I'm waiting on this one too! In the meantime container tabs provide an ok-ish workaround (it's possible to unload all tabs in a container). But not nearly as nice as tabgroups was.
I love the new Firefox, but the fact that it killed my favourite tabtree plugin, and the alternative is less nice + plus you have to do weird css hacks to make it look seemless and hide the top tab bar is very disappointing. I'm guessing the new extension system is a lot less flexible than the old one?
> I'm guessing the new extension system is a lot less flexible than the old one?
For security reasons, yes.
For people who don't want to say bye to old extensions which are not (or cannot) be ported to 57+ there is the option to stick with 52 ESR version (Extended Support Release). According to Mozilla FAQ [1] this version gets obselete in march 8 by Firefox 59 ESR.
I'm a little concerned that any bugs/holes in extensions will be left open though, since it's very unlikely the extension devs are going to be backporting features/fixes.
It's been covered to death, but it's a vastly different approach that is closer to what other browsers provide, allowing many extensions to share the vast majority of their code across Edge, Firefox and Chrome (and descendants.) It also is highly asynchronous, which has become more important as Firefox has become multi-process and multi-threaded, and more secure, both from a usability standpoint (users have more control over add-ons) and from a low level standpoint (extensions are more 'sandboxed' than before.) There's more advantages but needless to say there's no turning back, so hopefully the missing features needed to implement what people want will arrive with time.
As for me, I'm just happy to be running Firefox as a daily driver again.
The css hack is probably temporary, and for me it was easy to add works very well (it looks exactly the same as before to me). Other than that, what else is "less nice"?
People keep mentioning tree-style tab but I don't see how that's an alternative to TMP's multiple tab rows.
Personally I don't find tree-style tabs appealing at all because (1) I usually have few pages open on the same domain, but I have many pages open on different domains. And (2) I don't want a vertical column of content width lost to a sidebar.
Limiting tabs to a single row per window is awful for usability.
> And (2) I don't want a vertical column of content width lost to a sidebar.
You have to understand that this is a pretty unusual concern. Most of the world struggles with screens with aspect ratios optimized for watching TV, making vertical space very precious but leaving plenty of excess horizontal space that cannot be effectively used by the majority of web pages that only use a single column of text.
Chrome tabs sort of suck, they shrink down to no text if you have too many, firefox has a minumim size of tab and lets you scroll the ones that are visible at a time.
> Multi-select tab management (Ctrl+Click, Shift+Click to select, drag, snap and move multiple tabs)
You could try the Multiple Tab Handler[1] extension. It seems a bit clunky and limited if you use it alone, but it integrates well with Tree Style Tabs [2]. Note that you could open the vertical tabs sidebar when you need to manage tabs and close it right after. You can also disable the "tree" feature of tree style tabs.
Reading these recurring discussions, there is a bunch of Firefox users that used FF's extensions to change everything about the browser. You could change Firefox to be a different user experience entirely. But this has become way more limited.
For users that are okay with the common way browsers work, all this new stuff is great though. Firefox Quantum is so fast and it still delivers all of the mainstream add-on functionality.
I'm firmly in the second camp. Give me any browser that I can install uBlock in (and hide most buttons except back and forward), and I'm good to go. With Quantum, I switched over all my browsing to Firefox. Including on Android, which hasn't even had most the Quantum improvements yet (its UI has just gotten a much needed update).
There's at least a third camp. Those who used extensions and have a degraded performance now too - I'm wondering if all the speed increases people are talking about are only available on the most modern hardware?
It takes 12s after launch for my newtab to populate with icons -- which incidentally I dislike compared to the previous page thumbnails -- there's regular stalling when it fails to respond.
I'm prepared to give some space to get acclimated to new versions, there were font problems on lots of pages (including newtab) for me which I've worked through. But I'm failing to see any benefit yet - even then turning the icon super bright has annoyed me ...
Obviously there's something slowing down your Firefox, but it's definitely not to do with how modern your hardware is because 57 is noticeably faster than the previous version on my 2011 MacBook.
Actually you can't, you can cut down most things but you can't get previews in preference to icons and you can't get more than two rows (from that menu, you have to go to about:config and browser.newtabpage.activity-stream.topSitesCount [for some reason the browser.newtabpage.rows and ..columns settings are still present but appear to be unused]).
I'm in a middle ground -- I did have 'Classic Theme Restorer' installed, but I can live without it. But I have a few extensions which haven't updated yet (most notably 'rikaichan' which provides dictionary-lookup on hover for Japanese text), and some like Greasemonkey seem to have only managed to get an update at the last second. So I can live with the situation but the transition seems to have been poorly handled -- why did the FF which marked extensions needing update as "legacy" only arrive a week before the one which killed them off? Marking legacy extensions a year or so before the deadline might have helped in increasing user pressure on extension authors to convert earlier... There will always be a long tail of "extension author vanished years ago but it's still used by 10 people", but if widely used things like Greasemonkey are only just sliding in under the deadline then something seems to have gone wrong with the transition plan.
And on the "improvements" side -- I have to say I've never felt the browser was too slow. Sometimes the network is lousy, sometimes stupid websites are terrible, but the browser itself has been just fine for me for years. So I'd rather have had a less painful and abrupt transition, which maybe took a bit longer.
The problem is that Firefox was the last well supported browser that allowed for power user features.
With this change, Firefox targets the lowest common denominator just like every other major browser (tracing the footsteps of Chrome). In the progress, it too, is becoming just like Chrome.
This whole saga begun back when Opera dropped support for their 12.x browser, and became just another Blink-based browser. At that point, the only way to get a usable browser (with vertical tabs, MRU tab switching, gestures) was Firefox with a number of addons (Tree Style Tab, Tab Mix Plus, Firegestures).
One may argue that users like this should just use a fringe browser with such features built-in, but that's not viable because they're either unstable or lack timely security updates.
You may also argue that you can get all those features, even in Firefox 57, but that's only true with caveats:
Tree Style Tab still exists, but if you use either the history or bookmark sidebars, you better get ready to switch back and forth all the time (since only one sidebar can be active at a time).
The about:config setting browser.ctrlTab.previews (now also exposed in preferences as "Ctrl+Tab cycles through tabs in recently used order") is mostly useless, since it is limited to the 6 most recent tabs (probably even fewer on lower resolution screens).
There are several mouse gesture addons for Firefox 57, but none of them currently work on Linux/Mac. Even on Windows (and the others when they're fixed), gestures will work neither on internal pages nor on addons.mozilla.org.
Well, true. You can be a power user without all of those things though.
It's a shame tradeoffs are necessary, but I think it's worth highlighting that it's a tradeoff that also brings substantial advantages. For all users, including the power users.
On Linux I use the EasyGestures application which I've configured to send XF86Back and XF86Forward keys for the respective gestures. The added benefit is that the back and forward gestures work in the other apps too, not just in Firefox.
Firefox keeps getting less and less usable for me. I'm considering switching to chrome for the first time in a while.
Things that bother me on desktop developer edition:
* no usable mouse gestures extension
* constantly changing UI
* hid really useful things like file/edit/history/bookmarks/tools menu behind
holding alt button on Ubuntu.
Pretty sure that whole menu will be gone soon.
* it's impossible to clear for example last week, last month etc of browsing data (not sure if you could do it before).
In fact, I'm not sure if I can clear cookies but not site history anymore after spending 5 minutes in the settings.
* tree-style tabs turned into something unusable
* getting rid of all the rare extensions that worked previously and are no longer supported by the original author
* tons of greasemonkey userscripts broken
* greasemonkey a lot less usable now (still can't figure out how to write a custom script from scratch)
Android (Mobile) Quantum takes forever to load pages. As in 5x-10x longer than Android Chrome. Some things like videos from twitter simply don't load at all. Some websites no longer load. Cannot enter data into some text boxes. But don't take my word for it: https://www.androidauthority.com/mozilla-firefox-quantum-and...
Unfortunately, on desktop I'm stuck between this new FFX and Vivaldi. On mobile, I already switched to Brave even though it's terrible because you can't easily google for selected text or select a part of a paragraph easily.
I also begrudge the loss of many useful extensions in my workflow. It is a sad loss.
But couple of your annoyances can be fixed rather easily:
1. Get back the toolbar back: View (or Alt-V) - Toolbars - Menu Bar
2. To clean recent history: Ctrl-Shift-Del will give you the clean recent history dialog box. It can be accessed from toolbar too: History - Clear recent history.
I'll grant that the new responsiveness of FF makes TST feel much better. But there's one thing that's constantly giving me headaches. I don't feel like the highlighting given to the currently-selected tab is in-your-face enough, so that I'm always scanning up and down the tree trying to see which one it is. The other formatting options it used have were nice, but being able to at least make the selected tab's title bold was a big deal for me.
I realize that this is technically possible in the new regime via userChrome.css. However, the element classes are completely undocumented so I have no idea how to accomplish it.
Adjust the gamma of your screen. I see a distinct shade of grey-ish blue that I can see even when looking at the other side of the window. If that's not the problem, ask TST author since that should be fixable in the addon.
My screen is calibrated, it's not that anything is displayed wrong. I just want it to be more obvious.
Before FF57, I was able to set the font and background color for tabs depending on their status (current, inactive, unread, etc.), and that's what I want now. IIRC, this was actually a feature of Tab Mix Plus.
It's clear that this is still possible even without TMP, but requires putting code in userChrome.css. That would be fine with me, if I could just find any documentation on what element classes (or whatever would be the most appropriate selectors) I need to reference.
I did some digging for you in the browser console. userChrome.css can't touch TST's content. TST is in a separate document (sidebar.html). I'm sure the tabs in TST aren't the actual browser tabs, but they're made to look exactly the same as before. Talk to TST's author, or modify the addon yourself, it must have a CSS file, the tabs are "li.tab" (<li> elements, tab class). The active one is "li.tab.active".
Thanks. Actually, it turns out that the latest version contains a mini-editor for the appropriate file (whichever it is). And it includes a link [1] to further documentation about what to do with it.
I had previously gone back to Firefox for Panorama (Tab Groups.) But, the feature has seemed to live in a state of such flux that I eventually found myself falling back on my habit of using Chrome.
Iirc, they decided to move it out of the browser and in to an add-on, which is frustrating in light of the recent changes. Don't get me wrong, I'm for the migration to WebExtensions, but it's annoying that there wasn't a better path for a feature that used to be a part of the browser.
Here's hoping most of this will be resolved in the upcoming months.
Is there a genuine use case for changing the default search engine from an extension? Even if it has to be confirmed by the user, it still seems like a dialog that many users won't read and click on Yes anyway.
I guess this means that the extension handles the searchinput local, which seems like a very legit use case. Maybe we are lucky, and it means ALL adressbarinput is handled by the extensions, in which case this supports vimperator-style interfaces.
Another use case coming to mind is to compensate for the horrible bad ability to define your own searchengine. Leting a extension handle this would be an improvement.
Before you could click the icon in the search bar and select another engine. Now that's more hidden, so an extension to change to e.g. DuckDuckGo is an easy way to do that.
(Not a tree style tabs user, but ... ) Yes, because
1) Someone here might know more (updated) about when's the support going to be added for the same,
2) The Extension Author might comment on when he's going to add the support for it if possible,
3) Some of the geeks here might know a good replacement of it (because Firefox's "Find a Replacement" is not as good as it's supposed to be).
4) When people say "me too", some other Hackers around here might be inspired to write one from scratch, or Firefox people might see how important it is (I know about Bugzilla's voting system, trust me, that doesn't work)
Firefox has just broken people's workflows that were set in place for years, and they are naturally concerned. Let it be.
> Firefox has just broken people's workflows that were set in place for years
I don't think that is highlighted enough - the majority of the discussion is focussed on cosmetics, but it takes a lot of effort to break habits and muscle memory that have developed with daily use over many, many years (since Phoenix [1] in my case.)
It's also going to take a huge amount of time and effort to research, learn and configure replacement extensions. I really don't need that stress for something as important as a browser, so I'll stick with ESR as my daily tools as long as possible and build a new profile e.g. using Nightly as time allows. It's far from a trivial exercise.
How do you port a XUL extension that relies for critical functionality on calls whose equivalents the web extensions API doesn't provide?
How do you achieve 1:1 compatibility between extension APIs when the architecture that enabled XUL to expose the entire codebase for extensions' use no longer exists, and no longer exists because replacing it was the only way to resolve showstopping performance issues?
How do you keep using a browser that no longer supports extensions without which you can't satisfy the use cases for which you chose and adapted that browser in the first place?
> The extension developers could have worked more closely with the Firefox team to find possible solutions.
Really? What opportunities have you observed in the recent close collaboration between Mozilla and the developers or maintainers of many high-profile, and not a few niche, legacy extensions? I'm sure I am not the only one here who would be interested in gaining the benefit of knowledgeable and thoughtful feedback on how that process has played out.
I only loosely followed it but AFAICT the author of Tree Style Tabs had a feature request for the APIs needed shortly after WebExtensions was announced. It was considered a "won't fix" for most of that time, the sidebar API was only added in the last few months. He didn't have years to port things, and the team initially rejected his attempts to find possible solutions.
The Firefox team has a solution: Break everything to make it faster, and not care about the freaks who like extensions, who rely on extensions. Cooperation is a two-way street, and the Firefox devs blocked it off entirely.
That's not been my experience at all. But I'm relatively new to extension maintainership, having only picked up the Firemacs baton earlier this year. No doubt your own experience equips you much better to comment on Mozilla's interaction with extension devs than mine.
Look, I get it, okay? It's a pisser. But throwing this kind of shit around helps nothing and nobody. It just makes life a little worse for everyone in the blast radius. Maybe you're fine with that. More likely you're just mad. I get that. But it's not an excuse.
There are still thousands of actively developed extensions.
I get that you're mad about some of your favorite niche extensions being unavailable due to relying on XUL functionality that shouldn't have been there in the first place, but you'll just have to find alternatives.
Are they planning to add a local file writing API too to WebExtensions (tried to search it but couldn't find). Every browser is trying to standardize on Chrome's extension model (which already has local file writing support), but "only so much", and that's a problem.
> "This preference makes the browser associate all data (including cookies, HSTS data, cached images, and more) for any third party domains with the domain in the address bar."
They even included a link you can click on to get more info on it.
fPI will isolate every first-party domain as much as the browser can, including HSTS and other security related properties.
This means that if you visit example.com and then initech.com and both load a tracker from evilshit.org, then the tracker will see too completely fresh browser installs, not even HSTS will be setup if it was used.
Basically, every domain you type into the URL address bar behaves as if it was a unique container.
I’ve been running resistFingerprinting by default but it’s definitely a raw experience. Every WordPress site on the net triggers a false positive (understandably, but still), WebGL is currently broken with it on, and even the Firefox download page will serve a Windows .exe to a Mac browser if you’re using it.
DTA lite (web extension version) was planned for release along with Quantum, but was delayed. [1] I still don't know how limited it will be compared to the XUL version though.
Huh, except for the quip with calling it "Lite" and the simply factually wrong bullshit in the footnote that there would be no technical reasons, this surprises me.
He was the only bigger extension dev that threw a complete tantrum over this decision, refusing to even try to work with Mozilla to get some APIs into place, so that he could maybe actually port his extension in full. And now he's doing a port anyways.
Well, good on him. I do not think that his behaviour back then was entirely justified, so this remedies that.
Interesting, i wonder how effective resistFingerprinting will be...?
"If true, the resistFingerprinting preference makes the browser report generic spoofed information for data that's commonly used for fingerprinting. Such data includes the number of CPU cores, precision of JavaScript timers, and the local timezone. It will also disable features that are used in fingerprinting, such as GamePad support, and the WebSpeech and Navigator APIs."
It's basically ported from the Tor Browser so it will be similarly effective. Which is to say it makes fingerprinting harder but not necessarily impossible if you have javascript turned on.
I am also curious about this. I used several plugins in earlier FF versions to reduce fingerprinting / change security preferences and settings. None of them seem to work on 57. The answer seems to be to just flip on "resistfingerprinting". Seems almost too easy... and available information isn't exactly clear.
And well, apparently it has a pretty bad bug. It spoofs my screen size from previously 1366x768, which 1 in 9.43 browsers have, to 1318x686, which by itself is already unique, because that really is just not a screen size that anyone sells.
So, that's a thing. Maybe it's just isolated to Nightly, but if in doubt, maybe also just test yourself. Now where to report this...
Is it sticky though? I don't know how the spoofing works, but if the next time, the same site gets a different size, wouldn't your profile become less identifiable across visits and other web sites.
They're clearly adding APIs that they think are necessary, vs the ones addon developers actually need and clamour for. We've seen this in the entire process. Mozilla is not interested in listening to the actual needs of the developers. They just have their own idea of "brand new cool features" and they're gonna roll with it. Disappointing.
Part of the reason is that most users of some popular addons don't participate in the open source community, reporting bugs, commenting on them to add details or tell why are they important, etc.
Do Mozilla contact the creators of the most popular addons, they could serve as a useful proxy for trying to get direct input from inexperienced users.
They probably do. But Firefox addons is a long tail. There are many addons that would qualify as "popular" but Mozilla wouldn't be able to contact them all. So they have to measure not only popularity, but also if the community cares about that addon. I had many addons installed that I don't use, synchronized across devices: They may count as "popular" but it doesn't reflect the actual community and usage.
And if they do, they don't communicate in the way Mozilla would like them to. Users can't say much more than "I want X to be possible", add-on developers can comment on what API they'd like, but after a short initial wave of that these things tend to be treated as noise even if they are presented very friendly, because the actual dev-work that is necessary in the end is guided by other principles these parties can't contribute much to. And it's really difficult to guide that in a way that doesn't make people feel bad.
Unfortunately, some of that interaction was barely more than a slightly more polite form of "get off my lawn" whenever it came to add-ons about tweaking the UI.
Mozilla deliberately removed a lot of customizability, but instead of being open about it they made addon developers the scapegoat, sending unhappy users their way while blocking requests for replacement APIs with "you are not supposed to do that kind of UI tweaks anymore". After a decade or so of encouraging UI extensions whenever someone suggested advanced UI features, this is a bit lame.
I'll give you that the removal of some customisability is deliberate, but not that it's not interested in listening to the developers. It just has a different opinion than some of them on what should be allowed.
That said, there's also a lot of customisability that simply hasn't been implemented yet. I'd name e.g. hiding of the tab bar where Mozilla is clearly seeking a compromise between the potential downsides of removal of UI elements by add-ons and how useful it could be. It just takes time to make it happen, but luckily, Firefox 52 is still an Extended Support Release for quite a while.
Hiding the tab bar to replace it with a full custom implementation, instead of modifying the stock tab bar? That might be reasonable, if APIs are sufficient to fully reimplement all features of stock, with no corners cut. If it's just "done, tab bar hidden, here is a sidebar for you to play in, have fun", then it would be full-on "the emperor's new extension API".
Besides what the other commenters already responded, APIs don't just fall from the sky over night. And especially the APIs that you refer to, are just not trivial to write at all. Just because add-on developers yearn for super powers, doesn't mean that Mozilla can provide this as quickly as lesser super powers.
As far as I'm concerned Firefox is dead. I'm sticking with 56 and Pentadactyl for the times I need to do extensive research online where it is so much faster to browse and find things.
Otherwise, I'm using Safari and weaning myself off of all the power of VIM like browsing. Safari also happens to be so much smoother and does not kill the battery.
Never had any use for extensions. For me Web browsing is all about HTML/CSS and some occasional JavaScript, everything else is better achieved via native apps.
Because safety. Mozilla and others are just making the Web browsers safer.
It was necessary the Internet and explosion of security exploits to realize that although plugins in-process are easier to implement, the older out-of-process architecture was safer and harder to exploit.
> Because safety. Mozilla and others are just making the Web browsers safer.
And yet they broke things like NoScript, which provided security/privacy features missing from plain Firefox and unavailable on any other browser no matter what extensions you installed. If safety was really such a high priority, they would have waited until after a full-featured NoScript WebExtension was possible to implement before deliberately breaking XUL extensions.
Vimperator/Pentadactyl are mostly useful for plain HTML/CSS pages, not webapps :)
They're mostly a way to use the regular browser functions, only with the keyboard rather than the mouse. But this works best for regular sites, and poorly for webapps that use JS-activated links and such.
This is unfortunately true, though it doesn’t have to be. The problem with webapps generated with JavaScript is that it’s tempting to create a custom implementation of built-in functionality. Good old anchor tags are “visible” to screen readers that visually impaired people use to browse the web. Chances are your JavaScript Link hack isn’t because you forgot to include the role=“link” attribute. Keybinding extensions are similarly blind when developers write inaccessible markup.
The solution is for developers to spend a day learning about accessibility. A good starting point is https://webaim.org/intro/.
Vimium is nice, but if you've used VimFX/Pentadactyl or other XUL based VIM addons, the WebExtension versions are lacking in important ways.
The biggest problem I have with them right now is that FF entirely prevents addons from working in "system" pages like the settings pages or the new tab page (NB this includes some actual web pages that Mozilla has "blessed"). Another problem is that there is no way to focus the address bar programmatically, forcing addons to use clunky workarounds like the Vimium omnibar, which has an inconsistent UX compared to the rest of the system.
Hotkeys, especially in a VIM-oriented model, must work consistently across the entire experience, and Mozilla has decided to explicitly disallow this for addons.
Vimium is better than nothing, but due to limitations of the WebExtension system, is strictly incapable of providing the browsing experience that I'm used to. In its current state, it is not a suitable replacement for me.
The same is true for the various mouse-gestures addons.
I must say that Mozilla have made the right call with extensions in Firefox 57.
Web extensions are probably a small part of it but I have switched back to FF after ~5 years of Chrome. I also like the redesign but the killer feature was the noticeable speed up.
I have been a Firefox user since it was called Phoenix.
This is the best Firefox , but I have lost a ton of extensions including my Vim extensions. So right now I use Qutebrowser and know that the new plugins will get added.
The problem with all vim-style extensions is that they have been limited in potential functionality. For instance they won't work in any builtin pages such as about: pages or the new tab page or https://add-ons.mozilla.com. This forces the user to think about whether their command will work or not and induces an uncertainty in their flow.
The other issues regarding limited control over the browsing experience may be resolved with future API expansion, but the previously mentioned hobbling is something with which we are most likely permanently stuck.
Vimium is _good_ but I really wish it would use the browser's native search widget when searching via `/`. I've been meaning to look into the documentation, but my assumption is that this is a limitation of the WebExtensions API.
I've been using Firefox since way back in the day when I stopped using Opera 12 (and I had been using it even before that, I just had really crap hardware for a long time so I had to use Opera).
The devs obviously care about the product and its users and sometimes have to make tough decisions.
I think Firefox 57 is a good thing for Firefox's future. It's basically what the Mozilla rewrite or Firefox's being spun off from Mozilla did, but this time with less of a big-bang. And 1 year from now 99% of the current extensions will work.
And no, for the obvious question, they couldn't have done it the other way. I've been part of several migrations of this kind and people don't really move voluntarily 100% during migrations. Yes, the nice folks do it in time (say, 40%) but the rest have to be dragged along kicking and screaming.
I agree that they had to force turn off old-style extensions at some point to force adoption, but I feel like the same release where most of the APIs needed to port the old extensions over (and still missing a bunch of things) was way too soon. Even quite a few of the actively maintained, high profile extensions are not ready. Same reason why a disturbingly large number of Jetpack extensions has to use require("chrome")… they never got around to flushing out the implemented API set.
Firefox has given developers 3 years and over 10 FF releases to work on migrating extensions [0]. Would you have preferred 5 years? a decade?
Every change breaks someones workflow [1]. It sucks, but it happens because we need to acknowledge a point when the current system holds back progress more than the headaches introduced by a new system.
> Firefox has given developers 3 years and over 10 FF releases to work on migrating extensions.
No it hasn't: Firefox still doesn't ship an API capable of supporting many existing extensions. The developers of those extensions haven't had three years to port; they still can't port.
I really like how fast the new Firefox is, but I won't use it until Keysnail works.
Same here. Tab mix plus (for multiple tab rows) is the reason I kept using FF all these years. WebExtensions does not provide the capability to manipulate tabs the way TMP did.
JS-based (crippled IMHO) vertical tabs are also in Chrome. Why would someone switch from Chrome to Firefox to use a crippled extension?
I hope I am wrong but I don't think Firefox will be able to increase their market share. They may be able to stop losing their market share, which is not really a huge achievement.
Crippled? Sorry, I don’t get what you’re trying to say. Tree style tabs work fine in FF57. Only annoyance is that the top tab line cannot be removed. That’s supposedly coming soon though.
> Firefox still doesn't ship an API capable of supporting many existing extensions.
And I doubt they're ever going to.
It's the Design Disease: Once a company has it in its head that it Knows Better, anyone who ditches their way for a different one is Wrong, just... Wrong in some way the company thinks is objective, based on whatever Design it has in its head, and must be brought back into the fold.
How tabs work is Design. Design must not be questioned. If you want your tabs to open such that you get a new tab right beside your current tab, instead of over a dozen tabs away at the end of the tab bar, you're Wrong, and having more than three or four tabs is Wrong, too.
They can say that Firefox is faster. I say it's easy to be faster when you're not solving the whole problem.
Like you, I care not how much of a speed improvement may be had as without certain add-ons, my end value is 0. I have been with Mozilla since, IIRC, netscape 0.96. I only use Chrome if absolutely necessary for site functionality.
NoScript, Session manager and Self destructing cookies are the hurdles to clear for me - the rest I'll miss but can probably get by without. Note that both the session and cookie manager are in fact features that should already be part of Firefox and are not. And when I say 'clear', I mean functionally equivalent in all regards to pre 57 (NoScript fails that test).
My guess is that they had a long and hard discussion (or several) about this exact subject we're talking about. Due to budget constraints (development budgets aren't infinite, even for Open Source projects), they probably decided they had to switch. Otherwise the banner of Firefox would be flown by 0.5% of the world's browsers. Chrome is currently crushing everything and I don't see anyone else stepping up.
I've been using Mozilla based Web browsers since before the ice age - I paid for a copy of Netscape in a box from an actual shop.
Many people are unhappy with the extension situation. Mozilla have to take that into account and provide equivalent functionality fairly sharpish or face just being a chrome-clone.
I don't believe that's the case. Evolution is important. Sometimes you have to get rid of old stuff to get ahead.
By doing so, Mozilla shows that it cares about his user. Letting use old stuff that are not maintained anymore (if they are, a compatible version will shows up) lead you to situations like win32
By doing so, Mozilla shows that it cares about his user.
By completely trashing a tool I'd spent years customizing without anything resembling feature parity ready by release? It's not really on the devs to port something when the new system is missing APIs. The "They had 5 years!" argument directed at the addon devs could just as easily be directed back at Mozilla...
Or perhaps by ignoring the loud negative feedback when I and many others said we didn't want paternalistic "thou shalt not install unless we say okay" controls on add-ons like Chrome has?
Or was it instead by ignoring my repeated questions on how to fix a ten-year-old SSL handling bug that causes a great deal of pain for sysadmins? (Vendors have a poor habit of reusing SSL certs - Firefox will flat out tell you to pound sand and not allow you to visit a site with a dupe cert. Chrome, IE, Opera, and I believe Edge will warn you that this is abnormal, but otherwise continue)
If this is how Mozilla cares for its users, I'd hate to see what they consider neglect.
My first browser was Mosaic, and I was on Firefox while it was called Phoenix. v57 brought me back to Firefox (from Safari), so I think it's great to see they're not just laser-focusing on what was a rapidly shrinking userbase.
It's not a zero-sum either: those of you who always used Firefox will surely benefit from it not dwindling into obscurity.
I've been a Firefox user since Phoenix 0.1, and a Mozilla Suite/Netscape user before that. I used Chrome for a couple of years, but went back around when FF56 was released.
FF57 is absolutely the greatest version of Firefox to date. I have yet to hear a single legitimate complaint against it that actually holds up to scrutiny.
I have yet to hear a single legitimate complaint against it that actually holds up to scrutiny.
It breaks about 2/3 of the extensions I was using, and many of them don't currently have similar replacements available. That's a big loss in some of the functionality that made Firefox attractive as my default browser.
I understand the desire to fix fundamental architectural limitations. In the medium term some of those extensions will probably be updated or replaced. In the long term, the improvements may well pay off in terms of better security and better performance and easier development allowing faster progress. As a software developer I can see that the move was rational even if it is also somewhat controversial.
But in the short term, the loss is still significant for some users. That's a perfectly legitimate concern, and it's apparently sufficient that some people are not upgrading this time.
You can't inspect websocket frames. It is a tiny quibble in the face of big amazing improvements. But it is a thing (and is why I still use chrome primarily for development), and the extension used to patch this in to the devtools broke in the big extensions change.
It broke web experience for me. I write userscripts / extensions for most websites I frequent, and almost none work anymore. Granted, it's because Greasemonkey decided to break backward compatibility, but that was triggered by this move to a new extension model.
I tried to think forward, and proactively convert my greasemonkey scripts to new style FF extensions a few months back, to avoid dependency on GM. But abandoned that after it became clear that I'm not allowed to install my own extensions on regular Firefox, because of forced thir-party signing requirement. I have no need for signing. I could create an extension by zipping a directory. Now the workflow is 1000x more complex with all the crap loaded from npm required to sign it.
My web experience is s*it, ATM.
Firefox is great anyway. But it is power user hostile in some aspects too. Personal extensions/userscripts are central to my use of the web. So this is all quite annoying, since signing was enforced. And now even my userscripts broke with 57, as expected.
Then you'll be overjoyed to hear about the unbranded builds! The exact same code, except it's yours, so it allows all extensions and doesn't say "Firefox" on it.
Without this it’s significantly easier to install bad extensions posing as a “good” extension. It’s happened many times and is a huge win in terms of security.
> It broke web experience for me. I write userscripts / extensions for most websites I frequent
Sorry to hear this; but I think it's arguably more important for Mozilla to improve the web experience for a hundred million users who may never "write userscripts / extensions" for any website than to hamstring their development in order to avoid inconvenience to a single user who feels the need to customize every point of their web experience.
Also mandatory signing doesn't improve web experience for anyone. It's a security feature. Security is always inconvenient, almost by definition. So your point is invalid.
I don't mind change, I like new Firefox features, what I dislike is imposition of stupid lockdowns, and pointless control. One valid point, I might concede, is that there are innocent third parties affected if someone clueless confirms installation of some malevolent extension. So restricting it is somewhat justified.
Anyway, it's all still a sham. Anyone can still disable mandatory signing with a simple 10 line script patching omni.ja in any Firefox. So it's still no security against people who can be persuaded to enbale something in about:config, or run firefox with a command switch, or add some file to /etc/firefox/, or run a simple 10 line script "to make firfox compatible with our great extension".
This point is irksome. How hard would it be to provide a switch to disable mandatory signing? Something similar to the unknown sources option in Android.
To all those claiming that Mozilla doesn't owe this to their users, you are technically correct. But why piss off users when you can easily satisfy them with a simple option. I shouldn't have to use a patched browser for something so basic.
Pretty easy, I think; there was a switch in the UI for a while, then hidden in about:config, then hard-coded into the browser.
I think that the issue was that they were worried about people who don't understand the security implications turning verification off and getting themselves into trouble.
Last I knew, there were "unbranded" editions of Firefox - editions without the Firefox logo and name - which allowed users to disable the signing requirement. The ESR (extended service release) edition might also allow it.
I've been using FF57 on OS X since its release, and it's been great. Two issues have proven particularly difficult to get used to, however, and I'm surprised they aren't talked about more:
1. Video performance. Even something as simple as opening a video in reddit spikes my CPU to 100%, and before reluctantly installing Adblock Plus I ran into multiple kernel panics from opening articles on mainstream news sites and blogs.
2. Pinch-to-zoom isn't supported (closest alternative I could find is some about:config settings to make the pinch gesture equivalent to cmd++/-, which isn't useful).
I'm still using Firefox, and there's a lot that I like about it more than Chrome, but I'm seriously considering switching back because of those and some other minor issues.
Yep, apparently. (Technically not macOS, but OS X, since I haven't upgraded from El Capitan just yet.) I'd never had an issue with frequent kernel panics before, so I'm not sure what could be up with videos in Firefox.
I thought I was the only one with an issue with Firefox57. Got a Macbook Pro 16 GB, 3.1 Ghz Core i7, MacOSX Sierra (10.12.6). The CPU goes wild during a search on Google Maps and also on certain pages of forbes.com. On forbes I've disabled the Ublock origin coz they politely asked me to.
At one point the whole browser crashed. So right now got Chrome and FF open and am switching depending on the site. Might just end up back in Chrome if this isn't resolved.
I'm very much on the pro-webextension side, but really, people's workflow being broken is not a legitimate complaint? What exactly would constitute a legitimate complaint then?
Starting to think that they should have forked and rebranded, and let XUL Firefox live on within Mozilla much like the Suite/Seamoney did after Firefox and Thunderbird.
But then Mozilla management has been "weird" ever since they decided to chase Google's tail with rapid fire releases.
And frankly i fear that it, like some other big name FOSS projects, have attracted managerial types that are there more to pad their resume with "social" projects than actually caring for what they are dealing with.
And those in turn have introduced a "push to prod" culture of development...
The fork is Firefox 52 ESR. It's probably enough to wait for some extensions that weren't ready when 57 was released, but 52 ESR isn't going to stick around indefinitely.
SeaMonkey isn't a good role model here. Even before 57, the SeaMonkey release interval had lenghtened to multiple months. That is, evidently it hasn't been tracking Gecko security updates at Firefox's pace.
I started with Netscape Navigator and used FF until 2016. As of FF 55 I started to like Firefox again. As of 56, I was mostly sold on it. As of 57, it is the only browser I consider worth using.
I understand getting salty about losing extensions, but sometimes a company has to make decisions that will get them back on track and recording some growth again. Sometimes a company has to overhaul their product to make it work for _more_ people and not their "minority but vocal core."
Downvoting this is preposterous when it's a legit point. I've been using Firefox since the Phoenix days and now many of my old extensions that I've been using for years are non-functional; it's very much telling old users to pound sand for the sake of new users.
It's really not though. Try to put yourself in Mozilla's shoes for a moment:
You run arguably the most "free" and "open" internet browser in the business. You are constantly pushing for standardization in the face of competing browsers like Safari, Chrome, and Edge; all of which are trying to establish a walled garden powered by browser specific features. Your browser is consistently losing market share to Chrome because you don't have the cash to spend on marketing partnerships and pre-installs like Google does. Your browser is a means to an end, not the end itself. Your browser exists purely to push forward the tenets of the open internet and open source software. You need market share to push further standardization and improvements to the web experience. To get this market share you need to ensure that your browser offers at least the same performance and security as other browsers. In order to do this, you need to make some backwards incompatible changes or risk falling into obscurity. It's a sacrific you have no choice but to make.
There's no question that breaking backwards compatibility is eventually necessary. That doesn't mean Mozilla did a good job of handling this transition. They absolutely screwed a lot of their existing users, and without good reason. They have had no overlap between support for WebExtensions and XUL extensions. They've been marking XUL extensions as "Legacy" for months but prohibiting you from installing a WebExtension on anything prior to FF 57, forcing everyone to deal with jarring changes to all of their extensions at the same time.
Backwards compatibility was not an option for Mozilla to move their architecture forward for a modern multi-core computer. A rational person would understand this and move on, or find a way to support a fork of FF 56.
I have been a user of extensions since the earliest days of Mozilla Firefox (and earlier) and I love the new browser.
The migration to a multiprocess architecture was handled relatively painlessly early this year. It had nothing to do with the migration to WebExtensions. Many extensions were incompatible with the multiprocess Firefox architecture, but when the user had one of those extensions enabled Firefox simply fell back to using a single process. Many popular and well-maintained extensions were modified to be multiprocess compatible without widespread user-visible breakage or loss of functionality.
I understand that in principle the new model of extensions is the way to go... but then Firefox without Session Manager, FireFTP and no way to read MAFF files just doesn't have the distinct functionality that kept me using it in the desktop. Perfect is the enemy of good I guess.
I agree. Been using Firefox continuously since it first appeared. And I miss some of my extensions.
But they're clearly working on improving what you can do with extensions, only now they're doing it in a coherent manner rather than just letting people have access to the browser chrome to hack about whatever they fancied. And that feels much more stable and architecturally stable as something to build on for the future. I'm prepared to give them a few releases to build on that and make it both fast and extensible.
> And that feels much more stable and architecturally stable as something to build on for the future. I'm prepared to give them a few releases to build on that and make it both fast and extensible.
This should also enable them to keep the extensions that use supported apis working between releases much easier. I remember the early days of firefox where any update meant that some random subset of your extensions would break because they were doing something to the UI that the devs didn't expect.
Wether it was the right thing or not depends on the details. The overall decision is a sane one, but FF now has to develop enough of a flexibility to have a good extension ecosystem again. At least now they can get that flexibility with sandboxing and access management.
Anyway, Mozilla's history is such that I am not convinced they will do this.
Overall I agree, but NoScript not working anymore directly resulted in me having to kill all Firefox processes when an ad stopped me from closing a tab by constantly opening new alert windows.
You can just close the tab regardless of whether it’s showing an alert nowadays. (I also recommend µMatrix – it’s pretty much a better version of NoScript.)
> I also recommend µMatrix – it’s pretty much a better version of NoScript.
No, it isn't. uMatrix is a replacement only for the shallowest feature of NoScript. There's a ton of stuff that classic NoScript does that nothing else provides (including the new WebExtensions NoScript, so far).
The shallowest feature of NoScript – content blocking – is the only useful thing it provides. The rest of it, like the XSS filter, is poorly-written misfeatures, or stuff that’s available in about:config. (To be fair, µMatrix has its own misfeatures – looking at you, UA switching.)
> The rest of it, like the XSS filter, is poorly-written misfeatures, or stuff that’s available in about:config.
NoScript classic has a lot of functionality that helps you keep sites usable when scripts are blocked, or to help you stay secure when you have to allow some scripts. Some of the latter features are protections that will occasionally get in the way of sites that are fucked up in non-malicious ways, but that doesn't make them misfeatures. In my experience, the only XSS filter false positive has been Wolfram Alpha, and I've only encountered the clickjacking protection with advertisements that are getting in the way of the content I'm trying to interact with.
> NoScript classic has a lot of functionality that helps you keep sites usable when scripts are blocked
Sounds good, but have you looked at the code behind this? The XSS filter is the same way – a giant mess that only protects against the most trivial of XSS anyway.
I forgot about its clickjacking feature, though. You’re right, that one is valuable.
NoScript ("allow first-party scripts" and block everything in "Embeddings" tab) + FlashBlock seem to be the only way to block all autoplaying crap in Firefox for me.
You can also add uMatrix, uBlock & RequestPolicy and surprisingly they don't conflict with each other!
As a counter anecdote, I'm removing FF from all my workstations today. I've been using FF for years. I gave quantum a chance until NoScript shipped. Now it's clear that this is not going to work for me anymore. Moving to Brave. Bye FF.
>I also like the redesign but the killer feature was the noticeable speed up.
FYI, it was faster when NoScript worked. Tabs didn't crash constantly either.
Not having slowdowns like you, nor tabs crashing. Reminds me of when Chrome first came out, I ditched Firefox, till I realized Chrome didn't have proper adblocking, and when they did it was awful compared to Firefox's adblocker. It's improved since, but I'm not interested in Chrome since. Firefox has only gotten better and better for me. I guess everyone will experience the new versions differently.
I've been a long time user of Firefox, and after v55, I've been incredibly pleased with the improvements in tab handling (I'm one of those imbeciles who often has hundreds and hundreds of tabs open) and browser performance overall. Like you, I haven't had any stability issues, and the overall resource use is still far lower than Chrome/Chromium/derivatives (like Brave). I'm somewhat disappointed with the removal of the old XUL API and the death of many extensions, but expecting this, I trimmed what I had installed to an absolute minimum. So far so good; can't say I'm really missing anything except maybe Session Manager.
I do have some empathy for your parent comment: I'm not particularly fond of NoScript v10's UI either, if that's their chief complaint. It's different and somewhat cartoonish, but I don't know if my reaction is because of the stylistic changes or the fact that it just changed.
Regardless, Raymond Hill released a version of uMatrix for Firefox 57 which I feel has somewhat more power than NoScript in certain areas (selectively blocking cookies is a nice addition), and I like the UI better. It's not as intuitive, arguably, as the original NoScript, but it's information-dense and provides a fantastic picture of what's going on--better than NoScript ever did.
It launched with a new UI that I am still in the process of figuring out. If the parent lost their patience, I can't blame them asbut there is definitely a learning curve to NoScript 10 and zero documentation to help people figure it out.
NoScript 10 caught me on a good week, if I had been busier this week I wouldn't have had the patience either because it's definitely not doing things in a way I would expect.
So here are my notes for the previous version, I literally went to type this up only to find NoScript updated itself in the past day or two.
You have Default, Trusted, Untrusted and Custom.
Double-Clicking on either of those will give you more granular control ranging from scripts to media to fonts and webgl, which is nice. Untrusted has everything unchecked by default, Default seems to have scripting and most other things turned off by default, and Trusted and Custom you have to set yourself, with Trusted I think having Scripting on by default.
Now if you change the settings for any of these, at least on the previous version, your changes will apply to all domains under that category, so if you have scripting on for Custom, you'll have Scripting on for all domains you've set to Custom. Now whether this is still the case for the latest version, I couldn't tell you at this exact moment, but hopefully that's enough to get you started.
"Temporarily allow" also seems to have been replaced with a clock icon which you can find next to the Trusted and Custom category markers, which I only knew about from reading the blog updates. The latest update added three icons to the top right which are fairly self explanatory, one is options, one is for temporarily allowing all of the page and one is for revoking temporary permissions.
All in all I wouldn't say it is the most intuitive UI, particularly after having used NoScript for about 10 or 11 years. That said, if you're willing to allow yourself a bit of time to get used to it, most of the core functionality is retained, and is in fact a little bit more granular than before. When I have a little bit more free time, I intend to test out Custom a little bit and see if I can use it to allow some websites to render custom typography without having to run JavaScript. Theoretically that should be done completely in CSS, but I haven't kept on top of web standards since deciding not to be a web developer about 10 years ago so I'm not sure to what extent websites still depend on JavaScript for typography.
Thanks so much for this. They sound like some improvements, especially the timed/clock feature. Useful for not wanting to whitelist a website you need to view. I never find temporarily allow all too work that great - sometimes required several cycles.
Firefox 57 was directed at people who moved away from it, to Chrome users, I'm glad it has made an impact - however, it has upset many people who were using it as their main browser and who depended on a number of extensions which used APIs which were disabled.
There's talk that some API's will be built back, and hopefully with the increase in new users it should be worth it.
For example, on Xubuntu, a low resource friendly Linux distribution run by many on devices with small screens, Firefox 57 now is unable to hide the title window bar and unable to customise the size of tabs, reducing available screen estate by about an inch. In development versions of Firefox, they are enabling CSD for Firefox windows, so in a few months this might be better for the title bar, and in the article it seems as if theming tabs are being addressed.
A particular bug for me is the second time they removed being able to change to the next tab by mouse wheeling over the tab bar. They removed it in Firefox 34 or so (it was default, in built function) and pointed to using Extensions as the workaround. Now they have removed these very extensions that enabled that.
If only an extension could change userChrome.css! That would solve many people's problems.
Users who wish to continue using legacy Firefox extensions can use Firefox ESR 52. It will receive security updates through April 2018 at which point it will move to a later version of Firefox which no longer supports legacy extensions. Over the next 5 months, the WebExtensions API will continue to be expanded enabling more of the older extensions' features to work with the modern extensions framework.
But the people who chose a browser for speed already had Chrome. Now the people who would choose a browser that lets them run their software of choice, on which they have been relying on years, have no browser.
There are hundreds of people tweeting about how Firefox 57 has ruined their browser experience, and they are representative Firefox users -- the kind who have been using it all along, and relying on all the software Mozilla just broke. I don't think Firefox will gain market share by alienating all these people, while attempting to beat Chrome at its own game.
I wonder if there is any set of circumstances that would cause Mozilla to realize that making a new browser and calling it Firefox was a bad idea. If market share still continues to tank -- like were they realize for every person like the parent commenters, there may be many pre-existing users who have no reason to use Firefox anymore -- would they then admit it was a mistake? My guess is there is no such set of circumstances... witness the fact that Mozilla originally cited declining market share as a motivating factor for this big change, but then recently we have stories like this https://www.theregister.co.uk/2017/07/25/new_war_for_mozilla...
I'm personally really happy for firefox 57. I never switched to Chrome, primarily because of privacy concerns, and I suspect that there are a good number of users in a similar situation. The migration to web-extensions was a little annoying (had to find a different password generator).
While they could have split the product into two (like they did with Firefox & Seamonkey) and let the former product languish, I'm not that would have made many users much happier. For what it's worth, you can still use Firefox 56 (or even Seamonkey).
There was no way forward for a better browser without braking the old extension system. It is bound to irritate some people, but a rational person should find it hard to blame Mozilla for their choice. It is now a modern browser capable of making use of a modern computer's capabilities.
As long as Firefox and Chrome are somewhat similarly performant, I will always choose Firefox. I'm trying to wane off google products and services as much as I can, as I believe they have too much control over our digital lives. Most people are fine with that and I respect that, but I rather take as little control back as I can.
I'm not sure how allowing extensions to change privacy settings is going to increase user privacy.
And while it's becoming easier to manipulate any website you visit, with basically nothing stopping a malicious extension from stealing user data or just taking over any online account, actually extending the browser UI, the original goal of many former extensions, is extremely limited.
If you mean the stuff under "Additional Privacy Controls" you already surf without the functionality that can be turned on with this API. That means that the new API allows you more privacy, at least until you install some extension that maybe overrides the extension that turned "on" that privacy functionality.
So it's like before, adding a new extension is always a security risk.
Wow, I thought the controls are exposed in browser preferences. This makes even less sense, why would these be only controllable by extensions? (Though they are accessible in about:config at least)
I personally have them both turned on in about:config.
But It would be nice to have an extension to turn off resistfingerprinting on some sites (like firefox's extension site) because it fakes the browser's user agent which breaks things that check your user agent. I'm not sure this will allow that. It seems like it'll allow a privacy extension to easily enable / disable it for all sites with a check box.
It is a different mindset. It comes from the idea that you should be able to trust the software that you have vetted and installed (extension) over random third party code (an arbitrary website).
This reduces the extent to which Tor Browser has to delve into the Firefox internals. Ideally they'd be able to package up all their changes as an extension.
You can hide the tab bar with userChrome.css (I think that's what it is called), although possibly not in a way that can be toggled. Should be able to hide it only in windows where only one tab is present, at least.
I don't know where this was when I was searching for alternatives to vimperator, but thanks so much for mentioning vim-vixen. It seems like it's just a port of the parts of vimperator that still work with WebExtensions but it's so much better than the alternatives out there at the moment.
Vimium-FF is not a substitute. Very very limited compared to what Vimperator and Pentadactyl can do. Besides the features, the main problem with Vimium-FF is that it does not work on a lot of pages and, even in the pages that does work, it breaks often. During long sessions, it's common having to reload the page multiple times to get Vimium-FF working again.
Not really. You can't yank the url (yy) in Firefox, and the search is borked sometimes when there is no match on the page. After spending a few months with vimium, I found vim-vixen, which doesn't have these problems.
I still miss a lot of extensions. One of my favourites was pwgen¹. I missed it so much I decided to write my own², but writing it I found out that the WebExtensions api is still a big work in progress.
For example writing some text to the clipboard seems to be a basic thing a web extension should be able to do. BUT to do it, you have to create a textbox, set its value to something, then programmatically select the text, and then invoke document.execCommand("Copy") to copy the text. Come on! Why not something like browser.clipboard.copy('some text')?
And it does not even always work like expected³.
I hope the next ff versions will improve on this. Extensions are what makes the browser your own.
Clipboard and selection handling is a massive PITA in webdev. On the flipside it "enables" such creative solutions like that pesky text selection bubble on medium.
Oh man, I hate that thing on Medium so much. I'm slightly fidgety so sometimes I double click the text I'm reading. I didn't even realize how much I did it until I visited Medium and almost tweeted some random paragraph I was reading. I would love to turn that crap off.
Medium works nicely without JS. (Granted there are a few sites that rely on JS to display text, but in my experience there are a lot more that do something stupid, like breaking copying or breaking search than those.)
Also NoScript reliably breaks autoplay videos, as I found out when the webextension version needed a few days until the release.
This is what I've used for quite a while. I used to have a browser extension to interface with it, now I just use rofi-pass with a keybinding to bring it up in any app, search for a password, and put it on my clipboard. No auto fill, but I never was comfortable with browser password managers throwing credentials into any arbitrary form box (visible or not..) that 'looked' like a password box.
The timing on this is quite coincidental, I just published a short article this morning about adding support to Selenium for installing WebExtensions to Firefox profiles [1]. I write and use extensions frequently for web scraping and browser automation, and I've really been thrilled about what Mozilla has done with the WebExtensions API. It was a quite miserable process to write cross-browser extensions in the past, but that basically changed overnight when Mozilla first announced the WebExtensions API. I think that this is ultimately going to have an immensely positive impact on the extension ecosystem.
Does anyone found an alternative to "BackTrack Tab History", an extension that copies the history of the current tab to newly opened tabs? The author thinks he won't be able to port it to Quantum.
I wonder if it will be possible to load scripts into the reader view document. Currently, it isn’t, so keybinding extensions, which rely on inserting Keyboard event listeners, don’t work in reader view. I had been prototyping a custom reader view in Saka Key using Mozilla’s Readability library to work around this issue.
The Content Security Policy fix is a lifesaver. Saka Key attaches hint elements to the DOM and attaches a script tag to load common styles/fonts. Sites with the policy style-src: self (like crates.io) block script tags, which breaks hint styling and positioning.
To me the important part is "Starting with Firefox 58, the CSP of a web page does not apply to content inserted by an extension". This was flagged as going to be a problem back when CSP was still a draft instead of a spec, and it was blatantly obvious that bookmarklets and extensions would get impaired if CSP ignored the difference between site-content-activated scripts, and browser-owner-activated scripts.
I would have preferred to see this land 6 to 12 weeks after CSP handling originally landed in Firefox, but landing it now is a clear case of "better late than never".
U2F support for most sites is already in stable Firefox, you just have to flip security.webauth.u2f in about:config. Unfortunately Google doesn't work yet, maybe due to missing AppID support:
I recently switched to firefox and I find that chrome has much better plugin support. Just browsing between the plugin stores and you can see the difference. Hopefully firefox can catch up.
One plugin that I really miss in firefox is holmes[0]. I bookmark alot of useful sites and it can be a pain to find them in the bookmark list. It's a plugin that makes me really miss chrome.
322 comments
[ 3.0 ms ] story [ 252 ms ] threadFor security reasons, yes.
For people who don't want to say bye to old extensions which are not (or cannot) be ported to 57+ there is the option to stick with 52 ESR version (Extended Support Release). According to Mozilla FAQ [1] this version gets obselete in march 8 by Firefox 59 ESR.
[1] https://www.mozilla.org/en-US/firefox/organizations/faq/
https://addons.mozilla.org/en-GB/firefox/addon/tree-style-ta... and look through teh list til you find something that supports FF52+
I'm a little concerned that any bugs/holes in extensions will be left open though, since it's very unlikely the extension devs are going to be backporting features/fixes.
[0]: https://www.waterfoxproject.org/
As for me, I'm just happy to be running Firefox as a daily driver again.
Personally I'd be happy to see Firefox have tab feature chrome natively has:
- Scroll wheel to move between tabs (https://bugzilla.mozilla.org/show_bug.cgi?id=1285812)
- Ctrl+1 (2, 3, ...) to jump to a tab. Ctrl+0 to jump to the last tab. [Edit: This works with Alt, nvm!]
- Multi-select tab management (Ctrl+Click, Shift+Click to select, drag, snap and move multiple tabs)
Back when Firefox initially got a lot of market share, its killer feature was tabs. It almost feels like they forgot that :(
- Multiple-row tab bar.
Such an obvious improvement over tabs scrolling off the screen sides or squashing them like Chrome does, I don't know why it's not being considered.
It's already been done by Tab Mix Plus (or was it Classic Theme Restorer?). They only need to copy it and polish it a little.
Personally I don't find tree-style tabs appealing at all because (1) I usually have few pages open on the same domain, but I have many pages open on different domains. And (2) I don't want a vertical column of content width lost to a sidebar.
Limiting tabs to a single row per window is awful for usability.
You have to understand that this is a pretty unusual concern. Most of the world struggles with screens with aspect ratios optimized for watching TV, making vertical space very precious but leaving plenty of excess horizontal space that cannot be effectively used by the majority of web pages that only use a single column of text.
You are right about that. I use two external monitors, one of which is rotated 90°. Guess which one I keep my browser window on? :)
Ctrl+1 (2, 3, ...) to jump to a tab.
works for me, Ctrl+0 doesn't
You could try the Multiple Tab Handler[1] extension. It seems a bit clunky and limited if you use it alone, but it integrates well with Tree Style Tabs [2]. Note that you could open the vertical tabs sidebar when you need to manage tabs and close it right after. You can also disable the "tree" feature of tree style tabs.
[1] https://addons.mozilla.org/fr/firefox/addon/multiple-tab-han...
[2] https://addons.mozilla.org/fr/firefox/addon/tree-style-tab/
For users that are okay with the common way browsers work, all this new stuff is great though. Firefox Quantum is so fast and it still delivers all of the mainstream add-on functionality.
I'm firmly in the second camp. Give me any browser that I can install uBlock in (and hide most buttons except back and forward), and I'm good to go. With Quantum, I switched over all my browsing to Firefox. Including on Android, which hasn't even had most the Quantum improvements yet (its UI has just gotten a much needed update).
It takes 12s after launch for my newtab to populate with icons -- which incidentally I dislike compared to the previous page thumbnails -- there's regular stalling when it fails to respond.
I'm prepared to give some space to get acclimated to new versions, there were font problems on lots of pages (including newtab) for me which I've worked through. But I'm failing to see any benefit yet - even then turning the icon super bright has annoyed me ...
Obviously there's something slowing down your Firefox, but it's definitely not to do with how modern your hardware is because 57 is noticeably faster than the previous version on my 2011 MacBook.
browser.newtabpage.activity-stream.enabled = false
browser.newtabpage.activity-stream.feeds.section.topstories = false
browser.newtabpage.enhanced = false
browser.newtabpage.enabled = true
seems to respect my 5 columns and 3 rows with large preview icons.
And on the "improvements" side -- I have to say I've never felt the browser was too slow. Sometimes the network is lousy, sometimes stupid websites are terrible, but the browser itself has been just fine for me for years. So I'd rather have had a less painful and abrupt transition, which maybe took a bit longer.
With this change, Firefox targets the lowest common denominator just like every other major browser (tracing the footsteps of Chrome). In the progress, it too, is becoming just like Chrome.
This whole saga begun back when Opera dropped support for their 12.x browser, and became just another Blink-based browser. At that point, the only way to get a usable browser (with vertical tabs, MRU tab switching, gestures) was Firefox with a number of addons (Tree Style Tab, Tab Mix Plus, Firegestures).
One may argue that users like this should just use a fringe browser with such features built-in, but that's not viable because they're either unstable or lack timely security updates.
You may also argue that you can get all those features, even in Firefox 57, but that's only true with caveats:
Tree Style Tab still exists, but if you use either the history or bookmark sidebars, you better get ready to switch back and forth all the time (since only one sidebar can be active at a time).
The about:config setting browser.ctrlTab.previews (now also exposed in preferences as "Ctrl+Tab cycles through tabs in recently used order") is mostly useless, since it is limited to the 6 most recent tabs (probably even fewer on lower resolution screens).
There are several mouse gesture addons for Firefox 57, but none of them currently work on Linux/Mac. Even on Windows (and the others when they're fixed), gestures will work neither on internal pages nor on addons.mozilla.org.
It's a shame tradeoffs are necessary, but I think it's worth highlighting that it's a tradeoff that also brings substantial advantages. For all users, including the power users.
It's likely available from your package manager.
Things that bother me on desktop developer edition:
Android (Mobile) Quantum takes forever to load pages. As in 5x-10x longer than Android Chrome. Some things like videos from twitter simply don't load at all. Some websites no longer load. Cannot enter data into some text boxes. But don't take my word for it: https://www.androidauthority.com/mozilla-firefox-quantum-and...Unfortunately, on desktop I'm stuck between this new FFX and Vivaldi. On mobile, I already switched to Brave even though it's terrible because you can't easily google for selected text or select a part of a paragraph easily.
But couple of your annoyances can be fixed rather easily:
1. Get back the toolbar back: View (or Alt-V) - Toolbars - Menu Bar
2. To clean recent history: Ctrl-Shift-Del will give you the clean recent history dialog box. It can be accessed from toolbar too: History - Clear recent history.
Weird that the only way to get to that menu is through a toolbar that's not visible by default.
What's unusable about the new tree style tabs? I use it constantly.
If you want old greasemonkey scripts to work without changes, use violentmonkey.
There must be a bug with the new greasemonkey that I can't find the editor either. Use violentmonkey for that too for now.
I'll grant that the new responsiveness of FF makes TST feel much better. But there's one thing that's constantly giving me headaches. I don't feel like the highlighting given to the currently-selected tab is in-your-face enough, so that I'm always scanning up and down the tree trying to see which one it is. The other formatting options it used have were nice, but being able to at least make the selected tab's title bold was a big deal for me.
I realize that this is technically possible in the new regime via userChrome.css. However, the element classes are completely undocumented so I have no idea how to accomplish it.
Before FF57, I was able to set the font and background color for tabs depending on their status (current, inactive, unread, etc.), and that's what I want now. IIRC, this was actually a feature of Tab Mix Plus.
It's clear that this is still possible even without TMP, but requires putting code in userChrome.css. That would be fine with me, if I could just find any documentation on what element classes (or whatever would be the most appropriate selectors) I need to reference.
[1] https://github.com/piroor/treestyletab/wiki/Code-snippets-fo...
With tree style tabs I didn't realize there is a CSS hack to remove the top tabs.
Ditto re: weird css hacks to hide the top bar.
Why doesn't it get prime support?
Iirc, they decided to move it out of the browser and in to an add-on, which is frustrating in light of the recent changes. Don't get me wrong, I'm for the migration to WebExtensions, but it's annoying that there wasn't a better path for a feature that used to be a part of the browser.
Here's hoping most of this will be resolved in the upcoming months.
Firefox plans to add an API for dynamically hiding the tabbar. You can follow progress here: https://bugzilla.mozilla.org/show_bug.cgi?id=1332447
Another use case coming to mind is to compensate for the horrible bad ability to define your own searchengine. Leting a extension handle this would be an improvement.
1) Someone here might know more (updated) about when's the support going to be added for the same,
2) The Extension Author might comment on when he's going to add the support for it if possible,
3) Some of the geeks here might know a good replacement of it (because Firefox's "Find a Replacement" is not as good as it's supposed to be).
4) When people say "me too", some other Hackers around here might be inspired to write one from scratch, or Firefox people might see how important it is (I know about Bugzilla's voting system, trust me, that doesn't work)
Firefox has just broken people's workflows that were set in place for years, and they are naturally concerned. Let it be.
I don't think that is highlighted enough - the majority of the discussion is focussed on cosmetics, but it takes a lot of effort to break habits and muscle memory that have developed with daily use over many, many years (since Phoenix [1] in my case.)
It's also going to take a huge amount of time and effort to research, learn and configure replacement extensions. I really don't need that stress for something as important as a browser, so I'll stick with ESR as my daily tools as long as possible and build a new profile e.g. using Nightly as time allows. It's far from a trivial exercise.
[1] https://blog.mozilla.org/community/2013/05/13/milestone-phoe...
The XUL deprecation in FF57 has been public knowledge for years. The extension authors are to blame here.
How do you achieve 1:1 compatibility between extension APIs when the architecture that enabled XUL to expose the entire codebase for extensions' use no longer exists, and no longer exists because replacing it was the only way to resolve showstopping performance issues?
How do you keep using a browser that no longer supports extensions without which you can't satisfy the use cases for which you chose and adapted that browser in the first place?
No one is to blame here.
In the end, XUL was a major performance and security issue. Good riddance.
Really? What opportunities have you observed in the recent close collaboration between Mozilla and the developers or maintainers of many high-profile, and not a few niche, legacy extensions? I'm sure I am not the only one here who would be interested in gaining the benefit of knowledgeable and thoughtful feedback on how that process has played out.
Look, I get it, okay? It's a pisser. But throwing this kind of shit around helps nothing and nobody. It just makes life a little worse for everyone in the blast radius. Maybe you're fine with that. More likely you're just mad. I get that. But it's not an excuse.
I get that you're mad about some of your favorite niche extensions being unavailable due to relying on XUL functionality that shouldn't have been there in the first place, but you'll just have to find alternatives.
The alternative a lot of people will find is a different browser.
> "This preference makes the browser associate all data (including cookies, HSTS data, cached images, and more) for any third party domains with the domain in the address bar."
They even included a link you can click on to get more info on it.
This means that if you visit example.com and then initech.com and both load a tracker from evilshit.org, then the tracker will see too completely fresh browser installs, not even HSTS will be setup if it was used.
Basically, every domain you type into the URL address bar behaves as if it was a unique container.
[1] https://www.downthemall.net/delays/
He was the only bigger extension dev that threw a complete tantrum over this decision, refusing to even try to work with Mozilla to get some APIs into place, so that he could maybe actually port his extension in full. And now he's doing a port anyways.
Well, good on him. I do not think that his behaviour back then was entirely justified, so this remedies that.
"If true, the resistFingerprinting preference makes the browser report generic spoofed information for data that's commonly used for fingerprinting. Such data includes the number of CPU cores, precision of JavaScript timers, and the local timezone. It will also disable features that are used in fingerprinting, such as GamePad support, and the WebSpeech and Navigator APIs."
And well, apparently it has a pretty bad bug. It spoofs my screen size from previously 1366x768, which 1 in 9.43 browsers have, to 1318x686, which by itself is already unique, because that really is just not a screen size that anyone sells.
So, that's a thing. Maybe it's just isolated to Nightly, but if in doubt, maybe also just test yourself. Now where to report this...
Is it sticky though? I don't know how the spoofing works, but if the next time, the same site gets a different size, wouldn't your profile become less identifiable across visits and other web sites.
No, it changes every time...
Mozilla deliberately removed a lot of customizability, but instead of being open about it they made addon developers the scapegoat, sending unhappy users their way while blocking requests for replacement APIs with "you are not supposed to do that kind of UI tweaks anymore". After a decade or so of encouraging UI extensions whenever someone suggested advanced UI features, this is a bit lame.
That said, there's also a lot of customisability that simply hasn't been implemented yet. I'd name e.g. hiding of the tab bar where Mozilla is clearly seeking a compromise between the potential downsides of removal of UI elements by add-ons and how useful it could be. It just takes time to make it happen, but luckily, Firefox 52 is still an Extended Support Release for quite a while.
Otherwise, I'm using Safari and weaning myself off of all the power of VIM like browsing. Safari also happens to be so much smoother and does not kill the battery.
Never had any use for extensions. For me Web browsing is all about HTML/CSS and some occasional JavaScript, everything else is better achieved via native apps.
I never understood why people have such a hard time with choice. And why saying something no longer meets your needs evokes such reactions.
It was necessary the Internet and explosion of security exploits to realize that although plugins in-process are easier to implement, the older out-of-process architecture was safer and harder to exploit.
And yet they broke things like NoScript, which provided security/privacy features missing from plain Firefox and unavailable on any other browser no matter what extensions you installed. If safety was really such a high priority, they would have waited until after a full-featured NoScript WebExtension was possible to implement before deliberately breaking XUL extensions.
They're mostly a way to use the regular browser functions, only with the keyboard rather than the mouse. But this works best for regular sites, and poorly for webapps that use JS-activated links and such.
The solution is for developers to spend a day learning about accessibility. A good starting point is https://webaim.org/intro/.
[0]: https://addons.mozilla.org/en-US/firefox/addon/vimium-ff/
The biggest problem I have with them right now is that FF entirely prevents addons from working in "system" pages like the settings pages or the new tab page (NB this includes some actual web pages that Mozilla has "blessed"). Another problem is that there is no way to focus the address bar programmatically, forcing addons to use clunky workarounds like the Vimium omnibar, which has an inconsistent UX compared to the rest of the system.
Hotkeys, especially in a VIM-oriented model, must work consistently across the entire experience, and Mozilla has decided to explicitly disallow this for addons.
Vimium is better than nothing, but due to limitations of the WebExtension system, is strictly incapable of providing the browsing experience that I'm used to. In its current state, it is not a suitable replacement for me.
The same is true for the various mouse-gestures addons.
Web extensions are probably a small part of it but I have switched back to FF after ~5 years of Chrome. I also like the redesign but the killer feature was the noticeable speed up.
I consider myself a fan again!
This is the best Firefox , but I have lost a ton of extensions including my Vim extensions. So right now I use Qutebrowser and know that the new plugins will get added.
The other issues regarding limited control over the browsing experience may be resolved with future API expansion, but the previously mentioned hobbling is something with which we are most likely permanently stuck.
If Firefox provides the correct API's we might have the power of vimperiator back. Off the top of my head it needs:
1. A way to load config from the filesystem so I can keep its config with my other dotfiles
2. To be able to work on about:addons etc
3. To work in reader mode
4. Vim keybindings in textareas/inputs (although for modularity this could be a separate addon).
5. A way to open textareas etc in an editor - again for modularity this could be a separate addon.
6. Be able to open file://
7. A way to focus on the page content (away from e.g. url bar) - this could be a FF level hotkey though.
EDITED - I'm adding things as they come up.
But a few days before upgrading I found vim-vixen. It does 95% of the job. The performance improvements of FF 57 are well worth these 5% missing.
[0]: https://addons.mozilla.org/en-US/firefox/addon/vimium-ff/
I've been using Firefox since way back in the day when I stopped using Opera 12 (and I had been using it even before that, I just had really crap hardware for a long time so I had to use Opera).
The devs obviously care about the product and its users and sometimes have to make tough decisions.
I think Firefox 57 is a good thing for Firefox's future. It's basically what the Mozilla rewrite or Firefox's being spun off from Mozilla did, but this time with less of a big-bang. And 1 year from now 99% of the current extensions will work.
And no, for the obvious question, they couldn't have done it the other way. I've been part of several migrations of this kind and people don't really move voluntarily 100% during migrations. Yes, the nice folks do it in time (say, 40%) but the rest have to be dragged along kicking and screaming.
Every change breaks someones workflow [1]. It sucks, but it happens because we need to acknowledge a point when the current system holds back progress more than the headaches introduced by a new system.
[0]: https://blog.mozilla.org/addons/2015/08/21/the-future-of-dev...
[1]: https://xkcd.com/1172/
No it hasn't: Firefox still doesn't ship an API capable of supporting many existing extensions. The developers of those extensions haven't had three years to port; they still can't port.
I really like how fast the new Firefox is, but I won't use it until Keysnail works.
JS-based (crippled IMHO) vertical tabs are also in Chrome. Why would someone switch from Chrome to Firefox to use a crippled extension?
I hope I am wrong but I don't think Firefox will be able to increase their market share. They may be able to stop losing their market share, which is not really a huge achievement.
And I doubt they're ever going to.
It's the Design Disease: Once a company has it in its head that it Knows Better, anyone who ditches their way for a different one is Wrong, just... Wrong in some way the company thinks is objective, based on whatever Design it has in its head, and must be brought back into the fold.
How tabs work is Design. Design must not be questioned. If you want your tabs to open such that you get a new tab right beside your current tab, instead of over a dozen tabs away at the end of the tab bar, you're Wrong, and having more than three or four tabs is Wrong, too.
They can say that Firefox is faster. I say it's easy to be faster when you're not solving the whole problem.
NoScript, Session manager and Self destructing cookies are the hurdles to clear for me - the rest I'll miss but can probably get by without. Note that both the session and cookie manager are in fact features that should already be part of Firefox and are not. And when I say 'clear', I mean functionally equivalent in all regards to pre 57 (NoScript fails that test).
Many people are unhappy with the extension situation. Mozilla have to take that into account and provide equivalent functionality fairly sharpish or face just being a chrome-clone.
By doing so, Mozilla shows that it cares about his user. Letting use old stuff that are not maintained anymore (if they are, a compatible version will shows up) lead you to situations like win32
By completely trashing a tool I'd spent years customizing without anything resembling feature parity ready by release? It's not really on the devs to port something when the new system is missing APIs. The "They had 5 years!" argument directed at the addon devs could just as easily be directed back at Mozilla...
Or perhaps by ignoring the loud negative feedback when I and many others said we didn't want paternalistic "thou shalt not install unless we say okay" controls on add-ons like Chrome has?
Or was it instead by ignoring my repeated questions on how to fix a ten-year-old SSL handling bug that causes a great deal of pain for sysadmins? (Vendors have a poor habit of reusing SSL certs - Firefox will flat out tell you to pound sand and not allow you to visit a site with a dupe cert. Chrome, IE, Opera, and I believe Edge will warn you that this is abnormal, but otherwise continue)
If this is how Mozilla cares for its users, I'd hate to see what they consider neglect.
It's not a zero-sum either: those of you who always used Firefox will surely benefit from it not dwindling into obscurity.
FF57 is absolutely the greatest version of Firefox to date. I have yet to hear a single legitimate complaint against it that actually holds up to scrutiny.
It breaks about 2/3 of the extensions I was using, and many of them don't currently have similar replacements available. That's a big loss in some of the functionality that made Firefox attractive as my default browser.
I understand the desire to fix fundamental architectural limitations. In the medium term some of those extensions will probably be updated or replaced. In the long term, the improvements may well pay off in terms of better security and better performance and easier development allowing faster progress. As a software developer I can see that the move was rational even if it is also somewhat controversial.
But in the short term, the loss is still significant for some users. That's a perfectly legitimate concern, and it's apparently sufficient that some people are not upgrading this time.
I tried to think forward, and proactively convert my greasemonkey scripts to new style FF extensions a few months back, to avoid dependency on GM. But abandoned that after it became clear that I'm not allowed to install my own extensions on regular Firefox, because of forced thir-party signing requirement. I have no need for signing. I could create an extension by zipping a directory. Now the workflow is 1000x more complex with all the crap loaded from npm required to sign it.
My web experience is s*it, ATM.
Firefox is great anyway. But it is power user hostile in some aspects too. Personal extensions/userscripts are central to my use of the web. So this is all quite annoying, since signing was enforced. And now even my userscripts broke with 57, as expected.
But Mozilla doesn‘t owe every single user his own build with their pet features.
> It's my computer, not Mozilla's.
Then you'll be overjoyed to hear about the unbranded builds! The exact same code, except it's yours, so it allows all extensions and doesn't say "Firefox" on it.
Sorry to hear this; but I think it's arguably more important for Mozilla to improve the web experience for a hundred million users who may never "write userscripts / extensions" for any website than to hamstring their development in order to avoid inconvenience to a single user who feels the need to customize every point of their web experience.
Also mandatory signing doesn't improve web experience for anyone. It's a security feature. Security is always inconvenient, almost by definition. So your point is invalid.
I don't mind change, I like new Firefox features, what I dislike is imposition of stupid lockdowns, and pointless control. One valid point, I might concede, is that there are innocent third parties affected if someone clueless confirms installation of some malevolent extension. So restricting it is somewhat justified.
Anyway, it's all still a sham. Anyone can still disable mandatory signing with a simple 10 line script patching omni.ja in any Firefox. So it's still no security against people who can be persuaded to enbale something in about:config, or run firefox with a command switch, or add some file to /etc/firefox/, or run a simple 10 line script "to make firfox compatible with our great extension".
To all those claiming that Mozilla doesn't owe this to their users, you are technically correct. But why piss off users when you can easily satisfy them with a simple option. I shouldn't have to use a patched browser for something so basic.
I think that the issue was that they were worried about people who don't understand the security implications turning verification off and getting themselves into trouble.
1. Video performance. Even something as simple as opening a video in reddit spikes my CPU to 100%, and before reluctantly installing Adblock Plus I ran into multiple kernel panics from opening articles on mainstream news sites and blogs.
2. Pinch-to-zoom isn't supported (closest alternative I could find is some about:config settings to make the pinch gesture equivalent to cmd++/-, which isn't useful).
I'm still using Firefox, and there's a lot that I like about it more than Chrome, but I'm seriously considering switching back because of those and some other minor issues.
Is it that easy to panic the macOS kernel?
At one point the whole browser crashed. So right now got Chrome and FF open and am switching depending on the site. Might just end up back in Chrome if this isn't resolved.
But then Mozilla management has been "weird" ever since they decided to chase Google's tail with rapid fire releases.
And frankly i fear that it, like some other big name FOSS projects, have attracted managerial types that are there more to pad their resume with "social" projects than actually caring for what they are dealing with.
And those in turn have introduced a "push to prod" culture of development...
SeaMonkey isn't a good role model here. Even before 57, the SeaMonkey release interval had lenghtened to multiple months. That is, evidently it hasn't been tracking Gecko security updates at Firefox's pace.
I understand getting salty about losing extensions, but sometimes a company has to make decisions that will get them back on track and recording some growth again. Sometimes a company has to overhaul their product to make it work for _more_ people and not their "minority but vocal core."
You run arguably the most "free" and "open" internet browser in the business. You are constantly pushing for standardization in the face of competing browsers like Safari, Chrome, and Edge; all of which are trying to establish a walled garden powered by browser specific features. Your browser is consistently losing market share to Chrome because you don't have the cash to spend on marketing partnerships and pre-installs like Google does. Your browser is a means to an end, not the end itself. Your browser exists purely to push forward the tenets of the open internet and open source software. You need market share to push further standardization and improvements to the web experience. To get this market share you need to ensure that your browser offers at least the same performance and security as other browsers. In order to do this, you need to make some backwards incompatible changes or risk falling into obscurity. It's a sacrific you have no choice but to make.
The plugins updated for 57+ versions don't do the same thing as they did before, which is a no-go.
But they're clearly working on improving what you can do with extensions, only now they're doing it in a coherent manner rather than just letting people have access to the browser chrome to hack about whatever they fancied. And that feels much more stable and architecturally stable as something to build on for the future. I'm prepared to give them a few releases to build on that and make it both fast and extensible.
This should also enable them to keep the extensions that use supported apis working between releases much easier. I remember the early days of firefox where any update meant that some random subset of your extensions would break because they were doing something to the UI that the devs didn't expect.
Anyway, Mozilla's history is such that I am not convinced they will do this.
https://hackademix.net/2017/11/21/noscript-1011-quantum-powe...
https://addons.mozilla.org/en-US/firefox/addon/noscript/
edit: I see it's there. Released yesterday. Yay! Now if only Firefox could add a "Add to desktop" option, I could really switch!
No, it isn't. uMatrix is a replacement only for the shallowest feature of NoScript. There's a ton of stuff that classic NoScript does that nothing else provides (including the new WebExtensions NoScript, so far).
Agreed, I plan to remove this. See: https://github.com/gorhill/uMatrix/issues/771#issuecomment-2...
NoScript classic has a lot of functionality that helps you keep sites usable when scripts are blocked, or to help you stay secure when you have to allow some scripts. Some of the latter features are protections that will occasionally get in the way of sites that are fucked up in non-malicious ways, but that doesn't make them misfeatures. In my experience, the only XSS filter false positive has been Wolfram Alpha, and I've only encountered the clickjacking protection with advertisements that are getting in the way of the content I'm trying to interact with.
Sounds good, but have you looked at the code behind this? The XSS filter is the same way – a giant mess that only protects against the most trivial of XSS anyway.
I forgot about its clickjacking feature, though. You’re right, that one is valuable.
Can't do that with UMatrix.
FYI you can actually use both NoScript and UMatrix at the same time.
NoScript ("allow first-party scripts" and block everything in "Embeddings" tab) + FlashBlock seem to be the only way to block all autoplaying crap in Firefox for me.
You can also add uMatrix, uBlock & RequestPolicy and surprisingly they don't conflict with each other!
>I also like the redesign but the killer feature was the noticeable speed up.
FYI, it was faster when NoScript worked. Tabs didn't crash constantly either.
I do have some empathy for your parent comment: I'm not particularly fond of NoScript v10's UI either, if that's their chief complaint. It's different and somewhat cartoonish, but I don't know if my reaction is because of the stylistic changes or the fact that it just changed.
Regardless, Raymond Hill released a version of uMatrix for Firefox 57 which I feel has somewhat more power than NoScript in certain areas (selectively blocking cookies is a nice addition), and I like the UI better. It's not as intuitive, arguably, as the original NoScript, but it's information-dense and provides a fantastic picture of what's going on--better than NoScript ever did.
Allow first-party scripts in NoScript. Then you control scripts in UMatrix and use NoScript to block "embeddings".
BTW Raymond Hill ("gorhill") has a terrible attitude.
NoScript 10 caught me on a good week, if I had been busier this week I wouldn't have had the patience either because it's definitely not doing things in a way I would expect.
Can I ask do you run it with ublock or other ad blockers?
So here are my notes for the previous version, I literally went to type this up only to find NoScript updated itself in the past day or two.
You have Default, Trusted, Untrusted and Custom.
Double-Clicking on either of those will give you more granular control ranging from scripts to media to fonts and webgl, which is nice. Untrusted has everything unchecked by default, Default seems to have scripting and most other things turned off by default, and Trusted and Custom you have to set yourself, with Trusted I think having Scripting on by default.
Now if you change the settings for any of these, at least on the previous version, your changes will apply to all domains under that category, so if you have scripting on for Custom, you'll have Scripting on for all domains you've set to Custom. Now whether this is still the case for the latest version, I couldn't tell you at this exact moment, but hopefully that's enough to get you started.
"Temporarily allow" also seems to have been replaced with a clock icon which you can find next to the Trusted and Custom category markers, which I only knew about from reading the blog updates. The latest update added three icons to the top right which are fairly self explanatory, one is options, one is for temporarily allowing all of the page and one is for revoking temporary permissions.
All in all I wouldn't say it is the most intuitive UI, particularly after having used NoScript for about 10 or 11 years. That said, if you're willing to allow yourself a bit of time to get used to it, most of the core functionality is retained, and is in fact a little bit more granular than before. When I have a little bit more free time, I intend to test out Custom a little bit and see if I can use it to allow some websites to render custom typography without having to run JavaScript. Theoretically that should be done completely in CSS, but I haven't kept on top of web standards since deciding not to be a web developer about 10 years ago so I'm not sure to what extent websites still depend on JavaScript for typography.
There's talk that some API's will be built back, and hopefully with the increase in new users it should be worth it.
For example, on Xubuntu, a low resource friendly Linux distribution run by many on devices with small screens, Firefox 57 now is unable to hide the title window bar and unable to customise the size of tabs, reducing available screen estate by about an inch. In development versions of Firefox, they are enabling CSD for Firefox windows, so in a few months this might be better for the title bar, and in the article it seems as if theming tabs are being addressed.
A particular bug for me is the second time they removed being able to change to the next tab by mouse wheeling over the tab bar. They removed it in Firefox 34 or so (it was default, in built function) and pointed to using Extensions as the workaround. Now they have removed these very extensions that enabled that.
If only an extension could change userChrome.css! That would solve many people's problems.
This! Even if extensions were very restricted to only toggle pre-defined css rules or something, this could go a long way.
https://addons.mozilla.org/en-US/firefox/addon/re-style/
There are hundreds of people tweeting about how Firefox 57 has ruined their browser experience, and they are representative Firefox users -- the kind who have been using it all along, and relying on all the software Mozilla just broke. I don't think Firefox will gain market share by alienating all these people, while attempting to beat Chrome at its own game.
I wonder if there is any set of circumstances that would cause Mozilla to realize that making a new browser and calling it Firefox was a bad idea. If market share still continues to tank -- like were they realize for every person like the parent commenters, there may be many pre-existing users who have no reason to use Firefox anymore -- would they then admit it was a mistake? My guess is there is no such set of circumstances... witness the fact that Mozilla originally cited declining market share as a motivating factor for this big change, but then recently we have stories like this https://www.theregister.co.uk/2017/07/25/new_war_for_mozilla...
While they could have split the product into two (like they did with Firefox & Seamonkey) and let the former product languish, I'm not that would have made many users much happier. For what it's worth, you can still use Firefox 56 (or even Seamonkey).
And while it's becoming easier to manipulate any website you visit, with basically nothing stopping a malicious extension from stealing user data or just taking over any online account, actually extending the browser UI, the original goal of many former extensions, is extremely limited.
So it's like before, adding a new extension is always a security risk.
But It would be nice to have an extension to turn off resistfingerprinting on some sites (like firefox's extension site) because it fakes the browser's user agent which breaks things that check your user agent. I'm not sure this will allow that. It seems like it'll allow a privacy extension to easily enable / disable it for all sites with a check box.
https://bugzilla.mozilla.org/show_bug.cgi?id=1247628
Now I'm migrating to using Qutebrowser, as it's the closest to providing a similar experience.
https://addons.mozilla.org/en-US/firefox/addon/vim-vixen/
For those interested, the whole discussion about adding it is here [2].
[0] https://github.com/cmcaine/keyboard-api [1] https://github.com/Koushien/keyboard-shortcut-api [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1215061
[0]: https://addons.mozilla.org/en-US/firefox/addon/vimium-ff/
For example writing some text to the clipboard seems to be a basic thing a web extension should be able to do. BUT to do it, you have to create a textbox, set its value to something, then programmatically select the text, and then invoke document.execCommand("Copy") to copy the text. Come on! Why not something like browser.clipboard.copy('some text')? And it does not even always work like expected³.
I hope the next ff versions will improve on this. Extensions are what makes the browser your own.
¹https://addons.mozilla.org/en-US/firefox/addon/pwgen-passwor...
²https://addons.mozilla.org/en-US/firefox/addon/pwgen-reloade...
³https://bugzilla.mozilla.org/show_bug.cgi?id=1344410
Also NoScript reliably breaks autoplay videos, as I found out when the webextension version needed a few days until the release.
https://news.ycombinator.com/item?id=15770228
javascript:(function () { var pw = ''; var array = new Uint8Array(12); window.crypto.getRandomValues(array); for (var i = 0; i < 12; i++) { pw += ('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_')[array[i]&63]; } prompt('Random password:', pw); })()
https://www.passwordstore.org/
[1] - https://intoli.com/blog/firefox-extensions-with-selenium/
Anyone have info about if/when it will support Quantum?
I wonder if it will be possible to load scripts into the reader view document. Currently, it isn’t, so keybinding extensions, which rely on inserting Keyboard event listeners, don’t work in reader view. I had been prototyping a custom reader view in Saka Key using Mozilla’s Readability library to work around this issue.
The Content Security Policy fix is a lifesaver. Saka Key attaches hint elements to the DOM and attaches a script tag to load common styles/fonts. Sites with the policy style-src: self (like crates.io) block script tags, which breaks hint styling and positioning.
I would have preferred to see this land 6 to 12 weeks after CSP handling originally landed in Firefox, but landing it now is a clear case of "better late than never".
This is nice, but I'd prefer if support for FIDO U2F would be here already. But it looks like something is happening with that too:
https://www.yubico.com/2017/09/firefox-nightly-enables-suppo...
https://bugzilla.mozilla.org/show_bug.cgi?id=1065729
https://bugzilla.mozilla.org/show_bug.cgi?id=1244959
One plugin that I really miss in firefox is holmes[0]. I bookmark alot of useful sites and it can be a pain to find them in the bookmark list. It's a plugin that makes me really miss chrome.
[0] https://chrome.google.com/webstore/detail/holmes/gokficnebmo...
[1] https://www.chromium.org/tab-to-search