Mozilla push to upgrade older versions of Firefox

https://groups.google.com/d/topic/mozilla.dev.planning/FAmU7SeLoJ8

 

Wasn't 3.5 or 3.6 the version a lot of people felt was the best one?

Interestingly, I would think there actually is some security merit to run the older ones. Who would bother to code malware, or exploits to impact a browser nobody runs? Interesting concept really, but given our Nuclear Missile Systems run on old floppy based systems, precisely for security reasons, I would think there is some validity to it.

 

Security through minority: http://www.hackcommunity.com/Thread-Security-through-obscurity-minority-and-obsolescence

 

See also:
Mozilla plans semi-silent updates to tug laggards onto the newest Firefox

http://www.computerworld.com/s/arti...dates_to_tug_laggards_onto_the_newest_Firefox

 

Yet I had nothing but trouble with it. I thought Fx 4 was when it really improved.

 

3.6 running fine here They won't get me, as Auto Updates is OFF

 

3.6 was really a popular Firefox, and with good reason.

Also, Chrome 14-Stable was the last GOOD Chrome in my opinion. In fact, I still run Chrome 14 - it's becoming really hard to find now that Google has sent 'letters' to anyone offering older versions to remove them.

Why 14? 14 was arguably the most stable, and fastest they ever released. Also, and more importantly - it was the last revision that allowed you to 'pin' web pages onto the speed dial. Also no spying crap, or forced sync in 14.. So generally that's my choice until Opera decides to allow me to change search engines properly.

 

3.6.28 from my cold dead hand!

 

They don't run on floppies because of security.
They run on whatever technology was available back when they were developed.
Mrk

 

Given our defense budget, and the fascination with technology, they'd of long upgraded them if they wanted to. The fact remains - security through obsolescence is a very real security deployment scheme.

http://beta.slashdot.org/story/201349
ICBM forces commander Maj. Gen. Jack Weinstein told Leslie Stahl from "60 Minutes" that the bases have extremely tight IT and cyber security, because they're not Internet-connected and they use such old hardware and software. "A few years ago we did a complete analysis of our entire network," says Weinstein. "Cyber engineers found out that the system is extremely safe and extremely secure in the way it's developed." While on the base, missileers showed Stahl the 8-inch floppy disks, marked "Top Secret," which is used with the computer that handles what was once called the Strategic Air Command Digital Network (SACDIN), a communication system that delivers launch commands to US missile forces. Later, in an interview with Weinstein, Stahl described the disk she was shown as "gigantic," and said she had never seen one that big. Weinstein explained, "Those older systems provide us some, I will say, huge safety, when it comes to some cyber issues that we currently have in the world.""

 

You'd be very, very silly to think you're safe using an old version of a browser like Firefox 3.6. Many of the exploits found in the latest browsers aren't magically isolated to that version. Most of the time it will affect old code that is in versions as far back as Firefox 3.x. The same thing happens to IE, you see IE patches that are for IE6-11. The same thing happens for Chrome.

Just because a security advisory doesn't explicitly mention an older browser version doesn't mean that version is not affected, it means they didn't bother testing that version, usually because it's too old.

You're not safer using an older browser no matter what you think. They are not pushing old versions to update just because they feel like annoying you.

 

No, you don't upgrade if you want to. You upgrade if there's a need.
When it comes to multimillion-dollar-worth missiles supposed to carry nuclear payload, there is no need.
You don't mess up with things that work. It's not your desktop.
It's not an OS upgrade.

It's THE EVERYTHING upgrade.

Physical setup, communication lines, everything.
As complex as replacing buses with trains.

Mrk

 

Defense officials are on record stating they use obsolete gear on purpose, and why they do it. They've turned down upgrade options put forth. As noted above, that's the commander of the ICBM forces, stating the age, and hardened nature of the obsolete system is precisely WHY they use it. Again, it's incredibly easy to win arguments against you because I have the facts on my side every single time. I've used obsolescence as a security procedure in some select, difficult cases. It's a very real, and viable security methodology. (Intentional Obsolescence) ATM's use x.25 as a method to harden their communications from hackers, and it works.

http://www.theregister.co.uk/2002/06/06/security_through_obsolescence/

Opera x12 (Presto) will likely become the most security browser on the planet, as none of the new exploits would have any impact on it. So I can see deployment of Presto in the future, as almost all exploits will target Trident and Blink. Once again, security through obsolete software. I don't expect many to believe this, or understand it. But from an engineering perspective it's something we deal with everyday. Similar to how a 1966 Buick wouldn't generally be impacted much by an EMP, that would knock out every single vehicle on the road.

If I created a method to where a Commodore 64 could access the web, I would have one of the most secure platforms on the planet. I suppose it could be done with some machine coding. <shrug>

 

When they designed those systems, they were not obsolete. So your argument is invalid.
Today, it is convenient. But the question of upgrade is not one of "pimp my ICBM" with the latest wallpaper, LOLZ OMG!
It is the question of a huge uplift that is equivalent to redesigning cities. No one wants that bureaucracy.
When they design new, they'll go for new.

Please don't write about things you don't understand, like EMP.

Mrk

 

Please don't assume you understand what I do and do not understand. I've done post EMP diagnostics for a defense contractor, and yes, I understand them. The fact that these systems are obsolete, which offers additional security is well understood by the military. There have been regression examples in many fields, they aren't widely discussed because you run into classified natures with many. The x.25 aspect of ATM's is an example of technology regression, a 25 year old technology used precisely because it is hardened against hackers, and modern hack tools.

I've seen examples of legacy Juniper and Watchguard systems deployed precisely because those legacy systems have proven themselves to not be compromised. The NSA's own tools won't even work on those legacy systems. They'd need to develop an entirely new chipset implant, and given the rarity, it's not practical. Yet virtually all of the newer systems can be easily compromised by the NSA. (and others) Another example of purposeful obsolete hardware pushing.

No one can break into my house because I have a moat and a drawbridge, and a dragon behind the door. Old, but effective.