Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Firefox bullshit

If none of the specific sub-forums seem right for your thread, ask here.
Message
Author
pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: Firefox bullshit

#16 Post by pcalvert »

bw123 wrote: Do you think you could downgrade? The old ver is still in the repo I just checked...
If possible, it would be better to switch to Palemoon or SeaMonkey.

Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: Firefox bullshit

#17 Post by bw123 »

pcalvert wrote:
bw123 wrote: Do you think you could downgrade? The old ver is still in the repo I just checked...
If possible, it would be better to switch to Palemoon or SeaMonkey.

Phil
I've been trying to find out why, if you have time can you explain a little better?
resigned by AI ChatGPT

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: Firefox bullshit

#18 Post by stevepusser »

Because they still support the XUL extension format that Firefox Quantum disposed of, plus they still get security updates.
MX Linux packager and developer

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Firefox bullshit

#19 Post by Head_on_a_Stick »

Does Palemoon offer e10s?
deadbang

User avatar
None1975
df -h | participant
df -h | participant
Posts: 1388
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 45 times
Been thanked: 64 times

Re: Firefox bullshit

#20 Post by None1975 »

M51 wrote:Just did an apt-get upgrade on Stretch and got my Firefox replaced with the new Quantum bullshit...and all my add-ons are gone.
You are unconcerned person. A cultured person will not write this.
M51 wrote:I can downgrade.
Maybe, but downgrading is not officially supported by the Debian by design. It should be done only as a part of emergency recovery process.
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: Firefox bullshit

#21 Post by stevepusser »

Head_on_a_Stick wrote:Does Palemoon offer e10s?
I'm fairly certain that's restricted to Firefox.
MX Linux packager and developer

milomak
Posts: 2158
Joined: 2009-06-09 22:20
Been thanked: 1 time

Re: Firefox bullshit

#22 Post by milomak »

so the op failed to do his research about firefox and this is debian's fault :lol:
Desktop: A320M-A PRO MAX, AMD Ryzen 5 3600, GALAX GeForce RTX™ 2060 Super EX (1-Click OC) - Sid, Win10, Arch Linux, Gentoo, Solus
Laptop: hp 250 G8 i3 11th Gen - Sid
Kodi: AMD Athlon 5150 APU w/Radeon HD 8400 - Sid

M51
Posts: 397
Joined: 2013-05-13 01:38

Re: Firefox bullshit

#23 Post by M51 »

milomak wrote:so the op failed to do his research about firefox and this is debian's fault :lol:
Wrong on all counts. I've long been aware of Firefox Quantum's chicanery and yes the issue is Debian's fault for reasons I'll explain.

Is it the end of the world? No, it just pissed me off briefly. I've long since recovered.

*STABLE* - does not follow bleeding edge. Versions of working software are not replaced higgledy-piggledy, but rather (to quote debian itself) "Stable is recommended for applications requiring production-level stability and security". As such, versions are typically not changed unless necessary.

Now, we all know browsers are the worst of all possible worlds - security nightmare giant balls of insecure code doing nasty insecure things in quite probably the worst possible way. So updates are important. This is without question.

So...either keep up with the latest Mozilla supported nightmare or languish in vulnerability hell.

...but...

Removing add-ons unquestioningly also creates security problems.

So...what's the right thing to do?

firstly: Doing apt-get upgrade on a stable system should not leave a system in a less secure state ***WITHOUT INFORMING THE USER***.

No one should need to research every package update in stable. To insist that is to be stupid and/or disingenuous.

There are *CORRECT* ways of handling a situation like this:

1) Continue with the current version and take the responsibility for patching the vulns. This is apparently so momumental of a task involving the major browsers that we should probably ask ourselves why we trust such unmanageable software to do anything at all, let alone play a central role in our daily lives. I do not blame Debian for not pursuing this path.

-or-

2) Update the version and during the upgrade inform the user that their system will be left in a vulnerable state until action is taken.

Unfortunately, option two was chosen but no notification given. This is a failure of the Debian maintainer's making. The bug that bw123 linked to only reinforces this.

I'd really expect this in something like Arch, or Fedora, but not Debian. Well, not until now...I guess I do now.

milomak
Posts: 2158
Joined: 2009-06-09 22:20
Been thanked: 1 time

Re: Firefox bullshit

#24 Post by milomak »

you are conflating your personal options with the security of a bare esr 52 and esr 60

that is debian's responsibility

please detail how esr 60 without add ons is more compromised that esr 52?
Desktop: A320M-A PRO MAX, AMD Ryzen 5 3600, GALAX GeForce RTX™ 2060 Super EX (1-Click OC) - Sid, Win10, Arch Linux, Gentoo, Solus
Laptop: hp 250 G8 i3 11th Gen - Sid
Kodi: AMD Athlon 5150 APU w/Radeon HD 8400 - Sid

M51
Posts: 397
Joined: 2013-05-13 01:38

Re: Firefox bullshit

#25 Post by M51 »

milomak wrote:you are conflating your personal options with the security of a bare esr 52 and esr 60

that is debian's responsibility

please detail how esr 60 without add ons is more compromised that esr 52?
Non-sequitur. User settings are an integral portion of system security.

You are suggesting the equivalent of updating to a newer kernel is justified in wiping out your iptables rules just because 'the new version is 'less compromised'. That's insane. Especially when all it takes is a message during the update to rectify the problem. packages do this *all the time*.

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: Firefox bullshit

#26 Post by debiman »

i might agree that Firefox should make the warning more prominent: after this upgrade, most addons will stop working.
but i wouldn't expect debian maintainers to rewrite firefox just for that.
maybe the warning should have been added during the upgrade process, just like apt does with changed config files etc.
but then again, those addons are completely outside debian's package management...
nah, this is still a fly, you won't be able to make an elephant out of it.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Firefox bullshit

#27 Post by Head_on_a_Stick »

@OP: please stop shouting, it is unseemly.

You do know there are no Debian Developers here, right?
deadbang

M51
Posts: 397
Joined: 2013-05-13 01:38

Re: Firefox bullshit

#28 Post by M51 »

debiman wrote: i wouldn't expect debian maintainers to rewrite firefox just for that.
Who suggested that? It isn't necessary. Debian packages have the ability to display important messages to users during updates. That is precisely something the maintainer would have sole control over.
debiman wrote: those addons are completely outside debian's package management...
No they aren't. (xul-ext-noscript, xul-ext-useragentswitcher, xul-ext-requestpolicy, etc.)

With the exception of my custom add-ons, the others are all controlled by Debian's package management. But even if they weren't, it's an important (and forseeable) enough change to the core application to justify a message.
debiman wrote: nah, this is still a fly, you won't be able to make an elephant out of it.
Meaningless strawman. What elephant would that be, exactly?

Simply put, the Debian maintainer for Firefox f$%&ed up and I posted my displeasure. I even know Debian developers don't hang around here..at least not officially.

Why post it? Why not? I felt like saying something and I did. Nothing more to it than that.

I don't even particularly care anymore, but it certainly seems there are some people determined to defend/misunderstand things they know little about (not you specifically).

Edit: If I could go back and change my original post - the only thing I'd change is that I'd put it under General Discussion instead of General Questions. That was an honest mistake.

franky44
Posts: 17
Joined: 2018-09-18 12:10

Re: Firefox bullshit

#29 Post by franky44 »

Dai_trying wrote:I think a refund is in order here, you should write to the developers and request this, I am sure they would oblige. :D


LMAO :lol:

Mighty funny.

Caitlin
Posts: 329
Joined: 2012-05-24 07:32
Has thanked: 3 times
Been thanked: 2 times

Re: Firefox bullshit

#30 Post by Caitlin »

I have to agree with what M51 is saying (although certainly not the way he said it). I'm contemplating doing an upgrade, but want to know: is there some way to upgrade my system EXCEPT FOR FIREFOX? I don't care if my current release of Firefox is EOL, DOA, RIP, or GTH (gone to hell); or if it has enough security holes to supply a cheese factory for some time. I just want to keep what I've got for the time being.

Caitlin

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Firefox bullshit

#31 Post by Head_on_a_Stick »

Caitlin wrote:Iis there some way to upgrade my system EXCEPT FOR FIREFOX?
Try pinning it, see apt_preferences(5) for the method.

Disclaimer: untested, I would *never* run an outdated browser.
deadbang

Caitlin
Posts: 329
Joined: 2012-05-24 07:32
Has thanked: 3 times
Been thanked: 2 times

Re: Firefox bullshit

#32 Post by Caitlin »

@Head_on_a_Stick: So I would create a file

Code: Select all

/etc/apt/preferences
and in it put

Code: Select all

Package: firefox*
Pin: *
Pin-Priority: -5
And then do an update, an upgrade, and a distroy-upgrade [just kidding about that last one] as usual?

Caitlin

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Firefox bullshit

#33 Post by Head_on_a_Stick »

-5 seems a bit strange, -1 would do.

Anyway, try it and see, I run stable (+backports) on the family laptop and I don't want to play with the preferences.
deadbang

Bulkley
Posts: 6383
Joined: 2006-02-11 18:35
Has thanked: 2 times
Been thanked: 39 times

Re: Firefox bullshit

#34 Post by Bulkley »

Caitlin wrote: I just want to keep what I've got for the time being.
When I want to keep a package I do

Code: Select all

sudo apt-mark hold <package-name>
Check here.

That's not all you need to do in this case. Study the link on pinning that Head_on_a_Stick posted above.

Other options: There are other browsers available that are based on older versions of Firefox. Waterfox and Pale Moon are very good. You could install one and import your Firefox settings and bookmarks. You might be more comfortable with one of these. Admittedly, Firefox Quantum is a not always welcome change.

User avatar
VentGrey
Posts: 171
Joined: 2016-04-26 23:57
Location: Guanajuato México

Re: Firefox bullshit

#35 Post by VentGrey »

Removing add-ons unquestioningly also creates security problems.
(1) But this is not Debian's fault, there is nothing EXPLICITLY stated that removes user's add-ons, Debian devs never said/wrote any code that could be translated to "Hey, let's remove all user's add ons"
and if we have to call names then the ones to blame here are the Mozilla devs with their "Quantum" release, which removed some essential components used by popular/useful extensions, if you want to go up one level and blame someone then you should blame your extension devs because they did not upgrade their extensions to work with Quantum, but then again, blaming devs here is a faulty argument.
firstly: Doing apt-get upgrade on a stable system should not leave a system in a less secure state ***WITHOUT INFORMING THE USER***.
The source of information was there a long time ago, as another user said earlier, that upgrade WAS in fact announced.
If your complain is that synaptic or whatever you used to upgrade your system did not inform you that's another story, if you need to see changes before an upgrade there is always

Code: Select all

apt-listchanges 
to read the latest changelog that the maintainers write, again, the Firefox upgrade was indeed announced, in this case it is the user's fault for not reading the distro's news or announcements, and just as a matter of fact, the extensions you install/write are your responsability to maintain or replace in any case, even if upstream releases an update. So that "security downgrade" should be fixed by you, not debian devs.
No one should need to research every package update in stable. To insist that is to be stupid and/or disingenuous.
In that case Debian devs shouldn't research every user they have, it is equally stupid to maintain an EOL version for 1 or 2 users that won't affect debian if they leave out of millions our there who do search
alternatives, to claim that the user shouldn't know what is he/she using and what changes it could present over the course of time it's just as stupid.

1) Continue with the current version and take the responsibility for patching the vulns.
CVE's are not the only concern on EOL versions, there could be some other issues like compat versions between extensions, dependencies & even web standards (Look at promises on Palemoon).
I do not blame Debian for not pursuing this path.
me neither.
Update the version and during the upgrade inform the user that their system will be left in a vulnerable state until action is taken.
Again, that "vulnerable" state you're talking about is very relative in your case, if you claim to browse with all those extensions & proxies then YES, you are in a higher security level and extensions not working could decrease it, unfortunately not all users browse that way, in face if we put ourselves in their shoes then we could add a fancy dialog informing them that they have a much secure browser.

As I said earlier, informing or making "special cases" for one or two users are and will never be worth it.
Unfortunately, option two was chosen but no notification given. This is a failure of the Debian maintainer's making. The bug that bw123 linked to only reinforces this.
Also the user's fault for not reading in this case, besides the maintainers fix issues when they can, and they mostly package & patch, if there are still doubts please return to (1).
I'd really expect this in something like Arch, or Fedora, but not Debian. Well, not until now...I guess I do now.
These aren't the Arch or the Fedora Forums, If you don't like the way Debian works you can always switch distros. :mrgreen:
I would exchange everything I know in exchange for half of what I don't.

Post Reply