A Few Firefox 3 Followups

An anonymous reader writes "Using data generated by the Mozilla Firefox download pledge page, the map on this blog post ranks countries, not by absolute number of pledges made, but rather on a per capita basis. This analysis yields some interesting conclusions about where open source is strongest and weakest." Anonymous Warthog writes "That didn't take long. In a blog posting from the TippingPoint DVLabs security team (of Kraken and CanSecWest hacking contest fame), they confirmed that they reported a vulnerability in Firefox 3.0 to Mozilla a mere five hours after it was released. Additionally, there was a posting on the Full Disclosure security mailing list from someone that purports to have another vulnerability in the works as well. In the grand scheme of things, this probably means nothing to the general security of Firefox, but you can be sure the browser zealots on all sides will be watching carefully." Finally, from reader Toreo asesino: "Microsoft have congratulated the Mozilla team by sending them their second cake (minus recipe) to Mozilla's Mountain View headquarters to congratulate them on shipping FireFox 3, which went live right on time last night." Congratulations are indeed due on both the browser and the release process — looks like the Firefox fever (despite some seriously taxed servers) resulted in more than 8 million downloads in 24 hours.

Is it finally safe to download?

[WaltBusterkeys]

I gave up yesterday after a few too many server errors.

That said, the map of countries is pretty cool. Ignoring the island micro-nations (the Falkland Islands won with 2% of 3000 people pledging to download), it's interesting to see how high Firefox penetration is in Eastern Europe. I wonder if that's a function of very connected economies without a lot of love for Microsoft and a strong desire for free software?

Oh, and good luck to the Firefox team trying to save the "E" logo from this year's cake! That thing is HUGE!

Hey timothy:

[larry bagina]

What happened to backslash? [slashdot.org]

Why is this considered a world record?

[Anonymous Coward]

Adobe has routinely hit greater than 10 million [eweek.com] downloads per day.

There are other companies as well. Hell, what about MS updates? How many of those bastards get downloaded on Patch Tuesday?

This is a fake attempt at a record.

Foolish idea: Millions of downloads on the 1st day

[Futurepower(R)]

It wasn't very smart to encourage millions of downloads when it was very likely there would be bugs.

Well done Mozilla People

[Toreo asesino]

...and indeed everyone that contributed towards FireFox project. You have set the bar very high for others to follow, and more importantly, you have proved that OSS model can be both financially prosperous and highly desirable to normal users too.

And at the end there was cake too!

Re:If it ain't broke don't fix it.

[moore.dustin]

Nah. It saves all that stuff for you. It even saved my session from FF2 to FF3.

This browser is much more responsive than FF2. My performance in Gmail is much improved. The memory leak was not fixed, but it was finally addressed it seems. The memory usage still creeps up very high, but it takes much longer to reach the point of a performance hit than before. The memory leak was/is my biggest issue with FF and as far as I can tell with FF3, it may be only a minor annoyance... which I am happy to have when compared to the numerous Force Quits needed per day with FF2.

CPU hogging bug not fixed: Top 20 excuses

[Futurepower(R)]

"The memory leak was not fixed, but it was finally addressed it seems. The memory usage still creeps up very high, but it takes much longer to reach the point of a performance hit than before."

It's actually not just a memory leak. It is a CPU hogging bug, also.

Since that bug is now 7 years old, and still not fully fixed, I suppose I should post my list of Firefox developer excuses again. The list is not complete. There have been other excuses that I haven't had time to add to the list.

Firefox Developer Top 20 Excuses
for Not Fixing the Firefox Memory
and CPU Hogging bugs.

These are actual excuses given at one time or another.

1. Maybe this bug is fixed in the nightly build. [The same memory and CPU hogging bug has been reported many, many times over a period of seven years.]
2. Yes, this bug exists, but other things are more important. [The bug eventually takes 100% of CPU power, and makes Windows XP unusable, even after Firefox is killed. The bug affects the heaviest users of Firefox.]
3. Yes, this bug exists, but it is not a common occurrence. [Numerous users have reported the bug. See the links.]
4. Works for me. [The bug is complicated to reproduce, so the developers did a simplified test, which didn't show the bug.]
5. No one has posted a TalkBack report. [If they had read the bug report, they would know that there is never a TalkBack report, because the bug crashes TalkBack, too, or a TalkBack report is not generated. TalkBack does not generate a report if Firefox is hogging the CPU. TalkBack cannot generate a report if the bug takes 100% of the CPU time.]
6. If you would just give us more information, we would fix this bug. [They didn't bother to reproduce the bug using the detailed information provided.]
7. This bug report is a composite of other bugs, so this bug report is invalid. [The other bugs aren't specified.]
8. You are using Firefox in a way that would crash any software. [But the same use does not crash any version of Opera.]
9. I don't like the way you worded your bug report. [So, he didn't read it or think about it.]
10. You should run a debugger and find what causes this problem yourself. [Then when you have done most of the work, tell us what causes the problem, and we may fix it.]
11. Many bugs that are filed aren't important to 99.99% of the users.
12. If you are saying bad things about Mozilla and Firefox, you must be trolling. [They say this even though Firefox and Mozilla instability is beginning to be reported in media such as Information Week. See the links to magazine articles in this Slashdot comment: Firefox is the most unstable program in common use [slashdot.org].]
13. Your problem is probably caused by using extensions. [These are extensions advertised on the Firefox and Mozilla web site, and recommended.]
14. Your problem is probably caused by a corrupt profile. [The same bug has been reported many times over a period of five years. One of the reports discusses an extensive test in both Linux and Windows that used a completely clean installation of the operating systems, not just a clean profile. The CPU hogging bug and instability was just as severe.]
15. If you are technically knowledgeable, you can spend several hours (or days) trying to discover the problem: Standard diagnostic - Firefox [mozillazine.org]. [Firefox has "Standard Diagnostics". It has become accepted that some users will have severe problems. !!! ]
16. I won't actually read the (many) bug reports, but I will give you some complicated technical speculation. [This pretends to be helpful but, on investigation, is shown to have nothing to do with the bugs.]
17. It's understandable that Firefox developers become defensive when users report so many problems.
18. To spend smart developers' time going over reports of bu

Download safe, but useless

[Roadkills-R-Us]

One of the strengths of Firefox for some time has been that right out of the box, the binary just ran on lots of Linux versions. With FF3 (starting with betas) they broke this.

A non-trivial portion of the commercial and research Linux user base has to stick with EL4 or a source rebuild from CentOS, Scientific Linux or whatever because of third party tool support requirements. And not everybody wants to upgrade their OS just because a new browser is out.

FF3 requires a pretty new library (libpangocairo 1.0). I spent an hour trying to come up with it this afternoon for my 100+ users. No luck so far.

The firefox team really let us down big time. We've been anxiously awaiting this release because it's supposed to solve the memory bloat problems (several of us here have to restart the browser several times a week because it's consumed insane amounts of RAM).

Re:Is it finally safe to download?

[anaesthetica]

Comparing pledges against raw population I think is misleading. 1) Pledges don't reflect the actual download numbers, and 2) In many countries, the internet-using % of the population is actually quite low due to poverty.

A better gauge of Firefox's penetration would be to look at actual downloads [spreadfirefox.com] against number of internet users [cia.gov] in a given country.

Maybe slightly OT

[sunami88]

Has anyone else had the mysterious "cookies disappearing" problem?

Neither of the RC's, or the Beta 5 that I tried had this problem. I have googled and it seems a few other people are having the same problem, but I've yet to find a fix.

It's really quite annoying. I've tried loading up in Safe Mode (no extensions), but even then my cookies just "vanish", seemingly after a random amount of time. I'm also having a problem with Foxmarks (endlessly syncing but not actually syncing), but I guess the Foxmarks devs will bang that one out soon.

Overall my followup is I'm not too impressed. Might just go back to RC2...

Re:Download safe, but useless

[Chirs]

Applications should be able to work with reasonable installations. Especially a browser, which is one of the more critical apps on most systems.

There's a fairly significant installed base of "enterprise" linux distros out there that are still using older versions of libraries. FF2 works just fine on these systems, but FF3 breaks that compatibility.

At the very least it would have been nice to be able to obtain a version that statically links in libpangocairo.

By not providing some solution for this problem, the Mozilla Foundation is depriving themselves of a significant number of users.

Re:Awesomebar?

[springbox]

I actually really like the new address bar. Now I know how those people who like Vista must feel.

Re:Download safe, but useless

[Roadkills-R-Us]

They got a fair number of complaints about this in beta. As far as I can tell from searching their site, they pretty much blew it off. I certainly couldn't find anything helpful WRT resolving this, other than "upgrade, dude".

An upgrade cycle is a major effort in an environment like ours, requiring testing with dozens of EDA tools and a variety of desktop apps. An upgrade that breaks a vendor tool or even access to critical docs, or that requires us to rebuild tools, modify user configs, etc, impacts schedules in a negative way, which means major headaches for everyone. 150+ desktops, 150+ compute farm systems. And don't even get me started on fixes that require users to restart X or reboot. High powered engineers working 80 hour weeks, some running things that require hours to set up? You have no clue what you're talking about when you blithely suggest upgrading.

And switching is not an option. Our app vendors support their apps on very few OSes. Typically one or two versions of EL and one or two SUSe. That's it. Ubuntu and Fedora aren't even in the picture.

When we upgraded most of the company from EL3 to EL4, we lost about a week. That's extremely expensive.

Cake is a commercial for IE, no mention of Firefox

[julie-h]

Please understand why MS sends the cakes!

The cakes doesn't mention Firefox or Mozilla in any way, but very clearly IE. Hence, MS sends the cakes not to congratulate Mozilla, but to get Mozilla to advertise for IE.

Very clever move by MS!

Re:Download safe, but useless

[Eil]

One of the strengths of Firefox for some time has been that right out of the box, the binary just ran on lots of Linux versions. With FF3 (starting with betas) they broke this.

I downloaded Firefox3, untarred it it to my desktop, and it ran just fine.

A non-trivial portion of the commercial and research Linux user base has to stick with EL4 or a source rebuild from CentOS, Scientific Linux or whatever because of third party tool support requirements. And not everybody wants to upgrade their OS just because a new browser is out.

I posit that open source application developers should not be expected to support every OS that might be in use at the time of release. This is basically how the open source world works: Project X releases a stable version of their source code and then the distribution developers port, test, and package the software for use with their specific distribution.

Since RHEL5/CentOS 5 has been out for quite some time, RHEL4 and variants are considered legacy OSes in many circles, especially when it comes to the fast-changing world of the Linux desktop. It's not fair to blame the Firefox devs for linking against a library that brings them many benefits and new features but might not happen to come pre-installed on any number of old distributions. If anyone's to blame here, it's your "third party tool" vendor because they're locking you into a distribution that rapidly becoming unsupported by the rest of the world.

Re:Warning: clear history before updating from FF2

[Acer500]

Is the awesomebar and the URLs it quick-fetches(?) customizable?

Sounds nice but it could be annoying (and potentially embarassing).

From what you say, I'd actually want to keep my history so it already recognizes my surfing habits (if I understood correctly...).

Re:Download safe, but useless

[BZ]

Last I checked no more than 2-3% of Linux users get Firefox from Mozilla directly. The rest get it through their distro.

Distros do in fact plan to create versions that statically link in not just libpangocairo but also GTK (because of the 2.10 dependency).

Re:Awesomebar?

[Anonymous Coward]

What could you do with the old address bar that you can't do now?

Be reasonably sure what URLs would and, more importantly, *wouldn't* show up when you start to type. I only started allowing my browser to maintain any kind of history after discovering Stealther [mozilla.org]. For those who still don't, the awesomebar may be a problem.