SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm writing this to "test the waters", and check if there are more people in the same situation as me.
It's obvious that using the previous ESR version of Firefox currently available in pasture/ is dangerous. But the current ESR version is still missing some WebExtensions APIs that are required by certain browser extensions (e.g. Simple Tab Groups requires at least Firefox 63). So I have a decision to make - either run the safer, current ESR version and break my workflow because some extensions are still not supported, or continue using my extensions, but opening my system to some attack vectors?
I'm wondering if I'm the only person facing this dilemma?
If it's just me, then I'll try to build the latest version by myself. I have no idea how it will go (up to a few minutes ago I was convinced that -current has the latest stable Firefox, but actually it's on ESR branch as well, so I can't simply use SlackBuild from -current). I guess building from source will be time consuming, and easy to get wrong. And additionally, the updates are quite frequent nowadays.
But if I'm not alone in this, then maybe it would make sense to additionally provide the latest stable version of Firefox (67.0.4 at the time of writing) in extra/? That would certainly be more energy efficient.
The same probably applies to Mozilla Thunderbird, but currently Firefox is my main concern.
What's you opinion on this? Is there some technical reason Firefox stable can't be provided that I'm not aware of?
At home I continue to use ESR 52. I do not lose sleep about using ESR 52. I don't care what the security wannabe fanboys claim about using that version. I always have run Firefox in a way that almost all common exploits can't and won't affect me. Primarily, through NoScript I do not allow Javashit JavaScript except for a very few trusted sites. I long have practiced not accepting cookies of any kind except for a very few sites. I use several security related extensions. I use DNS blocking to avoid nefarious and malicious URLs. I never open email attachments or select links in emails until I first check the email source. Etc., etc.
At work I am responsible for keeping Firefox updated. I have no choice but to use a supported version. We use ESR 60. I find ESR 60 to be frustrating because of the lack of previous extensions. NoScript frustrates and confuses me with the new interface. Mostly I miss Tab Mix Plus and all the beautiful ways that extension makes Firefox more usable for me at home. To replace the venerable Classic Theme Restorer I use the same author's Custom CSS tools.
Somewhat I find Firefox to be classic fuster cluck. The developers dropped the ball by moving forward without properly defined APIs to replace the previous extension framework. The sad part is there is no decent replacement browser. Anything based on Chrome is surveillance software, regardless of what developers claim. Even the default Firefox installation is surveillance software, but Firefox can be configured to overcome those defaults.
Unless you have a burning desire to build from source, you could try downloading the linux version direct from mozilla.
Extract to a directory that suits you and simply run the firefox executable from there. It's not difficult to make a menu entry that points to this version of firefox.
This is what I have been doing for some time now (I have uninstalled the slackware version, but you don't need to).
In preferences I have "Check for updates but let you choose to install them"
I get prompted for updates when there is a new version, and updates install correctly.
I don't know if there are any downsides to this method, but I haven't found any.
I have the habit to build and use the latest stable Firefox, using The Little Beast, my "overpowered" main box driven by an AM1 CPU named Athlon x4 5350, with TDP of 25W.
In my humble opinion, what they do (at least for slackware-current), staying on Firefox ESR releases is a mistake. The Firefox ESR is not for home users but for organizations and businesses, as Mozilla claims here: https://www.mozilla.org/en-US/firefox/organizations/
Quote:
What is Mozilla Firefox ESR?
Mozilla will offer an Extended Support Release (ESR) based on a regular release of Firefox for desktop for use by organizations including schools, universities, businesses and others who need extended support for mass deployments.
Quote:
Who should use Mozilla Firefox ESR?
Mozilla Firefox ESR is meant for organizations that manage their client desktops, including schools, businesses and other institutions that want to offer Firefox. Users who want to get the latest features, performance enhancements and technologies in their browsing experience should download Firefox for personal use, as these improvements will only be available to ESR users several development cycles after being made available in Firefox for desktop. If you’re using Firefox for personal use, you can download Firefox from mozilla.org/firefox.
In some cases, ESR is proposed to regular users for unsupported architectures transition. For example, when Windows XP support ended for the release, Firefox ESR has been recommended for these users.
Excuse me? For a distribution which makes a pride from not shipping PAM and Kerberos, sinking from starters any use of it on businesses, organizations and schools, why they would ship an Enterprise Software like Firefox ESR?
If myself I can build casually the latest Firefox with a 25W CPU, then for their Ryzen or i9 driven build boxes is matter of minutes.
Last edited by LuckyCyborg; 06-23-2019 at 12:56 PM.
Unless you have a burning desire to build from source, you could try downloading the linux version direct from mozilla.
Extract to a directory that suits you and simply run the firefox executable from there. It's not difficult to make a menu entry that points to this version of firefox.
This is what I have been doing for some time now (I have uninstalled the slackware version, but you don't need to).
In preferences I have "Check for updates but let you choose to install them"
I get prompted for updates when there is a new version, and updates install correctly.
I don't know if there are any downsides to this method, but I haven't found any.
tobyl
That's one way to do it. I modified the palemoon-bin SlackBuild to install Firefox Developer Edition.
I do not think so. That Firefox package is related to an incident happened not so long in the past, where some SSL certificate expiration resulted in disabling all Firefox addons.
However, the fact is that Firefox (and Chrome) evolves quite fast, and that Firefox ESR is something which someone would expect from RHEL and his foster child CentOS, but not from a development tree which jumps on the latest GCC or X.org no questions asked, like a county girl on the lap of first guy who gives her a drink...
Anyway, like the past demonstrated well, even the LTS kernels aren't more stable or safe than latest ones, and about Firefox, oh well... ESR does not saved the shipped Firefox even from that particular stupid incident.
Ironically, the things was fixed first by Mozilla ensuing a new (latest) stable release, and only some days later by patching the "epic" stable ESR.
BTW, I use from long time the latest Mozilla binaries, using that script "latest-firefox" to repackage it before upgrading.
On my Slackware 14.2, Firefox v. 60.7.2esr is the currently installed browser.
I have had no issues with it.
The add-on snafu was annoying, but the cause of the problem (allowing a cert to expire) was external to the browser itself. I would consider it hyperbole to characterize the Firefox browser itself as "dangerous."
Unless you have a burning desire to build from source, you could try downloading the linux version direct from mozilla.
Extract to a directory that suits you and simply run the firefox executable from there. It's not difficult to make a menu entry that points to this version of firefox.
This is what I have been doing for some time now (I have uninstalled the slackware version, but you don't need to).
In preferences I have "Check for updates but let you choose to install them"
I get prompted for updates when there is a new version, and updates install correctly.
I don't know if there are any downsides to this method, but I haven't found any.
Problem with just using the pre-compiled version of Firefox is that it doesn't build or default to ALSA, unless you build it yourself. So if you're not using pulse, there won't be any sound.
Yes, they sabotaged that a while back. Not only in their official binaries, but it's disabled by default at compile time... I was hellaciously pissed when I didn't realize they turned if off by default and had to redo a build when I had no audio. Yes, I chose the word sabotage and I mean it. It's no skin off their asses to --enable-alsa yet they disable it, and try to default you into disabling it. That's what they do when they want to try to force a change on everyone, but they'd get too much backlash if they removed the option entirely.
I use pulseaudio now, but I still enable ALSA support to fall back on.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.