, since it might stop some drive-by attacks.
The main security benefit of click-to-play plugin schemes is not to question the user about the security of an object, which is unknown in most cases anyway, but to prevent accidental drive-by loading and other annoying (and risky) usage. Clicking an overlay to run a plugin should be as natural as clicking on a video to begin playback.
I think this feature will protect users on websites where java applets load inconspicuously.
With this feature user wouldn't click on the blocked plugin/applet because they don't have a use for it. This is not the solution that will end all our problems but hey this is one step closer and I'll take that!
Looks like a notification[1] is shown. I assume "Allow" will whitelist the site. Of course this doesn't help if a trusted site is compromised, but I think C2P is better than nothing.
According to the #ux channel on irc.mozilla.org, Australis will be relegated to Nightly builds (Firefox 29) for a while yet, and might be as late as Firefox 30 depending on the speed at which bugfixes roll in. Sorry, Aurora users. :(
Chromium does it, to a pretty useless extent. With so many window managers, it's pretty hard to draw correct window borders on every machine, and Chromium doesn't even try: with Ubuntu, for example, it draws the titlebar buttons in the "wrong" corner.
Let's face it, the Linux version will only show the window frame if you choose to draw it: not all do (with tiling wm's it's pretty rare, even). Firefox is easy to customize, which allows every distribution to match it looks to whatever theme they use. Linux doesn't have the DE like OSX and Windows do.
I just download youtube videos[1]. It has many advantages over youtube.com. Hardware acceleration is one but also no stalling when skipping ahead, no disappearing videos that you planned to watch later, no need to sign in.
Actually, youtube as a repository of material for download works much better than youtube as a streaming site.
I second this. I've been using youtube-dl for years and it's essential for viewing video content on your terms.
A little know fact that no one seems to mention about this tool is that, the name notwithstanding, it also supports many other sites besides Youtube (use --list-extractors for a full list, currently 108!)
On OSX I highly recommend YouView[1]. It streams H.264, and CPU usage during playback is 1/3 of what the browser player uses. I guess it really inconsequential unless you are on a laptop. On a laptop it's a difference in 1-1.5 hours of battery life.
I used YouView for a while, but I switched to Mactubes because YouView doesn't have Retina support. But I much prefer YouView's interface, and I would switch back in a moment if they released a Retina-enabled version.
I have a rMBP as well. You can use a little program called Retinizer[1] to convert YouView to retina compatible app. Retinizer works on almost any cocoa app, I have tried it on a bunch. All it does is set a flag in the info.plist file that tells OSX that the app is HiDPI compatible, the OS does the rest. You should also get Maximizer[2] to add full screen app option for it.
Ha! You are right. I usually watch videos in 720p, because my connection isn't all that great to YouTube servers, so I never noticed. Just tried it with a 1080p clip, and sure enough, the content isn't running in retina resolution. I guess if I haven't noticed after this long, I am not switching, but good catch.
I do the same. The one disadvantage is you lose the ability to click on overlayed links to related videos that some people often put at the end of their videos.
I'd say it depends entirely on the video/channel. For instance, on Brady Haran channels (Periodic Videos, Sixy Symbols, Numberphile, etc) the overlays are very useful as they link to videos about tangentially related topics, followup videos on the same topic, or even other videos on the same topic featuring a different professor explaining things a different way.
This userscript downloads the video via the browser. I guess YouTube shouldn't be able to tell if the user downloads the video or views it with the html5 player. The script can be used with Firefox (Greasemonkey) and Chrome.
http://userscripts.org/scripts/show/98782
Please only use it to download videos that are under a free license or otherwise allow downloads. ;)
What are the appropriate plugins and how do I find out if I have them? I have an Intel card and normally use mplayer-vaapi[1] to get hardware acceleration for decoding.
I'm not sure we have done the necessary work for vaapi to work sanely. However, software h264/aac video work just fine, here. mp3 also works on this release (same deal, you have to have the right gstreamer plugins), iirc (it certainly works on Nightly, which is what I use).
> If Google didn't buckle like a house of cards on this. I wonder where we'd be?
Content providers weren't jumping to more double their storage costs or deal with another immature toolchain so I rather suspect we'd be where we are now: Flash got an extra couple years reprieve until everyone accepts reality and implements H.264. This is particularly true since no matter WebM's merits it was going to be worse when transcoded from the H.264 almost everyone is actually uploading.
The real fight needs to be over the next generation of codecs. If H.265 has serious competition there's a lot more reason to believe things will go differently, as they did with e.g. Opus where the open solution was also better in addition to being free.
I dearly wish the MPEG-LA members would just charge for the patents for hardware implementations and go royalty-free for software and content for H.265. It would still make them money and get it standard quick.
If we're going to be wishing for things, why not just wish for the end of software patents? This stuff shouldn't be patent-encumbered in the first place. It could have been developed like html5, a bunch of companies with common interests agreeing on a standard without charging for it. But because this is patentable matter that was impossible from the outset. The shape of the legal system enforces the shape of the industry.
I do wonder that if it was declared that math is not patentable simply because it is executed on a computer whether this would apply to hardware implementation too.
> There is no longer a prompt when websites use appcache.
Quite happy with this one. I had to develop an offline web-based application a few weeks ago and it really bugged me that I had to allow the application to use the offline cache.
IIRC most (all?) browsers prompt you when usage goes above a certain limit (5MB, I think). Firefox was the only one that asked you before the site saved a single byte.
Well, AppCache works just as an offline caching system for webpage assets (html files, images, javascripts, css, etc). So yeah it's technically possible to have a 5 GB offline cache, but the browser will need to download all the data first.
Aye. Those pesky visitors who block, purge and otherwise mess with my tracking cookies shall finally be profiled and analyzed. Great development indeed.
I have a silly request, can timings on Network tab be displayed on mouse hover? I hate having to click to measure which part took much time? This is @Mozilla Web inspector
I got no clue how to get to Bugzilla. I made other bug request, but I have no idea where those went (It was one of those Feedback sites for Mozilla with I have an idea, etc.)
If you made the suggestion through a feedback mechanism, it goes into a big database along with the millions of other feedback entries. The support team at Mozilla is responsible for combing through that database looking for common themes and especially for trending issues.
I'd guess your request probably isn't very common, so you probably wouldn't get the same potential attention that you would get if you were to go to bugzilla.mozilla.org and file a bug there.
Should be pretty easy to add that functionality! File a bug on https://bugzilla.mozilla.org. In fact, this would make a great first bug for a new contributor :)
Is there any way to update Firefox on Linux without resorting to ugly methods like running it as root and using update UI, or downloading the mar file manually and running the updater CLI tool with that file (as sudo / root)?
The issue is that I use stock Mozilla build (I prefer it to Iceweasel on Debian), so I just placed it in /opt, but I don't want to give write permissions to the firefox directory to my primary user (it's kind of bad security wise). Because of no write permissions, updating UI can't update the browser naturally, unless I run it as root. And manual mar + updater method isn't nice either.
Potentially there can be some better ways for updating:
1. Firefox can work with policykit and request authorization for updating (if user has it - it can ask for password). That's much better than running as root.
2. updater CLI tool can detect all the settings, channels sources and etc. from Firefox local DBs, and instead of forcing the user to manually grab some mar file, it can go and perform all that automatically. updater can be run with sudo still, but avoid all the manual steps.
Both these methods would be much neater than what I usually do now.
Honestly, when I've used official Firefox builds, I've just downloaded the tarball and extracted it to my home directory. Any malicious code that could corrupt your Firefox install can trash your entire home directory anyway, so there's not much gained by making it non-writable.
Also, running a browser (or anything as complex as a GUI app, but especially anything as wildly complex as a browser) as root is probably a bad idea security-wise anyway.
> Also, running a browser (or anything as complex as a GUI app, but especially anything as wildly complex as a browser) as root is probably a bad idea security-wise anyway.
Yes, that's why using mar + updater is probably the only "right" option, but it's way too manual. I even thought about writing some script which would extract http sources for mar file based on the current update channel but didn't figure out yet where it's configured.
Since you're on Debian and are already putting it in /opt, try the Debian Alternatives tool [1], it's great for managing multiple versions of software you don't install from Deb repos.
It lets you put multiple versions of the same program in /opt or anywhere else (say, /opt/firefox/25, /opt/firefox/26, etc) and config one of them to be the system version (soft links all the bins and man into /usr/bin, /usr/local/bin, /usr/share/man, etc), then swap between versions, rollback if there's a problem, etc as necessary with a single command: `update-alternatives --config firefox`.
It works very similarly to those Ruby version managers, RVM and RBENV, by holding multiple versions somewhere out of the way and soft-linking the chosen one into the system folders. So similar in fact, that the Debian repo RBENV package has been rewritten to use Debian Alternatives instead of its home-brewed linker code.
Takes some upfront setup but that's scriptable and reusable for all subsequent versions [2], and is well worth it, especially for programs where you don't want to use the Debian repo version, don't want to install a 3rd party .deb, and don't want to compile directly to your system folders.
That can be useful but it doesn't solve my problem of more automatic updating really. What I need is something close to native pacakge updating - i.e. replace old files with new ones when update is available with minimal hassle.
Debian uses the 'ESR' versions (long-term support, for enterprises etc) of firefox as it's stock browser, as it's impractical to review the latest and greatest every few weeks for security. The above link gives you the appropriate lines to add to your apt sources.list to get whichever version you like for whichever flavour you're running.
This gives you Iceweasel though, not Firefox, however the only difference is the branding.
Yes, I know about that. I'm using Debian testing, so for me that page redirects to unstable and experimental anyway, and I don't really want to mix with those. In the past the difference was more than branding, so I'm already used to sticking to stock Mozilla builds.
On Ubuntu, you can use the Official Mozilla Daily PPA[1] to get the latest versions of Firefox. They have PPAs for each channel and you can then use the normal package manager to update your Firefox.
Using Ubuntu PPA is not a good idea for Debian in general. I tried a similar method with LMDE though which is much closer to Debian testing, but managing those repositories was somewhat messy, so I stopped doing it.
If you have the files dropped in /opt just chown them to your primary user. I have been running like that for some time now and there shouldn't be any issues.
I can chown them, but isn't that bad in general? If something breaks out from the browser, it can overwrite the binary with malicious code or whatever. Is it a real concern? Regular Linux packages aren't accessible for writing for the ordniary user offering some security barrier.
If something breaks out and can run as your user you're done for. For example it could put an alias in .bashrc for ssh to evilssh and you would never know it (until it's too late).
Running firefox not as root is a good idea, but keep in mind that if a user run an evil application, that user is utterly compromised.
Such code could also install a separate malware binary, overwriting the Firefox binary is only one possibility. If you really want to prevent malicious writes, use SELinux (or AppArmor, I guess).
Add the Debian repos from Linux Mint Debian Edition (something like deb http://packages.linuxmint.com/ debian main import backport upstream). Use Google for the exact source and how to import the keys for this server. Then install standard Firefox
These frequent updates are going to kill Firefox and it's partially Google's fault. Basically, Google has managed somehow to coax Firefox developers to rapid release cycle with frequent Chrome updates. But this goes against Firefox users.
Why do people use Firefox? Most users claim extensions. What breaks extensions? Frequent updates. Effectively annulling the most compelling reason to use Firefox.
This is certainly my experience. Pentadactyl, the most compelling reason for me personally to keep using Firefox is more broken than not. Every single update in the last year has broken it and sometimes in non-trivial ways, and stretching my patience to the limit. If I have to abandon Pentadactyl, I really don't have a reason to use Firefox anymore.
UI changes proposed in Australis are not something to look forward to either esp. if you like hiding Firefox UI elements and basically just keeping undecorated minimal window with Pentadactyl.
Haven't had any of my 15 extensions break in 20 releases. I don't expect any breakage any time.
The reason for rapid release is that they need to get new features out to load stuff properly like google docs, yes.
The main reason to use firefox IMO is that its as fast or faster than others (and has all the features of course) AND has this: http://www.mozilla.org/en-US/about/manifesto/ to tip things on it's favors.
Also, I'm using Australis and its just fine. I switch back to release sometimes and I don't really notice the difference anymore. I do prefer the australis tabs contrast.
They are changing the js API all the time. E.g. in ff26 they disabled the old download manager and replaced it with a new module that's available only since ff26. When the extensions you use didn't break, it's because the developers are busy updating them.
It looks to me like Pentadactyl hasn't had an update on addons.mozilla.org since over a year ago, while the "other side" of the political fork, Vimperator, was updated just under 4 weeks ago. I use Vimperator on Nightly with very few perceived bugs (nonzero, but that comes with the Nightly territory).
In my mind, the quicker iteration on features and improved code quality that came from rapid releases is well worth breaking a year-old addon, especially one as invasive into the browser as Vimperator.
Addons written with the Add-on SDK (aka Jetpack) are also much more stable across versions, though they're not the browser-transforming beasts that Vimperator is.
I don't really like web browsers as a platform, but I don't think restricting the pace that new features are released is productive.
I think he's talking about the nightly builds from pentadactyl ( http://5digits.org/nightlies ), considering the version on mozilla's website broke ages ago.
You might prefer Mozilla's Firefox ESR (Extended Support Release). ESR is targeted at large organizations that want to deploy a stable browser that will continue to receive security updates. Mozilla supports ESR for 12 months. The current version is based on Firefox 24; the previous was Firefox 17.
I've used FF since the first release and I remember how everyone was stuck with a slow FF 3.X. I welcome these frequent changes, FF is reborn, faster, better. If only this happened before perhaps not many users would be using Chrome these days.
Firefox has support for a bunch of them and that's been steadily improving – i.e. the input type=range landed in (IIRC) FF 23.
You can see the current status for just about everything here: https://bugzilla.mozilla.org/show_bug.cgi?id=344614 As you can see from reading some of the linked tickets not all of the remaining work is trivial – there are questions about the spec, compatibility with webkit, etc:
I am curious about this change in the changelog.
"Password manager now supports script-generated password fields"
I couldn't easily find any details about. Would someone be kind enough to elaborate on what it does and where it is useful?
I'm using Archlinux and I have the H.264 GStreamer plugin installed (as well as base+bad+good+ugly codecs), but with Firefox 26 I still can't play a lot of YouTube videos when Flash is disabled, for example when I try to play Gangnam Style it tells me "The Adobe Flash Player is required for video playback".
Is that related to advertisements? Would it be possible to develop a plugin or a GreaseMonkey script that would allow to play every YouTube video in HTML5 with Firefox? If yes, does it exist?
Maybe I'm biased, but jor1k is my FF benchmark of choice these days. Sadly I'm not seeing any major performance increase over FF 25 (posting this from jor1k via links [1]).
hm, that's simple 'does this use case run 1 thing particularly well.'
EXIF rotation and ability to use gstreamer for video are massive feature improvements that may result in slower page generation, but the returns are far more significant.
not everything has to be 'better, faster, smaller' making things generally better with _no_ regressions is difficult enough.
Yeah, I phrased that poorly (was fighting with links and not thinking about my words too carefully). I didn't mean to knock the release by any means. I was only making the observation that there didn't appear to be much in the way of asm.js performance improvement this time around.
And you're absolutely right; the fact that there are additional features/improvements and I get to keep the same (awesome) performance from FF 25 is very impressive and laudable. I can enumerate several FOSS projects for which this sort of thing is an issue.
Looking at the last graph in [1] there were certain improvements in certain areas in recent months, both in Firefox and Chrome, however memory usage has been slowly but steadily increasing [2].
About gstreamer video playback: I didn't find a way to prioritize formats. Let's say some video is available in VPx (WebM) and H.264 (mp4). Firefox will pick first whatever is listed first on the page. So for me it always picks H.264 on Youtube. I prefer to use open codecs though when there is a choice, but there is no apparent way to set the priority.
Anyone with memory problem with Firefox? My FF is currently using 2G memory while I only have 13 tabs opened and most of them are just plain simple pages. I am sure it will keep sucking up memory until I do restart. This problem is not new. Is there a memory leak problem with FF?
First of all, it's hard to tell how much memory a process uses. If you're on Linux or on OS X and you're using "top", there's difficulty in interpreting the results.
For example right now my Firefox 26 with about 20 tabs is being reported by "top" as using 2190MB VIRT and ~1030MB RES. VIRT reports the total amount of memory allocated, including memory that's shared between processes, including memory-mapped files, including virtual memory, including the loaded shared libraries, or anything that takes up address space, but address space is not real, the measure is next to useless. RES is the relevant measure, which in my case reports about 1 GB, however that's a little misleading too because it also counts memory that's shared between processes, although in my case I think 1 GB is an accurate measure. And if you're using some kind of GUI that doesn't specify exactly how it calculates memory consumption, then you can't trust what it says.
Second, free memory is unused memory. Browsers are caching stuff for example. Unused caches in memory-strained systems end up being flushed to disk. The kernel is quite efficient in flushing memory pages on disk and reloading them later when needed. That's why it's very hard to tell how much memory a process needs to be usable.
If you want to claim that some application leaks memory, then you need to look at growth. And if you want to claim that it's a memory hog, then you need to take a look at how it behaves on top of memory constrained systems.
In my experience, Firefox is very memory efficient, which is why I'm using it and not Chrome. And I'm on the beta channel now, so I've been on Firefox 26 since a week ago and it's OK.
In my case, everytime I open a new tab, the mem usage goes up. But when I close a tab, it does not necessarily go down, or just goes down a little. So the overall trend is it goes up, until it can no longer function (freezed up on my old 4G computer). Then I have to kill and restart it.
I use OSX's Activity Monitor to see the mem usage.
This isn't something that happens to all users. Ever since Firefox 4, I've been able to open literally hundreds (400 to 600) tabs without suffering much of a hit at all. This is on Linux, and with several addons.
And I can confirm that if I load 6 tabs in Firefox and go to work, when I come home it will have eaten 2G of my memory, the next morning it will have eaten 5, and a couple of days later nothing on my system will run without disk thrashing because Firefox is sitting at 96% memory usage.
What platform? On XP, I leave a firefox session running for weeks and it only gets up towards 1 gigabyte (seems even less with some recent updates, but I don't keep a close eye on it).
I leave gmail and lots of other tabs open all the time.
(Mostly I suspect they are better able to find the leaks on Windows, no idea why that would be)
I have seen JS webapps that leak memory something awful. I have never encountered anything as bad as the grandparent post, but a gig or two of growth after a week of just one tab open containing one misbehaved web app is not unheard of.
If you look at about:memory, it can give you information about where the memory is going. If you file a bug on bugzilla with the [MemShrink] whiteboard, we can look into it and try to figure out what is happening.
Thanks! I have used about:memory and 'CC', 'GC', etc, but they didn't help. I will see if this is a problem with the new version. At least older versions (25 or before) all had the similar issue.
Those buttons aren't silver bullets. If you file a bug and include the contents of about:memory (use the "measure and save" button) and CC me or mccr8 there's a decent chance it'll get looked at.
There has been for a very long time. However, now after the image rendering changes in 26, I believe most of the issues now should be related to various plugins and add-ons.
The Android version has received a facelift as well, and it looks nice. However, I suppose there still isn't a way to manually pin sites to the about:home page if they do not show up there already?
Anecdata: I use FF<current> heavily on a daily basis and haven't seen any of these problems. Issues of this magnitude are "set the internet on fire" problems. If a few web searches don't turn up tons of other users having these problems then it's best to assume there are local issues that need troubleshooting. Some suggestions on that:
2. If troubleshooting via #1 doesn't help, consider using the Profile Manager[1] to create a new, blank profile and see if your problems reproduce there.
1. is really slow, especially for long documents or ones containing large images (so, e.g., for lengthy scanned documents it's frequently just unusable);
2. renders less nicely, scanned text again being particularly awful;
3. on at least one machine I have, prints documents very badly (text comes out all fuzzy, as if the anti-aliasing is messed up somehow);
4. it has no facing-pages view.
I keep using it because (a) it's the default and I'm lazy and (b) in principle I like the idea of supporting a completely free PDF viewer. But compared even with Adobe Reader (still more something like Sumatra or Foxit) the experience is grossly inferior far too often.
How would you like it improved? I rather like it as it is--I've completely stopped using Adobe Reader, in fact--but I'm curious to know what you think is missing.
> Technically maybe, but when has a native speaker ever written that?
"X is released" is the most common way I've seen native speakers write it, though there is a common trend on the internet in the last few years (which may be largely driven by non-native speakers) to reverse the usual role of subject and object of the verb "release" and say "X releases".
"X has been released" is, AFAICT, far less common than even the new "X releases" construction.
Blame Google for that one - Chrome started the crazy-fast browser version numbering that's now in vogue. Chrome went from v24 to v31 this year.
I think it's partly security-through-psychology; if Joe User's installation quickly winds up three versions behind, he'll be more motivated to update or to allow an update.
A lot of software is developed via some sort of agile software process these days. This means a new version of the software quite regularly, released on a time basis rather than a feature basis. This is what made version numbers meaningless. There are three common solutions:
time based: Ubuntu 12.04
increment the major number: Chrome 31
increment the minor number, never or rarely changing the major numbers: Linux 2.6.39
Major releases break the API, so programs that depend upon them may not work. Minor releases add or improve features while preserving existing functionality. Patches fix bugs.
This is exactly why having version numbers is important. Even if the number becomes arbitrary, it's existence is necessary to build dependency trees.
Aside: I'm not certain, but it seem as though Firefox does have a major.minor version scheme: my user-agent reads "Mozilla/5.0 ... Firefox/25.0"; Firefox 5.25 is probably the most correct.
Most, if not all releases of Firefox have minor API changes. Sometimes it's visible via HTML, sometimes they are only visible to plugins. By semantic versioning, 25.0 is the correct version.
Because the version of Firefox increments by one every 6 weeks, and whatever features are ready get included. This is a over simplification of the process. For more info you can read this: https://wiki.mozilla.org/Release_Management/Release_Process.
Because of Chrome. Until it came along version numbers meant something. Now a major version just means 6 weeks has passed since the last major version.
Firefox 4: oooh pretty UI (at least that's what most thought)
Firefox 26: sigh another one?
I think only every 10 versions should be news. Since they moved to this useless release cycle (basically replacing bugfix releases with major releases), we should shift our news upvoting from major releases to major-major releases (i.e. treat the decimal sign as if it were 2.6x instead of 26.x).
The Firefox release is on a schedule. There's a new version every 6 weeks. Whatever features are ready to go are included. Sometimes they are big features and sometimes not. This one has some pretty major changes, that's why it's news.
For me personally FF 26 adds a major feature, specifically h.264 video playback in Linux. Finally I'll stop needing Flash to view videos on Vimeo (and a few other sites).
This release cycle is great: it's not quite as fast as Chrome but it means that I can start using features for 90+% of the Firefox-using public within months of release rather than years.
Well, the version numbering system has no bearing on the frequency of updates
Still, I don't see the difference between 1.0/1.01/1.02 and 1.0/2.0/3.0 -- it's still "3 versions". I say version numbers are bullshit, codenames doubly so.. just make it the release date or build number and be done with it. Automate it, and let no human ever think about it again. It's just an identifier for a specific changelog entry after all, and has no meaning by itself.
That's why I said “release cycle” – moving from numbers to “when it's ready” was definitely the key part. The trick was breaking the tyranny of significant numbers where people would hold off until they had enough features to be worthy of a major release.
This is pretty cool