Wednesday, August 28, 2013

Let's go out to launch: a gentle position statement

I generally don't comment much on what people do with what I release, because part of open source is that people get to do with it what they want to. However, I'm already getting questions, so let's make sure everything is made clear.

Adam Albrec today released a launcher allowing users to switch back and forth between TenFourFox 17.0.x (for the unsupported plugin support it still contains) and whatever the current version is (which doesn't, and won't, due to Mozilla's removal of QuickDraw and Carbon plugin support), with the intention of a "best of both worlds" compromise. He's welcome to do whatever he wants, of course; this is entirely his work and his to support. Here is my official position, and Adam is aware of it:

  • I always welcome development in the TenFourFox ecosystem, including the projects I endorse (Tenfourbird), have endorsed (AuroraFox) and have concerns about (this one). I certainly salute his loyalty to the PowerPC community.
  • Plugins have not been supported in TenFourFox since version 6.0, and turning them back on puts the browser in an unsupported configuration. I stand by my plugins policy with regard to security and changes to the underlying plugin architecture.
  • Mozilla continues to change the way profiles are implemented. Right now, between 17 and TenFourFox.next, whatever it is (22 or 24), there is little difference and the upgrades are handled transparently. When Firefox 24 becomes the new ESR, that will no longer be guaranteed, like I no longer guarantee it between 3.6 and 17.
  • 17.0.x is a branch with a finite lifetime. There will be, at most, two more releases, namely 17.0.9 and 17.0.10. Penetration toolkits are already incorporating specific exploits against old Firefox versions, and some of these exploits are cross-platform (they are not specific to the Intel architecture), so using an old version of Firefox for an extended period of time is never a good idea if you're doing security-sensitive activity like bill pay and banking. I can't endorse, by default, a strategy to make using an older insecure version more favourable even if the intentions are good.

But, the silver lining is that folks still write PowerPC-compatible software. And activity on that front is always welcome, for which Adam is to be commended, even if I have concerns about the nature of the software itself. Questions are welcome in the comments section.

4 comments:

  1. Even my lame english tells me, that using past tense in connection with AuroraFox means something bad. How is AuroraFox anyways? Do you have any info? I was using it for about a year, but now have switched back to TFF, because AuroraFox seems to be dead or at least in deep sleep. Maybe I am missing something...

    ReplyDelete
  2. Without Carbon NPAPI plugin support there was far less interest in AuroraFox - even the one who initiated the project seems to have lost interest in it.
    I'm currently sufficiently busy with Leopard WebKit (which by the way does still support Carbon/Cocoa NPAPI and Cocoa WebKit plugins) - so I currently don't consider maintaining AuroraFox worth the effort.

    ReplyDelete
    Replies
    1. Well, I was just missing some info on AuroraFox project page. Maybe I am blind, but I do not see even short notice that there won't be any new version soon, which would be handy. Back to TFF then.

      Delete
    2. There used to be a feedback wiki page where I this was announced, but that page seems to have been deleted.

      Delete

Due to an increased frequency of spam, comments are now subject to moderation.