§ ¶Why people don't apply patches
I just opened Firefox and got a dialog stating that a software update to 22.214.171.124 had been downloaded and is ready to install. And, of course, I immediately groaned. Why?
Because somewhere between the last two software updates, my arrow keys and page-up/page-down started to intermittently fail. The apostrophe (') would also bring up Find when I typed it in text boxes. I use the keyboard a lot when web browsing, so for me this is REALLY ANNOYING. It got so bad that I was seriously considering switching to Internet Explorer 7 beta, but quickly squashed that idea once I found a viable workaround -- to create a New Window, close it, and click on the page. And even with this, I would still want to go back to 126.96.36.199 if it weren't for the security issues.
If you want to know why people are reluctant to patch, it's simple: patching breaks stuff. Ask anyone who tried Windows NT Service Pack 2 or 4. Nobody wants to keep using broken software, but they'll continue doing so if their workflow is disrupted every time an update is installed. The risk of regressions increases when non-critical changes are included in the patch. For instance, let's take the release notes for 188.8.131.52:
What's new: Improvements to product stability. That's good. Several security fixes -- that's really good. Added changes to Frisian locale (fy-NL)... huh? Why is this in a security update that's being delivered through the automatically-installed-and-tell-later channel? Why couldn't this have waited and is it worth the regression risk?
Now, I can't blame the Mozilla team for accidentally letting a bug through, especially since reproducibility is really bad and it's been sporadically appearing and disappearing according to Bugzilla history. Certainly, making a locale change isn't the worst abuse of a security update that I've seen -- releasing "Windows Genuine Advantage Notifications" as a critical update was a really f#*$&ing stupid idea. Still, when I am asked to download a security update, I want it to hold only security fixes, and software vendors need to recognize that patching involves risk to the user even if it does fix serious security issues.
(And before someone posts a you-should-fix-it-since-it's-open-source comment, I tried. After trawling all over the wiki to get the randomly placed build tools for Win32 that aren't in the source archive, I gave up after I got "nsidl.exe Failed -- Error 57" eight levels deep in recursive calls to "make" within a 200MB source code tree. I can't deal with a build system like that.)
Tried Opera lately? :)
Bob - 27 07 06 - 02:05
@Bob: personally I tried Opera 9 - all Betas and final. It's nice. It's a small download. It does HTML, POP and BT. Its source code viewer is crap. That alone dismisses it in my views. On top of that, it doesn't support straight XHTML 1.1 correctly (it parses it as XML all right, but some of its syntax is completely ignored)
@Phaeron: you're right to mention that 184.108.40.206 includes fixes for a locale - the first time it's ever done so, as it usually only contains memory leaks fixes and other security: stability issues. However, keep in mind it's only a bloody browser: it includes core browser updates ('security') and extention updates: if said correction is part of the core system, what does it amount to? Is it were a typo (entered as fyl-NL instead of fy-NL), would you tag it as Firefox 220.127.116.11?
Mitch 74 - 27 07 06 - 08:55
Glad to see I'm not the only one having that find tab pop up all over the place.
I've had the bug from the patch a few times on different machines. I do find tho that I haven't had it with a clean install. Yet.
Perhaps instead of accepting the patch do a reinstall of FF? Just an idea. Lot of effort for a small thing.
SonOfAdam - 27 07 06 - 09:33
ps. just to add irony, guess what uptate popup appeared as soon as I clicked post just now ;-) lol
SonOfAdam - 27 07 06 - 09:34
Mitch 74: I didn't intend to say anything more than my little note above, however your comments sparked my curiosity.
Specifically, how is Opera's source viewer crap? Personally I use an external source viewer, but at a glance Opera's source viewer seems quite solid, despite being relatively new. I'd be interested in what drew you to this opinion.
And do you have an example of Opera not supporting XHTML 1.1 correctly? URL? :)
Bob - 27 07 06 - 10:54
I think the keyboard focus problems have been around for a long time. I'm pretty sure they've been there since at least 1.5.0 or maybe even 1.0.x, since every time there's a Firefox update I keep hoping they'll fix it.
James - 27 07 06 - 12:03
Firefox updates are really weird - old bugs you've never had before will suddenly start showing up. It's like every update re-randomizes everyone's set of inconsistent bugs. ;) I haven't yet had problems with this release, but the last one broke pipelining very badly for me, after 5-6 images it would halt for two minutes until the pipeline timed out. Partly fixed by playing with its network settings and worked around by visiting back and forth often. I just sort of expect something to break every time I upgrade; I almost wish they'd do more to include new features to offset the breakages, heh. (The other option is feature/stability branches, and Mozilla has more than enough branches as it is.)
Mitch74, you need to look through the release notes more often; minor feature upgrades occur every other update, and it's more often a bugfix ("stability improvement") that breaks something than a feature introduction anyway.
Oh, this post reminds me, just the other day I had a critical update notification on the new server 2003 farm. What for? The swastica in Bookshelf Symbol 7. Aside from wondering how a patch from 2004 took this long, it's an annoying indictment of patching priorities.
foxyshadis - 27 07 06 - 16:55
I'd really hope nobody tried the "you should fix it yourself" line on you. Mozilla's find-as-you-type triggering has always been flaky, although I dare say that on the bleeding edge of trunk development (where it work in text boxes) it's improved to the point where it's actually usable.
As for security updates containing non-critical updates: MoFo haven't yet employed a real release manager. One thing which should be absolutely enshrined in the distributed Free Software development process is the importance of having someone assigned to this. Pretty much every Mozilla release ever has been bitten by this.
Chris Cunningham (link) - 27 07 06 - 21:17
I'm sorry to hear that this intermittent bug afflicts you; it's very frustrating for user and developer alike, but I don't believe that there was any change (unfortunately, perhaps) in that behaviour in 18.104.22.168. (Re-reading the fix list, even including the security bugs, doesn't point to anything there either.)
You support our taking of non-security fixes in a "security update", as you say, in the form of stability improvements. We're very conservative about what we take in these updates, to the point that many people complain that they don't get a given fix or minor feature until the next "real" release. It may nonetheless be that we took a fix that you wouldn't have taken yourself, but I submit that the Frisian localization fixes are not among them. Not only are they restricted to changes to the default bookmarks and throbber URL, but the data files they change aren't even _shipped_ to you unless you install the Frisian localization. I will boldly suggest that you did not.
(I'm also surprised and disappointed to hear that you weren't able to get a build working; the instructions on MDC work for a rather large number of people, but if you had a problem with them please do take the time to post to http://groups.google.com/group/mozilla.d..
and report your problem. People get help with all manner of build issue there, and I suspect that yours is also solvable.)
As it happens, we _did_ take a regression in 22.214.171.124 that we didn't detect until release, related to use of non-standard URL schemes from plugins. That regression was due to a security fix, of course, so I don't think there's a lesson about restricted update scope to learn here.
Foxyshadis: HTTP pipelining is a feature that we turn off for a reason, which is that it is unfortunately not reliable on today's web, given the servers that are widely deployed. You're welcome to override our decision and turn it on for yourself -- it's your software, after all -- but please don't be surprised when you discover some of the reasons for the decision we took.
Mr Cunningham: I'm sure that the release managers for our dozens of releases would be very surprised to discover that they weren't real (especially since some of them have shipped other products to literally hundreds of millions of users as well), but since I don't know much about you I'll err on the side of not being a total jackass and presume that you actually know what you're talking about -- somehow.
Mike Shaver (link) - 28 07 06 - 18:55
foxy: Haha, the swastika update. Severity: Critical. Reason: Political.
nayon - 29 07 06 - 17:52
The arrow keys and page-up/page-down is easily fixed by toggling F7.
SH - 29 07 06 - 19:03
Opera 9 not supporting XHTML 1.0/1.1 completely:
try programming an xhtml page (sent with proper application/xhtml+xml mimetype) with an image map using XHTML's syntax (img ... usemap="mapid" and not "#mapid", map id="mapid" and not map name="mapid"). I filed a bug on the second Opera 9 beta, but I got no answer.
It won't work. However, it'll work using older HTML syntax - or using any Mozilla/Firefox build (apart from Minefield's) starting at Moz 1.0 RC2.
Note: Konqueror fails on that too (I surmise then that so does Safari), and IE, obviously... won't even display the page :p
The source code viewer in Firefox highlights syntax, and highlights syntax errors in red - definitely practical, add on top the Search functionality. Its JS debugger is very nice to use too. Maybe I missed those (or the options enabling those) in Opera.
I'll stop there, as this is not supposed to be an Opera/Firefox flame war battleground. Opera is very nice, light and fast, but it's not perfect - Firefox has nice assets too.
Note: double post due to Preview not working, and tags removed (my bad)
Mitch 74 - 31 07 06 - 04:14
At least it didnít start typing backwards !
mikesum32 - 31 07 06 - 08:47
Firefox is OK but not as customizable as Opera. I used it when I didn't know about Opera (I put up with the weird graphics corruption in Firefox/Mozilla for about a year because of tabs that IE don't have).
As for updating, I generally don't like software updating without letting me know. I was using Firefox to test some web page to see if the page looks right in it, after a few minutes, it says it's updated and should restart ... I was :|
meanie - 31 07 06 - 23:56
Hey, I have a G3 optimized Firefox 126.96.36.199 here... it has the apostrophe-find problem too! (usually most bugs don't show their faces in front of me)
By the way, why don't you try forgetting about Firefox for once and use Opera. And port Virtualdub over to Linux won't you? In case you're wondering which widget set to use (GTK or Qt) let me help you with that - Qt. There's a gtk-qt hack, but no qt-gtk hack. Besides, Qt apps look good wherever they go. There, you're all set to start porting to Linux. Please do. I miss your program over there.
randomshinichi (link) - 01 08 06 - 02:53
"image map using XHTML’s syntax (img … usemap=”mapid” and not ”#mapid”, map id=”mapid” and not map name=”mapid”)"
Seems that it is seen by the HTML WG as a bug in the XHTML 1.1 spec. Though of course you are free to point that out to them as a problem :)
TarquinWJ (link) - 01 08 06 - 09:15
Interesting.. If you google "nsidl.exe", you only get replies to this very posting. Avery, you have done your magic once again ;)
Maz - 01 08 06 - 16:58
Thanks for responding. I agree that the locale fix is lower risk when restricted to an optional data file. On the crashes being non-security fixes, I don't necessarily agree. A crash that is triggered by remote data could become a security hole, so there are grounds for pushing some crash fixes out as security fixes.
As for getting minor features out because otherwise they'd sit too long, IMO that's a sign of not having enough granularity in your release strategy -- your options are either security update or full release. Ideally, you'd have minor feature releases in there as well, although in practice I can see how three simultaneous release branches would be problematic.
Been there, tried that. Turning off caret browsing (F7) doesn't do anything in my case. I suspect that there are multiple unrelated focus issues that have similar symptoms... not uncommon when implementing UI.
I happen to like Firefox, and I'm pretty picky about what I use. Also, many commercial sites are now supporting Firefox, whereas few officially support Opera (although they may work anyway, especially with UA spoofing).
As for Linux, I'm afraid I really don't have the time or expertise... or, unfortunately, the inclination. The only time I really use Linux now is when fixing a hosed Windows installation.
Great... I'm not aspiring for #1 search rank in build breaks. :)
Phaeron - 03 08 06 - 13:28
The Mozilla equivalent of "have you tried rebooting?" is "have you tried with a fresh profile?" I spent lotsa time through 2000-2002 on Mozilla bug reporting (the period over which it transformed from a horrible flaky piece of rubbish that barely worked into a thoroughly excellent browser and one of the most stable applications I was running on Windows - I still run Seamonkey by preference), and reports of weird and intermittent bugs were almost always greeted with "have you tried with a fresh profile?" If it gets to be a major PITA it may be worth a try. Firefox and Seamonkey are really nice otherwise.
David Gerard (link) - 08 08 06 - 06:18
The more irony is, that I am currently crying my eyes out over upgrading to Opera 9 accidentally. I've been using Opera exclusively since v7 and I'm a big fan, but version 9 *fucked up big time*. The problems are quite similar. All kinds of keyboard shortcuts misbehave or have been explicitely changed (WTF about usability, all nice Ctrl+? i needed are now Ctrl+Shift+Alt+??)
Are we sure that we are not being mocked by the same developers developing 'competing' browsers HAHAHAHAHAHA
PS I seriously recommend Opera 8.54
SeHe - 10 08 06 - 16:31