AnotherGuest,

I too am using the official 0.9 version, but upgraded from its 1.7.5 GRE to the latest 1.7.11 GRE. That keeps all of the main developer's menus, etc (ULF) along with bug fixes. Brian's has a little executable that updates it to 1.7.10. As near as I can tell, the latest complete upgrade to 1.7.11 comes from KKO:

http://people.freenet.de/CoolMcKluus/software/kmeleon/

All of this is good, but if you are willing to try Betas, then Dorian, Fred and Hao are the ones pushing the envelope and using the 1.8 and 1.9 engines. From time to time, I download one or the other of their latest betas or alphas and play with them, but for my everyday browsing I stick to the 1.7xxxxx versions that are based on the official 1.7.5 GRE that came with 0.9 from Ulf.

If you go for KKO's upgrade and run into any problems just repost, as I went through the process and did come out whole at the other end!

<VBG>

N

I thought this was settled, but it's getting difficult again. I don't think the point is getting across.

The official version, 0.9, based on Mozilla 1.7.5, does not pass Secunia security tests. I don't remember the particulars, but these problems have been fixed in Firefox updates, but not in the K-Meleon release. This much is repeating what has been said.

I have no idea how one would update to the "latest" 1.7.11, except maybe to look through the list and find an unofficial release that seems to meet the description. I see the 1.7.11 releases are from July, so they probably have the most important security patches -- I guess. But there are a bunch of them. But with various versions coming out at various times, one has to choose between several, and lots of these seem to incorporate experimental features. I'm sure they are all quite nice, and frankly, I have had excellent experience with using alpha and beta software. Right now I'm using a beta edition as my main browser, because I'm pretty sure I'll have no problem with it, and I know it's superior to the official release.

But usually the choices are clear: official release, with up to date security; or current beta (alpha?) release. There's a clear, linear progression of best-effort releases, and not a bunch of releases in parallel.

This discussion isn't just for me. I think the original poster, and quite a few others were making exactly the same point. It's nice to have something labeled as THE beta edition, etc. This isn't just a hobby, trying various browsers for fun. It's about choosing and using a browser with up-to-date security.

Well, I guess I shouldn't be complaining. I appreciate the problem, but I'm just trying to express reality.

Boy, I hope I've said that right, because I can't edit it.

Just to point out :

The 1.7.x versions (up to 1.7.12) are not betas, but security updates of the
official 1.7.5, alway using the latest available Gecko engine, the same files as
Firefox and Mozilla use. The different versions may contain different macros,
or have a different look, but they use the same k-meleon only files as the official 1.7.5 .
If files have a smaller size in some versions, they are simply compressed,
using upx. It is recommended to use the latest versions for security reasons.

The versions using 1.8.x(or 1.9.x) are beta versions, they can have a new
k-meleon.exe and new real features, as autocomplete, sidebar or findbar,
favicons and soon also genuine tabs instead of layers.
The latest Beta RC 1 is IMHO already sufficiently stable to be used,
but it is still a beta (but having the same security as a september Seamonkey nightly).

Fred

@AnotherGuest (---.wustl.edu),
Forum has no influence on what k-m devs do.
They like all here did and do voluntary work - and all share what they do.
There is no right to get an update or anything... Plus:
It is totally up to k-m users to use the updates to k-m or the official issue.

k-m as such is modular and has no known security problems.
k-m is some times called embed application, embed mozilla GRE.
GRE is supplied free from Mozilla, it had some hazards but no known exploits.
Some modern macros make IE engine available for k-m
- it also has hazards but is updated less often ; - )

Since k-m is freeware some people here offer versions of k-m for download that they make for themselves to use. They share their work.
Some are updating official k-m 0.9 with new GRE others try to build a new k-m.

There is a thread in general forum where ALL k-m are offered
and where release notes are available.

The browsers have a name that normally says bla-bla and 1.7.x.
The later is normally the newest Mozilla GRE available. Means within 24
hours or sooner we have taken Mozilla´s free offer to have a new GRE.

Some have bl bla 1.9 or 1.8 or SeaMonkey that means they alter the sources to
get a new k-m - both for themslves and for us. That is why some people here
try to help by making chrome or macros.... or by testing the stuff.

I have found no bugs, problems, errors, issues with k-meleon whatsoever. There is no need for an update in my opinion.

The title of this thread is "Come on! Why isn't there a security update for K-Meleon?"

Fred's answer seems to be that there is. That's wonderful, but why not just come out and say it?

Right up front. Right up on the home page where it says to download version 0.9, which by the way is insecure. I now probably have enough information to figure out which ones are up to date, but it's still not explicit or easy to find. I don't know, maybe you guys don't control the Web page, but if it were my browser, I would care.

Suggestions
>>>1. Prospective users have no way of knowing which Gecko engines correspond to what. Which ones have the security updates? NOT EVEN THE Firefox VERSION NUMBER SHOWS THE GECKO VERSION. I suggest you cross-reference the Gecko version to Firefox versions and give dates for the Gecko number. You might also actually TELL your users which ones are up to date, as of when. Be explicit.

>>>2. The official release is based on an insecure Gecko engine. If you don't believe me, go back through the Secunia advisories for Firefox and run the tests with your browser. Don't ask me for details, but version 0.9 does not pass.

>>>3. This all depends on your motives. If you just want to carry on your hobby among yourselves, I have no idea why you're bothering to correspond with me. But if you want people to use the browser, you need to get the word up front and on the top. And keep it simple and explicit.

Just trying to be helpful here. Thanks much for your great development efforts. It look good. It really does.

OK, I found it. It turns out I can read, once I know what I'm reading. :-)

THE BOTTOM LINE
The Gecko version really is in the Firefox version info. They are up to 1.7.11 now in the official releases, although the beta version (1.8b4) is just fine, in my opinion -- probably the best ever. Some of you pointed to one or more K-M versions with these engines.

I still think you ought to put this info in a nutshell somewhere where people can find it.

AnotherGuest,l

FYI. The official developer (now) of K-Meleon 0.9, GRE 1.7.5 is a guy named Ulf. From time to time he drops by to see what is going on with the unofficial upgrades posted in the General Forum section to see what us end users are up to. Whenever he decides to do or not do an official update, you'll see it the official downloads section. Otherwise, the unoffical versions are voluntary efforts by K-Meleon lovers who like to get KM up-to-date inbetween the official releases. FWIW, KM has always been slow to release official releases. That is the nature of a project where you only have one official developer.

As others have said here, the 1.7.xxx GRE updates to the official 0.9 KM based on the 1.7.5 GRE are not betas. They work as well as any official release from Mozilla Foundation, be it FireFox or Mozilla Suite (soon to be known as Seamonkey 1.0).

If you want to play with the betas, just look for the releases that say they are based on 1.8 or 1.9 code.

Now take a moment to think about all this. The KM community is strong enough to spin off any number of fine releases based on different versions of the Mozilla GRE. This without the support of a major organization like, say, The Mozilla Foundation. Pretty darn good IMO. Just don't expect to see these interim releases posted on the official K-Meleon site, just links here in the KM Forum.

N

To anyone who may be stumbling around this Web site searching in vain for an update procedure, lookee here: http://kmeleonbrowser.org/forum/read.php?f=1&i=26230&t=26230 .
It turns out you can just plug in the updated files from Mozilla, without fussing over finding and choosing a build.

Does the project have a chief devleloper yet? I assume that many regular users will move on if there is no official progress being done towards the next "official" version of K-M browser. How long does K-M have to stay in beta stages? It looks as if K-M has morfed over to sub development with unofficial releases floating all over the place. I would be one of those users that don't work on development and would only upgrade if an official version was released and if that is no longer a going concern within the project's community than I would have to think about not using it any longer due to security. Since Mozilla and Firefox seems to have the market locked for Windows OS maybe a Linux version of K-M would breath new life into the future of the browser? Linux users love this sort of stuff.

I don't think that a Linux version would be the key. IMHO Mozilla and Firefox doesn't have the Windows market locked at all. There's no better browser choice than K-Meleon for use on a Pentium III based computer. Try to use Firefox on a P III and you'll see what I'm talking about. And, even if I were the owner of a cutting edge computer I'll keep using K-Meleon.

I'm more inclined to think that the slow development is heavily damaging the lizard. You can not keep all your life staying alive thanks to patches, because sooner or later you will be all covered by patches everywhere, and this is when you loose your identity.

You only have to see the actual situation. The newbees at K-Meleon who doesn't mind about developing are still using an obsolete GRE version full of bugs and security holes. Those more advanced users are mainly using the v1'7'12 GRE by this patch or the other (Brian Bruns, KKO, and many more), but this is not free. I suppose you have noticed the refreshing layer pop-up bug, which is as annoying as difficult to solve. This bug only happens with the updated GREs, and as replacing the .dll which is causing the problem solves this problem but creates new problems, it's probably a bug that we will have to live with until a new K-Meleon official version appears.

I hope that Ulf have mercy on us and release a new official K-Meleon when stable GRE v1'8 are fully developed.

Wow, I wasn't aware of the Pentium III limitation with Firefox. Thanks for the imformation. Personally, I haven't run into any security issues with K-M but I start to get a little nervous when about one year starts to roll up without an official update. I went through this same phase about this same time last year. But unlike last year there doesn't seem to be any information if any work is actually being performed on an official update or not. Seems last year some tangible information that people were working on it was being communicated. I'm just afraid the longer the wait the less people actually use the browser. Is anyone aware if the installation downloads are drastically decreasing or not? You know how jittery a lot of Windows users are about security. They get a psuedo false sense of security with updated internet related application software. Many would assume that a Windows based Internet browser that is over a year old would be too old for today's net. They want something official. That an organized and determined effort is one step ahead of the bad guys because after all, the average user just wants to play or work on the internet and not get attacked. They are not interested in an allegiance to a product like those of us that enjoy using K-M. Unless, of course, they feel as if the product is a going concern. Otherwise, they will jump ship in a hearbeat. But I don't know. Popularity may not be a goal with those behind the scenes that develop[ed] K-M.

As for Linux, I wouldn't mind seeing a Linux version of K-M. I would use it. I guess one could use WINE to use the current Windows version on a Linux box but that is cheating. Mozilla, Firefox, and Konquerer are about the only Linux browsers I know of that are popular with the masses.

Is anyone in contact with Ulf? I don't know anything about him/her.

Look for my post above on this page containing the phrase :

The 1.7.x versions (up to 1.7.12) are not betas

Ulf is no longer the chief developer, he has transferred
this task to others.
A new official version will probably appear in due course.

Fred

Popularity may not be a goal with those behind the scenes that develop[ed] K-M.

It's not and never has been. It's largely a labor of love. It is time consuming though. However, I don't see the project officially dying unless this site disappears (which almost just happened) :-). But like what just happened, there'll probably always be users screaming emergency enough to get a developer's attention to tend to whatever the dire problem might be before it's too late :-)

I may have expressed wrongly on my last post. FF will work on most Pentiums III, the problem is that on a Pentium III (specially if it has less than 512 Mb of RAM) it will run slower than the minimun acceptable. You can never read updated news on a newspaper web, because the time needed to load will make all news obsolete before they're even loaded.

It's curious that the animal names refering to Firefoz and K-Meleon are exactly the oposite of what should be according to it's speed and agility. Fox are ultra fast and K-Meleons are the slowest lizards (maybe a crocodile or a chinese water dragon should be a better option :-).

That's nonsence,I have installed firefox in many PIIIs with 256MB of RAM and presently have it running on three of My own Computers with PIIIs from 450MHZ to 1GHZ, two with 256MB and one with 512MB of RAM and they all run perfectly well and as fast or faster than any other browser I've tried including K-Meleon.I have even installed it on PIIs with 128MB RAM with no speed or any other problem.where did you get this information?.

Well.

I don't know the configuration on which you tried it, but I've also tried it myself. I did install FF on two different Pentium III, always with Kaspersky antivirus (which is known by eating considerably system resources) and Outpost Firewall.

One of the Pentiums had 512 of RAM and yes, FF worked (and worked better than IE) but I compared it with K-Meleon, which was previously installed, and there was a notable performance difference in favour of K-Meleon.

The other computer was a 128 RAM Pentium III (also with Kaspersky and Outpost installed) and there the speed was unacceptable while K-Meleon was still working fine (once loaded, because the load process on both browsers taked about 20 seconds).

On both computers there was also eMule running on background, but don't tell me about bandwich problems because eMule was using less than a half of the ADSL, and I compared Firefox and K-Meleon one after the other without touching any other thing on the computers

I supposse you were not running any single process than Firefox, or maybe the less RAM needer antivirus ever. I don't know, but now and after my experience I'm very curious about how you did it.

As mentioned ,I have installed Firefox on many PIII systems as well as PIIs with various configurations with absolutely no problems, from what you say,it is obvious that you have issues unrelated to Firefox in your configurations just as I suspected.

I can understand you claiming that there is a slight speed advantage in K-Meleon over Firefox, but telling people that there is an issue running Firefox with PIII systems is simply not true,in my opinion.

You have not answered my question about what was running on your computers at the time of testing it.

I'm sure that FF will work perfectly on a Spectrum if nothing more is running at the same time. I don't know other people but I usually have other things installed apart from the browser, things as an operative system, an anti virus and others of this kind. I suppose you will be running MS-Dosshell v6'22 or Windows v3'11 with some kind of patch to make Firefox run on those OS and avoid unnecesary wasting of RAM on the Pentium II you are talking about. Or you may came from another dimension with a distorted Space-Time continuum, who knows?

I should have listened to my mother when she told me not to sell my 386.

I don't think that I have any "issue" related to my config, because if I were having one this would be one extremely mysterious only affecting FF and not K-Meleon.

Anyway, I keep saying that if it's extremely improbably that Firefox can run at acceptable speed on a Pentium III with 128 of RAM, it's ridiculous to try it on a Pentium II. Windows XP will need 20 minutes only to boot on a Pentium II.

Of course I'm talking of a system with antivirus, firewall and all XP patches.

@jsnj: I agree with you 100%. And besides, I use KM-Fr 0.9 with the 1.7.5 GRE as my default browser, and I sleep very well at night knowing that my computer is secure. It makes very little difference as to the version number of GRE (except in page rendering IMO) in security as people aren't going to bother to code out reams and reams of coding just to take advantage of one silly little flaw that will shutdown your browser or startup WORD on your computer when you hit a webpage. And yes---I'm knowledgeable about the other bugs as well.

These other bugs are where "browsing wisely" comes into play. Such as not having two tabs/layers/windows opened when entering in your VISA account number at your bank but just one window/tab opened, and things like that. Disabling JavaScript, Java, referer, killing flash and applets, only allowing cookies for certain sites, etc., are all examples of browsing wisely as well. Plus emptying the cache and cookie files when done (sometimes even history and MRU).

With such precautions I have no problems browsing even with GRE 1.0---and do it often just for the fun of it.

I have only caught 2 serious viruses in my 13+ years of being on the net---and that was within my first 2 years of being online. One was as a result of browsing with MSIE 2 I think it was and the second was because it got downloaded in a very early version of OE.

Knowing and using Gecko has kept me virus and malware safe since.

===

As for Firefox: I'm currently doing what I said I'd quit doing once Fx reached 1.0 Milestone: I'm doing the beta/RC testing of Fx. Currently I've been running Firefox 1.5RC1 on my server. My specs are: 256megs RAM, 1.4gig AMD Athlon tweaked to = 1.8gig pIV, 98se box with an Aston Shell overlay.

At any given time I have 20 to 28 programmes running which help service my network, some RAM-intensive.

Fx runs just fine on this server system. Startup is about 6-8 seconds. As to speed on the net/page rendering, none of that matters to me because of the type of connection I have (a pipeline). It does take around 20 to 25megs more RAM than the experimental builds of KM once I get into the high-image intensive sites, like Space.com, or 45megs more than the 0.9 KM, but I found out that if I cut down on the setting for pageloading forward/back from 50 to 10 or 5 it did cut down on the RAM considerably as those pages are stored in the RAM and not on disk.

So yes, I could see that on a machine with 128meg of RAM, if running a lot of other software Fx could slow down considerably---even so on a 256meg system if there were programmes that were resource intensive.

So in all fairness to Enaitz I would said that was your case because you did point out that you had such programmes running at the time---and I think THAT'S what skewed your testings of Fx. -scratches chin- But likewise in all fairness Enaitz, hmm... I think maybe you should've made it just a "little bit more clear" that you had those things running. I picked up on those things and others didn't as it was hard to see.

Gee! I guess I've prattled on long enough! I'm still sticking with my KM-Fr 0.9 as default though. Alain did an excellent job on that First Edition! Merci mille fois mon cousin loin de moi---mais très près de mon coeur pour ton traville si fantastique!!

Amicalement,

Eyes-Only
"L'Peau-Rouge d'Acadie"

Windows XP with 128MB of RAM ?, Windows XP on a PII with 128MB of RAM?, let's be serious. you need to match the CPU with the amount of RAM and the Operating System you will be using, that's basic stuff.

I don't know why you Andrew are not speaking clearly, I've told you exactly on what OS and with what running on background I did my tests and your lips are still locked. Why do you have to hide?

I know it's not serious to install WXP on a 128 RAM machine, but, as I said before, it's impossible to take seriously your so called tests when no info is offered about how were it done. I know supposse you should have used W98 on you 128 RAM PII, but, as usual with you, this is only a supposition.

I would not even try to go on Internet on a PII by the simply reason that there's no reliable actual security software which can run and provide security on this machine.

MS out of the box xp - has much running that is not needed.
i assume that it can run with all features needed when others are shut down.
(who really needs cpu intensive animations)

k-m has the size of a basic ff install.
but the features of a ff with dozens of extensions.

i do not care so much about the word "official" any more
- as long as we manage to keep the browser in shape ourselves it is ok.

It would be great if we could get K-Meleon running by ourselves, but there are things that still resist to this comunity possibilities.

For example the meta refres pop up layer problem on GRE 1'7'12. The problem was localized by KKO on a certain .dll but we are still unable to solve it definitively.