Firefox 16 Pulled After Serious Security Lapse





  •  Yeah, great work! A mistake made, and acted on immediately. New version pulled straight away, and fixed version released today. Try and find another vendor that acts so quickly!



  • @robbak said:

     Yeah, great work! A mistake made, and acted on immediately. New version pulled straight away, and fixed version released today. Try and find another vendor that acts so quickly!

    Except that at the time it was announced by several publications, the Firefox site was still offering FF16 downloads from their main page. And just about every vendor acts that quickly these days.



  • Thanks for this. I went and read the relevant Mozilla Security Blog entry and found a comment from somebody with much the same opinion on Mozilla's rapid release insanity as mine. In that comment was a link to an alternative build for Windows called Pale Moon, which looks like exactly what I need as a Firefox 6 replacement for the school I netadmin. I would not have found it without your post. Cheers!



  • @flabdablet said:

    much the same opinion on Mozilla's rapid release insanity as mine

    The folks at Mozilla want to be like Google, it seems. All well and good, but you have to know what you're not so good at. And besides, what Google does is what Google does; doesn't mean it's a good idea. If the folks at Google decide to jump into a ditch, will the people from Mozilla follow? It certainly looks like it.



  • @Soviut said:

    Except that at the time it was announced by several publications, the Firefox site was still offering FF16 downloads from their main page. And just about every vendor acts that quickly these days.
    Maybe it was the publications that were behind, and Mozilla actually fixed the security issue and put the download option back up? Not saying I know they did, just playing devils advocate here...



  • @flabdablet said:

    found a comment from somebody with much the same opinion on Mozilla's rapid release insanity as mine.
     

    There's also a reply to that comment that you ignored for some reason.



  • @toon said:

    The folks at Mozilla want to be like Google, it seems.
     

    AIUI, Mozilla's realised the way in which Chrome is updated is what they were originally aiming for. I don't think they "want to be like Google", I think they wanted their browser update experience to be a similar process to the way in which Google designed theirs.

    @toon said:

    If the folks at Google decide to jump into a ditch, will the people from Mozilla follow?

    I used to hear this argument from school teachers and struggled to understand why they conflated "be like them" to mean "will unconditionally emulate their actions in the hope I will become them". I guess I recognised cargo cultism and strawman attacks from a young age but didn't know what they were called then.



  • @Cassidy said:

    I used to hear this argument from school teachers and struggled to understand why they conflated "be like them" to mean "will unconditionally emulate their actions in the hope I will become them"
     

    It's a typical fallacious slippery slope argument, such as how allowing gay marriage will in time allow people to marry dogs and ice cream (I am not making this up.) (WTF).

    Alternatively, it's an excluded middle argument, or false dichotomy, where one step away form the current position somehow translates to being all the way to the extreme fantasy nonsense far end of what is in fact a spectrum of positions.

    But it's not a straw man, and it's not really cargo cultism as much as it is habit of common expressions, and a good example of how limited expressive power can limit your ability to think.

     



  • @dhromed said:

    @Cassidy said:

    I used to hear this argument from school teachers and struggled to understand why they conflated "be like them" to mean "will unconditionally emulate their actions in the hope I will become them"
     

    It's a typical fallacious slippery slope argument, such as how allowing gay marriage will in time allow people to marry dogs and ice cream (I am not making this up.) (WTF).

    Alternatively, it's an excluded middle argument, or false dichotomy, where one step away form the current position somehow translates to being all the way to the extreme fantasy nonsense far end of what is in fact a spectrum of positions.

    But it's not a straw man, and it's not really cargo cultism as much as it is habit of common expressions, and a good example of how limited expressive power can limit your ability to think.

     

    Point taken, both of you. What I was trying to say (in an admittedly childish way), was that wanting to improve JavaScript speed, and the user interface, like Google did, doesn't mean you also have to speed up your release process like they did. It really feels like a decision was made within Mozilla, that is not good for the product, and that this security hole is a result of that. Before you reply: it's a gut feeling; there are no facts I know of, that I can back that up with.



  • @dhromed said:

    But it's not a straw man, and it's not really cargo cultism as much as it is habit of common expressions
     

    Hmm.. okay.  I was likening the accusations of "if they do something, will you perform the same action because you believe emulating their actions makes you become them" as accusing them of a tentative cargo-cult mentality. Then accusing them of cargo-cultism as being strawman itself.

    Perhaps I strawed in the last one.

    @dhromed said:

    a good example of how limited expressive power can limit your ability to think.

    Wha? *frowns*



  • @Cassidy said:

    @toon said:
    The folks at Mozilla want to be like Google, it seems.
    AIUI, Mozilla's realised the way in which Chrome is updated is what they were originally aiming for. I don't think they "want to be like Google", I think they wanted their browser update experience to be a similar process to the way in which Google designed theirs.
    Wanting to make the update process more like Chrome sounds good on the surface, but in reality, updating Firefox is very different from updating Chrome. The current version of Chrome doesn't look much different than older versions.  It's still a very bare, minimal UI.  Most of the changes have been "under the hood".  Chrome can silently update itself without fear of breaking anything because, from a user standpoint, there's very little to break.  There are far fewer extensions for Chrome than Firefox and Chrome's UI is much less flexable and configurable.

    The truth is, prior to the start of the current nonsense, the average user didn't have a problem with how Firefox was updated. Every few weeks a minor update would come out (3.6.1  to 3.6.2 or whatever) and you knew that it was a minor update and it probably wasn't going to break anything.  And when a major update came out, you knew that you should probably wait a while for updated versions of your extensions to become available.  Now, all that is out the window because every minor update gets a new major version number and this new version might only have minor changes, or, it might have really major changes.  Who knows.  There are a lot of people still using the old 3.6.xx versions of Firefox, not because they are stupid but simply because they don't want to be on what they perceive as a non-stop treadmill of pointless changes..@Cassidy said:

    @toon said:
    If the folks at Google decide to jump into a ditch, will the people from Mozilla follow?
    I used to hear this argument from school teachers and struggled to understand why they conflated "be like them" to mean "will unconditionally emulate their actions in the hope I will become them". I guess I recognised cargo cultism and strawman attacks from a young age but didn't know what they were called then.
    Ever since Chrome started becoming popular, Mozilla has copied many things.  Rapid Version Number Inflation® is just one of them.  Thanks to the tremendous amount of flexability and configurability in Firefox, it has been somewhat easy for people to undo many of the stupid design decisions that have been made in the last couple of years.  But it's still very annoying because none of that would be necessary if the Firefox developers would quit trying to fix things that don't need fixing and quit calling every minor update a major release. 

    It has nothing to do with Straw Men and Cargo Cults.  Mozilla has fallen into the "New Coke" trap.  Trying to make your product more like a competitor who is rapidly gaining market share, not understanding that being different is what made your product attractive in the first place, and, not understanding that making your product more like the competitor's means people have even less reason to use your product.

     



  • @Cassidy said:

    @dhromed said:

    a good example of how limited expressive power can limit your ability to think.

    Wha? *frowns*

     

    If you're used to using certain expressions, you'll utter them on a whim even if you sort of mean something a little more detailed, but it's hard for you to put unto words because you're not used to using anything but that boilerplate expression and thus don't give it a second thought and now your thoughts have lower resolution. That's doubleplus ungood.

     



  • @El_Heffe said:

    Mozilla has fallen into the "New Coke" trap.  Trying to make your product more like a competitor who is rapidly gaining market share, not understanding that being different is what made your product attractive in the first place, and, not understanding that making your product more like the competitor's means people have even less reason to use your product.
     



  • @flabdablet said:

    found a comment from somebody with much the same opinion on Mozilla's rapid release insanity as mine. In that comment was a link to an alternative build for Windows called Pale Moon, which looks like exactly what I need as a Firefox 6 replacement for the school I netadmin.

    Why not the Firefox ESR?



  • @El_Heffe said:

    Most of the changes have been "under the hood".  Chrome can silently update itself without fear of breaking anything because, from a user standpoint, there's very little to break.
     

    That was the vision the Mozilla group wanted to acheive, but didn't fully understand it - until they saw Chrome perform it in practise. By that time, they'd made so many apparent changes on the surface and drawn so much attention to themselves, they'd become a victim of their own chest-beating. I mean, the "awesome bar".. really?

    @El_Heffe said:

    There are a lot of people still using the old 3.6.xx versions of Firefox, not because they are stupid but simply because they don't want to be on what they perceive as a non-stop treadmill of pointless changes.

    Yeah... I was one of those.

    That was the reason I stayed with v2 for so long, until v3 stabilised (and I'd read up how to perform tweaks and customisations to return v2 functionality). I understood the benefits of v3, I understood advancement in technology.. I just failed to see why existing functionality had to change so dramatically and kick a user so far out of their comfort zone that updates/upgrades became a threatening experience.

    Once I was on v3, v4 then 5 then 6 came out almost in the space of a week, and the major numbering system really put me off - I wanted to stick with the comfort of v3 for a bit until I grew accustomed to changes. Plus the fact that the upgrade also required a plugin update and addon-check... the actual upgrade experience wasn't particularly painful but became so frequent I decided I'd luddite for a bit.

    @El_Heffe said:

    It has nothing to do with Straw Men and Cargo Cults.

    Those two expressions were aimed at toon's sentence, not at Mozilla.

     @El_Heffe said:

    Trying to make your product more like a competitor who is rapidly gaining market share

    Surely trying to emulate a competitor who's rapidly gaining market share in the hope that you'll repeat their success is CC mentality? My point wasn't that they are exhibiting CC mentality, just that accusing them of it - and then attacking them for doing it - is strawman.

    ... I think we're beginning to elevate into meta-arguments here. Is there such a thing as the inner-post effect?



  • @dhromed said:

    If you're used to using certain expressions, you'll utter them on a whim even if you sort of mean something a little more detailed, but it's hard for you to put unto words because you're not used to using anything but that boilerplate expression and thus don't give it a second thought and now your thoughts have lower resolution.
     

    Yesss... I know! See "thingy", "awesome" and "like" as examples...



  • @Cassidy said:

    I wanted to stick with the comfort of v3 for a bit until I grew accustomed to changes.
     

    What did you do with the remainder of those 5 minutes?



  • @Cassidy said:

    @dhromed said:

    If you're used to using certain expressions, you'll utter them on a whim even if you sort of mean something a little more detailed, but it's hard for you to put unto words because you're not used to using anything but that boilerplate expression and thus don't give it a second thought and now your thoughts have lower resolution.
     

    Yesss... I know! See "thingy", "awesome" and "like" as examples...

     

    The funny thing is that even though 1984 was trying to illustrate the dressing down of language with a fictional limited set of words, it actually gave the real world a fresh, extra set of expressions.

     


  • ♿ (Parody)

    @dhromed said:

    The funny thing is that even though 1984 was trying to illustrate the dressing down of language with a fictional limited set of words, it actually gave the real world a fresh, extra set of expressions.

    How Orwellian!



  • @boomzilla said:

    How Orwellian!
     

    No... wait... what?



  • @dhromed said:

    @Cassidy said:
    I wanted to stick with the comfort of v3 for a bit until I grew accustomed to changes.
    What did you do with the remainder of those 5 minutes?

    We've established long ago that Cassidy is a Tech Luddite. I'm shocked he ever moved away from Firefox 2 without being forced to at gunpoint.



  • @blakeyrat said:

    @dhromed said:
    @Cassidy said:
    I wanted to stick with the comfort of v3 for a bit until I grew accustomed to changes.
    What did you do with the remainder of those 5 minutes?

    We've established long ago that Cassidy is a Tech Luddite. I'm shocked he ever moved away from Firefox 2 without being forced to at gunpoint.

    Avoiding Firefox upgrades doesn't make someone a tech luddite, not bothering to learn anything about the Linux tools one has to use at work though...



  • @ASheridan said:

    Avoiding Firefox upgrades doesn't make someone a tech luddite,

    Since it's my term I can define it however I want, and I say it does.

    @ASheridan said:

    not bothering to learn anything about the Linux tools one has to use at work though...

    I know how to use the tools. I just don't like them (and where does this "not bothering to learn anything" shit come from anyway?) Did it ever occur to you that the reason I don't like those technologies is because they're all stuff that was obsolete 25 years ago? I'm not a Tech Luddite, I'm a "Tech Modernist". Which is pretty much the exact opposite.

    Look. Microsoft Basic 1.0 on my Mac in 1986 had a GUI debugger with breakpoints, conditional breakpoints, setting breakpoints while executing, an inspector, etc. In 1986. Ruby, in 2012, does not have a debugger that good. This is fucking ridiculous. Fucking. Ridiculous.

    The IT industry is going backwards. I do not, and will not, ever support going backwards.



  • Comment chain in the original PoC post is for the win.


  • ♿ (Parody)

    @blakeyrat said:

    Since it's my term I can define it however I want, and I say it does.

    Humpty Dumpty Blakeyrat strikes again!

    @blakeyrat said:

    I know how to use the tools.

    A quick glance at your recent OPs shows this outrageous statement to be the outrageous statement that it is.



  • @dhromed said:

    What did you do with the remainder of those 5 minutes?
     

    Spent it comparining the differences between FF on the Mac and Windows, as well as under Linux.

    For some reason they can't decide whether the menu options should follow the OS or the app, so arrive at some half-way point that does both badly.



  • @blakeyrat said:

    @ASheridan said:
    Avoiding Firefox upgrades doesn't make someone a tech luddite,

    Since it's my term I can define it however I want, and I say it does.

    @ASheridan said:

    not bothering to learn anything about the Linux tools one has to use at work though...

    I know how to use the tools. I just don't like them (and where does this "not bothering to learn anything" shit come from anyway?) Did it ever occur to you that the reason I don't like those technologies is because they're all stuff that was obsolete 25 years ago? I'm not a Tech Luddite, I'm a "Tech Modernist". Which is pretty much the exact opposite.

    Look. Microsoft Basic 1.0 on my Mac in 1986 had a GUI debugger with breakpoints, conditional breakpoints, setting breakpoints while executing, an inspector, etc. In 1986. Ruby, in 2012, does not have a debugger that good. This is fucking ridiculous. Fucking. Ridiculous.

    The IT industry is going backwards. I do not, and will not, ever support going backwards.

     

    Then why do you still continue to use such inadequate tools? You only have yourself to blame for that. There are plenty of languages and tools with far better debuggers. 

     



  • @mt@ilovefactory.com said:

    Then why do you still continue to use such inadequate tools? You only have yourself to blame for that. There are plenty of languages and tools with far better debuggers. 

    Jesus we've gone over this 474357,03492324,304254257235432 times already.

    Because at work I was assigned to fix a problem with this already developed product. The alternative to working with their tools would have been to re-write the entire project from scratch, which would have been an even bigger WTF.

    And if it makes you clowns feel better, due to this incident (and numerous others like it), I'm currently interviewing for other companies. When I was hired here, the pitch was that I'd be able to build my own project from scratch using whatever tools I felt most appropriate; the company has not followed-through with that pitch so I'm leaving.



  • @barfoo said:

    Why not the Firefox ESR?

    Mainly because the Pale Moon dev's suspicion and distrust of gratuitous UI innovation is a better match for the preferences of the users I support.


  • Trolleybus Mechanic

    @blakeyrat said:

    Jesus we've gone over this 474357,03492324,304254257235432 times already.

    @blakeyrat said:

    And if it makes you clowns feel better, due to this incident (and numerous others like it), I'm currently interviewing for other companies.
     

    Wait, we got you fired?

    We must use this power only for good. I propose: getting snoofle fired, and using his severance package for some anti-Stockholm Syndrome therapy.



  • @Lorne Kates said:

    Wait, we got you fired?

    No. In fact my boss loves me because I fixed the problem with that Ruby project faster than the "expert" on Ruby could.

    Are you people really this terrible at logic? Or I guess that was supposed to be the world's least funny joke?


  • ♿ (Parody)

    @blakeyrat said:

    Are you people really this terrible at logic? Or I guess that was supposed to be the world's least funny joke?

    Is there evidence that Lorne has ever posted something that wasn't some sort of joke? I thought it wasn't terrible. It kinda played off the whole, "due to this incident," which makes it sound like something bad happened.



  • @blakeyrat said:

    Or I guess that was supposed to be the world's least funny joke?
     

    SI SENOR



  • @El_Heffe said:

    It has nothing to do with Straw Men and Cargo
    Cults.  Mozilla has fallen into the "New Coke" trap.  Trying to make your
    product more like a competitor who is rapidly gaining market share, not
    understanding that being different is what made your product attractive
    in the first place, and, not understanding that making your product more like the competitor's
    means people have even less reason to use your product.

    Bingo.

    There's a strong tendency in today's IT design world to equate any UI change with UX improvement, and UI stability with undesirable UX stagnation. But it seems to me that any new UI needs to be clearly and unambiguously better to make it justifiable, especially in software that's provided by a workplace and managed centrally. End users hate being surprised by a sudden need to come to grips with a UI that's been changed underneath them since they came to work yesterday, and quite rightly so; the time to play with and explore a new UI is when you choose to and/or during a training session, not when you fire up what you thought was a familiar tool in order to get some work done.

    I had originally picked Firefox as the default browser for my site because (a) it wasn't IE6 and (b) it was easy to install an ad blocker in it. The change caused at least some pain, as most of my users were pretty rusted onto IE which they thought of as "The Internet". But it also meant that instead of spending 90% of my time at the school cleaning up after browser-borne malware, I became much more responsive to other concerns and gained time to start a program of ongoing infrastructure improvements. In hindsight, Firefox was a bloody good choice.

    But once Chrome appeared and the Firefox UX team got a hardon for the minimalistic UI look, I found myself needing to spend quite a lot of time explaining things and/or finding automated ways to roll back the altered UI defaults. I got sick of that at FF6 and have not updated the school browsers since. We've suffered no sploits - yet. Which is why I'm happy to find Pale Moon: though it may not release security updates quite as quickly as Mozilla does, it will be a hell of a lot less insecure than sticking with a browser that's more than a year old plus I won't be wasting time training people to deal with UI changes that have only marginal benefit if any.



  • @boomzilla said:

    It kinda played off the whole, "due to this incident," which makes it sound like something bad happened.
     

    Why are you explaining the joke.

    What I mean is get back in the kitchen and make some veal.


  • Trolleybus Mechanic

    @dhromed said:

    @boomzilla said:

    It kinda played off the whole, "due to this incident," which makes it sound like something bad happened.
     

    Why are you explaining the joke.

    What I mean is get back in the kitchen and make some veal.

     

    Veal is murder! Just bring me the whole baby cow, and I'll joke it into suicide. Then Blakey can cook it.

    Savages.

     


  • ♿ (Parody)

    @dhromed said:

    Why are you explaining the joke.

    It's fun to talk about stuff that blakeyrat doesn't understand.

    @dhromed said:

    What I mean is get back in the kitchen and make some veal.

    I will. You should try it.


  • ♿ (Parody)

    @Lorne Kates said:

    Veal is murder!

    Tender, tasty murder.



  • @boomzilla said:

    @Lorne Kates said:
    Veal is murder!
    Tender, tasty murder.
    Not if they fight it...  The same for horses, which is why I always use a button-fly bolt gun.



  • @flabdablet said:

    it seems to me that any new UI needs to be clearly and unambiguously better to make it justifiable

    Cue gratuitous and completely off topic Win8 comment


  • BINNED

    @El_Heffe said:

    Mozilla has fallen into the "New Coke" trap.
    I'm not sure it was a trap, as opposed to a way to switch to corn syrup without dealing with complaints about the taste.



  • @jaloopa said:

    Cue gratuitous and completely off topic Win8 comment

    On it.



  • You know your release cycle is a bit off when Microsoft sends you gradually smaller cakes, to the point where the cake does not physically exist.



  • @Lorne Kates said:

    Veal is murder! Just bring me the whole baby cow, and I'll joke it into suicide. Then Blakey can cook it.

    Savages.

    IWPTA "Sausages".

     



  • @ASheridan said:

    @Soviut said:

    Except that at the time it was announced by several publications, the Firefox site was still offering FF16 downloads from their main page. And just about every vendor acts that quickly these days.
    Maybe it was the publications that were behind, and Mozilla actually fixed the security issue and put the download option back up? Not saying I know they did, just playing devils advocate here...

    Anything's possible, but tech publications aren't exactly slow to press. Several said "at the time of publication, FF16 is still available for download on their main page". So it seems unlikely that there was some huge delay between the crafting of a 4 paragraph article and it going live.



  • @Cassidy said:

    @dhromed said:

    If you're used to using certain expressions, you'll utter them on a whim even if you sort of mean something a little more detailed, but it's hard for you to put unto words because you're not used to using anything but that boilerplate expression and thus don't give it a second thought and now your thoughts have lower resolution.
     

    Yesss... I know! See "thingy", "awesome" and "like" as examples...

    See also "amazing", you can practically play a drinking game to that word by watching most channels. Only play it while watching Food Network if it's a weekend since you won't be waking up for work in the morning.

    Incidentally, http://insteadofamazing.com/



  • @Soviut said:

    See also "amazing"
     

    That's not really hit this side of the pond yet. Just a matter of time, though.

    @Soviut said:

    Incidentally, http://insteadofamazing.com/

    Hmm... seen that before somewhere.

    Oh.. look what I found: words to use instead of "awesome" and a productive use of overused terms...

     



  • @flabdablet said:

    Thanks for this. I went and read the relevant Mozilla Security Blog entry and found a comment from somebody with much the same opinion on Mozilla's rapid release insanity as mine. In that comment was a link to an alternative build for Windows called Pale Moon, which looks like exactly what I need as a Firefox 6 replacement for the school I netadmin. I would not have found it without your post. Cheers!

    You may also want to have a look at Waterfox, which is a 64-bit-optimised version of Firefox.


  • Trolleybus Mechanic

    @Soviut said:

    See also "amazing", you can practically play a drinking game to that word by watching most channels. Only play it while watching Food Network if it's a weekend since you won't be waking up for work in the morning.

    Incidentally, http://insteadofamazing.com/

     

    Try this: take a drink anytime a show or commercial uses the word "conversation". Triple that if they use "Facebook" or "Twitter" in the same sentence.

    You work on that, I'll start filling out the paperwork for your liver transplant and angryectomy surgery.


Log in to reply