Firefox 26 Arrives With Click-To-Play For Java Plugins 208
An anonymous reader writes "Mozilla today officially launched Firefox 26 for Windows, Mac, Linux, and Android. Additions include Click-to-Play turned on by default for all Java plugins, more seamless updates on Windows, and a new Home design for Android. Firefox 26 has been released over on Firefox.com and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Release notes are here: desktop and mobile."
Plug-ins (Score:4, Interesting)
Re:Plug-ins (Score:5, Funny)
Depends.
A third-party web application our company uses encountered Javascript problems in Firefox 24. Waiting for five minutes until Firefox 25 showed up fixed the problem again.
Re: (Score:2)
A third-party web application our company uses encountered Javascript problems in Firefox 24. Waiting for five minutes until Firefox 25 showed up fixed the problem again.
That's reality. I had to post this [sitetruth.net] for one of my Firefox add-ons:
"Due to Firefox Bug 886329, "drop-down list in Jetpack add-on breaks entire UI", the preferences menu in Ad Limiter is not working in Firefox version 23 only. It worked in Firefox 22, and is fixed in Firefox 24, which is now available. We suggest not using Firefox 23."
Re: Firefox ESR (Score:3, Interesting)
Google it!
I am at version 17 with the latest security fixes and it will updated to 24 next week:)
Next version is a year away with continual security. Addon work now and what Mozilla should have done back in 2011
Re: (Score:2)
Ok, so it's highly likely this will be followed by a wooshing sound...
I'm all for fast upgrades, personally, but to Fluffy's point, it's not the straight line average clear back to Firebird 1.0 that's important, but the rate of change right now. Unless you'd like to argue that the rate of update release has not increased?
Moreover, comparing to a different software package (even another browser) is problematic because it depends on what the design team calls an update.
Re: (Score:2)
Electrolysis (Score:4, Interesting)
WTF is it with the Gecko engine and "senior moments"?
That's caused by the lack of a multi-process model in Firefox. Mozilla is working on it under the codename Electrolysis (e10s) [mozilla.org]. It's still incomplete, but you can try it out by opening about:config, turning on browser.tabs.remote, and restarting Firefox. One drawback is that click-to-play is broken, as are "many plugins".
Re:Plug-ins (Score:5, Insightful)
Nice try, but do it again starting at Firefox 4. That was released in March of 2011, and now we're up to 26. That's 22 versions in 2 years and 9 months, or 8 a year.
Re: (Score:2, Insightful)
Yes, yes, we know, they incremented the first number instead of the second number, so you have Firefox 26 instead of Firefox 4.22, and you're willing to whine endlessly about this point.
Nobody else cares. Nobody. Stop shitposting in every Firefox article about the damned version number.
Re:Plug-ins (Score:5, Insightful)
It's true. The overall rate at which Firefox adds features is not really much different than in the past. The difference is that they trickle the features out every 6 weeks instead of a big dump once a year. That's just fine with me, as plugins rarely break anymore and overall stability and speed is much better than Firefox 4.0 and older. Yes, I said that and believe it to be true.
Re: (Score:2)
Which I calculate as 29% more boneheaded than Chrome.
Re: (Score:2)
But they completely reinvent how we access the web every 6 weeks or so. I mean can't you feel the innovation when you go to /. er, never mind.
Since rapid releases I'm yet to see a feature that I really wanted. There might be one but I can't think of it. I have however had things break. I have ad block software and popups disabled and for whatever reason I get popups all the time. I get popups at sites that never used to give popups when I lived dangerously a few years ago and didn't block them at all (might
Re: (Score:2)
Bigger is better.
It's clearly five better.
Re: (Score:2)
Re: (Score:2)
Javascript is the new plugin hell (Score:2)
I'd rather see "click-to-pay" the default for javascript.
It's been many years since I've been annoyed by an irritating java applet, and there a few I find useful.
But ugh - so much javascript, and so many sites that practically require it.
Re: (Score:2)
Ya, almost no one has a basic HTML web site anymore, they're all applications now. Turn off javascript and just about everything breaks in some way, with maybe half being unusable or displaying no information at all. No one cares about portability of web sites anymore, their goal is to serve up advertisements and collect user tracking information. And don't be fooled into thinking the people writing these web sites are all experts in creating efficiently coded Javascript applets, most of them are buggy a
Re: (Score:3)
C'mon, realistically, there is a rate of releases that's too slow, (critical bugs and security holes never get fixed) and a rate of releases that's too fast (add-ons can't keep up). I don't have an opinion on where the sweet spot might be, but I think it's a valid discussion.
Re: (Score:3)
Or one could fix bugs and security issues whilst not introducing/removing/changing major features and breaking compatibility. You know, like what we had before with fractional version numbers.
Re: (Score:2)
's a good point, although I can see the value in introducing new functionality quickly, especially support for new standards and codecs.
Re: (Score:2)
So are you saying that new functionality breaks the extension API every time? 'Cause if it doesn't, then even new functionality can be a minor version number.
Re:Unintended consequences (Score:4, Informative)
The support for the new stuff is being demanded by web site builders but not by the actual end users. The web site makers want to promote their world view of browser-as-app-framework and if that means dragging the customers dragging and screaming so be it. Ie, Mozilla wants HTML5 to be adopted as fast as possible, thus it cares more about advertisers than users.
Re: (Score:2)
The one possible exception might be the users of mobile devices for which any web site that uses flash (still a whole lot of 'em) doesn't work. (I know, sometimes you can make it work on some devices, but mom and pop won't be able to figure it out.) I personally am not a tablet user, but I support them, and the inability to use flash is probably users' number one complaint. They may not know that's the problem, to them the website doesn't work. This is probably the primary killer of the tablet experienc
Comment removed (Score:5, Informative)
Re: (Score:2)
But whose fault is that? Put the blame where it lies, Steve jobs trying to push his appstore crapstore lock in. I have flash on my fricking THREE YEAR OLD single core cellphone and ya know what? plays great. try HTML V5 with H.264 on anything less than a dual core and see what you get,even with hardware acceleration its a fricking pig.
So call a spade a spade, the killing of flash on mobile didn't have a damned thing to do with compatibility, or battery life, it had to do with Steve jobs making damned sure you weren't getting shit on that iPad without giving him 30%.
I agree with all of that, and for a long while it was the primary reason I recommended Android devices rather than the ipad. Because lots of websites don't work on the ipad. It was a compelling argument.
But then, Adobe for whatever frakking reason decided to cease support of flash on Android, and new Android devices started shipping without flash. My wife was really pissed when she got her Kindle HD and it wouldn't play video on any of her favorite sites. She nearly returned the device. (I think she sh
Re: (Score:2)
Re: (Score:2)
Oh, *I* can hack it. I've got the last supported version of Flash up in the Dolphin browser on my device. But the install process is not something you can expect Fred and Ethyl Mertz to do. To them, it just doesn't work. Still. And personally, I'm unwilling to hack a solution on a client's or family member's device, try to explain how to use it and then support it afterwards. That seems to be a good way to get buried in a bunch of hacks you'll have to support forever.
Re: (Score:2)
Not to mention that even if you can hack it should you have to? Flash has been around a long time and is used widely. Someone bringing a device to market should support it period. You've paid your money for a cool device that does what it advertises it does (and they generally don't advertise disclaimers like "you tube will not work, CNN views will not open" etc) not for a hobby/side job figuring out their software/hardware glitches for them.
Re: (Score:2)
You give the perfect example of what's wrong. You are implying that you care more about the inconvenience of having to develop a site that can work on an older browser than about the the customer
It's not like we're talking about something ancient like IE6 full of major security holes, IE8 is still only 5 years old and still supported. In fact the main reasons I see http://theie8countdown.com/ [theie8countdown.com] for upgrading is not due to security but because it "hampers the development of the web". Again that reinforces m
Re: (Score:2)
C'mon, realistically, there is a rate of releases that's too slow, (critical bugs and security holes never get fixed) and a rate of releases that's too fast (add-ons can't keep up). I don't have an opinion on where the sweet spot might be, but I think it's a valid discussion.
Well, if your plugin is anything like mine, then you can simply us a profile to discover exactly what the sweet spot is between releasing too quickly and not filling holes fast enough by loading up a network where an ex posts. Of course, if binary incompatibilities arise the release cycle may be exaggerated -- which is usually the case otherwise they wouldn't be exes.
Re: (Score:3)
You can have critical bug and security fixes done without creating a new major release number, and those critical bug fixes can be introduced without requiring the user to receive irrelevant UI or usage changes at the same time. Firefox managed this for a very long time just fine up through version 4.
"Click-to-pay"... (Score:5, Funny)
...was the first thing I saw. Talk about a panic attack!
Re:"Click-to-pay"... (Score:5, Funny)
Same here. I made some popcorn before opening the comments.
Re: (Score:2)
It's better than auto-pay.
Re: (Score:2)
Well, since Oracle is appealing on the API copyright issue, it may eventually come to that.
great... (Score:5, Informative)
In the mean time they have made it substantially more difficult to configure the rejection of cookies.
Jesus... I'm actually thinking IE is better at this point.
Re:great... (Score:5, Interesting)
Are you using CookieMonster? It's much better than any stock cookie controller that I've seen.
Re: (Score:2)
No. I will check it out. Thanks!
I second this... (Score:2)
Re: (Score:2)
CookieMonster is almost perfect, the only thing I miss is retroactively accepting cookies that were marked as session-only by my default policy. I guess this would need to store the original expiration date in the cookie itself, which at that point is overwritten by "till the session ends".
Re:great... (Score:5, Interesting)
If you care about cookies, use an addon/extension that gives you a better interface, and finer control, than the built in systems. I use CookieMonster (set to deny all cookies by default), but there are others.
CookieMonster allows you to set per website permissions, both temporary (until you close the browser, and then permissions revert to deny), per session (deletes every time you close your browser), and ordinary (hangs around until they expire). You can also set third party cookie controls.
What makes Firefox great is the addon/extension ecosystem. If you're not going to use it, why even use Firefox? (OK, it's less evil.)
Re:great... (Score:5, Informative)
When you close a tab, the cookies created by that tab are removed. You can whitelist domains to prevent their cookies from being deleted.
This way, sites see cookies as being enabled, but can't track you after you close the tab.
https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
Re: (Score:2)
In the mean time they have made it substantially more difficult to configure the rejection of cookies.
Their intention is to outsource fine-grain cookie control to extensions. I think it is a good idea, but only half-baked. I would like to see them come up with a list of recommended privacy extensions (including cookie handlers), a sort of "Mozilla Recommended" list to make it easier for newbies who care about privacy but don't know enough to necessarily ask the right questions.
Re:great... (Score:4, Informative)
Try out Self-destructing Cookies. It allows cookies to be set, but once you close the tab they are deleted, or deleted on a timer, or both. You can whitelist sites with a toolbar button. Then set Firefox to always reject 3rd party cookies and you're safe as far as cookies go.
Re: (Score:2)
In the mean time they have made it substantially more difficult to configure the rejection of cookies.
Jesus... I'm actually thinking IE is better at this point.
Pay no attention to Firefox's built-in cookie-handling interface; it's designed for Joe Kegger — not computer nerds and/or privacy control-freaks. Get whatever cookie-handling plugin(s) that'll give you the level of control you need.
I use CookieSafe v3.0.5*, which I have set to block by default, and then "allow" and "allow for session" sites I want to white-list. Also provided: "allow temporarily" (for current session, then block), which is handy for determining if a site requires cookies to function,
Re: (Score:2)
Re: (Score:2)
No. It is called "what features are really important to me."
Re: (Score:2)
Don't tell that to some of the people on here who will immediately whine, "But this version fixes bugs and closes vulnerabilities. Don't you think about the children?"
It's the same thing with XP. It's a great OS which satisfies the needs of 80% of the users on the planet, yet people will whine about them not jumping all over W7.
Just because something's new doesn't make it better.
Re: (Score:2)
Don't tell that to some of the people on here who will immediately whine,
And don't tell that to folks like Yahoo. They've been bugging me for months to upgrade to a Firefox that is optimized for Yahoo (not a Firefox that Yahoo has been optimized to work with), and to select a theme, every time I go to Yahoo mail.
Today a user told me that the usual "continue anyway" link was no longer working. So Yahoo demands upgrades...
Just because something's new doesn't make it better.
And quite often the 'new' is significantly worse. Like 'neo'.
Re: (Score:2)
Re: (Score:2)
Here here!
I'm still on IE 6... waiting for them to get the bugs worked out of this newfangled Internet before I upgrade.
Re: (Score:2)
I just love how you're implying that IE is an OS...
Java should just die (Score:4, Insightful)
This is 2013 and I'm really tired of having my browser freeze for 2 seconds with a grey box every time a Java app has to load. With the latest JavaScript features there's no reason to be using Java in web pages anymore.
Re: (Score:2)
Maybe you need a faster disk?
Re: (Score:2)
With the latest JavaScript features there's no reason to be using Java in web pages anymore.
If your combination of GPU and Java plug-in supports OpenGL, but your combination of GPU and web browser gives only "Hmm. While your browser seems to support WebGL, it is disabled or unavailable. If possible, please ensure that you are running the latest drivers for your video card." [webgl.org] with your operating system's latest drivers, then Java beats JavaScript.
Re: (Score:2)
Even if JavaScript now had an API for accessing folders on a user system/executing programs which I am quite sure it does not it would not work with half the systems I have to support.
<input type="file">
Re: (Score:2)
That selects a file, not a folder. I've been in the GP's position before - you have to use Java at best, ActiveX at worst.
Re: (Score:2)
Re: (Score:2)
Not an option for those users...part of the reason I'm glad I don't do dev work anymore.
my dream browser (Score:2)
- render text
- render static images
- block ads
My dream browser would NOT:
- play sounds
- play movies
- animate anything
- open up additional windows
- support java/javascript/whatever code
- support cookies
- store any information
Oh well, I guess it will never happen.
Re:my dream browser (Score:5, Interesting)
- support java/javascript/whatever code.
As someone that runs NoScript, almost all of the websites on the modern Internet just don't work without JavaScript. They aren't even written to fail gracefully if JavaScript support isn't detected.
Re: (Score:3)
If you're just reading an article, the body text is usually still legible. That's all I need, usually. I ignore the site's protestations that it's intended to work only with javascript.
Re:my dream browser (Score:5, Insightful)
Re:my dream browser (Score:4)
My favorite are the ones that loads and displays all the content, and then after about a second second blanks the page and pops up a dialog about how my browser doesn't support javascript and this page absolutely needs javascript to function...
Re: (Score:2)
Re: (Score:2)
That's what happens when you have the perfect trifecta of greedy companies, lazy developers, and uneducated users. It's kind like the U.S. government right now.
Re: (Score:2)
Generally for a reputable site I don't see a problem letting the site domain itself run. JS infection payload is far more likely to come from the ad network.
Re: (Score:2, Insightful)
The rest of us who use web browsers to watch youtube videos, do any online shopping, or online banking will need something from this century. You can get along just fine with lynx.
Re: (Score:2)
> I can tell from your requirements that you really don't do anything useful with your browser except read news websites.
But seriously, what's wrong with using a browser primarily to read news websites? How many cat videos can you watch anyway?
Re: (Score:2)
Besides YouTube, is there any ability that javascript and cookies give for your other purposes that SSL and regular plain old HTML doesn't?
And I gotta say, watching YouTube is a much poorer activity than reading news websites. Sorry, I remember when I was able to download the embedded videos I wanted to watch, and watch it on the player of my choice.
Re: (Score:2)
Besides YouTube, is there any ability that javascript and cookies give for your other purposes that SSL and regular plain old HTML doesn't?
Cookies lets you stay logged in without having to reenter your name and password on every page and add items to your own shopping cart. JavaScript lets you expand and collapse comment trees without having to reload all the tens or hundreds of kilobytes of comments already on the page.
Re: (Score:2)
So, you don't do anything useful either then?
For most web-sites, I'm willing to interact with them at a level of Lynx. For some of them I'm willing to grant permissions for some of this stuff (all of the blockers allow site based permissions). For ma
Re:my dream browser (Score:5, Interesting)
My dream browser would:
- render text
- render static images
- block ads
My dream browser would NOT:
- play sounds
- play movies
- animate anything
- open up additional windows
- support java/javascript/whatever code
- support cookies
- store any information
Oh well, I guess it will never happen.
Oh, I think you really ought to actually configure Firefox this way and try it out.
Set all plugins to never activate in Tools > Add Ons
Set "Accept cookies" to never, and clear all offline data under Advanced.
Go into about:config and turn off audio and video, set cookies to never in preferences
Install Adblock and Noscript. (You could turn off javascript for reals, but that would prevent Adblock from working. Noscript can do muc the same thing if configured right..)
Try it. Try to get through one day on the real web with your browser set up this way.
You'd need a fantasy dream Internet to make your dream browser work.
Re: (Score:2)
So, basically, what you're looking for is Lynx with images. Interesting idea. I bet it'd render really fast.
Re: (Score:2)
I actually have Iceweasel and Chromium configured to run that way on an old laptop with 256MB of RAM. It's still slow anyway.
Links2, by the way, is entirely incapable of rendering modern websites in a readable way.
Re: (Score:3)
So, basically, what you're looking for is Lynx with images. Interesting idea. I bet it'd render really fast.
In other words, Dillo [wikipedia.org] combined with using a host file to block ads.
Re: (Score:2)
There are early versions of Mosaic if that's what you want.
The problem with modern browsers isn't because they do all that stuff, but because they do that stuff without you knowing about it or even controlling it. Anything relying on plugins can be set to Click-to-play (or via exception), popups can be blocked through similar tactics, and cookies/local store use can be identified through a simple icon or status bar message.
Re: (Score:2)
My dream browser would:
- block ads
Sites that depend on advertisement revenue would block your dream browser. Enjoy your paywall.
My dream browser would NOT:
- play sounds
Starting from the web site of a band, how would you listen to the music that the band is offering to stream to you?
My dream browser would NOT:
- play movies
Starting from the web site of a short film producer, how would you watch the video that the short film producer is offering to stream to you?
My dream browser would NOT:
- support java/javascript/whatever code
If you have a web page with 100 kB of comments, and you click the button below a comment to view replies to that comment, do you really think it's efficient for t
Re: (Score:2)
Re: (Score:2)
You know not every site requires you to log in? Of course you do, AC.
Cookies vs. basic auth (Score:2)
TLS 1.1 and 1.2 (Score:3, Interesting)
TLS 1.1 was supposed to be released with this version by it had to backed out because there were some compatibility issues with a small number of sites:
https://bugzilla.mozilla.org/show_bug.cgi?id=733647
The code is still in there, you just have to enable it manually via about:prefs: security.tls.version.max=2
TLS 1.2 is also present:
https://bugzilla.mozilla.org/show_bug.cgi?id=861266
Just set security.tls.version.max=3.
Not sure if they're shooting for release 27 or 28. By default only TLS 1.0 is negotiated.
Download Window Completely Removed? (Score:5, Interesting)
Re:Download Window Completely Removed? (Score:5, Interesting)
I suspect that as apps are rewritten to improve support for "Metro" interfaces, most windowed dialogues will be phased out.
Re: (Score:2)
Ah. So he's looking for the download tab?
Re: (Score:2)
It is still working for me. CTRL+J?
Or, click on the download arrow, and click "show all downloads."
This is on Windows, Firefox 26.
Re: (Score:2)
I see what you mean. Though, this is the "Library" window, with the "downloads" section selected.
It basically achieves what I had before, although it doesn't have the pop-up functionality (which I had previously turned off--probably why I never noticed the difference).
What about memory use? (Score:2)
Re: (Score:2)
Except maybe for Links/Lynx, what browser uses that little amount of memory. Firefox has been doing quite well in the more recent versions, it uses less memory than MSIE and Chrome. (No idea about the others).
Most sites are simply becoming annoying resource hogs with memory leaking javascript all over the place. Gmail has gone to almost unusable on my netbook within 2 years. Even Eclipse performs better than Gmail.
272 MB here (Score:2)
Stupid decision (Score:2)
All of Firefox's plugins have security problems. Requiring click-to-play only for Java while ignoring all other plugins comes off as biased.
This is an improvement (Score:2)
A while ago they were blocking Java outright. Click to play is a great compromise: it's much harder for an attacker to get the user to click on something than to simply load something in the background. It's also much easier for users to log into their bank or view scientific illustrations in Java (possibly other things too:).
Java has been slow at patching bugs, so I understand why they're getting the stick harder than flash. And their installer is insane, you have to install the 32 bit java to make it work
Re: (Score:2, Informative)
NOW... Make flash click to play as well!
Flashblock extension does this to Flash. You can also white list sites you want to automatically run Flash (Youtube for example).
Re: (Score:2)
Firefox supports click-to-play for Flash since...I don't know, but feels like a long time ago, at least 6 months. One of my favorite things really, so convenient.
Re: (Score:2)
Re:A good start.. (Score:4, Informative)
We studied doing this for Flash as well. Check out the user research study [mozilla.org]. We determined that the vast majority of users would merely be annoyed by making Flash click-to-play, and we wouldn't actually be improving security or performance for most users.
As noted in other comments here, you can mark Flash as click-to-activate yourself in the Firefox addons manager, or get more fine-grained control over which Flash actually runs by installing an addon like Adblock.
Our long-term strategy [mozilla.org] is to make it so that nobody needs to use plugins by adding new web APIs; to reimplement content like PDF and Flash in JS so that we can have control over the performance; and to use the mobile web as leverage to get new sites to use native HTML APIs like <video> to wean the world off of plugins.
Re: (Score:3)
DRM, WebGL, asm.js, iOS, and folders (Score:2)
Our long-term strategy is to make it so that nobody needs to use plugins by adding new web APIs
The illustration on the page you linked uses Silverlight as an example. Netflix uses Silverlight so that it can wrap rented videos in Microsoft's PlayReady digital restrictions management, and lack of PlayReady is why it doesn't work in Moonlight. Video on demand providers use digital restrictions management in the first place to deter users from in effect teeing [ed.ac.uk] a rented video into an encoder and keeping it past the rental period. How would VOD work on a browser distributed as free software without any pr
Re:Awaaaaaaay we goooooo! (Score:4, Funny)
In the time that you posted that comment, Firefox versions 38, 39, 40, 41, 42, 43, and 44 were released.
Re: (Score:2)
Congratulations?
Personally I'd bet these things are the new numbers station [wikipedia.org].