I'm pleased it was found at this stage and not after the its released.
It does seem a bad flaw, and follows on from the earlier bug in 15.
Firefox 15.0.1 Fixes Not So Private Browsing Bug [webmasterworld.com]
These bugs don't give me confidence.
No sooner than 15.0.1 was out, 16.0.0 appeared.
This "version numbers race" is insane.
|This "version numbers race" is insane. |
Isn't it. I can't imagine what the developers are smoking to get them so buzzed with quick version turnouts but maybe they should pass it on to the folks at W3C.
I want my old 3.6 back!
|These bugs don't give me confidence. |
The fact that they were quickly found and quickly acted upon is a good thing and should give you confidence that the developers are trying to stay ahead of the bad guys.
I'd be more worried if they weren't looking for vulnerabilities and if they found them, kept them quiet so unsuspecting surfers wouldn't know until it was too late.
This kind of thing happens when people escalate development cycles because it's too much too soon as everyone is racing to stay ahead of the competition and that's when security is more likely to suffer.
The problem is people quickly lose interest in any software if it has lengthy product development cycles so keeping it fresh and constantly releasing something new keeps it current in consumers minds, and the hackers.
Firefox should just dial it back a little.
|Isn't it. I can't imagine what the developers are smoking to get them so buzzed with quick version turnouts... |
They're smoking from the Agile Development Framework [en.wikipedia.org] crack pipe.
It's a fantastic method of developing software that ensures rapid releases cycles and quickly escalating version numbers, generates massive consulting fees and developer bonuses for all involved, while relieving the developers and management team of any responsibility for long term architectural decisions, vision, or generating actually sustainable code.
It's a very specific variety of Kool-Aid popular in Dot-Com circles right now. A similar variety was last tested in Jonestown.
"A camel is a horse built by committee decision".
Things like this remind me of this old gem:
"If builders built buildings the way programmers wrote programs, the first woodpecker to come along would destroy civilization"
FF never offered me 16.0, but it just now asked if I wanted to install 16.0.1. I'm not sure what to do so I told it not right now thank you.
Presumably that's the fixed version. I'll let other people test it out first though.
|They're smoking from the Agile Development Framework crack pipe. |
Right - and that particular approach wasn't really designed for a hostile environment.
I love agile development in the right setting - as a friend of mine describes it "Do it wrong quickly." But when security is in the mix, then doing it wrong can be a major issue. I don't think banks work with agile development.
The old 3.6 leaked like a puppy.
They finally fixed the leak in FF 15 and I left it running for a week without rebooting it daily as the used RAM didn't balloon up to 2GB+ or more.
@GaryK, that is the fixed one: [mozilla.org ]
Browsers are a security problem. As I suggested in a recent discussion on the Linux forum, use OS level security (Apparmour on Linux, for example) to limit browsers access to the system. I also use multiple browsers to make it harder for important data to leak through XSS etc.
I know it's a little off-topic, but surely having rapidly increasing version numbers hampers their ability to market the actual big releases.
For example, Windows 8. Previous version was Windows 7. Everyone knows that since that's a whole version number up, there are big changes afoot.
If Firefox decided to do something radical, something really impressive that we should take note of, how would that be named? Firefox 22? Or was that Firefox 23?
I think they're shooting themselves in the foot for a short term gain, but losing in the long run.
Back on topic though, I think I'll be waiting a little while too before I hit 16.0.1.
You missed it!
16.0.2 is out today.
Just kidding :)
|I know it's a little off-topic, but surely having rapidly increasing version numbers hampers their ability to market the actual big releases. |
It's a non-profit organization, you think they have marketing money? BWAHAHA!
I think it's more of a situation of keeping a rapid development pace just to prove their worth the grant money being wasted on Firefox.