Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Firefox Mozilla Software The Internet

Firefox 48 Released With Multi-Process Support, Mandatory Add-On Signing (softpedia.com) 236

Mozilla on Tuesday released Firefox v48, touted as one of the most important updates the browser has ever received. With the new version, Firefox starts migrating users to using mullti-process threads (e10s, Electrolysis), and it is also the first version to ship with Rust component. In addition, Firefox is now also making add-on signing mandatory. From a Softpedia article: Announced last year, Electrolysis, e10s, or multi-process support is Firefox's ability to process core browser operations separately from the content viewed on a Web page. Multi-process support allows a page to crash without bringing the entire browser down with it and improves the browser's overall performance. e10s rollout will take place in two phases, first in Firefox 48, and it will finish in Firefox 49, set for release on September 13, 2016. Mandatory add-on signing refers to Firefox preventing users from installing any add-ons that have not been approved by Mozilla's testers. This is something similar to what Chrome employs, but Firefox users have been spoiled all these years, always having the capability of installing any add-on they've desired. Rust is a programming language that's a revamped and improved version of C++ but that protects developers from accidentally including dangerous memory bugs in their code. It achieves this by how the language was constructed and by how developers write the code.
This discussion has been archived. No new comments can be posted.

Firefox 48 Released With Multi-Process Support, Mandatory Add-On Signing

Comments Filter:
  • by davidwr ( 791652 ) on Tuesday August 02, 2016 @11:53AM (#52629189) Homepage Journal

    accidentally including dangerous memory bugs in their code

    Good, now I can be assured that all of my dangerous memory bugs in my code are intentional [ioccc.org].

    • The ioccc is merely unreadable, it makes code really stand out. Instead, you want Underhanded C [underhanded-c.org] where code must be clear, appear good and pass code review.

  • by LichtSpektren ( 4201985 ) on Tuesday August 02, 2016 @11:57AM (#52629209)
    I've been on Nightly for awhile now and the performance with e10s is now almost as good as Chrome's. Firefox Hello is thankfully going to get axed in a future release, and if Mozilla continues to fine-tune the performance a bit more and rips out Pocket, I think Firefox will be back on top.
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      Firefox has been the better browser for the past 2-3 years and nobody knows it. Just wait until they deploy WebExtensions in September. Firefox is now much more stable than Chrome, at both a low and higher number of tabs opened. Just wait until everyone realizes this and have the option to use Chrome extensions on Firefox.
    • It has always been on top for me.

      I like the idea of using an independently produced browser where I am not the product. Not saying that FF is 100% free of these influences, but it is certainly better than Chrome or IE/Edge.

      • by cfalcon ( 779563 )

        Also consider Pale Moon. I think if I had to pick exactly ONE browser, I'd probably end up with Chrome- but I don't, so I use Pale Moon for almost everything, Firefox for some things, and Chrome when I need it.

      • by gfxguy ( 98788 )
        I actually have the least compatibility issues with Firefox. Actually, it's one thing in particular (Pulse connect on Linux) that won't launch on Chrome. I haven't had any other problems with Firefox, and haven't even noticed any speed issues, so it's actually my go-to browser right now. Of course YMMV - I don't do a whole lot of non-basic web browsing.
    • by gmack ( 197796 )
      How does the memory usage compare to Chrome?
    • by jensend ( 71114 )

      Why the hate for Hello? I get the privacy/security/why are we integrating a 3rd party extension/etc concerns with Pocket. But Hello seems like a more natural fit in the browser itself, especially with the WebRTC push.

      • Nobody wants WebRTC. Nobody wants websites to be able to send your browser alerts, either. Clowns need to stop working on shit nobody fucking wants.

        • by tepples ( 727027 )

          Without WebRTC, how is one supposed to build a web-based voice chat application or a web application that scans product barcodes? Or should such applications be forced to be native and thus unavailable on platforms other than the developer's?

  • by trawg ( 308495 ) on Tuesday August 02, 2016 @12:06PM (#52629277) Homepage

    I was kind of excited by this so updated immediately instead of my usual process of waiting a couple days.

    While it was updating I did another unsual thing - clicked through to the article - where I read the following:

    e10s rollout will take place in two phases, first in Firefox 48, and it will finish in Firefox 49, set for release on September 13, 2016.

    Firefox with multi-process support will first reach 1 percent of the users who don't have any add-ons installed in their browser, and in ten days' time, Mozilla will activate e10s for 50 percent of the same users.

    Full e10s support for Firefox instances using extensions or running on older versions of Windows will be available in the fall, during the second rollout phase scheduled for Firefox 49.

    So, at a glance (and from what I can see from my now-updated install), multi-process is not /really/ included in this release except in certain cases like users who don't have any add-ons.

    • You can check if e10s is available by going to Options -> General -> "Enable multi-process Firefox". I think what TFA means is that it's off by default (unless you don't use addons) until Firefox 49, but can somebody confirm that?
      • by trawg ( 308495 )

        You can check if e10s is available by going to Options -> General -> "Enable multi-process Firefox". I think what TFA means is that it's off by default (unless you don't use addons) until Firefox 49, but can somebody confirm that?

        I definitely do /not/ have that option available.

        I can see a few things in about:config and about:support relating to it; it may be possible to get it going by mucking around with options but it's certainly not at the point to justify the headline.

    • by Barefoot Monkey ( 1657313 ) on Tuesday August 02, 2016 @12:25PM (#52629431)

      If you're using Firefox 47 or later you can enable e10s yourself. What you read simply means they won't be switching it on for you until FF49.

      You can enable e10s by going to about:config and setting browser.tabs.remote.autostart to true. Restart your browser and then visit about:support and look up "Multiprocess Windows" on that page to see if it's enabled. (It might still be disabled if you have one or more add-ons that don't support e10s - if only it would tell you which)

      I haven't installed the Firefox 48 update yet, but it may well introduce an option in the Options panel for you to enable multiprocess without having to go through about:config.

      • by trawg ( 308495 )

        You can enable e10s by going to about:config and setting browser.tabs.remote.autostart to true. Restart your browser and then visit about:support and look up "Multiprocess Windows" on that page to see if it's enabled. (It might still be disabled if you have one or more add-ons that don't support e10s - if only it would tell you which)

        Yeh it still shows as disabled with add-ons. I haven't tried with add-ons disabled (it'd kind of defeat the purpose of using Firefox for me :)

        • Add browser.tabs.remote.force-enable and set it to be true. That should take care of it.
        • With add-ons disabled, it still lists 3 in about:support: Firefox Hello, Multi-process staged rollout, and Pocket. If you go to about:config and check extensions.xpiState, it shows the plugins, and which ones are "multiprocessCompatible" and those that are "runInSafeMode". Firefox Hello, Multi-process staged rollout, and Pocket are all shown as: "multiprocessCompatible":false,"runInSafeMode":true
    • "and in ten days' time, Mozilla will activate e10s for 50 percent of the same users."

      It's disturbing that they're changing the configuration default outside of a visible version update.

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Tuesday August 02, 2016 @12:12PM (#52629315)
    Comment removed based on user account deletion
    • by LichtSpektren ( 4201985 ) on Tuesday August 02, 2016 @12:21PM (#52629387)
      The point of signing the extensions is so that some compromised or malicious developer doesn't put malware into an extension's update stream; which can be (and has been) a huge problem, since by default extensions auto-update. So, disallowing unsigned extensions is a security feature. If it turns out Mozilla will be nefarious about it, then you can always recompile Firefox from source with the mandatory signing thing cut out, or go to some fork. Right now I don't think it's a bad move.
      • Re: (Score:2, Interesting)

        by ewhac ( 5844 )

        The point of signing the extensions is so that some compromised or malicious developer doesn't put malware into an extension's update stream; which can be (and has been) a huge problem, [ ... ]

        [ Citation required ]

      • The point of signing the extensions is so that some compromised or malicious developer doesn't put malware into an extension's update stream; which can be (and has been) a huge problem, since by default extensions auto-update. So, disallowing unsigned extensions is a security feature. If it turns out Mozilla will be nefarious about it, then you can always recompile Firefox from source with the mandatory signing thing cut out, or go to some fork. Right now I don't think it's a bad move.

        I find it a bit hypocritical that people are "ooh ahhh, nice!" for mandatory signing of Firefox addons, but scream bloody murder when Windows 10 requires mandatory signing for drivers. WTF computer people? Why is it ok for one vendor to behave like this, and not for another?

        Personally I don't care either way, but I'm just sitting here thinking, "WTF? Make up your minds, is mandatory signing good or bad?"

        • by Barefoot Monkey ( 1657313 ) on Tuesday August 02, 2016 @07:47PM (#52632455)

          I don't find it hypocritical at all. If I want to use addon that isn't signed I can simply send it to Mozilla to be signed. It's quick and easy, and has no cost. I can do this for as many addons as I want, whether the addons are my own creation or somebody else's. Alternatively, I can use the developer edition, or a nightly, or the current ESR version of Firefox where this ceases to be an issue at all. With Windows 10 I have none of those options - getting a driver signed by Microsoft is prohibitive, so there's simply nothing I can do. Being completely different situations with nothing more than a superficial similarity, having a different reaction for each is quite reasonable.

    • Personal computing in 2016 means that all your personal information is stored on computers owned by the corporations.
      • Except that in this case, the mozilla corporation is owned by the mozilla foundation, and their intentions are good.

  • "mandatory add-on signing refers to Firefox preventing users from installing any add-ons that have not been approved by mozilla's testers. ... firefox users have been spoiled all these years, always having the capability of installing any add-on they've desired."

    of course doing what we "desire" should not be allowed.
    stay within the plantation and obey the rules, that way nothing gets broken or get crashed (hopefully). and nobody gets "spoiled", god forbid!
    we, the user children, should not be 'spoiled" by allowing us to make mistakes, by too much freedom to do what we 'desire'.

    be calm, be correct, be at peace, ... as in "rest in peace"? in mozilla's politically correct heaven.
     

  • by CrashNBrn ( 1143981 ) on Tuesday August 02, 2016 @12:27PM (#52629443)
    Splitting Firefox's tab data over into the "plugin container for Firefox" hasn't done much to improve Firefox's GUI performance. Once FF hits certain ram limits, it will start ignoring mouse clicks and keyboard shortcuts. So while FF may claim its NOT unresponsive, I think the fact that now it's acceptable for FF to IGNORE hardware input from the user, instead of delaying it until it can process is far worse.

    I can't wait to get off this sinking ship. Maybe Piro could crowdfund Tree Style Tab for Chrome.
  • Not satisfied with alienating the general public, Mozilla, who are hell-bent on losing all market share, have now successfully alienated their remaining userbase: enterprise users, with this:

    "Mandatory add-on signing refers to Firefox preventing users from installing any add-ons that have not been approved by Mozilla's testers."

    They will no longer have to listen to the userbase complaining about the many memory leaks and race conditions in Firefox because they have finally gotten rid of the annoying users.

    S

    • Firefox has the best standards compliance of any browser, its performance nowadays is not too far off from Chrome's, and it's just as extensible as ever. Can you show me any examples of Mozilla refusing to sign a non-malicious extension?
      • and it's just as extensible as ever

        They're working hard on this. Their announced plan is to drop support for extensions soon (to replace them with, approximately, Greasemonkey scripts, which can't do anything like the range of things extensions can).

        And this version of Firefox takes away your ability to decide what code runs on your own computer when you use it, which just isn't acceptable. It's not good enough that Mozilla will probably give you permission to run one exact, unmodified version of an extensi

    • Sorry for the double post, but see here: https://wiki.mozilla.org/Add-o... [mozilla.org]

      "How will the unbranded versions of Firefox work?

      They work just like Firefox, with two differences: they will have a setting to disable mandatory signature checks, and they will not have the Firefox name and logo (instead using a generic name and logo). These builds are available in the en-US locale only."
    • I just don't see the supposed performance issues with FF.

      FF is my daily driver though I have IE, Edge, Opera and Chrome also installed on my computer. I use them all for various purposes (Chrome for chromecast, Opera for side project work, IE and Edge for work and FF for personal/everything else) and I just don't see any performance differences. If there are, they are measured in time increments imperceptible to me.

  • Chrome 1.0 and IE 8 are happy you can have security in lowrights mode in appdata and can use more than 1 core wahoo

  • Three showstoppers:

    1) I have a bunch of old extensions that are not signed. Things like FLST, OpenNewWindowFromHere, and others. I'm not much interested in losing that functionality.

    2) I sometimes like to edit extensions with, you know, emacs or something. Things like FLST, where I like the tab flip behavior but not the focus last selected tab itself, which the developer didn't provide a way to turn off while keeping tab flipping.

    3) Some extensions have code that can't be given to Mozilla for verificatio

    • Workaround is to use a dev or nightly build.

    • by tepples ( 727027 )

      I have a bunch of old extensions that are not signed. [...] I sometimes like to edit extensions

      If an extension is licensed for redistribution, you can solve cases 1 and 2 by submitting it to AMO as an unlisted extension.

      Some extensions have code that can't be given to Mozilla for verification because the code is proprietary.

      Organizations with in-house extensions experiencing case 3 can use Firefox ESR.

      • Organizations with in-house extensions experiencing case 3 can use Firefox ESR.

        But won't firefox ESR 52 include mandatory add-on signing?

        • by tepples ( 727027 )

          Unlike Firefox current, Firefox ESR 52 will allow it to be turned off. From Add-ons/Extension Signing [mozilla.org]:

          Signing enforcement will be enabled by default in [ESR] releases, and enforcement can be disabled using the xpinstall.signatures.required preference.

    • by suutar ( 1860506 )

      sounds like you want the developer branch.

  • Heads up, FF 48 has removed the browser.urlbar.unifiedcomplete setting [techdows.com]. This setting was introduced in Firefox 43 to disable the annoying Unified Complete [ghacks.net] system introduced in that build. Unified Complete is what causes the first drop-down result to be "Visit/Search With [domain]" rather than the most relevant result, as was the default before Firefox 43.

    Since the preference has been removed entirely, there is no current way to get this behavior back. It would need to be fixed by an extension.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...