Once again ...
... I'm ever so happy that Slackware exists. Just as up to date as the rest, but so, so much easier to keep that way.
Seriously ... needs a GUI and a browser to update the OS? WTF‽‽‽
Debian is having problems with a current version of Firefox that leaves users with a dangerously outdated browser. One of the grey-bearded elders of the Linux distro world, Debian has had issues with Mozilla before. For years, it built its own forks of the Mozilla apps – Iceweasel, Icedove, Iceape, and Iceowl – because of a …
As far as I know apt is a command line tool - so I have no clue what you are referring to.
The problem I have with slackware is that installing/updating software can take a long time on slow machines, and that you always have the latest and greatest software - bugs and all. Debian "stable" is really stable and boring. I like it that way. Also apt is very reliable, the chances of leaving installed packages in an ill defined state are slim. It's a robust system,which I value.
Great that we have the freedom to choose and prioritise certain aspects!
Slackware-stable doesn't have the "latest and greatest" (whatever that means).
Slackware-current is quite up to date and modern (whatever that means).
-stable is just that. Comes with kernel 4.4.276 and mozilla-firefox-68.12.0esr. It just works.
-current is the dev branch (some distros call it a rolling release). It also just works. Comes with kernel 5.15.7 and mozilla-firefox-91.4.0esr ... these are subject to change. Will eventually become Slackware 15.
They were referring to "You can't install or manage GNOME extensions using either a Snap or Flatpak packaged version of Firefox." Which you could respond to if you had read the article, or had considerately re-read upon seeing their comment. I would have no idea.
So we have a mismatch between the idea of "evergreen browsers" (or at least deciduous) versus the idea of a frozen OS. And Debian have no guidelines established how to overcome the mismatch?
This isn't a problem with Debian, it's a problem with Firefox for insisting on such a rapid release cycle even for ESR, and it's a problem with Snap/Flatpak for not playing nicely with system packages. Snap should never conflict with system packages - the whole point is to make it OS independent. Make the executable name `snap-firefox` for example.
Snap is an Ubuntu abomination that needs to die. Installing a Snap is not "updating the OS". It is installing a containerised software with all its dependencies in a very inefficient and functionally-limited way, just so that it can be independent of the OS, and "unhackable" by the user.
Installing a snap/flatpak for open source software should NEVER be necessary. It's main use case is for DRM/proprietary software, and that's why Shuttleworth is trying to foist it onto Ubuntu - he can make money from it.
There has never been a requirement for a web browser "to update the OS". But GNOME doesn't function without a web browser. So if you remove firefox, then you need to install GNOME's browser. You can't make GNOME use a Snap version of Firefox because Snap is Crap. It's containerised and GNOME simply can't access it in the way that it needs to.
(Also: The article didn't mention the obvious solution: use KDE and chromium, or use KDE and build Firefox from source.)
> Debian "stable" is really stable and boring. I like it that way.
I like stable and boring too.
Unfortunately, Debian also has a tendency to modify software, sometimes with a large chainsaw, to make it fit the Debian way of doing things. Decisions which the software author made (with thought and care) are overridden, meaning that package X which works in a particular way when built from source, and when installed on most other distros, works differently when installed as a Debian package. This is the origin of the Firefox / Iceweasel conflict. Debian modified the software so much that it was no longer the same thing that Mozilla released - to the point that it was doing reputational harm to Mozilla to call it "Firefox".
Debian's attitude that "we know better than the software author" is pervasive. It resulted in the infamous "improvement" to SSH key generation code which removed almost all randomness, leaving it only ever selecting from a few possible keys.
References: The Register | xkcd 221 | xkcd 424
Why doesn't this article mention installing Firefox by downloading it from mozilla.org, which is actually the best way to install it IMHO. For many desktop applications which get updated frequently the preferred way of installing them is directly from the vendor unless there's some overriding or exceptional need to do otherwise.
Also, the article mentions nothing about the non-free Debian repository, which a desktop user is almost certainly going to want to enable, unless again there's some overriding or exceptional situation.
Generally, I prefer to rely on a distribution's own updates rather than a direct download & install from its own site; just because it saves me that extra step, and the packaging is done right.
However, the direct download option is certainly useful. I have a slackware 14.2 install which hasn't had its own firefox package updated for some considerable time (14.2 is not so new any more, and there are apparently some incompatibilities that firefox insists on :-).
However, I can unpack a direct download of even the latest firefox into it's own directory and run it from there with no problems.
[Article author here]
> Why doesn't this article mention installing Firefox by downloading it from mozilla.org, which is actually
> the best way to install it IMHO.
OK. You are of course entirely welcome to your opinion.
Why did I not mention it?
Because Mozilla does not publish distro packages, just tarballs (AFAIK).
I do not consider this a viable alternative. Here is why:
• It is harder to do and requires strong tech knowledge
• It will not receive updates
• ... so requires continual ongoing maintenance
• It does not interact well with the rest of the OS
· e.g. it won't satisfy dependencies (as Chrome does not)
Yes, I agree regarding enabling `non-free`. But does that help here, at all?
> Because Mozilla does not publish distro packages, just tarballs
yes, which is the simplest and easiest way to install Firefox.
It self updates, can be installed in your home directory or system wide in /opt.
Why is that harder than flapping about with flatpack??
Go on give it a go. Go to Mozilla.org, get the latest ESR firefox, download, untar with your fave archive app and run it.
> It is harder to do and requires strong tech knowledge
WHAT? Its a case of RIGHT CLICKING AND SELECTING EXTRACT!
Have you ever opened a zip file? How is this hard?????????
> It will not receive updates
Mine just updated all by itself. My god it must be self aware or something.
> It does not interact well with the rest of the OS
BS. First of all you haven't even run the download, how can you? You cant even extract an archive. The only issue I had with it was getting the spellchecking working and that was because FF ESR 91.x has a bug in that you cant install the UK dictionary easily without also having the US english language pack installed, weird but there it is.
None of your points make any sense. Although I have a degree in computer science I was able to upgrade to FF 91.x ESR by doing what I was able to do as a kid with windows 95 and winzip. I didn't need any hyper IT skillz to do it.
Your response here calls into question everything regarding your article. Basically you dont know what you are talking about.
Cant extract a zip. Next up: Clicking an icon is too technical
Tarballs are not hard, nor do they require "strong tech knowledge".
Firefox does indeed receive tech updates (if you allow it).
EVERYTHING in the world of computers requires ongoing maintenance, and anybody who says otherwise is either an idiot or a liar.
Firefox interacts as well with the OS (Linux) as any other large program ... it has issues with some Distributions, though. That's hardly the fault of Firefox.
I run the latest FF and it has cookie controls. I have it set to strict =
Stronger protection, but may cause some sites or content to break.
Firefox blocks the following:
- Social media trackers
- Cross-site cookies in all windows (includes tracking cookies)
- Tracking content in all windows
- Cryptominers
- Fingerprinters
There is also a separate option
- Delete cookies and site data when Firefox is closed
which I also have set. Looking more closely now I see that under the "custom" setting (an alternative to "strict") the are 4 options for cookie control =
- Cross-site cookies - includes social media cookies
- Cookies from unvisited websites
- All third party cookies - may cause websites to break
- All cookies - will cause websites to break
May I ask you what settings there used to be that are not offered now? Thank you.
Current FireFox is so dangerously out of date that it no longer opens iLO2 webpages, making it a clear and present danger to my environment.
I have to fall back to nice and reliable Internet Explorer.
A so called "modern browser" needs to accomodate the end user, and not some design dogma.
Sure, let there be a "Children's Setting" for default installs, but let people opt out of all of those...
Internet Explorer is out of (effective) support, since it is no longer part of a default install and MS really want to kill it. The first decent attack to come along will be the excuse they need to pull the plug entirely.
Perhaps you meant Edge, which is Chromium done badly.
"Current FireFox is so dangerously out of date that it no longer opens iLO2 webpages, making it a clear and present danger to my environment."
ITYM, iLO2 is so dangerously out of date that it will not open in a modern browser, only IE.
You sound dangerously incompetent and should not be allowed near any sort of server without remedial technology training.
Ah, do tell, how would you update iLO2 hardware?
The hardware is given, it needs to function, and will function for decades to come.
My issue is with browsers that refuse to do what I want them to do.
Also, I do not expect my iLO2 card to launch an attack on my browser.
Do you even know what iLO2 is?
Maybe it is you who needs some remedial training...
This post has been deleted by its author
Yes, thank you, I am quite aware that iLO is HP(E)'s out-of-band management hardware. The issue with compatibility between Firefox (or, indeed, Chrome) and iLO is that ancient versions of iLO such as iLO2 do not support modern encryption standards. In some cases, it is possible to override the settings in new versions of Firefox and enable the older protocols and ciphers to work, but eventually most browser makers assume that Web site creators will upgrade their sites to support, e.g. TLS 1.3 and AES-128. In the case of the older iLO boards, HPE has decided not to provide firmware updates, which means you either have to maintain an older browser deployment or deploy newer hardware. Addressing your question about upgrading the iLO hardware, one must buy a new server. However, since iLO supports firmware updates, HPE could provide updates to older iLO boards allowing them to support newer encryption standards, but they choose not to, thus your complaint ought really to be with HPE for not maintaining the iLO2 firmware for a longer lifespan instead of with Mozilla for failing to maintain obsolete security protocols.
Indeed. My servers are a given, as in I did not pay for them, but were given to me, and I use them to host my ESXi farm at home. It will not be upgraded in the next two or three decades, my expected lifespan considering my drinking, but that is a personal matter rather be glossed over.
I can happily use IE to access the iLO cards, but my major issue is that all my older browsers live on the historic VM farm, which are on the ESXi servers with the iLO2 cards, so when I truly need it, it will not be in the right place.
Besides, in this day and age, not throwing away functional kit is considered green by tree huggers, so why not take one for the team?
So, sometime after Mirosoft fully deprecates IE out of windows, I will need to build a physical XP box, just so I can manage my servers.
I would prefer a major off switch in FireFox instead. Yet, It would be sexy to have a beige XP box, with a VGA CRT...
How does Linuxmint handle the Firefox dependencies since its built off Ubuntu? As my Linuxmint install got updated to Firefox 95.0 earlier today which AFAIK is the latest release and it appears they are building their own version as the about Firefox dialog says "Mozilla Firefox for Linux Mint mint 1.0".
I am using Linux Mint on my laptop as well and my version of FF is showing v.95. However, being Mint for what it is they probably grabbed the latest version from Mozilla and compile it to make it work with with Mint.
I will have to check my Debian 11 with KDE workstation later to see what version of FF is installed.
I'll take my chances. Running an ancient Firefox in a Jail / Container is still vastly safer than running the very latest browser from upstream raw and unprotected.
You do all run your web browsers in Jails or VMs right?
Plus, if you truly go through the "updates" from browser manufacturers, they are pretty much bogus, fixing things like payment, location or analytics APIs which should always be turned off anyway. Much of it is fearmongering to get people onto the latest privacy destroying gimmick as soon as possible.
For a while I ran FF on a container running openbox window manager and Xephyr, so the main cut buffer and the main X buffer would be isolated. When needing to send a password to the browser it would be sent in an explicit channel (implemented with an ssh tunnel because it was easy) - the main cut buffer was never exposed directly to the container.
Another problem was, keep the container around, which I feel is less secure, or start up a new container each time. But a new container needs to be initialized, and setttings set. Time consuming.
Unfortunately it was all ugly and slow - I got bored and gave up. It's much easier if the X buffer and cut buffer are shared directly - but then I am not sure there is a security advantage.
What do you think? How do you do it?
We're running latest Firefox ESR with vanilla Debian 11 + LXDE, it works fine, no dependency issues. Also worked at Debian 10.
Since 91.0 ESR, and currently with 91.4.0 ESR, just
1. Visit https://www.mozilla.org/en-US/firefox/all/#product-desktop-esr, select Firefox Extended Support Release, Linux 64-bit, English (British) and download tar.bz2 archive,
2. Extract to somewhere, I use /opt/mozilla/firefox,
3. Run /opt/mozilla/firefox/firefox or wherever.
You can also make this the default installation, without removing the Debian default package e.g.
# update-alternatives --force --install /usr/bin/firefox firefox /usr/bin/firefox-esr 200
# update-alternatives --install /usr/bin/firefox firefox /opt/mozilla/firefox/firefox 100
# update-alternatives --config firefox (select /opt/mozilla/firefox/firefox)
but if you do this you may then want to hold the default package to prevent updates overwriting the /usr/bin/firefox, symbolic link, e.g.
# apt-mark hold firefox-esr firefox-esr-l10n-en-gb
[Article author here]
Quick facetious response:
"You might well say that. I couldn't possibly comment."
Slightly more nuanced one:
I do have Devuan at home myself. I rather like it. But for now, in the mainstream Linux world, systemd etc have won, for better or for worse.
This may change. I somewhat hope it does, but mainly, I think there are far more important issues out there, in these contexts, in the Linux world, greater than that in the FOSS world in general, and greater than that, in the software world in general.
" But for now, in the mainstream Linux world, systemd etc have won"
I categorically reject this comment. There is no win or loss, there is only survival in the FOSS ecosystem. I believe that the systemd-cancer will eventually be left by the wayside, perhaps becoming vestigial for a short time before it fades away completely.
He's a bit more forthright a bit earlier in the thread
https://lkml.org/lkml/2012/7/6/495
And a Beer for Jukka for...
> Cc'ing Linus
I'd be interested in an AI Linus Bot, to be able to cc on contentious technical issues and get a suitable repost
Not sure why the down votes for you. As someone who switched exclusively to Debian in 1998(from Slackware), I switched to Ubuntu for laptop/desktop use cases in probably 2006ish time frame I don't recall the first Ubuntu version I used(mostly for the drivers). About 18 months after Ubuntu 10.04 LTS went EOL I switched to Linux Mint (MATE) to keep my Gnome 2 UI which I still use today.
I continued to use Debian on my personal servers until Devuan came out I dist-upgraded all my systems to Devuan (never having had the pleasure of using systemd in Debian as the version I upgraded from didn't have it).
I manually maintain my browsers in /usr/local/browser-version where I have firefox esr, seamonkey, and for a while I was running Palemoon too, until they broke all my extensions earlier this year and I switched back to firefox. I run the browsers under different user accounts for perhaps a tad more protection. I run a dedicated copy of firefox esr under a dedicated account for work webmail and atlassian products. Then I have another firefox esr in a VM connected to VPN which is mostly used for internal company services/sites.
Pale Moon didn't break your extensions. Mozilla massively changed the extension protocol and some of the extension maintainers didn't want to support XUL and the new firefox eco system.
Feel free to fork your favourite extension so they still work in Pale Moon though.
Also see https://forum.palemoon.org/viewtopic.php?f=46&t=23697
Actually, they did. Per your link's links:
> The Release Notes say "Denied other types of add-ons that aren't explicitly targeting Pale Moon's ID."
Yes, there are technical concerns (growing drift of browser from frozen extensions).
But no, the decision to deliberately exclude those extensions was a deliberate decision to exclude those extensions.
Per those links, the development work to make them compatible is to change a string tag to say Pale Moon. The actual code's still fine. This sort of thing makes my blood boil.
Who said anything about the browser-coders working on the extensions? They _broke_ them, requiring _other people_ to add special treatment for their browser.
Tough shit if the extension is currently or permanently without an owner/maintainer. Tough shit if the owner just threw it out there as useful but doesn't consider it a life commitment. Tough shit if the owner has more than enough on his plate thankyouverymuch, doing actual real genuine semantically meaningful stuff (or having a life) rather than frigging around arranging special duplicate binaries for one particular tiny fork-of-standard. So only the larger active team-built extensions are likely to not die. And for those extension-developers who might consider it, there's still the future to think of and the signalling-of-contempt-for-users+developers which PaleMoon's developers made very very loudly, explicitly, and pointedly. I know for my part, if some developers threw a narcissistic flounce like this, at my+theusers' expense, in something I had developed, I would just write off that target as untrustworthy/a bad target to devote any more time to -- been burnt every single time this attitude has shown itself. Game over for the users.
And all completely unnecessary, voluntary, and actually more work by the PMdevs to stuff up users+devs than to simply warn that old extensions might in future start to fail or break. "On your own head be it." vs "Do what we tell you right now or fuck off." And they actually documented that themselves in their own release notes.
"Hmm, is there a list of these to-be-avoided programs somewhere?"
It is annoying for an arbitrary program to require a web browser, but look at it this way: if you have an incidental or occasional need to display web content from a program, would you prefer they delegate to a web browser, or would you prefer they create their own half-baked browser?
That being said
1) too much is done via web (ex: help files. Ok, point me to a web site for more info, but keep the key stuff local)
2) make the browser a recommended add-on, not a required add-on.
That does seem a tad too frequent for what is, for many people, the most used program on their systems. Are there really that many and that frequent bug fixes? Or are they releasing a new version every 4 weeks just because that's the target they have set themselves?
This post has been deleted by its author
I may be missing something but this looks remarkably like a storm in a teacup. I run Devuan unstable. While agreeing that it is usually best to use the distro's packaged software. However "rules" are only there to be broken. In my case I believe that Firefox is best installed from mozilla.org.
The process is incredibly complicated:
1. From Help - About Firefox see if there are updates.
2. If yes, download, in my case, to /opt/downloads/firefox
3. Unpack the files to (in most cases) /usr/local.
4. Umm...Er..There is no 4!
Firefox ESR tends to fail at critical moments. I used to use it on my wife and grandson's PCs but frankly it's more trouble than it saves.
So: Part of the problem is FF building requiring Rust - and thus effectively a new toolchain per distro per release - stable, oldstable, oldoldstable, potentially.
That also extends to building FF on non-Intel 32/64 bit versions but also all the other architectures that Debian supports. It's in hand: it will be done soonest.
There's a long thread in the debian-user mailing list at the moment: perhaps the most germane comment is https://lists.debian.org/debian-user/2021/12/msg00344.html from Roberto C. Sanchez.
Folk who have solved this by updating to FF95 themselves are finding issues with having to back up and restore profiles as new FF does things slightly differently.
As Roberto says, Ubuntu can afford to do things differently, not least because thy only have two primary architectures to worry about. There's also been a long comment thread on Phoronix which largely degenerated to general Debian bashing. Every distro has a trade off: the trade off of knowledgeable developers and the Firefox release cycle might be to push Firefox out eventually. It's actually very similar problems with chromium cross-distro when you dig into it. It will be a problem if we don't have distribution maintainers around for whoever are sorting out FF builds on a regular basis. [Full disclosure: I'm a Debian developer and help reply to questions on Debian-user but other than wanting a decent web browser, I've no great desire to participate in blame wars here.]
What is all this nonsense about Flatpack and GNOME etc?
Just go and download the Firefox ESR tarball of Mozilla.org (click the big download button) and extract it.
Extract it into your $home or for the whole system on /opt.
Point your shortcuts/icons whatever to use that version.
Run it.
Works fine on Debian 10.
Updates itself!
If you install into /opt then as Firefox runs as non-root it will tell you there is an update it cant install, thus run it as root and it updates.
Its just a tarball, the simplest installation method ever. Everything works out of the box.
Debian is slow, studied and conservative in how it evolves. The Web isn't, not by a long way. If such an OS's desktop is going to require a Web browser in order to work, things are going to go wrong...
Debian should stop supporting a desktop environment that requires a Web browser.
I admit that I'm missing an opportunity for bashing Poettering, so I'll throw in "for goodness sake LP/RedHat, stop relying on Web tech in Gnome, what do you think you're doing?" for free. Next thing we'll know is that Gnome gets built on Electron....