Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Firefox Mozilla

Firefox Users on Windows 7, 8 and 8.1 Moving To Extended Support Release (mozilla.org) 50

Mozilla: Firefox version 115 will be the last supported Firefox version for users of Windows 7, Windows 8 and Windows 8.1. If you are using these versions of Windows you will be moved to the Firefox Extended Support Release (ESR) channel by an application update. Mozilla will provide security updates for these users until September 2024. No security updates will be provided after that date.
This discussion has been archived. No new comments can be posted.

Firefox Users on Windows 7, 8 and 8.1 Moving To Extended Support Release

Comments Filter:
  • Time to upgrade (Score:5, Interesting)

    by codebase7 ( 9682010 ) on Wednesday May 31, 2023 @03:23PM (#63565409)
    ....to the "secure" spying OS if you want to stay "protected" and "safe" online! /s

    The biggest problem with Windows 7 being officially abandoned because MS said so is that many are just being made much less secure. You'd think OSS projects that support Windows as a target would be the ones calling them out over it. But in reality they happily move to the next big security compromise just like the suckers that "upgraded" to Win10+. Oh well. Society gets what it deserves, I guess.
    • You don't have to upgrade to Windows 10 or 11. You can go with Linux instead.

      There may be a learning curve. There may be some hard sacrifices to make. But you can do it, if you are truly motivated.

      • I already did well over a decade ago. Heck, I'm typing this on a Debian derivative.

        Moving to Linux will protect the data you have on that system (as long as you don't include things like negative CPU rings, the Intel ME, broken ass UEFI firmware, etc.) but it won't do anything about the constant data leaks that come from people around you that still use factory compromised crap.
    • I'll take MS spying on me over the shitshow of what actual nefarious actors do on compromised systems any day of the week. Leave your sarcasm at the door.

    • The biggest problem with Windows 7 being officially abandoned because MS said so is that many are just being made much less secure. You'd think OSS projects that support Windows as a target would be the ones calling them out over it. But in reality they happily move to the next big security compromise just like the suckers that "upgraded" to Win10+. Oh well. Society gets what it deserves, I guess.

      I agree. By doing this all Mozilla will do is needlessly lose market share while making users less safe for no reason.

      • Will they? I mean for those users, it's not like Firefox will even stop working, they will just quietly move to an ESR release.

        The number of users who are all:

        1) On these versions of Windows
        2) On Firefox
        3) Care about the difference between an ESR release and a new release enough to switch to something else instead

        Has to be pretty vanishingly small. Heck, I'd think most people choosing to be on a version of Windows MS doesn't support themselves might even *prefer* the ESR release.

        I'd bet we're literally talk

    • Re:Time to upgrade (Score:5, Insightful)

      by tlhIngan ( 30335 ) <slashdot@worf.ERDOSnet minus math_god> on Wednesday May 31, 2023 @08:55PM (#63566171)

      The biggest problem with Windows 7 being officially abandoned because MS said so is that many are just being made much less secure. You'd think OSS projects that support Windows as a target would be the ones calling them out over it. But in reality they happily move to the next big security compromise just like the suckers that "upgraded" to Win10+. Oh well. Society gets what it deserves, I guess.

      Then again, one of the biggest OSS projects out there is why insecurity exists - Samba.

      You would think Microsoft would be able to kill SMBv1 by now, but no, lots of Linux based devices only support SMBv1. Why? Because Samba went GPLv3 in-between supporting SMBv1 and adding support for SMBv2. Thus many vendors who are obeying the GPL didn't want the added overhead of supporting GPLv3 so they stuck with the GPLv2 version of Samba, which still only supports SMBv1.

      End result is a lot of these devices require you to install SMBv1 support back into Windows, after Microsoft disabled it by default.

      Everyone else implemented their own SMB stack - Apple has their own stack after ditching Samba, as do the bigger NAS vendors like Synology use their own SMB stack. But many of the cheaper devices, like routers and media players, just throw on a GPLv2 version of Samba and call it done, and the instructions to getting it to work say to install SMBv1 support in Windows .

      It's an interesting study in unintended side effects - Is the world better because of GPLv3 or not, because we now have to re-enable a security hole to get stuff to work.

      • by vbdasc ( 146051 )

        Then again, one of the biggest OSS projects out there is why insecurity exists - Samba.

        You must be joking. SMBv1 is only a minor and pretty insignificant source of insecurity. It may pose a problem in a corporate network as a tool to hop between already compromised nodes or to sniff stuff using the compromised node, but not in a home setting, where there is a couple of PCs and a cheap "NAS". It would indeed pose a huge problem if it was exposed to the Internet, but thankfully this is almost never the case, with default Windows settings disallowing it, many routers blocking its ports by defaul

      • A similar situation exists with open-source (non-Windows NPS) RADIUS auth, or at least the stuff that's run over RADIUS because it's very rarely pure RADIUS. When you see a requirement for PEAP auth, which is still very widely used, what you're actually being asked for is MSCHAPv2 aka NTLM. Yes, that NTLM. Single DES, MD4, and a design so comprehensively broken that it's been used in teaching courses on how not to do authentication. Windows has disabled this by default for years, but now you need to re-
        • A similar situation exists with open-source (non-Windows NPS) RADIUS auth, or at least the stuff that's run over RADIUS because it's very rarely pure RADIUS. When you see a requirement for PEAP auth, which is still very widely used, what you're actually being asked for is MSCHAPv2 aka NTLM. Yes, that NTLM. Single DES, MD4, and a design so comprehensively broken that it's been used in teaching courses on how not to do authentication. Windows has disabled this by default for years, but now you need to re-enable it to make "RADIUS auth" work.

          The problem with all challenge response protocols like MSCHAPv2 and Kerberos is that anyone monitoring an authentication is able to launch an offline brute force attack to obtain the users password from challenge/response. The choice of hashing algorithms make no real world difference because weakest link is by far a simple unavoidable lack of password entropy.

          Microsoft for decades despite knowing better has persistently refused to deploy ZKP based secure authentication mechanisms not subject to offline at

      • No it's not Samba's fault. Fuck you.

        It's the freeloaders who are too cheap to implement their own shit and too dickish to not release the device keys or unlock the boot loader. Why don't you also blame Microsoft for not releasing a free, open version under a permissive license? Or apple? They could just as easily.

        • by DarkOx ( 621550 )

          Why don't you also blame Microsoft for not releasing a free

          Actually that sounds like a pretty reasonable place to lay fault. Microsoft does not make a lot of the devices or platforms anyone would want to use on those devices. Consumers do want filesharing integration. Microsoft if anything benefits from these things natively speaking their protocol as opposed to something else like nfsv4 that THEY would have run as an additional service.

          If anything Microsoft really should release C/POSIX implementation of SMB2/3 workstation components, under a FOSS license like GP

      • The other thing to consider is that you are talking about running SMB1 as a *client* on the Windows machine as opposed to a server.

        That poses little risk to the Windows machine.

        Assuming the server side is Linux Samba running SMB1- that is a different ballgame than SMB1 running as a server on a windows machine.

        Is it a particularly good idea? No.

      • Comment removed based on user account deletion
        • The other big difference is that GPLv3 is much more explicit about its "Installation Information" requirement to let users replace preinstalled GPLv3 software with homemade software. GPLv2's counterpart is "the scripts used to control compilation and installation of the executable," which still left room for TiVo to close its devices' bootloader.

    • On the other hand, Firefox is the last major browser that still supports Windows 7. And will continue to do so for another year and some change. That's over 4.5 years since Microsoft EOL'd Windows 7, and over 1.5 years after Microsoft stopped all extended support for Windows 7. At some point, even Mozilla needs to pull the plug.

  • Which API functions are they using that require Windows 10?

    • by Merk42 ( 1906718 )
      All of those versions of Windows are EOL, so you shouldn't be browsing the Internet on them anyway.
      • All of those versions of Windows are EOL, so you shouldn't be browsing the Internet on them anyway.

        Literally everything I own is EOL.

      • All of those versions of Windows are EOL, so you shouldn't be browsing the Internet on them anyway.

        Which didn't answer the question. So what if it's EOL? If it works, let it work.

        Do you tell people driving cars over ten years old they need to chuck it and buy a new one?

        • If it works, let it work

          Literally nothing stopping anyone compiling from source. If Mozilla wants to drop official builds supporting XYZ OS, that's their call.

          Do you tell people driving cars over ten years old they need to chuck it and buy a new one?

          Nope. But at the same time, the car maker isn't going to give free support on a ten year old model.

          Which API functions are they using that require Windows 10?

          It may not be a requirement. It may be performance. I know Win10 thread attributes handle better on 10 than 7. So Win10 and up might use that method versus talking to Win7 scheduling. Trying to keep two versions of thread priority would be a pain.

    • Which API functions are they using that require Windows 10?

      In principle, Mozilla is not using any API calls that require Win10. In practice, If they want to support win7, they need to:

      * Code to Win7 level APIs and miss the latest and gretatest features Win10 has to offer (be it flashier UI, or better/faster/easier/more secure ways to do thing under the hood). Hardly a compelling idea, since people often complain that firefox (and thunderbird by extension) is not modern, and also complain of technical debt.

      * Code different codepaths depending on the OS, so that fire

      • In principle, Mozilla is not using any API calls that require Win10. In practice, If they want to support win7, they need to:

        * Code to Win7 level APIs and miss the latest and gretatest features Win10 has to offer (be it flashier UI, or better/faster/easier/more secure ways to do thing under the hood). Hardly a compelling idea, since people often complain that firefox (and thunderbird by extension) is not modern, and also complain of technical debt.

        * Code different codepaths depending on the OS, so that firefox for Win10 uses Win10 API calls, FF for Win7 uses Win7 API calls, etc. Mozilla's programming resources are strained as it is, imagine what will happen with the extra workload, and the browser will act and even look different depending on the OS. Frankly, not tenable...

        * Code to the least common denominator, and do the advanced functionality from scratch. Again, mozilla's "personpower" is strained as it is.

        Do you have any clue at all what if anything is actually involved with Mozilla continuing to support Windows 7 in the real world? If not what is the value or meaning of the above bullet points if you have zero real world data or knowledge?

        And all that effort for what?

        All what effort? You just invented a bunch of bullet points. What is the relevance to reality? How many different targets are there? Mac, Windows, Android, Linux.. at least and yet I'm supposed to believe continuing to support Windows is a BFD.

        To achieve what?

        Supporting a platform wi

  • by MobyDisk ( 75490 ) on Wednesday May 31, 2023 @03:28PM (#63565423) Homepage

    Somewhat off-topic: My employer (a Fortune 500) is forcibly removing Firefox from all the company machines. So everyone, including web developers who ensure their sites work on other browsers, must use Chrome. The browser monoculture has returned.

    Related: Is anyone else sick of every single site popping up a dialog box in the corner asking "Do you want to login using your Google account?" even for web sites where I have no intention of logging-in ever? It used to be like 1 or 2 sites, now it is a lot of them.

    • Google accounts are not safe. Google can cancel them at any time, and they won't let you talk to a human to get support since it is a free service. If you have a lot of your life tied up in a google account, getting cancelled can be really devestating.

      You may tell yourself "I just won't violate the TOS" but Google uses algorithms to check for violations and those can have bugs. Innocent things you may do could get flagged (there have been stories right here on slashdot about families getting their accoun

    • Yes, it's because Google wants to track you. They can sell detailed information on you when you have an account. Also it means the account holder has probably agreed to some EULA that make deeper tracking and marketing possible.
      Smart thing for everyone to do is to delete their Google accounts. But I doubt anyone will.

    • Google is an infectious disease. I'm waiting for an extension I can load in my browser to squash these Google account login requests.

        • Awesome. Thank you for that.

        • by MobyDisk ( 75490 )

          Thanks. I had no idea that little comment would draw so many responses.

        • by nmb3000 ( 741169 )

          Unfortunately disabling this doesn't work for everyone. I've disabled it on my two Google accounts and still see the login prompt everywhere. It's also somewhat self-defeating, since you have to be logged into a Google account to get rid of the "Log in with Google" prompts.

          This uBlock filter will hide those prompts without breaking normal Google functionality:

          ||accounts.google.com/gsi/*$xhr,script,3p

    • Somewhat off-topic: My employer (a Fortune 500) is forcibly removing Firefox from all the company machines. So everyone, including web developers who ensure their sites work on other browsers, must use Chrome. The browser monoculture has returned.

      Related: Is anyone else sick of every single site popping up a dialog box in the corner asking "Do you want to login using your Google account?" even for web sites where I have no intention of logging-in ever? It used to be like 1 or 2 sites, now it is a lot of them.

      OMG, yes. I search for something, go to a site with the info I was looking for, then get asked if I want to log in with my Google account. Is it just so Google can data-rape every single thing I look at? It sure as shit isn't for my convenience. A few years back I couldn't understand why they wanted all this data, but ChatGPT is making me realize they're just aggregating everything and they'll find a use for it in time. It's both baffling and aggravating as hell.

    • by markdavis ( 642305 ) on Wednesday May 31, 2023 @04:21PM (#63565639)

      >"Firefox is in trouble"

      We are *ALL* in trouble.

      >"My employer (a Fortune 500) is forcibly removing Firefox from all the company machines. So everyone, including web developers who ensure their sites work on other browsers, must use Chrome."

      Insane. I know I would fight back in a big way. I doubt many of the technical people at that company would agree with such a brain-dead move. Especially if they researched it at all.

      >"The browser monoculture has returned."

      Yes, it has. People walked right into it. It was a nightmare before, and could be much, much worse on a repeat.

      There are so many who think we have 10 or so "browsers" to choose from, when 9 of them are the same "car" with different paint colors and trim levels. All multiplatform browsers that are not Firefox *ARE* Chrom* now. It is bad enough to only have TWO actual browser choices (Firefox vs. Chrom*), but having only one is insanity. It is extremely bad news for security, choice, control, flexibility, privacy, and open standards.

      FIGHT BACK

      • by waspleg ( 316038 )

        Lots of stuff is broken in FF now. No one cares to make it work - even for paid services. You just get sent to the Indian call center script support loop and go nowhere forever. I'm sure those will VERY soon be "AI" since they do nothing but read a script and will soon be just as useful (not at all, with 0 agency and no ability to escalate to anyone who might be able to do something).

        • by markdavis ( 642305 ) on Wednesday May 31, 2023 @04:58PM (#63565737)

          >Lots of stuff is broken in FF now."

          Correction to (or clarification of) your wording-

          Some sites are broken because they are not following open standards now, which shows up in Firefox. This is exactly what was happening during the last browser monopoly in the 90's- the "IE only" days. I remember it very well.

          * If you are coding a site to a browser instead of an open standard, your site is broken.

          * If there is no open standard for some part of the needed code and you pick only one browser's implementation, your site is broken.

          * If you don't test your site using an open-standards-based browser. Your site is likely broken. If you slap a "best viewed in" or "we recommend X" on your site, it probably is broken.

          • by Miles_O'Toole ( 5152533 ) on Wednesday May 31, 2023 @05:57PM (#63565873)

            I never have a mod point when I want one. Your comment deserves it. People forget where the source of the problem actually is.

          • by Rexdude ( 747457 )

            because they are not following open standards

            What open standards? Google controls the WHATWG and has effectively killed the idea of a standard by constantly adding new 'features' to Chrome - mostly Javascript/CSS language shinies that do nothing for the end user, and then pushing them as draft standards. The same way they killed the idea of sane versioning with a Chrome version in the triple digits by now. HTML5 is always a constantly moving target, unlike HTML 4/4.01 before it.

            If you don't test your site

      • FIGHT BACK

        Shouting into the void. Most of the people downloading Chrome aren't interested in the ethics of technology.

      • by MobyDisk ( 75490 )

        I doubt many of the technical people at that company would agree with such a brain-dead move.

        Unfortunately, you and I live in the Slashdot bubble. I have spoken with + emailed about 50 software engineers in my building, and so far I'm the only one who has anything other than Chrome installed on their machine. I found *one* guy who said that they found a bug last year and so they installed Firefox to see if the bug happened on that browser.

    • Related: Is anyone else sick of every single site popping up a dialog box in the corner asking "Do you want to login using your Google account?" even for web sites where I have no intention of logging-in ever? It used to be like 1 or 2 sites, now it is a lot of them.

      Yes, I am sick of those prompts.

      There are many things I would like to do to Google but my shoes are not big enough to make an impact, lasting or otherwise.

      And let's not forget the prompts to sign in with your Facebook credentials, or your MS Passport (or whatever Redmond calls it) credentials.

    • I have google anything red-listed in no-script. It is a pain. All I can say to anyone is "I'm not doing business with Google." I am merciless about it because google is merciless with you. You won't ever win if anything goes wrong, whether you pay for it or not. It's abusively one-sided.

      And yeah, can I please log in at Pornhub with google? The mind fucking reels.
    • Related: Is anyone else sick of every single site popping up a dialog box in the corner asking "Do you want to login using your Google account?" even for web sites where I have no intention of logging-in ever? It used to be like 1 or 2 sites, now it is a lot of them.

      I used these instructions [howtogeek.com] and it reduced (but did not eliminate entirely) the popups.

  • There is already a version of Chromium with Windows 7 support restored [github.com], hopefully someone can patch Firefox too. In the meantime there is always Mypal [mypal-browser.org] and RTFreesoft [blogspot.com] browsers which also work on XP.
  • This is notable as many Mac users stayed on Mojave because it supported 32-bit apps. Now users will be forced to choose from either supporting said apps or having an up to date browser. It is only a matter of time before Intel support gets dropped altogether. (PowerPC got droppet at version 3.6).
    • Mojave is no longer receiving security updates, either. So you shouldn't be browsing the Internet on those devices.

Keep up the good work! But please don't ask me to help.

Working...