Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Firefox Mozilla Upgrades News

Mozilla Announces Long Term Support Version of Firefox 249

mvar writes "After a meeting held last Monday regarding Mozilla Firefox Extended Support Release, the new version was announced yesterday in a post on Mozilla's official blog: 'We are pleased to announce that the proposal for an Extended Support Release (ESR) of Firefox is now a plan of action. The ESR version of Firefox is for use by enterprises, public institutions, universities, and other organizations that centrally manage their Firefox deployments. Releases of the ESR will occur once a year, providing these organizations with a version of Firefox that receives security updates but does not make changes to the Web or Firefox Add-ons platform.'"
This discussion has been archived. No new comments can be posted.

Mozilla Announces Long Term Support Version of Firefox

Comments Filter:
  • Good (Score:5, Insightful)

    by Anonymous Coward on Wednesday January 11, 2012 @08:55AM (#38662638)

    This is a nice solution to the problem everyone has been complaining about.
    I really see no complaints to this move.

    (inb4 shill)

    • Re:Good (Score:5, Insightful)

      by freedumb2000 ( 966222 ) on Wednesday January 11, 2012 @09:02AM (#38662694)
      I hope they will do the same for Thunderbird.
    • Re:Good (Score:5, Insightful)

      by Hadlock ( 143607 ) on Wednesday January 11, 2012 @09:41AM (#38663058) Homepage Journal

      ESR's support is only for a year though, it seems? It might take institutions 2-3 months to decide it's worth upgrading to. A 2 year solution seems like a better, long term plan. In 2002-2009, having your web browser being a year out of date meant losing out on a lot of features and security fixes, but in the last 2 years innovations have really slowed down and I think 2 years support (as opposed to 1) would give institutions a lot more reason to stick to Firefox. Think of it - the many 4 year undergrad students (perhaps the less technically inclined student) would only have to experience one change in the web browser in their college career in school computer labs, etc. By changing this yearly, you're just adding another thing to the pile of the "annual make sure it all works together without crashing checklist".

      • Re:Good (Score:5, Insightful)

        by BZ ( 40346 ) on Wednesday January 11, 2012 @10:18AM (#38663498)

        Er... Browsers are adding security improvements and features at a much much faster rate now than in the 2002-2009 timeframe. This is true at least for Microsoft, Mozilla, and Google.

        In the specific case of Mozilla, it has about 60x more employees now than in 2002 (and 3x what it had in 2009). It would be _really_ odd if improvement rate were actually slower as a result, since the codebase was already quite mature in 2002.

        • Re:Good (Score:5, Interesting)

          by Hadlock ( 143607 ) on Wednesday January 11, 2012 @11:18AM (#38664148) Homepage Journal

          I would assume LTS would include security fixes, but would be a feature freeze with only security updates (improvements)? Did I mis-read the blurb when it said "providing these organizations with a version of Firefox that receives security updates but does not make changes to the Web or Firefox Add-ons platform"?
           
          Honestly I could care less about most new features, 99.99% of the time features add extra clutter and are better executed as plugins anyways.

          • Re: (Score:2, Insightful)

            by Anonymous Coward
            Could you care less?

            How much less could you care?

            How important is this topic to you?

            Personally I couldn't care less, even if I tried. I have no interest.
          • Re:Good (Score:4, Insightful)

            by BZ ( 40346 ) on Wednesday January 11, 2012 @11:49AM (#38664528)

            The LTS would include critical security fixes. It wouldn't include all minor security fixes or general architectural improvements that improve security-in-depth, because typically those have visible effects and the whole point of the LTS is to avoid such effects. Or put another way, "does not make changes to the Web or Firefox Add-ons platform" excludes a wide range of security improvements.

            To be more specific, fixing an exploitable crash is LTS material. Adding JIT hardening or process separation or something like HTTP Strict Transport security or UI changes to improve the ability of users to make informed security decisions are all not LTS material.

            • by Hadlock ( 143607 ) on Wednesday January 11, 2012 @01:34PM (#38665792) Homepage Journal

              You've got to draw the line somewhere though. I would be very nervous to have a bunch of untested updates running around on my network, especially if my job/performance review/bonus depended on the quality of someone elses' untested code.
               
              I'm not especially keen to answer my boss about a security exploit in a new feature that ruined the company by saying "yeah we just let it update itself, i don't really get involved in all that. it seems to work ok most of the time, I'm sure we'll catch it in time NEXT time". At least in the real world if something happens you can fall back on "we're using the secure version that we've tested against known exploits; this new exploit was out of our hands. Since we're familiar with the software we have, we were able to reduce the damage by X".

              • by BZ ( 40346 ) on Wednesday January 11, 2012 @01:55PM (#38666050)

                Oh, I understand perfectly why a managed deployment environment might want an LTS release, both to ease deployment and for the practical "well, we tested it against the things we knew about" bit.

                My point was that not updating your browser for 2 years right now will leave you with a browser that's considered hopelessly insecure by the standards of the day (not preventing entire new classes of attacks, etc), even if you patch actual exploitable security holes that come up.

      • by pavon ( 30274 )

        It might take institutions 2-3 months to decide it's worth upgrading to.

        They will continue to offer security patches for the old ESR 3 months after the new ESR is released. That is enough time to test and deploy the release. It isn't enough time to wait for third party web apps to fix their shit, but based on how long it took them to fix their IE6-dependent shit, no length of support will be long enough for them.

        Think of it - the many 4 year undergrad students (perhaps the less technically inclined student) would only have to experience one change in the web browser in their college career in school computer labs, etc.

        Actually more than half of students are running chrome or firefox, and upgrading frequently, even the less technically inclined.

        By changing this yearly, you're just adding another thing to the pile of the "annual make sure it all works together without crashing checklist".

        All the universities I have attended hav

      • Agreed

        According to the actual proposal they plan to support them for 54 weeks with an overlap of 12 weeks.

        That is very little overlap between releases in which to plan your upgrade policy and since the changes won't come at any particular time of year it will be difficult to tie it in with other upgrades.

      • by Kjella ( 173770 )

        It might take institutions 2-3 months to decide it's worth upgrading to.

        2-3 months? Try 2-3 years, if you let them. I remember back in 2009, when there was a huge campaign to kill IE6 here in Norway, like a majority of the news sites in the country including all the top ones, government sites, our version of eBay and such had banners saying you're using an outdated browser, upgrade now. It just became one big flash mob, it even hit slashdot [slashdot.org]. Now IE7 was released in 2006 so this had been coming for years. But at a client of mine I talked to a guy in IT and he was embarrassed to

    • Enterprise customers who aren't ACs may think differently as later posts indicate....

  • by americamatrix ( 658742 ) on Wednesday January 11, 2012 @08:57AM (#38662652) Homepage
    This will be good news for Enterprises that want(ed) to deploy Firefox but didn't because of Mozilla's release schedule.

    Now if there was only a way to control/deploy this through group policy, then Firefox in the Enterprise will really take off.


    -th3r3isnospoon
    • by grahamlee ( 522375 ) <graham.iamleeg@com> on Wednesday January 11, 2012 @09:09AM (#38662772) Homepage Journal
      Then, at some point in the future, Mozilla will run a campaign explaining that 10% of the interwebs is on Firefox 11 ESR, but there have been loads of new features and enhancements since then so we should all tell people to upgrade to Firefox 17. Friends don't let friends use IE 6^W^WFF 11.
      • by Luckyo ( 1726890 ) on Wednesday January 11, 2012 @09:32AM (#38662958)

        Not only this, but mozilla officially stated in their blog that they will actively work to prevent people from getting ESR version, so only the corporations have access to it "because it shouldn't be the fix for add-on breaking problem".

        Basically, "you will have the problems we shove down your throats and you will like them", once again.

        • by deadsquid ( 535515 ) <(asx) (at) (deadsquid.com)> on Wednesday January 11, 2012 @09:48AM (#38663154) Homepage
          It actually says "The ESR is specifically targeted at groups looking to deploy it within a managed environment. It is not intended for use by individuals, nor as a method to mitigate compatibility issues with addons or other software. Mozilla will strongly discourage public (re)distribution of Mozilla-branded versions of the ESR." Mozilla software will remain freely available. The ESR is not targeted at individuals, and the changes to addon compatibility (compatible by default) and updates (silent/background) in the next 18 weeks will hopefully address a lot of the issues people have with the regular release. In the end, it's up to the individual to choose, but the installers will be available to download if you really want them.
        • by owlnation ( 858981 ) on Wednesday January 11, 2012 @10:26AM (#38663592)
          Absolutely correct. However, I wonder why Mozilla is trying to prevent the ESR version from having widespread access.

          There's no commercial gain in so doing, it's built anyway -- so people may as well use it, it won't affect support particularly -- just move questions perhaps. So where is the harm in giving people freedom of choice? Is freedom of choice not intrinsic in the philosophy of open source software?

          I suspect the only reason for limiting the ESR version is vanity and arrogance. FF's arrogant developers know fine well that the ESR version would quickly become the default version of FF out there. It is exactly what everyone wants, a stable version of the software without new, worthless, feature-bloat ever two weeks.

          FF developers, why not just have balls to admit you fucked up? Give people a free choice between ESR or the rapid-deployment constant-flux FF versions. See which people prefer -- and then run with that, and concentrate more on that version.

          Really, what is the fucking point on forcing your idiotic ideas on users who really want something else? That's why you are too cowardly to make ESR freely available. And we know it.
          • by jdgeorge ( 18767 ) on Wednesday January 11, 2012 @11:10AM (#38664068)

            The reason for limiting the ESR version as much as they propose is almost certainly resource (people) limitations.

            By the way, insults to the actual developers who work on code for software that you evidently like (or presumably you just wouldn't care about this issue), only discourage those developers from being interested in your opinion.

            • Comment removed based on user account deletion
              • by bendodge ( 998616 ) <bendodge@@@bsgprogrammers...com> on Wednesday January 11, 2012 @01:08PM (#38665524) Homepage Journal

                a chrome ripoff

                That. I wish I could buy a billboard in front of wherever Mozilla's people work and put up:

                If we wanted Chrome, we'd use Chrome. Bring back Firefox.
                Sincerely,
                Everyone who used Firefox before the versions numbers went haywire

                in MASSIVE text as a daily reminder of the old glory days.

                Seriously, I shouldn't have to rearrange and twiddle with everything to get Firefox as much like 3.6 as possible every time I install it. What true UI improvements have we had since then? I can think of two: tabs that don't resize while I'm hovering on them, and tab groups. Why was the rest of it randomized?

                Also, what's with the stupid launch defaults? I close Firefox when I want a clean slate, not a glorified minimize. "Restore my windows and tabs from last time" is antithetical to the whole idea of closing all the tabs! Can you imagine if Windows restored all your programs and junk from last time? People would come unglued.

                Also, we live in an age of large LCD displays. I can spare a few pixels of screen space to keep the bookmarks and buttons I use all day long visible instead of burying them somewhere underneath gloss and shiny.

                One last gripe: Tools > Add-ons should take me to Extensions, not the "Wonderful World of Stuff You Could Bloat Your Firefox With." I go to Add-ons to remove extensions other programs installed without asking far more often than I feel the urge to add bloviated toolbars. Speaking of which, can we finally make Firefox ask before allowing programs (like nearly every AV, Skype, whatever) to hang their useless (or worse, Google-search-invading) lampshade in Extensions?

                • Re: (Score:3, Informative)

                  by dbug78 ( 151961 )

                  Also, what's with the stupid launch defaults? I close Firefox when I want a clean slate, not a glorified minimize. "Restore my windows and tabs from last time" is antithetical to the whole idea of closing all the tabs!

                  I've just spent 5 hours experimenting with customizing the installer for a company deployment and so I've repeatedly uninstalled and reinstalled Firefox, deleting %appdata%\Mozilla each time. Every time I started it up, it would open about:home and nothing else. It puts a button at the bottom of that screen to restore your last session, but that's it.

                  Also, we live in an age of large LCD displays. I can spare a few pixels of screen space to keep the bookmarks and buttons I use all day long visible instead of burying them somewhere underneath gloss and shiny.

                  The bookmarks toolbar? Click the Bookmarks button and check View Bookmarks Toolbar. In the time you took to whine about it, you could have turned it on and off

            • The reason for limiting the ESR version as much as they propose is almost certainly resource (people) limitations.

              That makes absolutely no sense. Are you seriously suggesting the readiness of the software will depend on limiting how many people use it?

              Either the software is usable or it's not. The code has no way of knowing how many people are using it.

              • Moz' approach to product improvement is like clearing a minefield. Not by careful detection and painstaking removal. By herding livestock through the field.

                Giving sheep the option of staying in fields which have already been cleared of mines is counterproductive.

            • The problem with it is that it has little to do with the actual programmers and everything to do with the dumbasses that are running the project. The changes seems to be having adverse effects and rather than recognizing it and doing something about it, they're continue to chase version numbers without understanding why they're getting blowback.

      • by pla ( 258480 )
        Friends don't let friends use IE 6^W^WFF 11.

        Out of curiosity, on what bizarre system do you have ETB mapped to the BS/DEL-like action?
    • by acoustix ( 123925 ) on Wednesday January 11, 2012 @09:13AM (#38662810)

      FrontMotion Firefox Community Edition [frontmotion.com] has a MSI version that can be pushed out via GPO and also has adm/admx templates available.

    • by SteelZ ( 1828180 ) on Wednesday January 11, 2012 @09:17AM (#38662836)

      Now if there was only a way to control/deploy this through group policy, then Firefox in the Enterprise will really take off.

      Run "Firefox Setup.exe -ms" to do a silent install or if you must have a .msi, download it from these guys [frontmotion.com]

    • by Hatta ( 162192 )

      This will be good news for everyone who just wants to browse the web and doesn't need their browser to change every other week. In other words, just about everyone. I expect most users will be on ESR before long.

      • by BZ ( 40346 )

        This would be somewhat bad, because the ESR will almost certainly be less secure than regular releases. It'll get fixes for critical security bugs, but will _not_ get architecture changes designed to improve security in depth, pretty much by definition.

      • by DrXym ( 126579 )
        It'll still change every other week if there are bugs or security issues that warrant an update.
    • by deniable ( 76198 )
      Only a year? No thanks.Even Ubuntu gives two years for LTS. Add me as a second for FrontMotion.
      • by Lennie ( 16154 )

        Even Microsoft said they will create a new version of IE every year soon.

        • by deniable ( 76198 )
          They still support their old versions. Making new ones isn't the problem. Dropping the old ones that mission critical apps depend on is the problem.
          • No, the problem is developing mission critical apps tied to a single Firefox version (or to Firefox, period). Supporting older FF versions is just putting make-up on the pig.

    • Depends on when they are releasing the LTS versions. After all, it doesn't do me a whole lot of good if it comes in middle of the semester - and I agree with other posters, 2 or 3 years might be nice to have. Oh well, at least Firefox is easy to sequence for App-V.
  • Who is paying? (Score:2, Insightful)

    by G3ckoG33k ( 647276 )

    Who is paying for Mozilla products?

    Do they have any paying customers in Europe or Asia?

    • by meow27 ( 1526173 )
      Mozilla needs a high market share in order to convince search engines to give it a better contract.

      meaning Mozilla will try to get a larger userbase for firefox, so that the next round it needs more money, It can ask for more money from bing/google/yahoo or whoever is willing to pay for the defualt browser spot for firefox.

      so do they have paying customors outside north america? no, it doesn't matter, its the market firefox is trying to expand into to get money later
  • ESR? (Score:5, Funny)

    by Anonymous Coward on Wednesday January 11, 2012 @09:07AM (#38662742)

    I'm going to keep reading this as the Eric S. Raymond release.

  • Not long enough (Score:2, Interesting)

    by MetalliQaZ ( 539913 )

    Once per year is still too quick, IMHO. In my experience, 2-4 years (or more!) would better fit enterprise expectations.

    • by deniable ( 76198 )
      As long as managers make developers do stupid things with browser interfaces a year is going to be way too short.
    • by Lennie ( 16154 )

      Microsoft said they will also move to one release per year.

      • by deniable ( 76198 )
        And those will be for Windows 8. A lot of shops are still rolling out 7. IE 8/9 will be supported for quite a while. XP won't drop out of support for another couple of years so IE 6/7/8 will still need to be supported.
    • "Once per year is still too quick, IMHO. In my experience, 2-4 years (or more!) would better fit enterprise expectations."

      It's a gesture to quiet grumbling on sites like this. It's obviously not intended to work.

    • by plover ( 150551 ) *

      The real problem is the dependency management the customers have to do.

      A longer release cycle will provide organizations more time to build up dependencies on the existing software. If support increases from 1 year to 2 years, that means organizations will build up two years worth of problems. When they finally are forced to upgrade, it will be more than twice as painful.

      For example, let's assume that an average of three packages need to be upgraded for each year that passes. If they sat on the same rele

  • Did they fire Asa? (Score:5, Insightful)

    by xenoc_1 ( 140817 ) on Wednesday January 11, 2012 @09:18AM (#38662840)

    This is still reactive damage control to foolish arrogance by Asa "we don't give a crap about enterprises" Dotzler.
    That's what you get why you hire a fanboy to become the voice of your company.

    • by Rogerborg ( 306625 ) on Wednesday January 11, 2012 @09:24AM (#38662890) Homepage
      Sadly no, the ADHD Kid is still jumping up and down and shrieking about how great it is that there are (at least) 4 major versions currently on the go. I only wish I were joking about that.
    • This is still reactive damage control to foolish arrogance by Asa "we don't give a crap about enterprises" Dotzler. That's what you get why you hire a fanboy to become the voice of your company.

      Indeed. Let me provide a link [zdnet.co.uk] to go with your insight.

      By the way is the about box still showing the version number [mozillazine.org]?, I'm still on 3.6.

      • by Tridus ( 79566 )

        Yes it is. It also still falsely tells you it's up to date if it can't check: https://bugzilla.mozilla.org/show_bug.cgi?id=679742 [mozilla.org]

  • by linebackn ( 131821 ) on Wednesday January 11, 2012 @09:27AM (#38662922)

    I just hope they are actually serious about this extended support version. Their other "enterprise" efforts in the past have mostly just been talk.

    And then there is still the problem that even if you, the company, are now on the new long term supported version, the beta testers^h^h^h^h^h^h^h^h^h^h^h^h general public will be on newer versions that potentially may do things differently. If your corporate application is also public facing then you still have a problem.

    Personally I would encourage regular users to stick with the long term supported version as well.

    • by BZ ( 40346 ) on Wednesday January 11, 2012 @10:34AM (#38663670)

      Then you would be hurting those regular users, since the ESR will almost certainly be less secure than the regular version; the longer into its year of life you get the more this will be true.

  • Don't get me wrong, love Firefox for smaller sites but the lack of Mozilla handled Group Policy integration (I know there's an add-on somewhere) makes it a no no for me in my larger environments. Perhaps the use of ESR will force the change when they realize more enterprise environments begin to use Firefox.
  • As important as the release schedule is, another important factor for Enterprise users is the time it takes to test new releases against all their standard environments and internal apps: if each ESR is only supported its year plans a couple of month this will still deter enterprise use.

    I would suggest that 30 months be the minimum support window: two full years since release plus some overlap time between release N being available and version N-2 dropping off security patch support. Like to Ubuntu's LTS
  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Wednesday January 11, 2012 @10:40AM (#38663724)
    Comment removed based on user account deletion
    • You'll be happy to hear that Asa isn't the only decision maker at Mozilla, nor is his opinion held at any higher esteem than anyone else's there. Nice troll, though.
  • "It'll never happen again. You know I love you baby. Just come back home to me. I won't beat you that badly ever again."

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...