If Operah can fix the issue this fast, and FF's response is to simply disable the feature, what will happen if more serious security issues are found? Will FF disable cookies? FTP? Why not fix the IDN issue, Mozilla? Open source not open enough for you apparently.

This I agree with totally, everyone criticizes MS for having so many security holes, but at least they patch them in a timely manner. To me, being forced to rely on an extension to help avoid this vulnerability (as some of the firefox supporters will say we had the option to use), they should have released a patch.

Another thing I am not crazy about is having to redownload and reinstall the whole browser to patch it. Thats one thing MS has over FF and Opera, you dont have to download and reinstall IE everytime they release a patch :)

"Thats one thing MS has over FF and Opera, you dont have to download and reinstall IE everytime they release a patch :)"

Except for the fact that an average IE patch is bigger than the complete Opera download...

Yes, but it still doesnt require you reinstall the whole browser and worry about breaking something in the process (not necessarily an issue with opera, but in FF that is an issue). But reinstalling a browser every time there is a new security issue fixed, is a pain in the butt. MS Automates the process of installing patches with windows update, so you dont have to reinstall anything. Just update the files that need updating

The very basis of your argument is wrong.

First, Mozilla did not disable this feature, which invalidates the rest of what you're saying. But even supposing it *were* true, here is the second crux: this isn't meant to be a permanent solution. The article didn't mention it from what I can see, but the Mozilla Foundation did, and the search is still on. Showing Punycode in Firefox 1.0.1 is simply a temporary stop-gap measure. (IDN still works fine, it's just that you might see it get convereted to odd-looking URLs. As far as I know, entering them yourself in Unicode will still work, though they will be converted. Also, this article seems to think that conversion to/from Punycode is the problem, but it isn't; it's that some Unicode characters look like each other and are easily spoofable, and nobody's doing anything to stop registration of such visually-similar/identical domains.)

I didn't uninstall and reinstall FF. I just simply installed the updated version over the old. Get a grip.

Actually, Opera will update its list of trusted TLDs every week as part of the regular check for security updates. If a TLD must be blocked or a new TLD can be trusted because they include measures to avoid spoofable domain names, the whitelist will be updated transparently to the user.

Thats my point, you still have to perform a full browser install, and worry about extensions being compatible with the new version. IE only updates files that need it :)

Ya, you gotta love that patch automatation that makes you reboot everytime your swiss cheese security IE needs an update.

So don't worry about it.. firefox tells you or auto. disables extensions that are incompatible anyway. If it's a decent extension then there'll be an update shortly anyway. If you want quick, easy, large patches that autoinstall and reboot for you, then just stick with what you know; IE.

FF went the same route, and released the update on the same day - though, their initial plan was to disable the feature, they have listened to feedback of their users.

"To protect users from phishing attacks that exploit the IDN standard, Firefox now displays international domains in their "Punycode" form, which is the special format used to differentiate between IDN and standard ASCII domains."

large patches? I am confused, the last patch I d/led was 900Kb from MS, which is 1/5th of firefox's installer size :) Maybe I am just too dumb to do proper math, but that doesnt seem large at all, plus what does a reboot matter when my system is back up in 20 seconds (the time it takes for me to download and reinstall firefox, check for updates of my plugins and themes, and then get back to browsing). Plus, I can still install MULTIPLE security updates for IE and still be back up before I am done checking for updates of mozilla's extensions and themes.

Thats one thing I've noticed about you alternate browser supporters, you never want to admit to a shortcoming from your browser. You would rather try and justify it by saying something like "Oh, well, if you update IE you have to reboot" or "IE doesnt support tabbed browsing, or mouse gestures or INSERT OTHER FEATURE HERE. You know, last I checked, opera is far more bloated that it need be. Firefox beats the pants off of opera for the simple fact that you arent stuck with a bunch of crap you dont need and can choose which stuff you want to include in the browser. If you want an IRC client in your WEB BROWSER, you can install it, if you dont, you have to install it. In opera, you have all this crap that most will never use. Why do you think firefox is gaining so much more popularity among end users as compared to opera? Opera still only has 2% of the market and its been around a hell of alot longer than firefox (which now has 20% of the browser market).

Mozilla.org plans to enable updates next week. Those who want to install FF 1.0.1 today should uninstall their current version, then install the full 1.0.1. Those who can wait will be advised of the update/patch when it becomes available.

Note that, as the article points out, Opera also displays URLs in punycode ... if their TLDs are not in the whitelist.

Note also that the measures taken by Opera and Mozilla.org are interim measures, and will certainly be revised when the interested parties arrive at a consensus on what the best solution is.

For those who want to learn more about the IDN homograph issue, see http://www.icann.org/topics/idn.html .

** Why do you think firefox is gaining so much more popularity among end users as compared to opera? Opera still only has 2% of the market and its been around a hell of alot longer than firefox (which now has 20% of the browser market). **

This is probably due to the fact that the default web ID is "Identify as MSIE 6.0" but you can change that to "Identify as Mozilla 5.0" or "Identify as Opera"

Would you still tout IE if a registered version
cost $39.00?? The answer I think is that that people are willing to pay to support Opera but I never heard of anyone willing to pay for IE.

Try Opera 8.0 Beta 2

I have been testing Opera 8.0, and of the functionality I use, it still isnt any better than FF. It is still filled with a ton of features I will never use, and I wish I could remove from the browser. Its just like MS putting stuff in windows I will never use, there SHOULD BE a way to remove it, but I cant. As for paying for IE, no I would not, a web browser should be free by nature, and I believe MS understands this (as does apple, there browser is top notch as well, I just cant run it due to being on windows). Also, why do you think the default option is to identify as MSIE6? Because the browser cant display many pages properly otherwise. Firefox has fewer issues with displaying pages properly than Opera does. Anyways, enough of this rant, I am gone.

"But reinstalling a browser every time there is a new security issue fixed, is a pain in the butt."

Are you serious? Upgrading Opera is seamless. Just close Opera and install the upgrade over the previous version.

DONE!

IE patches have as much of a chance to break stuff! They've messed up JavaScript quite a few times because of security patches.

> "it still isnt any better than FF. It is still filled with a ton of features I will never use"

And STILL it's smaller and faster than Firefox!

> "and I wish I could remove from the browser."

Why? Just don't use them! If you don't, they make NO difference what so ever to you!

> "there SHOULD BE a way to remove it, but I cant"

There's no point, because it's still smaller and faster than anything else. The features you don't use don't do any harm either.

> "a web browser should be free by nature, and I believe MS understands this (as does apple, there browser is top notch as well, I just cant run it due to being on windows)."

DUH! IE and Safari are NOT free. You get them with two operating systems that COST MONEY. Get your facts straight.

> "Also, why do you think the default option is to identify as MSIE6? Because the browser cant display many pages properly otherwise."

WRONG. It's because some sites block Opera otherwise.

> "Firefox has fewer issues with displaying pages properly than Opera does."

Not really. More sites just accept Firefox because it's Mozilla ("Netscape"). Sites that don't work usually block Opera.

That's NOT Opera's fault.

Opera is not smaller or faster than Firefox.

It's called bloated software joshpx. No one likes it, just because it clutters the area and program with useless features.

IE and Safari are still free. You have to upgrade the browsers to the newest version when you buy the new PC/MAC. If it weren't free, you'd have to pay to upgrade IE or Safari.

Why would any site block Opera? Oh, wait, because Opera sucks. The people developing that site obviously don't want people running a s***ty a** browser to visit their page. You don't see people blocking Firefox now do you?

Why would anyone in their right mind pay for a browser, especially one as slow and bloated such as Opera? There are much better alternatives out there, not to mention the better alternatives are FREE.

You obviously have never tried opera...

Virtually every line you wrote is not true, so I'm not even going to bother commenting on them.

Why do all these threads end up in a browser war...

Opera is a very good browser/suite and FF is a very good browser. They both have different approaches (FF is "just" a browser and Opera has all the bells and whistles built in). It's up to your personal taste to decide which browser suits your needs best.

I have used Opera, and I didn't like it.

I can agree that opera can be cluttered but to get the same functionality in Firefox you have to install lots of plugins that eventually will make the browser break and not work. I have tried firefox 5 times and it has always made my computer freeze, I'm not impressed. Guess I should limit the amount of plugins but I want my browser to do what I want it to and the plugins enable that... But only for a few sites..

DJInsomniac: could you back up any of your baseless attack? I use both Firefox and Opera, like both and am always shocked at how browser intolerance (just like any other kind of intolerance) can stop people from thinking rationally (you being the perfect example).

Opera is anything but bloated. The executable it smaller (even uncompressed) than firefox, it uses less DLL's and less handles on startup. Note that is not really important to the end user experience, but it does demarcate where your FUD steps over the line.

So it has more features, and? As has been discussed, the browser does not load any additional communication features UNLESS the user opens a mail or chat account. If you don't add an account, Opera doesn't activate those functions, leaving you with 'just' a browser. Why such rabid intolerance and insults?

I wish both the Mozilla foundation and Opera continued success, and more relevantly to the thread, to helping to allow international users access to domains without discriminating on language and keep all of us secure...

DJInsomniac:
Care to tell us something concrete or are you flaming again?

Regards,
Ruemere

Oh my :) Your rant is rather illogical, and factually incorrect to boot, DJInsomniac.

> Opera is not smaller or faster than Firefox.

It is certainly smaller! 3.6 MB vs. Firefox's 4.7 for Windows. The difference is even greater on other operating system.

Case in point: Opera fits on mobile phones. Firefox doesn't.

> It's called bloated software joshpx. No one
> likes it, just because it clutters the area and
> program with useless features.

And it's still a smaller download than Firefox. Go figure :)

> IE and Safari are still free. You have to
> upgrade the browsers to the newest version when
> you buy the new PC/MAC. If it weren't free,
> you'd have to pay to upgrade IE or Safari.

So what you are saying is that since all the various parts of Windows are "free" when seen separately, that must mean that Windows is free too?

But it isn't, you see. Windows costs money. MSIE is part of Windows! As Safari is part of Mac OS X.

Firefox is free because companies like Nokia, Google, IBM, and so on, are donating massive amounts of money. Someone has to pay for all that bandwidth and development time. Opera is the only one which does not have the luxury of being backed by huge corporations. It's the only independent browser :)

> Why would any site block Opera? Oh, wait,
> because Opera sucks.

No, usually it's because they don't know about Opera.

> You don't see people blocking Firefox now do
> you?

No, because Firefox is "Netscape", and all webmasters know "Netscape" (or Mozilla).

> Why would anyone in their right mind pay for a
> browser, especially one as slow and bloated such
> as Opera? There are much better alternatives out
> there, not to mention the better alternatives
> are FREE.

Because they like the browser, and they want to support the company behind it - the only independent, cross-platform browser.

If you think Opera is cluttered, have you tried Opera 8.0 Beta 2? Try it in a separate folder, so that you get a clean install.

Do you still find it to be cluttered?

"The Mozilla Foundation, meanwhile, has chosen to prevent the display of any IDN URL in its latest Firefox release. Version 1.0.1 of Firefox will, by default, display only Punycode names."

You know, maybe if I'd read the entire article before posting I wouldn't look so stupid...