|Firefox 14 issues|
Got a FF14 update today, installed it, and it's causing all kinds of problems.
1) On a client site, we use example.com and www.example.com is 301'd to example.com. There's also a shopping cart that has an SSL certificate. If I type example.com into the address bar, no matter what Firefox changes it to https://www.example.com. If I type on a Google search result, I can get example.com. All the other browsers give me example.com.
2) On my own sites, I don't have SSL and I don't use www. I have it 301'd again in .htaccess. If I type in mysite.com, I sit here and watch it change to www.mysite.com and then back to mysite.com again. Takes longer. I don't remember noticing FF do that before - is it new?
This is kind of a mess.
My GUESS is that they try https protocol first and if it returns a result, uses it. Very poor if that's true.
They would also do better for security if they dropped google entirely, as they did for a while a year or so back. The idea of forcing https google is very poor for webmasters who use referers to redirect incomers to specially requested content.
I also saw one report that said G was the only engine that was secure. Not true - startpage (which includes G in its meta search) and ixquick (which doesn't) both use SSL and, furthermore, do not record the IP etc details.
I assume Ubuntu will update to this new version tomorrow-ish. From your report I'm not looking forward to it. :(
On the other hand, my three remaining Windows machines, 2 unused for browsing, cannot support any FF beyond 12, so that's all right. :)
FOURTEEN?! Weren't we posting about 13 just last week?
:: detour to FF ::
All I said was 'CHECK FOR update' and it starts downloading. What is the sense in downloading if your Prefs explicitly say not to auto-install? (I took a further detour to check.)
Under "What's new" the very first thing is "Google searches now utilize HTTPS".
:: detour to read about "New text-transform and font-variant CSS improvements for Turkic languages and Greek" ::
Query: Why does the "What's new?" page list four Known Issues for something that was only released five minutes ago?
|Under "What's new" the very first thing is "Google searches now utilize HTTPS". |
You said it. Anyone who uses keywords from their referrer data will now see a big bump in [not provided].
|Anyone who uses keywords from their referrer data will now see a big bump in [not provided]. |
This makes life harder for SEO, but the https (ssl) google searches are completely about privacy & security, which make it a worthwhile tradeoff I think. In some repressive countries (and some less transparent "democratic" Western nations) the government can just scan the net for people searching for certain terms, get their IP address and from there monitor every site they look at, and possibly their email as well. SSL search prevents this. This doesn't, however prevent Google from recording what searches you make or your IP address makes, it just prevents eavesdropping via powerful network tools.
So now google will add a layer of obfuscation that makes google referrals closer to being as anonymous as Facebook referrals!
I'm most definitely am a total RETARD I still use?
|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:188.8.131.52) Gecko/20100401 Firefox/3.6.3 GTB7.1 ( .NET CLR 3.5.30729) |
Oh wait. Somehow or other a few months back FF updated itself!
Whole new everything. Totally unfamiliar. I had to go back through a heap of files to resurrect FF 3.6.3
The next person who comments?
Can give themselves a smack in the mouth. For very obvious reasons.
I don't play with my browsers, I also alternately use IE8.
Neither are an experience, neither are a mass-debate, merely useful tools people encourage me to use.
You encourage me to use you product? You take care of security.
How many dedicated browser aficionado's have I pee'd off?
Well I have something weird going on with mine and I can't figure it out. It's adding the www on some sites (but not on others) and then redirecting back to non-www. I've tried disabling all my plugins and extensions. I've cleared all my caches. It's the weirdest thing. And at this point, it only appears to be me. Nobody here can figure it out.
|startpage (which includes G in its meta search) and ixquick (which doesn't) both use SSL and, furthermore, do not record the IP etc details. |
What about qrobe.it [qrobe.it...] ? They don't include IP either, but do they use SSL?
Since there is no known reason to use JS on a search engine, guess what I did? :)
There is no reason for G NOT to pass on referers. G knows what they are; the target site needs to know what they are; and still the original request is encrypted to protect it against intercession. In any case, if a Gov asks G to provide search data for someone, what do you think G will do? I doubt they will refuse as that will get the Gov ticked off with them, which right now they do not want.
IanCP - it's your security. If you want to run an exploitable browser that is your affair. I would not recommend that course to anyone who might by accident hit a compromised site, of which there are a very large number including many listed in (for example) G.
However FF14 does not strip the referral data from clicks on ads..
BTW.. I would recommend the comment posted Wednesday 18th July 2012 17:06 GMT ( in the related comments to that article )..Larry..if you are reading ..
[edited by: Leosghost at 12:43 am (utc) on Jul 19, 2012]
|It's the weirdest thing. And at this point, it only appears to be me. Nobody here can figure it out. |
Some of us here are waiting for you to figure it out before we deal with it. ;)
I want to reach into their code and tear out 95% of the "handy features" just to make it faster. The new version "calls home" a lot more :/
I got so distracted by the unexpected upgrade-- apparently in Firefox's lexicon, "download" and "install" are synonymous-- that I forgot I had another Firefox question.
Anyone know when FF started reporting your system language rather than the browser language? Obviously this will only show up if your system's first-choice language isn't supported by the browser; otherwise they'd be the same. It doesn't come through in the UA string like in Safari, but you see it if you ask for window.navigator.language.
Somewhere along the line they added a Language section in the prefs. In the Mac version it's in the Content tab along with related things like fonts. If you don't change it, it matches your system settings except that it cuts out at five. (I've got the OS listing about fifteen ;)) It was there in 13-- I barely had time to check before FF whapped me with the update-- but I don't know when it first showed up.
Hm. Wonder if this means that if I visit my site in Firefox, Piwik will think I'm Canadian? Previously it only did this when I used Safari.
A client of mine has a site that was fine on firefox before, but after the update is now showing a ominous screen that says:
"This connection is untrusted"
How do we top this from happening?
I noticed it tries to open the site with https instead of http.
This could be a serious hit to their business.
Is it on a shared cert perhaps ?
Lucy: two things...
1) Update: for FF on Windows there is (was?) an option under Advanced/Update to determine how updates are handled - mine is set to "Check but don't do it unless I say". This is on FF12 - Windows 2000 won't update FF beyond that. On Linux the option to update is not in the browser (certainly not in FF14). Instead, the update is controlled by the Update Manager. If your Update Manager is set to automatic it will update everything it's told to. I have mine, again, set to "Warn me".
2) This may be relevant to your comment re: language.
I have just spent the past four hours trying to fix a display problem on one of my sites. I only noticed it today (installed FF14 yesterday on linux).
The problem is in two parts: the English pound symbol is no longer displayed correctly. No problem with that as it's supposed to use the entity & pound - I just made a couple of easily fixed mistakes on this site.
The second part: the & pound displays correctly when displayed from a debug string directly in the composing function but as soon as it gets returned to the calling function (val=function) it converts the & pound to gods know what - it displays as the blackened question mark used in place of unknown characters (I need to write this out to a text file to figure it out). Obviously, by the time the code gets to be properly displayed it's screwed.
BUT: On the windows FF12 there is (still) no problem. In Opera on linux there is no problem. Another linux machine with FF14 has it wrong. Which suggests to me the problem lies in the browser's rendering engine.
The odd thing is: since all data is fed from an IIS compiler there should be no browser interaction. My suggestion therefore is that the first time rendering uses one language, the second uses another (sending the same string twice from within the composing function results in both being properly displayed so this may not be correct).
The header of the page specifies 8859-1 English - so does the browser. No idea what linux (Ubuntu) default is but I suspect utf-8 or utf-16. I need to play with the browser font setup, I think.
Just checked the brower Page Info and it gives the page heading as above but Encoding is utf8. Given my FF setup specifies 8859-1 I suspect that is the problem. Windows FF12 gives 8859-1.
The Mac version of FF has three Update options in addition to the manual Check for Update under "About Firefox":
-- Autmatically install (with further option involving add-ons)
-- "Check for updates, but let me choose whether to install them"
-- Never check for updates
The first one is flagged "recommended" and the last "not recommended" with further blahblah about "security" (um, is this a code word for google?). I have the middle option selected. That's how I learned that, to Firefox, "download" = "install". You can't simply download a dmg and then deal with it later.
Crystal ball suggests that Windows-Latin-1 is rearing its head somewhere in the background. Apparently browsers are not only permitted but ENCOURAGED to interpret 8859-1 (Vanilla Latin-1) as Windows-Latin-1, even though this includes 32 codepoints that are forbidden to Unicode-- hence the angry black diamond.
:: shuffling papers ::
Nope, that wasn't it. The pounds sign is at a perfectly unimpeachable A3, so the worst that can happen is if utf-8 is reinterpreted as Latin-1, giving you Â £ (without space, because the Forums are too smart for their own good).
But wait! That is the problem. Reinterpreting in one direction would just give you an unwanted letter. Reinterpreting in the other direction means the browser has to deal with A3-- a codepoint that has no meaning in utf-8. It jumps straight from 7F (one byte) to C2\h\h (two bytes).
Incidentally, I make all my html UTF-8. Been doing it for years. The only entities you'll ever see are and —. (And, ahem, & > <. Those don't count.)
And the punch line is... In the previous post, I mistyped "font" for "language" and had to do a hasty edit. Two different things. Oops. The question arose because Firefox now thinks my language is iu rather than en. (Safari says iu-ca-- which is decidedly redundant, but explains why piwik only thinks I'm Canadian with Safari, not with Firefox.)
|There is no reason for G NOT to pass on referers. G knows what they are; the target site needs to know what they are; and still the original request is encrypted to protect it against intercession. In any case, if a Gov asks G to provide search data for someone, what do you think G will do? I doubt they will refuse as that will get the Gov ticked off with them, which right now they do not want. |
IanCP - it's your security.
Google doesn't have to pass referrers because as far as search is purely concerned it is a product to help an end user find a solution, it is not a product to help webmasters do market research. It would only take a couple of hours for me to charge 50% more to customers who search for "widgets at highest quality" when I know that I am already the high cost provider.
I believe Google is doing this to differentiate their search as providing a high level of privacy. Most of their other products are consistent with this philosophy. Traditionally, market research is a paid commodity, and maybe that is yet another possible reason for the change, but I doubt google would offer to sell us this info.
Re: Governments. If the Gov is China and the court order has no legal basis under international law, we know what G will do - Punt. That means they don't play ball. We also know what Yahoo did - rollover. Historical actions are important. Each of these companies fared differently in the resulting backlash. G got the assistance of the NSA. Is such help free? Maybe in some possible universe. Shortly after, every few weeks we are encouraged to give a cell phone number to help boost gmail "security". Then when the court order comes from the USA, not only can the Gov read emails, they can monitor phone conversations ( but apparently not on Americans - which fact should affect some people here ).
@IanCP: I once had a conversation with a German lawyer who was going on and on about the privacy violations implicit in full body scans. So finally I said, 'what can they do with that'. He paused, became very intense and said, "Next time we have a fascist government you will see what they can do with that!"
Lucy - I have now written out the before/after strings to a text file. This shows the & pound entity in the first (in-function) string but the 8859-1 pound symbol (A3? Probably, memory fails me!) in the post-function string.
Thinking around this, I see no reason at all for this as it's all pre-browser-rendering. The implication of my tests suggest this has been happening for some time and a further test with Opera (which renders the proper sign in all cases) indicates the code I generate is identical for both browsers (as one would expect).
I think there are two separate issues here:
1. The original coding is being corrupted ONLY by FF14. It is rendering the 8859-1 pound sign as "character unrecognised" which it never did before and that Opera renders correctly. FF needs to fix this - there are a lot of sites around that do not use the & pound entity.
2. I have a problem with ASP that has been present (probably) since the site was new, several years ago. Previously the problem was masked by browsers rendering the pound sign correctly even though it was not presented as an entity. Why this should be corrupted between returning it from the function (where it is correct) and receiving it in the calling function (where it has been translated back from entity to pound sign) I do not know - and without the FF14 rendering problem I would not have discovered it now. Whatever, there is a corruption in the ASP function call - something I've seen before but not in this way.
sundaridevi - I was actually thinking of sites that redirect an incomer to a more useful page depending on the referer. If they cannot do that then they lose revenue.
As to market research: it's always useful to know how people found your site and why. G is holding back on this info unless you have a specific account with them (I forget the details). Pretty soon it will be a paid-for service. With the advent of G wildlife that's killing off websites I can see a day not too far away when people will prevent G from accessing their sites altogether. I'm abount to do that now on at least one of my sites that G attacked today (I use "attacked" in its correct sense).
As to "security" - that is rubbish. People arrive at a site and expect that site to give them useful information (whatever). If their query isn't available to the web site that is not always possible. G's other so-called "security" has been more help to criminals than to individuals. Details of a proper gmail communication, for example, will be known to all legally interested parties. Spam and other criminal mail sent via G cannot be traced by IP (and hence blocked) because G has never provided the original sender's IPs. "Security", they say. In this case the criminal's security.
|The original coding is being corrupted ONLY by FF14. It is rendering the 8859-1 pound sign as "character unrecognised" which it never did before and that Opera renders correctly. FF needs to fix this - there are a lot of sites around that do not use the & pound entity. |
Does this only happen with the £ sign? I would really prefer-- for, ahem, a given definition of "prefer"-- if it happened with everything in the Latin-1 range. Or, better yet, everything in the first two rows, nonbreaking space through Spanish question mark (A\h and B\h), with the possibility of assorted garbage in the remainder of the range. Come to think of it, does render as intended?
What is FF's default file encoding? In the current Mac version, the setting is hidden behind Advanced in the Fonts and Colors area. Mine is UTF-8 but that's what it is supposed to be anyway.
Does everything on this page [htmlhelp.com] and its two sibling pages render as intended? How about font substitution and font naming? Any issues there?
I only have "illicit" pound signs on this site - and not many other things on other sites. The entities seem to work fine (which is good).
I have always worked in ASCII (mostly 7-bit display characters, occasionally (in error) the A3 pound sign) although on a couple of sites we may have "smart" characters (quotes, dashes etc) which people submit from Word or similar. These always show incorrectly on our sites and as soon as found we change them to basic ASCII or entities.
Your test site uses entities of various types, not "invalid" symbols. For the pound sign it uses:
& pound ;
& #163 ;
& #xA3 ;
(spaces added to ensure display here)
|These always show incorrectly on our sites |
You have to keep careful track of the file encoding. Either explicitly set it to be the same at every stage, or explicitly do a conversion. Word is a special case because I have to assume it uses Windows-Latin-1 encoding, which is bound to cause trouble when it runs into UTF-8 if you don't detour via a conversion. Or if the user's OS-plus-browser doesn't take care of it on its own. Can I assume that all your pages carry an explicit "charset" (misleading term!) declaration?
Something tells me your sites are all in English ;) I shudder to think what my html would look like if I were forced to use entities. Matter of fact, I see it in action in php/bb forums, at least in v.2. Everything displays correctly, but the edit window turns into illegible entities-- useless when the original question was about transliterating Greek and you have to find the typo. But even French and German come out pretty horrendous. "Trink, brüderlein, trink" just doesn't have the same oomph.
... and then you threw me by saying "your test site" after I'd heroically avoided linking to myself ::snrk:: (/fonts/font_input.html and /font_name.html are where I generally send people.)
My most ancient browser, MSIE 5.2.2, will only display characters if they have named HTML 4 entities. You don't have to use the entity-- decimal, hexadecimal and the real thing* will all work-- but there has to be an entity. That's an eleven-year-old browser, but even then it lagged far behind the norm. I think they just discovered Font Substitution the week before last.
I don't think these Forums convert entities into characters. They turn things like α-ω into entities, but they don't turn back.
* Except that you have to set the file encoding manually, because the browser is too stupid to read the "charset" declaration.
All pages carry a charset declaration, yes - almost always 8859-1. I'm aware of the problem sources, it's just that the invalid characters sometimes get overlooked for conversion into entities when we're in a hurry.
And yes, all sites in (UK) English. I did Russian ones twice - never again! :)
Entities are not a problem - or shouldn't be. The browser, seeing the entity,(should) translate it into the rendering character set. Never had a problem with those.
Sorry about "test site". :) I meant, of course, the URL you offered as an... er...um... test? :)
5.2.2? Ye gods! I'd forgotten all about that! :)
My problem, apart from bad FF14 rendering of "invalid characters", is a fault in the MS ASP parser. I've come across a few cases of irrational behaviour in the past but this one was most unexpected and only seems to be faulty in one out of several instances of conversion. I'll have another go at it Monday.
I don't know about the rest of y'all, but the Forums are now bent on making a liar out of me by not converting α and ω into decimal entities. In fact the 5.2.2 digression was opportune because it reminds me that α and ω --unlike the characters I had originally planned to use-- have named HTML entities. Relevant? Only the Forums' head honcho can tell.
But the pound signs in my post come through as their three respective entities. (If this were php/bb2, the decimal one would turn back into £.)