Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Firefox Mozilla Open Source Software Yahoo!

Firefox 34 Arrives With Video Chat, Yahoo Search As Default 237

An anonymous reader writes: Mozilla today launched Firefox 34 for Windows, Mac, Linux, and Android. Major additions to the browser include a built-in video chat feature, a revamped search bar, and tab mirroring from Android to Chromecast. This release also makes Yahoo Search the default in North America, in place of Google. Full changelogs: desktop and Android."
This discussion has been archived. No new comments can be posted.

Firefox 34 Arrives With Video Chat, Yahoo Search As Default

Comments Filter:
  • by Anonymous Coward on Monday December 01, 2014 @06:52PM (#48502401)

    Just what I wanted for xmas time, more bloat.
     

    • "Pale Moon" is one possible alternative fork. Anybody want to recommend others?

      • Comment removed (Score:5, Insightful)

        by account_deleted ( 4530225 ) on Monday December 01, 2014 @10:15PM (#48503623)
        Comment removed based on user account deletion
        • If you are a developer or web content creator your options however are very limited. Technically they could do everything with lynx, however the tooling support would be pretty shitty and their customers wouldn't appreciate either.

          I was just laughing my ass off the other day about Windows RT ( surface ) people not being able to use any other browser but IE , and then i realized there are some poor bastards somewhere actually trying to test their web based applications on that thing.

          • I have to ask, why did you find solely using IE amusing? I have a Surface 2 RT, so I use IE a lot, and to be honest its no different to using Safari on IOS or whatever the default browser under the hood is on my Kindle. It works, it really just does. I don't give any thought to the fact that I'm using IE, and it doesn't cause any issues when browsing, so why so amusing?

        • Comodo IceDragon [...] Comodo Secure Chromium and Dragon

          One feature of Comodo Dragon creates a perverse incentive not to encrypt personal web sites. When Comodo Dragon sees a domain-validated TLS certificate, it displays this interstitial [wikimedia.org] designed to scare users away from using any HTTPS site not operated by "a legitimate business". This makes users feel safer using clear HTTP than using HTTPS on a site operated by an individual, which runs against the effort of HTTPS Everywhere to bring the benefits of encryption even to personal sites. Does Comodo IceDragon do

          • You realise all browsers do that, and for a good reason, right? Self-signed SSL certs actually break part of the point of how SSL certs are used on the web...

            • No. A self-signed SSL certificate is no worse than no SSL. The correct thing for browsers to do when encountering a self-signed SSL certificate is accept it silently, but not display any of the UI elements indicating that the site is secure (and to have a prominent red {insecure} label for every site that doesn't have the padlock). A self-signed cert protects your connection from passive adversaries and, as we have learned recently, that's a very important threat model to care about. Making it appear to
              • No, I disagree with you completely - a self signed cert does *not* protect your connection from anything, unless the client already knows what to look for to ensure the cert they have is the cert you intended them to use. And that's where third party signed certs come in.

                A self-signed cert that is silently accept it is much much worse than no SSL at all, because it allows the user to make assumptions about their use of the website which are absolutely not true. Assumptions which can be very damaging. I w

                • by TheRaven64 ( 641858 ) on Tuesday December 02, 2014 @05:44AM (#48505093) Journal

                  a self signed cert does *not* protect your connection from anything, unless the client already knows what to look for to ensure the cert they have is the cert you intended them to use

                  Yes it does, it protects you against passive adversaries. Compromising an SSL connection with a self-signed certificate requires an active adversary (i.e. one who will modify traffic, not just sniff it). This is still possible with a signed cert if you're sufficiently large as the trust model for SSL (in the absence of certificate transparency, which isn't yet widely deployed) means that if any registrar is compromised (e.g. the one owned by the Turkish intelligence agency that all major browsers trust) then they can sign certificates for any domain.

                  A self-signed cert that is silently accept it is much much worse than no SSL at all, because it allows the user to make assumptions about their use of the website which are absolutely not true

                  No, displaying a user interface element indicating the site is secure when it only has a self-signed certificate is worse than no SSL. Rendering self-signed SSL certs in exactly the same way as unencrypted connections (as I suggested) is better, because it allows people to roll out SSL cheaply and makes the world no worse, just raises the costs for interception.

            • You realise all browsers do that, and for a good reason, right?

              Nope. Chrome does it much more elegantly IMO. They show that the site uses SSL, but that it is not secure (there's a red strike through the "https" IIRC).

              Self-signed SSL certs actually break part of the point of how SSL certs are used on the web...

              You know what breaks SSL even worse? Not using it at all. Yet non-https sites are often indicated to be *more* trustworthy (ie. there's no warning) than a site that uses a self-signed cert.
              Self-signed

              • No, they don't prevent passive eavesdropping, because they don't prevent impersonation - if you cannot validate the heritage of the SSL certificate presented, then anyone could be presenting their own.

                Highlighting self-signed SSL certs as the various browsers do is done so the user does not make the same assumptions about the site as they would a third-party signed SSL cert - because you simply cannot make the same assumptions, and its dangerous to do so.

                At least with HTTP sites, people know and accept they

                • Sigh... I can't tell if you're arguing this because you don't understand the English language, of if you're just trolling.

                  If somebody has to "be presenting their own" certificate, then they are NOT PASSIVE!! A passive network attacker is, for example, somebody sitting at a coffee shop with the WiFi card in promiscuous mode, watching all the traffic that gets sent over that (open) network. In that position, the attacker cannot do a damn thing about a self-signed cert. Now, if they are able to use ARP spoofing or DNS hijacking or can configure the router's upstream host or something like that, then they can intercept traffic and present their own certificate, sure. That requires an *active* attack, though.

                  The reason that passive attacks are so concerning right now is that it's pretty trivial for ISPs and governments to record all network traffic that they want to. It just costs money for storage and storage bandwidth. However, they aren't actively intercepting that traffic, just passively recording it for later data mining. TLS, even using anonymous Diffie-Hellman or a self-signed certificate, is sufficient to completely defeat that kind of monitoring.

                  You're basically arguing that since an armored car can't tae a hit from the cannon of a main battle tank, there's no point in armoring them at all and it would be better for them to go unarmored so as not to lure people into a false sense of security. Turns out that's bullshit: the typical threat to people moving valuables is from small arms (which an armored car can shrug off just fine), and the typical threat to browser privacy is from pervasive passive monitoring, which self-signed certs defeat. Not that I would ever argue that it's better to have a self-signed cert than a CA-signed one, but it's not as *much* worse as you seem to think.

                  Besides, there's things you can do to make a self-signed cert even more secure. For example, you (the user) can add *just that cert* to your trust store. Now, if an attacker tries to substitute their *own* self-signed cert, your browser should object, or at least won't show the site as truly secured. For applications (including a few browsers) that support certificate pinning, this can also be used with self-signed certs in a trust-on-first-use basis (take a look at, for example, HTTP Public Key Pinning [ietf.org]).

            • There are five tiers:

              1. Clear HTTP
                This works with no interstitial in all browsers.
              2. HTTPS with a self-signed certificate
                This shows the "unknown issuer" interstitial in most major browsers and the "struck-out https" in Chrome.
              3. HTTPS with a certificate from a trusted CA, naming a domain
                This shows "This website does not supply ownership information" and "Organization: <Not part of certificate>" in Firefox's Page Info > Security and shows the "legitimate business" interstitial in Comodo Dragon.
              4. HTTPS with
        • Konqueror is still pretty decent. These days it generally uses WebKit (which was built from Konqueror's KHTML engine originally). I like its interface and generally high utility.

          Aside from being in the package repose for pretty much all desktop Linux and BSD variants, it's also available for Windows. Haven't checked for Mac, but it's probably available there too.

      • by caseih ( 160668 )

        Is Pale Moon an actual fork, or is it just a rebranding of Firefox releases with a few built-in add-ons and configuration tweaks, such as the task bar and the traditional style? Is Pale Moon under active development and diverging from Firefox? I use Pale Moon, but I've yet to see that it's actually a fork.

    • by UPi ( 137083 ) on Tuesday December 02, 2014 @01:58AM (#48504559) Homepage

      This is the way the world is going right now. HTML5 and JavaScript have become the new, universal runtime that everyone is trying to use to build their applications. It is extremely compelling too: you don't need to worry about deployment, supporting older versions, operating systems, etc. This, however, requires browsers to do a lot more than they did before. Sound and video input is just the tip of it. There's also the canvas, WebGL, WebSocket, tons of new CSS features.

      Firefox can either choose to keep up with new features or lose 90% of its share to Chrome. I'm actually happy they going forward because part of HTML5's appeal is that it is multi-vendor and is not solely controlled by a corporation like Google or Apple. Yes, it is "bloat", as in, lots of new features that you personally might not be using today. But someday you, or your friend will come across a site that uses one of these new features and if the site says "Sorry, you are using a backwards browser, please try Chrome instead", we both know what will happen. (You of course will scoff and close the site, but 10 other people will switch for every lean browser snob out there.)

      Point is, browsers are evolving. Deal with it.

  • video chat (Score:2, Insightful)

    by vux984 ( 928602 )

    video chat ? Where I send someone a web link? That's goofy.

    And it doesn't work with Safari or Internet Explorer ... so most people won't even be able to click on the link, and it doensn't work with iOS devices... because no firefox and doesn't work with safari... so... useless? Why is this a core feature?

    This should be an addon... that almost nobody uses instead of a feature that almost nobody uses.

    At least as an addon, any security issues inherent to a feature that lets the browser turn on your camera and

    • Re:video chat (Score:5, Insightful)

      by NotInHere ( 3654617 ) on Monday December 01, 2014 @07:14PM (#48502559)

      I agree. As much as I'm a fan of WebRTC and despise the walled gardens of facebook, whatsapp, google hangouts and friends, I don't think firefox should add this to their browser. Rather they should publish their own chat program, either as separate addon or as separate program. As a browser, firefox should be a platform that enables higher-level programs to bring services to its users.

    • Re:video chat (Score:5, Insightful)

      by pavon ( 30274 ) on Monday December 01, 2014 @07:19PM (#48502599)

      This is based on WebRTC which is a W3C draft that both Safari and Internet Explorer have committed to implement. There has to be a first browser to implement any proposed standard.

      • Re: (Score:3, Insightful)

        by sexconker ( 1179573 )

        This is based on WebRTC which is a W3C draft that both Safari and Internet Explorer have committed to implement. There has to be a first browser to implement any proposed standard.

        Not all proposed standards should be implemented.
        This one shouldn't, nor should the DRM one, etc.

      • ... and that browser was Chrome when they implemented WebRTC back in 2012....

        • by vux984 ( 928602 )

          Wikipedia says Firefox has had it since 22... so its on 34 now... so what's that? 4 weeks already? What's new in 34? :p

      • Re: (Score:2, Informative)

        by Anonymous Coward

        It is indeed WebRTC via TokBox [tokbox.com]. TokBox provides a nice wrapper over the core technology and some signaling services (the signaling portion of the connection is intentionally left out of the WebRTC spec).

        Firefox is NOT the first browser to support WebRTC. Chrome has supported it for some time first in Beta now in release, same with Firefox. This is just a slick way to generate a link that can be sent to another Firefox or Chrome user to instantly start a video chat.

        http://www.webrtc.org

    • by unrtst ( 777550 )

      What I don't get are these two comments directly from the first article linked:

      1. "Not only do you not have to sign up for a service, but you also don’t need the same software or hardware as the person you want to call, since WebRTC is compatible with Chrome and Opera browsers as well."

      2. "... by sharing the generated callback link. To call you, they’ll naturally need Firefox 34."

      So which is it? Something's wrong there.

      As others have said, this should be an add-on. That said, I doubt it introduc

    • It'll start with users on Windows that are using better browsers (Firefox and Chrome as well as variants) as well as some of the 8% of the world that runs Mac who've grown beyond the often-outdated Safari (since it's OS tied and you have to upgrade your whole OS to update it). And it'll start on the majority of smartphone users that use Android. So that means most users can either use this now or upgrade to a better browser that can use this now. It'll come to the #2 mobile OS later once Apple adds it in t
  • by Anonymous Coward on Monday December 01, 2014 @07:12PM (#48502545)

    Firefox 32 happily connects to DD-WRT's self-signed 512-bit cert.
    Firefox 33 blocks DD-WRT's SSL cert, claiming "Secure Connection Failed" (Error code: sec_error_invalid_key), with no option to override.
    Firefox 34 just lies and claims "The connection was interrupted". Like the fuck it was. It works *right now* in the other browser in my virtual machine, from the same PC. Even after restarting firefox, and even after restarting the machine.

    Assholes got feedback that users need to access our HTTPS-encrypted DD-WRT, so they changed the message and claimed it was reset. This sounds like a case of "Let's just play the 'What problem? I don't have that problem on my machine. Oh, your connection was reset? That must be a problem with the device.' game"

    • by sexconker ( 1179573 ) on Monday December 01, 2014 @07:57PM (#48502857)

      Not only that, but they fucking maintain their own DB of certs instead of relying on the OS.
      So I can install and trust a cert on my machine (or everyone's machine by policy) but Firefox won't fucking play by the rules.
      You have to find and use an obscure tool just to manage certs for Firefox. No thanks, assholes.

      • Comment removed based on user account deletion
      • by Jahta ( 1141213 ) on Tuesday December 02, 2014 @04:32AM (#48504907)

        Not only that, but they fucking maintain their own DB of certs instead of relying on the OS. So I can install and trust a cert on my machine (or everyone's machine by policy) but Firefox won't fucking play by the rules. You have to find and use an obscure tool just to manage certs for Firefox. No thanks, assholes.

        IMO Firefox are doing this right. Having known good copies of the major root certs bundled with the browser is a strong defense against MITM attacks. I've worked in more than one organisation that was doing MITM on their staff's SSL sessions (unknown to the staff) by silently pushing "trusted" DIY certs to the workstations by policy. Chrome and IE swallowed this without complaint. Only Firefox complained that I didn't in fact have a secure session with, for example, google.com.

        • Um... I hate to rain on your Mozilla parade here, but Chrome has full certificate pinning for Google properties, and has had it for quite a few versions now. Using any unexpected cert, no matter how trusted, for a Google property (or the handful of others that Chrome supports) will be detected and blocked. Mozilla has certificate pinning now as well, but only since version 32 (which is what, a month ago?). If the organization in question wanted to MitM Firefox's traffic as well as Chrome's, they would (unti

        • by MobyDisk ( 75490 )

          I gotta say while this is a double-edged sword, I like it. I use FF at work and when the IT department started a MITM attack and added their phony certs to everyone's machines, I was the only one to notice. Both because Firefox didn't pick-up the new certs, and because SSL observatory caught it. SSL observatory should be mandatory on every browser for this reason!

    • DD-WRT needs to fix their shit and generate a better SSL certificate, or you should quit pretending that a 512-bit cert is going to stop anything besides a nosy neighbor and use a wired connection with unencrypted HTTP to manage your router. I'm running Tomato Firmware with a self-signed 1024-bit cert (which is itself weak) over TLS 1.0 and Firefox 34 works just fine.

      Mozilla's doing the Right Thing by blocking such a pathetically weak certificate.

      • by Rich0 ( 548339 )

        Mozilla's doing the Right Thing by blocking such a pathetically weak certificate.

        Only if they also block non-SSL connections as well.

        I'm fine with a clear indicator when an SSL site has reduced security, such as being unauthenticated or using weak encryption. I don't like that we treat such sites as being less secure than sites that don't use SSL at all, when they are in fact more secure all the same.

  • Make that STILL out.

    When the naval-gazing derpfest at FF rolled out that hideous chrome-knockoff "Australis" interface revamp in v29, I used the debian equivalent of the middle finger: sudo apt-mark hold firefox
    to stem the tide of f**ck-the-user UI design, common features hidden behind weird hamburger buttons, and unreadably huge defaults.
    WOW. MUCH HUGE. SO WHITESPACE IS THE NEW CAPSLOCK.

    That gave a me a little time to explore options. With a little work, I can make Seamonkey usable, but I do lament th

    • by Zynder ( 2773551 )
      Pray tell, what is a hamburger button?
      • Re: (Score:3, Informative)

        by norite ( 552330 )

        I think he's referring to that ice cream sandwich (That's what I call it) icon that is the settings...the three horizontal lines thing that the UX retards have replaced the wrench or gear icon with.

        • by ShaunC ( 203807 )

          Well that explains... Something. To me, that icon with three horizontal lines looks like it's supposed to be for paragraph layout or something, so I've never touched it. I had zero clue that's where the settings had gone to, I thought it was some kind of inline HTML formatter.

        • by Zynder ( 2773551 )
          Oh. I call that thing the right click button cause it causes the context menu to pop up like a mouse does. But I'm old and evidently just don't know what good UI design is.
        • The gear icon is still there, and in fact you still need to use it for some settings. Some are under the gear, some are under the "hamburger button", some are in the hidden-by-default menu bar at the top.
      • by Indigo ( 2453 )

        I think it's actually called the waffle button (because it looks like a stack of waffles seen edge-on).

  • Here we go again.... WTF is "video chat" a core feature instead of an addon? It really doesn't even have anything to do with web browsing. And I can't imagine the code is small, either. Ug.

  • It certainly looks as if there's an unwarranted amount of arm waving, trying to counter the UI fiasco that is Firefox.
  • V34.0.5? (Score:2, Informative)

    by antdude ( 79039 )

    Hello.

    I just upgraded Firefox v33.1.1 to v34.0 on my office's Mac mini with its updated Mac OS X 10.9.5. However, I am confused if this is v34.0.5 or not in its About screen. About screen says v34.0. Both https://www.mozilla.org/en-US/... [mozilla.org] and https://download.mozilla.org/?... [mozilla.org] say v34.0.5. How do I know if my installed one is b5?

    Thank you in advance.

  • On my absolute shit Athlon X2 4850e, I can run Camfrog and fill BOTH 1080p screens with cameras, and have them all run like glass (assuming the users have proper lighting for framerate or adjust their cams to a set framerate.)

    I tried WebRTC, and couldn't get more than ten without slowing my machine to a crawl.

    WebRTC is absolute SHIT compared to a decade+ old video chat technology. What a waste of code.

    I've also noticed that on IE, trying to use the Bing search engine gets me redirected to Charter taking my

    • by ruir ( 2709173 )
      Try configuring google DNS instead of the DNS Charter servers.That is, if they are not transparent proxying requests to other DNS servers...if they are, I recommend you change providers. I can swear they are messing around DNS from what you are telling us, it can be a couple of other things.
      • by Khyber ( 864651 )

        They're hijacking traffic directly. I'll have javascript disabled, flash disabled, and suddenly visiting a webpage I get a pop-over thing from the top telling me my Charter bill is due (which it is when it happens) but it's still bypassing my security features designed to prevent things like that from happening.

        • by ruir ( 2709173 )
          What you are describing can be done messing aound with DNS and/or transparent proxying HTTP requests, and/or HTTP traffic injection . You may bypass it with google DNS, and/or a VPN, with Tor, or changing providers.
        • by ruir ( 2709173 )
          I disable linked.in messages, which are fairly annoying as they modify their usual layout, by blocking the HTML tags with adBlock btw. It is another method of making those messages go away.
  • by rossdee ( 243626 ) on Tuesday December 02, 2014 @12:29AM (#48504261)

    Is it too much to ask that when updating an existing installation, it leaves all the current settings alone ?

    OK now I set the default search back to Google, what else do I have to do.

    BTW I don't have (or want) a webcam connected to my PC

  • I've been impressed by Safari 8 with Yosemite. I'm so eager to drop the bullshit that Firefox has become, but without proper RSS support I just can't do it. Yes, they did bring back a kind of RSS, but it just dumps all the subscriptions into an unsorted window (and no I don't want a separate reader app).

  • Unfortunately, this upgrade broke one of my favorite plugins: Tree Style Tab [mozilla.org]. A previous upgrade caused the whole tree to be expanded when restoring the tabs at Firefox startup, and now since FF 34 new tabs are no longer opened as a child of the current tab :-(

Genius is ten percent inspiration and fifty percent capital gains.

Working...