Firedragon release question

Just curious why Firedragon is three point versions behind. Firefox is at version 121.0 and Librewolf is at 120.0.1 while Firedragon is still at 119.0.

There is a reason for this which isn’t the maintainer’s laziness :smiley: taken from the AUR page’s pinned comment:

Dear Community!
For many reasons we decided to stop maintaining Firedragon using its Librewolf > source as base.
Rest assured, we are now moving towards Floorp source, which offers different features/tweaks and uses Firefox ESR as its own source. This new package is currently in Alpha tests and looks promising.
Since there are many changes with Firefox 120, including some major revamp of Librewolf patches that Firedragon is leveraging, we decided to freeze this Firedragon version at 119
Ultimately v119 will be completely replaced by its new Floorp base.
Floorp source can be found here.
We hope you will also enjoy our next version! :slight_smile:

Basically with v119, there have been some changes to how Librewolf handles stuff and Floorp was around during that time as well. We already looked into rebasing to Floorp since it’s awesome and we had to decide where to focus on. There is little point in spending precious time to get something up that will ultimately be replaced by a new thing shortly after. I guess there will be test builds soon :wink:

10 Likes

Thanks for the info.
Unfortunately the ESR / LTS release is a deal-breaker for me for more than one reason, not the least of which is those kinds of browsers do not work on / with my college’s websites & portals due to being outdated (e.g. certificates too old, for one, or just being outright blocked).
It’s not forks I am against, I like Firedragon. And also concepts like Mercury & Thorium, but they move at a snail’s pace and might as well be based on ESR. It’s just that for my needs, I need to be on recent releases.
Wish you the best of luck though. It ought to be interesting. I’m sure I’ll check it out at some point.

Install Floorp and try it out on your websites, that’s the only way to be 100% sure, as Floorp has a lot of customizations underneath, maybe they took care of your concerns already.

If you don’t want to install Floorp, could you plz share your URLs and I will try on my end, you can PM me if you don’t want to share URLs public.

I’m asking all this cuz I am very much interested in knowing what could go wrong with such browser (ESRs, etc.) and what could go outright right that could surpass our old way of providing Firedragon.

In essence: feedbacks. :smiley:

8 Likes

As I understand it, the main or most important reason that browsers like that get blocked is because for whatever reason (security I would guess), the websites look for versions at least X version, e.g. at least Firefox version 120 or at least Chrome version 120.
I also could not access the website even with vanilla Firefox ESR or vanilla Chrome ESR. They would all fail. I investigated with Firefox ESR (I prefer FF or FF forks) and at least one reason it failed is outdated security certificates. (I was on the latest FF ESR at the time.) That may be the case with Chrome ESR too but I didn’t investigate that.
Plus, there is an extension / addon required by online classes of my college for exams and there is ONLY a Chrome extension. Vanilla Chrome at that. No other browser is supported.
Therefore, due to these issues accessing the site and the extension requirement, I just checked out a Windows laptop which had the latest version of Chrome installed to avoid the whole situation / headache.
While I appreciate the offer to test out the website, another reason I don’t want to use a browser based on an ESR release that I did not mention is that I want access to the latest features and quick security fixes so being based on the ESR release makes me not want to use it.

1 Like

What stops you from installing Google Chrome? Hmm?

1 Like

Firefox uses a current certificate store, which is updated every release as far as I know and can tell, do you have evidence otherwise :eyes: :thinking: Mozilla Root Store Policy — Mozilla

Very easy solution to that, spoof user agent! :slight_smile:

Well, what might one of those ‘new’ features be? Wanting something new because it says new is different from actually needing or even using new features whatsoever! If you do have a ‘new’ feature that you must have, I would love to know and have a link to it on:

As for updates, ESR does not at all mean old or outdated, it means it has stability. It gets security updates exactly as often as stable does, without delay. Arguably, this actually enables it to be more secure than something on stable. Breaking changes are not applied as frequently, and thus there is less “new” attack surface, and more time for any bugs present in the new features to be cleaned up before backporting to ESR.


Also to echo @Bro, did you try Google’s Chrome or just Chromium?

4 Likes

I far prefer Firefox, I have ever since it transitioned from being Netscape long ago. That being said, I usually keep Chrome and other browsers including terminal browsers installed just in case I run into issues using Firefox. I’m not sure why this is such a deal breaker, it’s just the common sense belt and suspenders approach so that you never get caught with your pants down. :smile:

4 Likes

Honestly there wasn’t a single change lately which I considered to be interested enough to run nightly.

What we gain are quicker updates, less maintenance burden and a lot of new features.

8 Likes

I completely divested from Google. I don’t use any Google products.

Maybe it was the website’s certificate that was the problem but if that’s the case then why did the latest release of Chrome on the Windows laptop work perfectly and not mention any certificate problems? (I don’t have the laptop anymore. They’re required to be turned in at the end of the quarter.)

Spoofing the user agent breaks fingerprinting prevention as I understand it. Someone correct me if I’m wrong.

Doesn’t matter what they are. I just mean I like to try out / test out the latest features without bothering with alphas, betas, or nightlies and the like. This is the approach of Mull Browser which I use on LineageOS. It’s a FF fork based on the latest stable release as opposed to an ESR.

I am aware what an ESR release is and its focus on stability.

I’m not trying to be argumentative or combative, for the record. Just stating my thoughts and preferences.

The only Chrome browser is Google Chrome. Why does your statement confuse me?

2 Likes

If they provided assets without HTTPS it could complain, there could be a temporary issue with the site, there could be an issue with DNS, maybe the site is on an intranet and DNS over HTTPS failed or was misconfigured… Without testing, who knows! :upside_down_face:

I can neither confirm nor deny this, but I haven’t ever heard such a thing before.

4 Likes

I can’t provide a link at the moment because I don’t remember where I read it (possibly on reddit, haha) but a lot of security-minded browsers enable RFP (resist fingerprinting). (Canvas) Fingerprinting is a method of identifying web users. Enabling RFP makes users harder to identify (kind of similar in point but not method, to a VPN). This includes spoofing the user agent. Therefore changing it from what it is configured by default (when RFP is enabled) makes the user / browser stand out and be more easily identified.
That is my understanding. Anyone feel free to correct anything I may have wrong.

1 Like

I guess that’s a fair point; wanting to avoid being fingerprinted, but you’re missing the forest for the trees here. It’s not a matter of resisting fingerprinting everywhere, but a matter of making sites function. Everyone gets fingerprinted, and it is entirely unavoidable! You’re just spoofing information to provide a ‘fake/ephemeral’ fingerprint. This is not comparable to a VPN, which only changes the IP your traffic appears to come from, and they should not be conflated.

If you’ve ever played around on any of the sites that allow you to inspect your fingerprint, you’ll notice that you’re actually very much more identifiable when you block things. I personally see it more valuable to blend in with the crowd than stick out. Being fingerprinted on a site which you’ve already submitted to seemly serves not much purpose, so why worry about a realistic fingerprint? Isn’t it meant to be a “one-off-fix” that allows a site to function? :thinking: :thinking: :thinking:

5 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.