Yes. Yes you are.

Seriously, 3.6 came out two and a half years ago. What possible reason could you have to keep it? Do you want to get malware?

Edit: downvotes? It's a legitimate question.

Maybe because you're ignoring his legitimate statement: "No one asked me about this switch. I was purposedly keeping that version."

Was the update option turned off?

If not, I would expect that after multiple notices which were sent to FF 3.5/3.6 users about their browser being EOL'd, it would autoupdate to a supported version.

If yes, then this might be a bug. Which would explain the oddity of why FF12 showed up here (and not FF14 stable or FF10 ESR).

No. I was asking for the reasoning behind it.

You have definitely never worked in a heavily enterprisey environment :)

Many times there are compatibility reasons behind the decision not to update a piece of software. That was the reason why IE6 kept its throne as the most used browser for so long: sysadmins couldn't upgrade because upgrades broke poorly-written websites (mostly intranet pages.)

So yeah, if there was a policy not to update Firefox, I'd be rather pissed about it updating on its own to a radically different version. Other than that, most users should get the upgrade.

I have worked in that type of environment so let me clear something up for you. It's your own damn fault! The code could have been tested on Mozilla at the same time, for example. I was there when people wrote that crap and people felt that running in IE was good enough. Companies should always have been taking the approach that a web browser isn't simply an app from Microsoft.

You either pay a little up front or a lot later. Time to pay up and fix that legacy code that no one wants to touch.

right, so people in the past are able to predict the future of software markets and sysadmins have complete control over where a company's development resources go. okay, got it.

You are generalizing quite a bit here. We are specifically talking about web browsers. Plenty of developers stuck with Netscape then Mozilla and wanted to support them. And sysadmins have lots of control at some level. "We can only support browser X, but not browser Y. As a firm we only support IE". Anyway, good luck getting off of XP and those old IE's. The rest of the world is moving on. When IE10 comes out, I'll email the link to my mom, etc and they'll be upgraded in minutes. Corporate America? Well, there are a lot of overpaid people working on it.

I have an install of Firefox 3.6 because an application I develop uses the version of Spidermonkey that shipped with 3.6.

It's nice to be able to easily test code and get a rough performance profile in the same environment.

I agree, and Mozilla is completely in the right here. Software security updates are like necessary vaccinations: you're not just inoculating yourself; you're creating a herd immunity. When you fail to do this, you put other people at risk because a compromise of your system is not isolated to you. Rather, your system is likely to be added to a botnet or in some other way used to attack other systems.

except that vaccinations are convenient and instant

and each computer is in contact with thousands

and browser infection almost always comes from servers

I don't see herd immunity working with browsers, and it barely works with operating systems.

Many legit reasons. For starters, he could be using Firefox as a test browser for Selenium, and upgrading would break some plugins.

Finally. What is taking Mozilla so long to upgrade 3.6 users? This push was suppose to happen months ago for people who didn't set the flag.

Btw, the current version is 14. You're still behind.

If you are concerned about stability of a release with regards to compatibility, why weren't you using the ESR?

https://www.mozilla.org/en-US/firefox/organizations/faq/

Unlike 3.6, it gets security-only updates for a well-defined period of time.

I'm an upgrade laggard, I feel your pain. All of the comments saying that you have no right to complain can be summarized as "If I don't understand why someone is doing something, they must be wrong."

I guess we've entered the age when browser choices have become moral decisions. Why it shouldn't be your own choice as to what browser version you run is beyond me.

"I guess we've entered the age when browser choices have become moral decisions."

Yes, it is immoral to waste web developers time by holding onto an old browser.

Old and unsupported browsers are also exploitable, and exploiting a machine doesn't just hurt the person who owns it, since the machine is then used to spam all the rest of us.

I insist that the developer is immoral for aiding and abetting his laggardness by continuing to support his ancient technology. ;)

> I guess we've entered the age when browser choices have become moral decisions

For webdevelopers, they just as well may be. These older browsers can be a reason you can't use newer technologies like websockets or css animations, or have to use fallback libraries.

But the person that suffers is the visitor. That should therefore be their own choice.

Sheesh - I bet many of these developers also think you should have the right to do whatever you want with your body as long as it doesn't harm anyone else ... but an outdated browser (?!): NO!!

That's not true at all. Many developers are forced to waste their time supporting old browsers, or omitting features, because they still have significant market share. The good news is that FF 3.6 is nearing 1% market share so the support will soon stop.

http://gs.statcounter.com/#browser_version-ww-daily-20120728...

Expect to see lots of problems with FF 3.6 by the end of the year. Especially once developers stop using the FF specific CSS selectors: -moz-

The only immoral thing I see in this story is that they forced the update. In my country, it is illegal to modify data of one person's computer without its implicit or explicit agreement. Of course, "data" is a general term that include programs. BTW, because of these legal restrictions, engineers cannot inject virus-killer virus on your computer, even if it's for your own good and would benefit everyone, etc. I therefore don't see how an application editor can possibly justify a forced update.

I suggest we henceforth call this the Nightly Build Sect.

I can't speak to why they upgraded without asking you. However, 3.6 has been end-of-lifed and will no longer receive security updates. You'll be much better off using the Extended Support Release.

Mozilla doesn't make it easy to find the ESR download page. It's here:

https://www.mozilla.org/en-US/firefox/organizations/all.html

You will not be able to install multiple versions of Firefox side by side. You'll need to use Firefox Portable Edition if you intend to have multiple instances.

That's a really helpful link. I had not idea there even was such a thing. Thanks.

It's targeted primarily at enterprises and only gets updated (aside from security patches) every 7 releases (42 weeks).

I don't know about cursing any engineers, but I'm running a 3.something version for Firefox because I have a set of plug-ins that work, and have failed to work in later versions, and I get to do what I want in a way that I'm happy with.

If there's some overwhelming reason it would be in my own best interest to stop using 3.x I'm certainly interested to hear about it.

The number of sites that appear to take advantage of more current FF features is, for me, minuscule, and I can visit the site in Chrome or something if needed.

You've been misled into thinking that you need features X, Y and Z. Web pages can be functional without flashy new features.

Your browser is your choice, and we as developers need to respect that.

Well, to be fair, some new things are pretty cool. I'd love to have both the latest cool stuff and be able to run every add-on I've ever liked since Mozilla 1.0.

I know that's just not going to happen, so I made a choice. I'll do without certain things in order to keep other things.

I'm just occasionally concerned that I'm overlooking some serious downside (e.g. FF 3.x can be made to set my Linux machine on fire or whatever).

Mostly the only thing I notice is that WebGL demos don't work. Not really a big deal for me. I can run those on Chrome or something.

"Am I the only one cursing Firefox engineers right now?"

Why don't you try thinking about the web designers? Firefox 3.6 is at about .75% of internet users now. You all need to move on.

http://getclicky.com/marketshare/global/web-browsers/firefox...

If it's <1% of internet users, most web designers will have already moved on. The only ones that haven't will be the ones where this user is a customer and he is unable to use a different browser. Then that developer is being paid to support his ancient technology and if he doesn't like doing so he can start a startup and make his own decisions and figure out how to pay his own salary. :)

The comments here about przemoc's choice in browser are surprisingly critical and vitriolic. S/he claims to be purposely keeping that version, and so presumably has some good reason - specific plugins, specific version testing for an internal web application, etc. Even if przemoc didn't have what you would consider a good reason, it should be his or her choice to keep that browser version and the onus is on us as web developers to encourage him (in positive ways) to upgrade - through better web applications that require new features, better communicating the reasons for upgrading, etc.

Believe me when I say that I understand the frustrations that come from having to support outdated browsers - I used to develop a web application for the financial industry, where as of a year or two ago a significant portion of traffic still came from IE6-locked machines in large financial institutions - but browser choice is not the issue here.

The issue as I see it is that the software that przemoc was running did not behave as he or she wanted and expected it to behave. That means that the software had a design problem (poor or misleading auto-update setting design), a communication problem (didn't inform him or maybe mislead him about the default update behavior) or a bug (updated despite a setting telling it not to).

There isn't enough information in the original post to determine if the last one (auto-update occurring despite being turned off) is what happened here - I'd like to learn more. It would be worrying (and I'd argue an insecure design) if the software were even capable of self-updating with that setting turned off.

> [...] the onus is on us as web developers to encourage [him/her] (in positive ways) to upgrade - through better web applications that require new features, better communicating the reasons for upgrading, etc.

I disagree. The onus is on those peddling the product (i.e. marketers) to sell its worth to users.

> Believe me when I say that I understand the frustrations that come from having to support outdated browsers

I read about “frustration” when referring to older browsers a lot. That has led me to question just how much people learn about supporting those browsers. Shouldn't supporting browser X become trivial once a certain amount of experience is accrued? Or do we just hunt and peck until a page ostensibly works?

> There isn't enough information in the original post to determine if the last one (auto-update occurring despite being turned off) is what happened here - I'd like to learn more. It would be worrying (and I'd argue an insecure design) if the software were even capable of self-updating with that setting turned off.

As someone who tests every whole number version of Firefox (1-14), I have experience with the force-fed updates. Imagine my frustration when viewing the version information (via Help > About) led to the browser paving over my existing installation. I really don't want to have to tinker with the settings for fourteen separate programs.

Conversely, Opera 8+ will ask before updating. Though this happens every time I open the program, I can easily decline and continue with my business. This is how to respect users.

Chrome is far worse, as it forbids the existence of an older build, even after the newer build is uninstalled.

Well, if you insist on reverting back to a browser that will never have any security updates ever again, here are some useful tips for preventing it updating itself: http://support.mozilla.org/en-US/questions/931530#answer-349...

Would you curse the Firefox engineers more or less if they didn't try to upgrade you to a newer version of Firefox and, through their inaction, allowed your computer to be exploited via a security vulnerability in Firefox that has long since been fixed in modern Firefox versions?

Yes, I would curse them both ways. I'm sure the engineers get enough appreciation from other people :)

You're the type of person who runs IE6.

Browser elitism benefits no one. The user is left insulted, and the developer strokes their own ego.

I was merely pointing out the fact that it is the running of a 3 year old browser that benefits no one and debilitates the web.

No, the type of person who runs IE6 is a guy from a corporation with a stagnant IT department.

Dude, I'm sorry but you're on your own. Mozilla needed to do this a long time ago and believe me, it's for the greater general good.

As of the time of this comment a lot of people are missing the point which is about respecting the user's choice not to upgrade.

To answer the question though, I'd say maybe not the only one but you're probably part of an incredibly small minority. If you had the update feature off and this happened then it's certainly not right but if it was on and you received many notices already then you had plenty of time to turn that feature off.

I'd ask what reason anyone would have to keep such an old version though? I do understand its a choice but outside of some really narrow edge cases I can't really see a good reason to keep 3.6.

This raises so,e very interesting questions though if in fact you had the update feature explicitly turned off. We all can agree that updating your browser even somewhat regularly is great for both users and developers but respecting the users choices is also almost a duty that software developers have. To me this is a gray area. Considering how old and outdated FF3.6 is and that web standards change so rapidly and have a lot since 3.6 was it a good call for Mozilla to pull the trigger and upgrade users of ancient FF versions or is it more important to respect the user's choice?

I think they made the right call. We think of using a particular browser at version X as a choice but in reality the majority of people do not choose this. They get whatever came out at the time and then never think of it again. For most users their inaction when it comes to upgrading isn't really a conscious choice to stay at the version they have but instead just a side effect of not knowing enough to be able to choose to upgrade or not having the time to be bothered by the prompt and clicking "No" on whatever comes up (I can see that especially applying to Windows users as there seems to be a prompt popping up every other second). At a certain point there are so few reasons not to upgrade that it makes sense to do it for the user automatically. Even if a user, somehow, some way, is using an old version of FF for testing a website in development or has somehow gotten into a situation like many corporate IE users face where certain websites or apps can only be access with version X it's very reasonable to assume these people know they have an edge case and would take steps to either only run the browser on an intranet or private network or, for developers, only run it on one machine on a local server and not connected to the wider web.

In the end I feel for you and I understand it sucks but really there's not much reason at all for anyone not in that situation to be outraged or care much that a version of FF so out of date is being auto updated without permission. And I say that in the nicest way possible.

Fortunately you can use firefox portable to test older versions if needed.

http://portableapps.com/apps/internet/firefox_portable/local...

For most users it seems fine, but as someone with an interest in researching historical software, I do find some of this stuff a bit troubling, unless there's a way to turn it off. It's getting harder to install and use old versions of software, without resorting to running things in carefully controlled snapshotted sandboxes.

Also a problem with games, which sometimes significantly change gameplay with patches. You used to be able to archive the original binaries and then also archive each incremental patch, but auto-updates (and other things such as DLC) are making that all tricky.

I don't think that's a bad thing, look at it this way: - Most sites will look and work better now. - New browser with new functionality. - It's 2012, it was time to get upgraded. - I was warned: http://www.computerworlduk.com/news/applications/3354678/moz...

I am irked by the fact that Firefox added a doodle to its Home tab which is using my local resource to host the GIF image. I am fine with doodles but there shouldn't be a doodle on my browser without my consent, let alone the image is running from my hard drive.

While many people may be bemoaning the choice of Mozilla to update without consent, I suggest looking at it from a different perspective...

Many browser updates are largely brought about due to a few things, but security is generally a large matter when these upgrades get pushed. Yes, you may have kept a certain version for a reason (you don't want to change, you like the way it looks, etc), but let's focus on the other side of this with a short analogy. Say you go out and buy a new fire alarm and install it at your house. The fire alarm is there to help protect you from dying in a fire. Later, the manufacturing company realizes there are some minor design flaws which put you at risk of, well, dying in a fire. Most would argue that it is not only the duty and obligation of the company to replace (or upgrade) the alarm, but that it may even be right to legally mandate that they do. If the company came to you and said that there were some major flaws and they wanted to upgrade you, I doubt anyone would whine that they like the way the current model looks and want to pass.

However, when a browser does it, everyone bitches about it. The updates are there for many reasons, not just security. Generally speaking, however, browser updates not only benefit your own security, but also help make the web a better place for everyone, whether it be by better standards adherence, improved usability tools, or who knows what else.

One of the big reasons that this becomes a problem is that people dislike change, but on a larger scale, they dislike change of something they don't understand. Browsers, computers, the web, etc are very abstracted away from people to a point that most don't know anything about the way the tools they use on a daily basis work. When those tools change, it appears like some corporate robot is changing it to hurt them because they don't understand the reasons these things NEED to be updated. There isn't enough transparency on WHY the changes happen (there are in the changelogs, but try to get your mother to read or understand that) and understanding of the base layers and it makes it very hard for people to understand.

I think one step forward here is to present users with a laymans explanation on why they need to update their browser. Telling them "We need to update your browser because we've discovered a potential problem where someone could possibly steal your credit card number while making purchases" is a lot more straightforward than this: http://www.mozilla.org/en-US/firefox/13.0.1/releasenotes/

Your analogy is flawed.

To make it complete, the fictional fire alarm company would not come to you at all. While at your house originally installing the fire alarm, they would grab the key to your house from where it hangs by the door, make a copy (without your knowledge), then hang it back on the wall. Later, when the defect in the alarm was discovered, they would use that copy of the key to let themselves in to your house while you were at work. Then they would replace the fire alarm without your consent or your knowledge of them doing so (well, of course, until you returned from work and figured out what happened when you were gone -- assuming that you noticed the new alarm).

I don't have a problem with companies and other development organizations updating their software. In fact, I encourage them to do so (especially in the case of security issues). However, I do have a problem with said companies/organizations making such updates without first informing me that they are doing so, and getting my consent to do so before performing the update.

It's not your computer. It's my computer. I paid for it. I get to control it. Period. If I am subject to security vulnerabilities because of the browser version I'm using, that is my responsibility.

I detest software where automatic updates are turned on by default, without ever presenting the user the option of turning them off (without having to go hunt down said option after the program is installed). Automatic updates have ramifications. They can screw up working installations. I get tired of having to go and disable automatic updates from applications, browsers, java runtimes (and that stupid Java system tray icon in Windows).

I'm not against being able to turn on automatic updates. There are plenty of users who don't want to fool with it, and that's their business. I just think users should be given the choice up front. We shouldn't have to go looking for it after installation. I am still mildly irritated by having an option for automatic updates being checked on by default at installation time, but I could live with that irritation if all applications were explicitly giving users the option then. However, the trend of late seems to be updates turned on automatically, without even informing the user that there are automatic updates.

I like to know when software is being installed on my computer. I want to be asked before it is installed.

Understandable... One other thing to keep in mind also is that you're using free software when it comes to Firefox. If someone wants to give me something for free with the requirement that it automatically updates to both keep me secure and push the web forward, I'm all for it. Given that the majority of users don't know what the hell they're even using, I think it makes sense to turn on auto updates for the average user, while the power users like us dig deeper to turn it off.

edit: also, to nitpick your analogy amendment of my fictional alarm company copying a key without your knowledge, I don't think opening software and having it "fix itself" automatically is anything akin to having a person steal a key to your house and enter it without your knowledge... However, I do agree my analogy was a bit flawed and that the reality is somewhere in between both of our views.

I figured the "yeah but it's free software" thing would be part of the comeback. My response is that Firefox being free is completely irrelevant to my point. I'm the owner of the computer. You should never install anything on my computer without my consent. And yes, I think it is bad for you to do that with an average user also. I, as a user, downloaded Firefox 3.x (or whatever version) and installed it. I expect Firefox 3.x to be the one that is running after I install it. I don't have a problem with the installation program putting up a dialog that says "We'd like to keep this software up to date. May we turn on automatic updates for this software? (yes/no)". As I said in my previous post, I can even begrudgingly live with the "Yes" option being checked by default. To me, it is the fact that all of this is done by default without ever asking me about it that is bad bad bad. The user should be told. A simple explanation is not difficult, and most users who would go to the trouble of installing something should be able to understand a reasonably well-written explanation. And even if only 40% of them do, it is still better that the option be given. If they don't want to be bothered with it, they are most likely going to just take the defaults anyway.

As to the nitpick about the analogy -- of course it isn't the same level of severity. It's an analogy. Installing a fire alarm system can't be compared to installing Firefox on my computer either. One takes hours, the other takes only minutes. I wasn't trying to say that breaking and entering was equivalent to covertly installing program updates without user consent. I was merely trying to complete the analogy (perhaps remote wireless fire alarm firmware updates without homeowner consent would have been a better choice -- but I didn't think of that possibility until just now. :-D )

The semi-amusing part about this whole discussion is the reason that I'm replying again. I'd installed Firefox on one of the machines in my house a while back, and I forgot to turn off the automatic updates. Started up Firefox only to have it apply the update it had automatically downloaded without my knowledge. Grrrrrrr. Sorry, this just rubs me the wrong way, and I don't like Firefox running a background service to install updates either (also an option that I didn't chose).

Similar line: FF doesn't support older versions of Mac OS X (can't say the specific version, but iMac would be the case I'm aware of).

Hardware vendor won't provide OS upgrades, SW vendor won't provide app upgrades. So user is stuck on FF 3.6.

Chrome updates everyone all the time without asking. It just happens. Mozilla's big mistake is that they tell the user that the update has occurred. It should happen without you even realizing it.

I feel your pain.

Once when I took a short break someone ran into my shop and painted all the beads of my abacus florescent pink.

What were they thinking?