Mozilla: The Good And The Bad

Rui del-Negro writes "According to this article at The Register, six security flaws in Mozilla were posted to BugTraq last weekend. They have not been added to the official Mozilla vulnerability list yet. But details can be found here, here, here and here (phew!). Finally, two other bugs were found, relating to loading GIF files (in several Linux browsers) and Mozilla's (JavaScript) implementation of onUnload ( ). Are they trying to prove they can beat Microsoft at their own game..? Or is someone just trying to win a prize?" On a brighter note, Zerbey writes "From Neil's Place here is 101 Things Mozilla can do which IE cannot. Very interesting reading and an excellent resource for convincing stubborn Internet Explorer users why they should switch. This article was also reported at Mozillazine. I'm still waiting for NTLM auth to be implemented so we can switch over at my workplace, the only reason we still have to use Internet Explorer."

6 bug more !?

[mirko]

OK, 21669 to go :-)

Most are already fixed

[afidel]

As of 1.2beta almost all of these are fixed. In general opensource is not a whole lot more secure than closed source (both are programmed by humans), they just are more open with information and quicker with fixes.

Re:Most are already fixed

[MAXOMENOS]

In fact, as of 1.0.1, five of the six bugs are fixed. Only one of these bugs exists in 1.0.1, and it's generally regarded as the least serious. Almost every distribution is running Mozilla 1.0.1 or 1.1 by now. I know I'm running 1.1 on my box, and Ximian GNOME is using 1.0.1.

Seriously, this isn't as big a deal as it looks, folks.

Re:Most are already fixed

[electroniceric]

Almost every distribution is running Mozilla 1.0.1 or 1.1 by now. I know I'm running 1.1 on my box, and Ximian GNOME is using 1.0.1.

The problem is, and will continue to be older distros. At least something like WindowsUpdate pushes the updates to your desktop more or less transparently. How do you update RedHat 6.2 transparently, or Mandrake 7? I have yet to see this kind of transparent updating under Linux, and I don't see that rosy a future for desktop Linux without it. I know RH7+ has RedHat network, but IMO it still doesn't work quite as slickly.

Re:Most are already fixed

[arkanes]

both up2date and apt provide transparent updates for this kind of thing. up2date run from the command line is signifigantly slicker than Windows Update, and about the same when run from the gui. apt walks all over both of them for ease of use.

Re:Most are already fixed

[aallan]

As of 1.2beta almost all of these are fixed.

As of 1.0.1 most of these were fixed.

That said, having just tried to upgrade my 1.1 browser to 1.2b, I've backed out and gone back to using the previous version. I got lots and lots of stuff breaking with 1.2, for instance the preferences popup didn't on several occasions. It doesn't look ready for primetime quite yet...

Al.

Re:Most are already fixed

[MAXOMENOS]

And if you don't like either of these, there's Ximian Red Carpet.

Re:Most are already fixed

[kalidasa]

Does /. often post stories "previous version of Internet Explorer had 6 security bugs" when the current patch has already fixed them? Seems to me that Mozilla's response was pretty quick...

Re:Most are already fixed

[GiMP]

Well, ignorant users are ignorant users.. if they refuse to upgrade their software then they deserve to be hacked/cracked/etc.

Oh, and if you're interested in a good way to upgrade your Linux applications.. checkout Debian, apt-get is awesome.. and yes, there are frontends for X11 to do these updates.

The negative about debian is what some newbies have described as a less friendly installer than the other distributions. Also, debian comes VERY bare.. it will install nothing with the system other than some essential console-based utilities.. no X11; However, this is easily installed with tasksel and/or dselect which both run automatically during the first boot.

Re:Most are already fixed

[fhqwhgads]

Sorry, but 5/11/02 British = 11/5/02 American.
It got me too, at first.

Re:Most are already fixed

[SquadBoy]

Debian. Keep in mind with WindowsUpdate you still have to make an effort to update. You have to click on the wizard go out to the website or whatever. It does not do it without *any8 effort.

Debian is at least this easy two commands to an updated system.

Re:Most are already fixed

[Neon+Spiral+Injector]

Japan does yyyy/mm/dd, IMHO the best way, followed by dd/mm/yyyy, the US way is just wrong.

Re:Most are already fixed

[ryanvm]

Almost every distribution is running Mozilla 1.0.1 or 1.1 by now.

Unfortunately, Debian is not one of them. Mozilla 1.0.0 is still the official version in both 'stable' and 'testing'.

I love Debian's 'apt-get' as much as the next guy. But they are sooooo slow to get new shit in the tree that it's not even funny. Hell, you've even got to use unofficial sources if you want to run KDE 3.

I know Debian's a volunteer distro, and I know that "freedom" and stability are their number one priorities. But come on guys, sometimes the dogmatism has to take a back seat to practicality.

Re:Most are already fixed

[rmohr02]

Keep in mind with WindowsUpdate you still have to make an effort to update

No, you don't. The default is for Windows to automatically update itself. At least, with XP Home and Pro.

Re:Most are already fixed

[JoeBuck]

Until recently I had a Red Hat 6.2 box at work -- the old version was needed for a compatibility issue and testing. I used Ximian's Red Carpet to keep the box up to date, and Ximian provided (and still provides) reasonably up-to-date Mozilla versions, even for Red Hat 6.2, with a simple GUI to install updates.

Ximian provides all Red Hat security updates, other than kernel updates, since it appears Red Carpet doesn't know how to update the kernel properly.

Re:Most are already fixed

[nathanh]

The problem is, and will continue to be older distros. At least something like WindowsUpdate pushes the updates to your desktop more or less transparently. How do you update RedHat 6.2 transparently, or Mandrake 7? I have yet to see this kind of transparent updating under Linux, and I don't see that rosy a future for desktop Linux without it. I know RH7+ has RedHat network, but IMO it still doesn't work quite as slickly.

Not that I disagree with what you're saying - I agree that the Linux updaters that exist (RedHat, Debian, Ximian) are all fairly clunky - but I think you're going too far to say that Microsoft Windows Update is transparent. Very few important updates are in Windows Update (whole service packs and server application patches are omitted) and Windows Update doesn't seem to cover hardware drivers. Even worse, third party applications are completely ignored. I'd love it if Windows Update was a service that the various non-Microsoft vendors could subscribe to, publishing their non-Microsoft drivers and application patches through the simple Windows Update interface, but Microsoft isn't offering this service. I can only get Microsoft updates through the Windows Update "portal". As a result I find the Windows Update feature to be fairly useless, because I still have to maintain mountains of manually downloaded updates.

The Linux-based updaters are as clunky as all hell - unintuitive, buggy, ugly - but at least they provide a single source of updates for your applications, system and drivers.

Re:Most are already fixed

[Erik+Hollensbe]

Does it really matter? It's just another way of expressing data. The good parsers (generally eyes) will figure it out.

Why users "should" switch

[1984]

"...resource for convincing stubborn Internet Explorer users why they should switch..."

Should be:

1. Provides a better subjective browsing experience

If that's not true, you'll never win.

Re:Why users "should" switch

[Thanatopsis]

Even if it is true you aren't likely to win. IE is firmly now a component of the Windows operating system. Removing it will cause the seas to boil and the rivers to run red with blood. Anyone notice that Excite is not allowing Mozilla users? I get this Error message.

BSD

Re:Why users "should" switch

[Anonvmous+Coward]

"Even if it is true you aren't likely to win. IE is firmly now a component of the Windows operating system. Removing it will cause the seas to boil and the rivers to run red with blood."

Why do you need to remove IE to use another browser? Even if you could, why would you want to? I still need IE once in a while because some dumb-ass sites think they need to embed Quicktime movies inside their page. Never could quite get QT to work quite right in other browsers.

Re:Why users "should" switch

[bunratty]

If that's not true, you'll never win.

Win what? Is there some competition to get more people using Mozilla than IE? That's a battle that will never be won as long as IE is shipped with nearly all new desktop computers and Mozilla is shipped with nearly none.

To me the interesting battle is to get enough users to use standards compliant browsers and not use old browsers such as Netscape 4 and IE 4 that web developers can finally just write according to web standards and know their websites can work for more than 99% of users.

Re:Why users "should" switch

[User+956]

Or maybe you should make up lies and anecdotal evidence about how Mozilla "just works" and Internet Explorer goes "boopbeepboopbeepboop" and destroys half of your "really good" paper.

That seems to be working for Apple.

Re:Why users "should" switch

[shepd]

>Why do you need to remove IE to use another browser?

Oh... that one isn't so hard.

If you don't have 256 MB of RAM, but you like to have your favourite browser loaded into memory 24x7 so it pops up as fast as IE, you'd need IE removed to free the (many) megabytes of RAM it wastes.

Re:Why users "should" switch

[Amazing+Quantum+Man]

It may work for Apple, but not for Paige.

Re:Why users "should" switch

[Anonvmous+Coward]

"If you don't have 256 MB of RAM, but you like to have your favourite browser loaded into memory 24x7 so it pops up as fast as IE, you'd need IE removed to free the (many) megabytes of RAM it wastes."

I'm not running at 256 megs of ram. I'm running at 128. Frankly, I don't think 2-3 megs are going to significantly improve my browsing experience. It would, however, severely impact my file operations in Windows. It'd also cause Outlook to bloat up a bit so it could interpret it's own HTML.

Sorry, not sold. IE's not my primary browser, but I have plenty of interest in not removing it.

Re:Why users "should" switch

[Bonker]

Hmm... Even with cookies blocked from Excite, I can still view their front page with Moz 1.1. (Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826)If this was a site 'feature' in the past, it's obviously been reclassified as a bug and has been fixed.

Re:Why users "should" switch

[Malcontent]

XUL look into it.

Re:Why users "should" switch

[Fweeky]

To me the interesting battle is to get enough users to use standards compliant browsers and not use old browsers such as Netscape 4 and IE 4 that web developers can finally just write according to web standards and know their websites can work for more than 99% of users.

Maybe I'm just lucky:

0.121% ( 5222) => MSIE/MacOS
0.218% ( 9383) => Netscape 4
0.407% ( 17524) => Other
1.780% ( 76627) => Opera
2.617% ( 112663) => Gecko
94.782% (4080594) => MSIE 5+/Win32

99.2% of hits from browsers sufficient to totally move to CSS. The other 0.8% will probably get a site that works better, to be honest; many sites are already using CSS and more advanced JavaScript which makes NS4 and friends uncomfortable to use.

Re:Why users "should" switch

[Bake]

Actually I've found that QT works better with Mozilla than IE.

Why does it work better?

My machine does not lock up when the QT plugin goes berserk. This has happened to me twice in the last 3 weeks. That may not sound like much, until you take it into consideration that I've only watched 5 embedded QT clips during that time.

Although it didn't lock up completely on those two occasions, it locked up enough to be unusable for me for ten minutes.
TEN MINUTES of not responding oh a relatively new machine (2ghz P4, 1/2GB RAM) is NOT, by ANY means acceptable.

Re:Why users "should" switch

[bunratty]

You are lucky. Look at Charles Upsdell's browser stats or web browsers used to access Google for more typical stats.

Re:Why users "should" switch

[gorillasoft]

Anyone notice that Excite [excite.com] is not allowing Mozilla users? I get this Error message [excite.com].

Funny - that message only told me that it didn't allow browsers with JavaScript and/or cookies disabled. It didn't mention a thing about Mozilla. Or are you telling us you have both JS and cookies enabled and that you still get that error message?

Re:Why users "should" switch

[falzer]

TEN MINUTES of not responding oh a relatively new machine (2ghz P4, 1/2GB RAM) is NOT, by ANY means acceptable.

Well, damn, your computer is so fast it can finish an infinite loop in ten minutes.

Re:Why users "should" switch

[jd142]

Ecite must hate you. I had no problem following your link. Mozilla 1.1 on XP. I even signed up for yet another excite account which I will happily ignore. Logged me in no problems.

What are your cookie settings? I've enabled all cookies. I logged out, changed my settings to enable cookies from originating site only and then logged back in ok.

Re:Why users "should" switch

[mark_lybarger]

mozilla's largest strength, like any other GNU/GPL/MPL/OpenSource application is in it's flexability and it's speed to market. every day you can download a new version of mozilla, possibly with new an exciting features.

its strength lies in its application features, not rendering differences. tabbed browsing.... it's been said too much, but it's wonderfull. bookmarking all the tabs at once and re-opening them up is also an added feature to the surfing experience. it's debatable weather the "no pop-up" feature is good or bad, but i'll leave my pop-ups turned off.

mozilla has found a way to enahnce the user surfing experience without extending the web standards, something other browsers will envy. konqueror has a hard time keeping up with mozilla since it's released as part of the kde desktop (which seems to be about twice a year or so).

Re:Why users "should" switch

[bunratty]

Anyone notice that Excite [excite.com] is not allowing Mozilla users? I get this Error message [excite.com].

WFM with Windows build 2002110508. I did have a similar error with a different site last week, and I had to create a new profile to fix it.

Re:Why users "should" switch

[loco123]

2. More control over text zooming
Can zoom text to any size. IE only supports five sizes and has no shortcut keys that I could determine.

CTRL+MouseWheel
...if one can call that a shortcut key.

Re:Why users "should" switch

[Anonvmous+Coward]

"My task manager on this machine says IE weighs in at 22 MB. Explorer (part of IE) weighs in at 14 MB."

Explorer is not part of IE. They both share a DLL
that renders graphics such as a web page or folder view. This explains why IE cannot really be removed, a bunch of other MS apps call it as a generic 'put stuff on the screen' control.

Right now, IE is open to Slashdot and it's using a whole 10 megs. Most of that memory is being used to store the graphics etc on the site so that you can scroll without having to decode compressed images. The reason why yours is up to 20 megs is because you've been browsing a while.

I created an APP in VB and called the IE control. Total RAM used by the IE Control: 1.5 meg. It jumps up to 7 meg when I send it to Slashdot.

The only thing that stays resident in RAM is the DLL that's cached. Same thing happens when you fire up Netscape or even Photoshop. You have control over that too if you want to play with registry settings.

Now, I just fired up Mozilla. It's eating up a whole 20 megs and I haven't done anything or gone anywhere yet.

So no: IE is not eating up that much memory. It's called quickly because MS made the control that does the browsing stuff come up quickly. They needed it to because if Explorer worked like Mozilla or Netscape did, moving files around on your computer would be painful.

Consider this: Calling IE doesn't call up a mail app or news reading app. That's one of the reasons it's slimmer.

Re:Why users "should" switch

[Anonvmous+Coward]

"My task manager on this machine says IE weighs in at 22 MB. Explorer (part of IE) weighs in at 14 MB."

If you kill Explorer.exe, IExplore.exe still works just fine.

Explorer is not part of IE, it calls the same object that IE does to blit folders to the screen. Outlook, FrontPage, Common 'File/Save/Load' dialogs, and a bunch of VB apps also use this object. You can probably remove that object, but all those other apps will be crippled and will have to use their own method to interpret the graphics.

That's why I always thought the debate about removing IE was stupid. Sure you can remove it, if you want to make everybody else's life harder.

Re:Why users "should" switch

[Phroggy]

Win what? Is there some competition to get more people using Mozilla than IE?

Win enough people using Gecko that Web developers quit making IE-only pages and make standards-compliant pages instead, so that I don't have to use IE for anything.

Re:Why users "should" switch

[swv3752]

More effective to compare IE in Wine. Check memory usage of Notepad in Wine and Subtract it from IE in Wine. This gives a decent ballpark for memory usage of IE. Loaded both IE and Mozilla with the hompage set to MSN.com then loaded slashdot. Mozilla 1.0 used abot 22mb and IE 5.5 after subtracting notepad memory used 29mb. You can try this yourself. I was using a dual boot with Win98 and Wine used its internal dll's.

Re:Why users "should" switch

[Brendan+Byrd]

Well, number #2 is Popup blocking, yet the Bugzilla crew still refuses to fix their main bug involving that "feature", listed here.

Re:Why users "should" switch

[swv3752]

A)I subtracted out the memory that notepad in Wine uses, so that should overcompensate for any memory that just Wine uses.

B) Linux has a different VM model, that is where any difference lies. If it is still in swap then it is in memory and I want it counted.

C) Win95- No that 29mb is not required. Other programs may use it, but so what. Other programs may be using some of mozilla.

D) Who runs with Active Desktop turned on?

E) The two browser loaded the same homepage then Switched to another same page. Memory cache shouldn't matter.

Re:Why users "should" switch

[jonadab]

> >Why do you need to remove IE to use another browser?
>
> Oh... that one isn't so hard.

Actually, you don't have to remove it per se, but you do need to
upgrade it to at least 6.0, select Custom install, click the Advanced
button, and tell it not to make itself the default browser.

Read the entire article....

[dartboard]

If you read ALL the way to the end of the article you'll note that 5 of the 6 bugs are already fixed in 1.0.1 which has been out for a couple months now. I believe the sixth is already fixed in the 1.2 nightlies.

Re:Read the entire article....

[tbmaddux]

5 of the 6 bugs are already fixed in 1.0.1 which has been out for a couple months now. I believe the sixth is already fixed in the 1.2 nightlies.

The same 5 of the 6 that are fixed in 1.0.1 are also fixed in 1.1. The last one is already fixed in 1.2 beta. Maybe even alpha or earlier (but why would one use those).

I saw this mentioned on The Screensavers last night and IMO the Register article is greatly overstating the magnitude of the vulnerabilities. These are all known, patched bugs. Good to motivate people to stay up to date, but this is a lousy way to evaluate a product's security.

Let's talk about the known, unpatched bugs in MSIE instead.

Re:Read the entire article....

[wandernotlost]

There will always be bugs, whether your software is open source, free, or otherwise. What matters is how you deal with them.

Re:Read the entire article....

[delphi125]

If you read ALL the way to the end of the article ...

Actually the second paragraph (and second sentence) states:

"Versions of Mozilla previous to version 1.0.1 ..."

Newsflash: Old buggy release has bugs

[roybadami]

However, also according to the article on the register, most of these bugs are in Mozilla 1.0, which makes this kind of old news. Mozilla 1.0.1 was specifically advertized as a security bug-fix release, and has been out for quite some time.

NTLM auth

[bunratty]

I'm still waiting for NTLM auth to be implemented so we can switch over at my workplace, the only reason we still have to use Internet Explorer.

NTLM auth is bug 23679, and is scheduled for Mozilla 1.3 alpha which will be out in about one month.

Re:NTLM auth

[drok]

NTLM auth is bug 23679, and is scheduled for Mozilla 1.3 alpha which will be out in about one month.

Except that it was also scheduled for 1.2 alpha, then beta, then... despite 107 votes and being topembed+ it keeps slipping.

Want to have NTLM support? Vote for it! http://bugzilla.mozilla.org/show_bug.cgi?id=23679 (Bugzilla doesn't allow slashdot.org referers anymore...)

-Robert

Re:NTLM auth

[twoflower]

Want to have NTLM support? Vote for it!

No, write the damn code. That's what software freedom is about. You've missed the entire point.

Re:NTLM auth

[oliverthered]

The code is already there, at least in the greatest part and has been for months.

It looks like there are three problems,
putting DES, MD4,MD5 somewhere sensible possibly using PSM
adding NTLM
and fixing a nasty bug where Mozilla opens too many connections.

Until the nasty blocker is fixed there can be no NTLM.

Re:NTLM auth

[KidSock]

NTLM auth is bug 23679, and is scheduled for Mozilla 1.3 alpha

That's good news considering any Java server can now negotiate NTLM Auth using jCIFS and use the credentials to access SMB resources.

Re:NTLM auth

[Lendrick]

No, write the damn code. That's what software freedom is about. You've missed the entire point.

Sadly, this is easier said that done. Simply getting into the Mozilla project is difficult at best--I myself have tried and failed, and no longer subscribe to the notion of "writing the damn code yourself."

Can we blame them for being ineffective at responding to new coders? Probably not. Mozilla is a massive project, and the people who keep tabs on that sort of thing most likely have more urgent things to do than respond to every newbie who offers to help out. On the other hand, the "write the code yourself" argument is arrogant and lazy, because it's not really an option for most people, even if they are willing to help and experienced coders. A better response would be that there are other things with higher priority which need doing first.

Additionally, as has been pointed out before, complete feature patches written by people who managed to get in to fix their "pet bug" often go unapplied for months. PNG alpha support under Windows (or was it Linux? I don't recall specifically) was an example for this--the patch was there for months, and the feature was continually ignored as it accumulated votes, until someone finally decided to put it in.

In the future, you may want to consider being a little bit less snide about people posting feature requests. Feature requests give a project direction, by allowing the coders to get a feel for what people would like the product to be like. Scoffing at them is intentionally ignoring the requests of your audience.

Re:NTLM auth

[Da+VinMan]

I'm a wee bit confused here. Please bear with me.

We have an application (VB.NET no less) which is installed on the IIS server to not allow anonymous usage, Basic authentication, or Digest authentication. It only allows Integrated Windows authentication.

Now, when I browse to our application using Phoenix (I'm using 0.3 right now), I get a login prompt. I'm able to login at this point and go from there.

Obviously, IE (we use 6.0) would do this automatically without the login prompt. Phoenix does do this, it's just not quite as convenient. If I'm feeling sloppy, I can even tell it to remember my login for future use so it requires exactly one more click of the mouse to get working. Not too bad...

My question is this: Is the above working scenario using NTLM, or what?

I've always been confused on the difference between NTLM vs. "other Windows authentication schemes". I understand the Basic, Digest, and Anonymous authentication schemes, but I'm really fuzzy on what actually happens when "Integrated Windows authentication" gets used. Any light on this would be appreciated.

Thanks!

Re:NTLM auth

[cscx]

But I'm really fuzzy on what actually happens when "Integrated Windows authentication" gets used.

Okay, this is where the NT + IIS + IE combination really shines (for Intranets). There is a setting in IE for authentication that is usually set by default to "Automatic logon only in Intranet Zone." Let's say that you're on a Windows 2000 machine logged into a domain called VINMAN. Let's use the example of setting permissions on just a regular directory of private files on the IIS server that you only want the group "Authorized" on VINMAN to access. In Windows 2000, you set the NTFS permissions on that folder as "Read" for "VINMAN\Authorized." Now, let's say you browse to that address that's in your intranet on IIS... say http://10.1.2.3/topsecretstuff/ for the sake of argument. Well, IIS will throw an Integrated Windows authentication call out to IE, which will pull your username and password for the domain VINMAN out of your current Windows login credentials. It'll automatically send it to the server, and if you're in the "Authorized" group on NT, you're set. Except that it never really sends your username/password; instead, it uses your Kerberos ticket! The web page comes up, you never see a login box, and everything is done transparently to the user. It's like you never even needed authorization to log in to see that page. Log in as someone else w/o proper credentials and you'll get a dialog box to log in instead, which, through the magic that is NT, you can actually give users on different domains permissions to the files, i.e. you can login as ANOTHERDOMAIN\Jim.

Purty cool, huh?

This is just really a souped up "Windows NT Challenge/Response" from IIS 4.

Re:NTLM auth

[rbeattie]

I've been using a Python NTLM proxy at my work for the past month and it's great. I point whatever is being blocked by M$'s server software at the local proxy and it does the work for me.

http://www.geocities.com/rozmanov/ntlm/

It's GPLed and works as advertised. Once I figure out how to make it run as a service, it'll be perfect.

-Russ

Re:NTLM auth

[Hadean]

Yes, I'll just wave my little magic pixie stick (and quit my day job) so that I'll learn how to write software. You do realize that not everyone knows the inside and outs of programming! This whole "write it yourself" philosophy is such crud ... people like you must try to remember that there's more then one kind of computer user.

shallow bugs

[tps12]

Fortunately, these are shallow bugs that will be found by many eyes. I'm guessing I won't have to wait more than a few hours for a patch that fixes any of these either. And while IE exploits tend to be devastating, since Explorer is integrated into the whole Windows OS, these security holes in Mozilla will, at most, crash your browser, a minor inconvenience. All this proves is that Open Source is (still!) better than proprietary software. Keep up the great work, Moz team!

A Word on Mozilla

[krog]

When you're on a Linux machine, Mozilla is a fine choice for web browsing. And it has some nice features like tabbed browsing that soften the interface somewhat, and some like javascript privilege control which make the web more tolerable.

HOWEVER, the Mac versions are basically unusable and the Windows version is hurting. Mozilla still sucks when good web browsers exist on that platform.

Re:A Word on Mozilla

[Entropy_ah]

the Windows version is hurting
That's strange because I've found that Mozilla is more stable and faster in Windows vs. its Linux couterpart.

Re:A Word on Mozilla

[RealAlaskan]

... the Mac versions are basically unusable and the Windows version is hurting.

Don't know about Mac, but the windows verion is peachy. I'm using build id 2002091014 on Windows at work, and it provides a subjectively better browsing experience than does IE.

Re:A Word on Mozilla

[\\]

I've been using Mozilla for OS X since i bought my powerbook a couple months ago and have had no problems whatsoever, besdies the occasional crash. Even java works properly - still can't get games.yahoo.com to properly work on any of my lunix mozilla installations.

Re:A Word on Mozilla

[93+Escort+Wagon]

Why are people so hung up on the initial load time for IE versus Mozilla? Other than for that single metric, Mozilla runs circles around IE. Mozilla renders pages significantly faster, it provides fine -grained control for people who want it (per-site image blocking, per-site popup blocking, tabbed windows), and it generally doesn't allow people to get root/admin access to a box even when exploits are discovered.

I have convinced many people to try Mozilla, and from what I've seen none of them have switched back to IE.

Re:A Word on Mozilla

[n-baxley]

I've had no problems on Windows other than handling a few pages that are coded IE specific. The inital load time is a little slower, but how many times are you opening and closing your browser? With the quick start, which IE has built in, Mozilla loads pretty quick anyway. I haven't used the Mac or Linux versions, but I like my Windows Moz.

Re:A Word on Mozilla

[mosch]

I'm posting this from Mozilla 1.2beta on a Mac running 10.2.1. Mozilla has an MTBF that's really damned close to the same as IE 5.2. I wouldn't say that it's significantly more or less reliable than IE on Mac.

Re:A Word on Mozilla

[sporty]

Ok, I know, troll.. but what the hell.

At home, I'm running XFree /w pan (which uses gnomelibs), Mozilla, AIM and Yahoo comfortably on 256 megs of ram on a 433mhz machine.

At work, I was on a celery 233mhz with 128 megs of ram. Ran fine. And I have to restart my browser a lot due to playing with my hosts settings for several projects. No, it's not a browser issue, it's an infrastucture thing, don't ask.

Sorry dude, but your machines sound either underpowered or misconfiugred.

Re:A Word on Mozilla

[ealar+dlanvuli]

Phoenix runs circles around IE. With both browsers set to google IE6.0 takes 4.8 seconds (stopwatch) on my machine, Phoenix takes 2.1 seconds (stopwatch). Loading slashdot as default increased IE by almost a second, no noticable difference in Phoenix.

Unless your a developer or an emacs user you should probably give phoenix a try.

(note: emacs user was a joke [sort of])

These are already fixed

[nxg125]

To quote Mozillazine

The most remarkable detail about these bugs is that most of them are already fixed. In fact, only one of the flaws (reported here in September) is present in the latest stable branch and trunk releases (Mozilla 1.0.1 and 1.1 respectively), while the more recent 1.2 Beta isn't vulnerable to any of them.

Comment removed

[account_deleted]

Comment removed based on user account deletion

10 Things...

[yamcha666]

Now, is there a 10 Things IE Can Do That Mozilla Can Not such as run ActiveX properly if at all so one can go to most msn.com sponsored sites such as MSN Chat? Or how about properly running the Java plugin so Yahoo! Chat doesn't crash after a few minutes. I'm not making this up. This happens everytime.

Believe me, like the rest of you, I love Mozilla, and I live by the tabbed browsing. But unfortunetly, there are a lot of things I do on the Internet that still force me to crawl back to IE.

Re:10 Things...

[Anonvmous+Coward]

"Believe me, like the rest of you, I love Mozilla, and I live by the tabbed browsing. But unfortunetly, there are a lot of things I do on the Internet that still force me to crawl back to IE."

Frankly, I didn't think the '101 things you can do with Mozilla' was that interesting. Most of the stuff there I'd only care about if I were doing web development today. In that case, yes it'd be really cool. But they're trying to oversell features that most people don't use. I just wanna browse the web, I don't care about color coded source viewing. I do care about the browser opening fast without hogging all the RAM. (Fortunately I'm an Opera user.)

Re:10 Things...

[EyesWideOpen]

One feature of IE that I really like is how previous entries in text boxes can be selected from a drop down list (like the list of previously loaded URLs in the browser location bar). It's very helpful here at work where I can easily pull up a list of previous searches to be re-searched.

Re:10 Things...

[brunes69]

Phoenix does this, and alot more that Mozilla doesn't. Phoenix is really on the right track. http://mozilla.org/projects/phoenix/phoenix-releas e-notes.html

Re:10 Things...

[jameslore]

??!!

I've always found Moz to have *significantly* better CSS support than IE. IE doesn't even have full CSS 1 support, and supports even less of CSS 2.

e.g. position: fixed; doesn't work in IE (and even does very odd things sometimes), and absolutely positioned elements are not sized according to their bounds (top, left, right, bottom) but by width and height (my pick for most silly IE bug)

Re:10 Things...

[Asic+Eng]

Or how about properly running the Java plugin so Yahoo! Chat doesn't crash after a few minutes. I'm not making this up. This happens everytime.

That's true, but AFAIK the same thing happens with newer versions of IE - the only browser which seems to work properly with the Yahoo-Chat seems to be Netscape 4.7.

I don't really understand why that is, but it seems IE and Mozilla are on par there.... unfortunately. :-/

Re:10 Things...

[Pheersome]

... aaaand there's your problem: an excess of suck in your daily browsing habits. MSN Chat and Yahoo Chat? They're symptoms of that blight on the Web that is the proliferation of non-Web applications being served over HTTP. There's just no excuse. IRC clients exist for a reason. (Mozilla has one of those, too.) And have you forgotten about that whole "standards" thing that Mozilla (nominally) supports, and IE notably does not?

Re:10 Things...

[indiigo]

Now, is there a 10 Things IE Can Do That Mozilla Can Not such as run ActiveX properly if at all so one can go to most msn.com sponsored sites such as MSN Chat?
Msn sites breach your privacy. ActiveX is an inherently insecure technology.

Or how about properly running the Java plugin so Yahoo! Chat doesn't crash after a few minutes. I'm not making this up. This happens everytime.

Download recently released J2SETM v 1.4.1_01. This fixes 2,000+ bugs with the earlier version, and has increased speed, to boot:
http://java.sun.com/j2se/1.4.1/download.htm l

Re:10 Things...

[EyesWideOpen]

I'm using Phoenix 0.4 and it does not do this. Hmmm....

Re:10 Things...

[marauder404]

I definitely agree with you there. Not all of the items listed are features for the user's browsing experience. Pass that list around the office and see what happens ... most people would STILL say that they're happy with IE. Details on how it implements XML are just not convincing arguments.

Also, I can't help but to think that if IE introduced browser features that supported stuff like IRC support and a cookie manager, people would be crying foul, saying that it's just more bloatware. I like the fact that bookmarks are items in the filesystem and I don't have to use some new tool to manage them.

Re:10 Things...

[Chanc_Gorkon]

And I agree with you there! But just ask those who commonly use sites like http://www.nascar.com and others that uses these java chat thingies to try and find a irc client. Most will say a what? IRC?? Wazzat? These folks don't even know that they are using a irc server. The other reason even those of us in the know that use those is because we don't know the address of the server they are on. Most may even run their own so they can have tight control. This is why we must be asked to use these....things.

Re:10 Things...

[Sj0]

Try K-Meleon at kmeleon.sourceforge.net
It was just released a little while ago, and is based on the latest Mozilla 1.2b milestone. It's very fast and supports that feature nicely.

p.s. Yes, I'm pimping KM in this thread. I wouldn't be if it wasn't good.

Re:10 Things...

[Soul-Burn666]

Moreover, website developers write bad CSS mostly BECAUSE standard CSS is broken in IE and they have to "fix" it so it looks good... Evidently, it looks bad on standard compliant browsers.

Re:10 Things...

[pclminion]

If your primary concern is tabbed browsing, why not just use Opera in the interim, while Mozilla gets a little stabler? It's really not hard to simply ignore the little ad banner at the upper-right of the free Opera copy. It's not like we aren't exposed to twenty thousands ads every day anyway...

Of course, if you like Opera I suggest purchasing a copy.

Re:10 Things...

[Anonvmous+Coward]

'Why not try Pheonix [mozilla.org] then?'

I'm happy with Opera?

Bug Confirmation

[kha0z]

Being a developer myself, I have a huge number of bugs that are reported to my team and I on a daily basis. While security is always a key concern, there is an entire process of validating a bug prior to adding it to an official bug list. An open source project, such as Mozilla, has to rely on the input of who know who for possible bugs, then also has to rely on a large number of volunteer developers to help validate the bug. Sometimes these processes take time.

Take the time to compare Mozilla's submitted bug report and their official bug list versus Microsoft's (that is if you can find a copy of it).

It's about the browser

[c13v3rm0nk3y]

How my favourite bug was turned into a feature is the best example I have of how easy it is to get off the track with big projects like this.

The bug got lost in several threads, flames and arguments about what IE does or does not do, until it was finally marked WONTFIX by a Mozilla demi-god. IMHO, they missed the point. There is a constant refrain in Bugzilla about whether something is "standard" or not.

From my experience, the argument about web standards is used to either fix or not fix something, depending on how someone feels about a problem.

Don't think it's a problem? don't fix it and say "it's not standard, so we won;t" or "it's not standard, but we break the standard everywhere where it makes sense". Some behaviour need changing? The same arguments apply.

I may be just whining here, but sometime I think the fact that Mozilla is a web browser is lost in the arguments. I still love Moz, but the fact that the right-margin jumps around on my otherwise fine HTML 4.x and CSS pages will always bother me.

Re:It's about the browser

[Anthony+Boyd]

Wow. I read through the entire comments section, and Ian basically ignored users, Web developers, and even a few Mozilla developers. I'm amazed at how poorly he handled it. Maybe we should get these guys some training in diplomacy.

Re:It's about the browser

[roca]

Lots of pages look better without the vertical scrollbar space. It's not just standards pedantry.

To say "there can be no reasonable doubt that this change should have been made, and the fact that it wasn't made means the developers are idiots and the project is doomed" --- THAT is zealotry.

Re:It's about the browser

[c13v3rm0nk3y]

I'm having trouble accepting that having the viewframe dimensions change based on whether or not there is a scrollbar is "bad design" on my part.

Designers have little control over how tall their content will render, and most leave it at "auto" as they should. Having browser specific properties to control how one single browser renders scroll bars is, IMHO, plain stupid.

If standards-compliant HTML and CSS is rendered such that using a percentile for a width value changes based on the content and not the size of the frame (because the content is, through no fault of anyone, changing the viewframe width), then this (IMHO) is a bug.

Anyway, this only backs up my point that we should be thinking about these things from a browsing perspective. The discussion degraded into what specific behaviour Moz should implement, not whether it was a good idea that equal relative widths were, in fact, not equal.

That is, I don't care how it was changed, all I knew is that the current behaviour ran contrary to the principle of least surprise. All that happened is that the people with the opinion and the pwoer decided it was not a bug, when it was not clear at all that this was the case.

I don't really care whether it is a "bug" or not (though I do consider it one). My objection is that there was obviously an issue with how Moz rendered widths which is not addressed in any meaningful way, standard or not.

Compare with the decision to reimplement <MARQUEE>; seems rather arbitrary.

Re:It's about the browser

[c13v3rm0nk3y]

Lots of pages look better without the vertical scrollbar space.

...just as most pages render better without the viewframe width changing as content length changes.

Having the wdith stay the same as height changes so that CSS percentiles work as expected is not the same as always having a scrollbar. In fact, I'd say the majority of HTML will expect the right margin to stay put, regardless of the length of the page, given that most designers (rightly) let the height be "auto", but strictly control width. People hate scrolling sideways. They don't mind scrolling down. This is just good design.

So why not make the browser-specific property be the inverse? Why don't we assume that the scrollbar could potentially take up the 10 pixels (or whatever) on the right (or left!), and have a property to invert this for the pages that absolutely need those 10 pixels? Why can't those pixels be render transparently when the scrollbar is not there? I assert that this is the minority, and the norm is to expect to scroll through the height.

Plainly put, I argue that the scrollbar is not part of the contents, but part of the application, and as such, should keep it's bloody paws off my content.

Re:It's about the browser

[ubernostrum]

Having read the comments on the Bugzilla page and the comments in this thread, I have to say you're in the wrong. If you absolutely, unavoidably need two elements to have exactly the same visual width, you need to be specifying widths in pixels. If you rely on relative widths, you subject yourself to this sort of problem and shouldn't complain about it.

In addition, you seem to be ranting a lot about "expected" behavior...for me, what Mozilla does is the expected behavior. Can you point me to something in the W3C CSS or HTML/XHTML specs that says Mozilla is doing it wrong?

Re:It's about the browser

[c13v3rm0nk3y]

If you absolutely, unavoidably need two elements to have exactly the same visual width, you need to be specifying widths in pixels. If you rely on relative widths, you subject yourself to this sort of problem and shouldn't complain about it.

I've made my position clear in other posts in this thread, so suffice it to say that I will cheerfully agree to disagree. I reserve the right to complain about anything I like. This is the point of having an opinion.

I rely on relative widths because that is good practice. I simply disagree with having an application widget effect the flow of content. Having application controls affect page content is just bad design.

Minor perhaps, but bad nontheless. I don't see how anyone can consider that "expected behaviour".

There is nothing in the various specs about this because this is not a rendering or reflow issue, per se. It is about how an application decides the widgets and controls affects data. Would anyone expect the addition of a ruler or toolbar (without changing the size of the viewport) cause a reflow of a document in a work processor, or cause the margins to change size?

Yes, it would be nice to count on a relative width not changing if _only_ the height of the viewport changes. Really, I just feel it makes the browser look stupid.

agreed

[Faggot]

HOWEVER, the Mac versions are basically unusable

Mozilla start time on my G4/667MHz/1GB RAM Powerbook: 29sec (!?)
IE start time on same machine: 2sec
Omniweb start time on same machine: 1.5sec

not to mention that Mozilla hangs for seconds at a time quite often, and looks and feels clunky and bolted-together.

Re:agreed

[cscx]

IE 5.2 on Mac was the best browser that Microsoft ever made. It was actually so good they modified its rendering engine to create IE 5.5 for Windows.

Also, is there a correlation between your username and the fact that you're a Mac user? Sorry, I have to know. =)

Re:Bug reporting?

[Squarewav]

Well, they may be more open about it, but IE has the advantage that when a bug/hole is fixed it takes a small download to fix it, ware with mozilla and 99% of other OSS progs, takes ether a complete re download to fix it, a download of a source patch then a recompile, or possibly even fixing the source yourself (assuming you know enough about the internals of the program to fix it)

Re:Yes, I've run into some of these

[bunratty]

Yeah, I suppose writing patches for WONTFIX and INVALID bugs is pretty much a waste of time. Idiot.

Re:Why Use Mozilla? Only Need 1 Reason Not 101!

[c13v3rm0nk3y]

Another is seeing all those pr0n sites in your cookie block list.

Re:Bug reporting?

[Iamthefallen]

Yeah, imagine that, the Evil MS notifies customers that an update is avaliable, but the wonderful Mozilla organisation has people visiting the site looking for an updated version or patch. I know that my family at least finds that much easier because they have a deep interest in what web browser they use to browse the interweb...

If you're gonna complain about MS, at least use a valid argument, god knows there's a lot of them, but the kneejerk whining about MS being evil doesn't really do any good for anyone.

Mac version of Mozilla is unusable?

[Shinzaburo]

...the Mac versions are basically unusable...

How are the Mac versions unusable? I've been using Mozilla 1.2 beta on OS X for weeks, and it's working wonderfully. Extremely stable (hasn't crashed once), reasonably fast rendering, and the best standards compliance I've seen on any browser. It would be great if the overall browsing speed were improved, but as the browser I use on a daily basis, it's certainly usable even in its current state.

Trollesque

[Roadmaster]

how about some details on how "the Mac versions are basically unusable"? I've used them, so they're not *unusable*, and they perform pretty well; in fact, I know plenty of mac users who prefer it over IE.

Why do you say "the Windows version is hurting"? what problems do you have with it? For me, it works just fine and I prefer it over IE, even with the slower loading time, and even on my slow K62-400 with 48 MB RAM. I did say "for me", but in all truth I can't find any instances where it is "hurting".

Your final comment seems to imply Mozilla is not good, which in my oppinion is not true. Hey, we're all expressing our oppinions here, nothing more :)

Re:Yes, I've run into some of these

[Dr+Caleb]

errors as allowing javascripted emails to both access files on the HD and automatically send out new messages

Or you could go to "Edit" -> "Preferences" -> "Advanced" -> "Scripts and Plugins" -> and uncheck "Enable JavaScript for...Mail and Newsgroups".

Does IE let you do that? Why do you need JavaScript in Mail anyway? I won't even accept HTML email.

Text is fine. I get the content without all the cookies and graphics.

Mozilla rules

[dolo666]

Because Mozilla is open source, it's better than any other closed source alternative. I have only three reasons why I use it:

1. Smart Features -- not bloat-ware.

2. Tab Surfing.

3. No spyware or ads.

The information exchange is one factor of why open source is better, however, consider this as well: every decision you make adds to the total inertia of a project. Therefore, when you base a product on open source, you are creating a momentum that is going to carry on through your whole project. By saying, "Yes, we will listen to our public", you are also saying that you will like your public, and your public will like you in the end.

Microsoft has never done that. They put you on hold, put you off, ignore you and they do what they want. How long can they continue to take that stance in the face of an angry public?

Marshall Berman said it best when he said you can't slow progress or stop it. You can only guide it. He goes on to say that anyone who tries to resist change is going to pay the price in the end. Well I can't think of any other company that has resisted change as much as Microsoft has - especially recently.

Here's a productive idea for IE users..

[ABetterMan]

I've always wanted to send a message to IE users about the flaws and insecurities of their chosen browser, to hopefully open their eyes and get more people to use alternatives (Opera, Mozilla/Phoenix, etc)

One way would be to use the browser ID to add a little 'info' strip to the top of pages, specifically for IE users. It could be just a small one-line table at the top of pages -- maybe with a contrasting background to be noticeable, and say something like:

"Internet Explorer has several vulnerabilities that may allow others to take over your machine. You may want to apply fixes or try alternatives.

I can't find the link to the 'master list' of unpatched IE flaws, I had it bookmarked somewhere.. But I would imagine using the browser ID string the client sends to apache, this could be done in PHP or something similar. Yeah, it'd probably be a performance hit, but for anything but the biggest sites, it might work.

I've also noticed that some IE browsers appear to be sending the actual patch revision! Example:

217.81.215.xxx - - [06/Nov/2002:00:00:19 -0600] "GET / HTTP/1.1" 200 34629 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; QXW0339a; Q312461; .NET CLR 1.0.3705)"

Q312461 leads us to a MS Knowledgebase

article. I've no idea what the QXW0339a is, though.

Interesting. So one could go so far as to take the patch version off the browser ID string, check it against a database of strings, and return a comment that mentions the serious vulnerabilities affecting that version. I'd be happy to just run something that added a small tagline to the top of pages for all IE browsers, though. The more sites that did something like this, the more the word would get out. I think it'd be productive. :)

Re:Here's a productive idea for IE users..

[nizo]

I always thought it would be nice for someone to offer free (or cheap) CDs with the latest alternative browsers available, hopefully making it easier for the average joe to try them out (same goes for openoffice, etc). Hey AOL, you listening out there????

I can do them!

[Otter]

I'm posting this from Mozilla 1.2b/MacOS X and it's close to pushing IE off my desktop.

But, looking over the list of 101 things Mozilla does that IE doesn't, there are plenty of things that IE does, and has done for years. (It may not do them on Windows -- I have no idea.)

I can view cookies, block individual cookies, disable tooltips and a bunch of other things listed. I'd also argue that IE can be trivially installed and uninstalled and has a more complete, and certainly much more usable bookmark manager.

Re:I can do them!

[bstadil]

close to pushing IE off my desktop

FYI, If you do that you can use the MS filemanager if you are stuck in on a web site. Just type or Cut and paste the url (incl http:// bit) into filemanager and presto it morphs into IE.

Lately Amazon.com is getting more IE centric on their view content of books and I have to resort to this. FYI, I have complained to Amazon.com

Re:I can do them!

[SomeOtherGuy]

I don't know abnout easier install. Installing a new version of IE always requires me to reboot. When I install a new (binary) version of Mozilla it usually is just an unzip or untar and then running the executable.

Maybe things are different on the Mac.

Re:I can do them!

[superyooser]

No, it unzips just fine on Windows too. No reboot needed. In fact, you can write a batch file to: download the latest build using Windows' command line FTP program, delete the current bin directory, and unzip the new zip file. A CLI zip program is required.

There are two files in my D:\mozupd, which are mozupd.bat and mozupd.scr.
Here's the mozupd.bat file (WinZip CLI component required):

@echo off
REM Download Mozilla update automatically from Mozilla
D:
cd \mozupd
if exist mozilla-win32-talkback.zip del mozilla-win32-talkback.zip>nul
ftp -s:D:\mozupd\mozupd.scr
if not exist mozilla-win32-talkback.zip goto exit
del /s /q C:\Progra~1\Mozilla\bin
C:\Progra~1\Winzip\wzunzi p D:\mozupd\mozilla-win32-talkback.zip -d C:\Progra~1\Mozilla

echo All done!
:exit

And the mozupd.scr file for FTP:

open ftp.mozilla.org
anonymous
you@your-domain.com
b in
hash
get /pub/mozilla/nightly/latest/mozilla-win32-talkback .zip
quit

If you see b in a few lines above, that is supposed to be bin as in binary. I don't know why Slashdot is splitting the word. The word wzunzip is split too in the first script.

Re:101 Reasons to switch to Mozilla

[trcooper]

As well as shift-mousewheel to navigate history...

Probably many more incorrect ones in there as well.

Only thing that Mozilla does that IE doesn't that bothers me is PNG and MNG support. I really wish IE would clear those two up.

Re:Obligatory Opera plug

[roybadami]

In my experience, Mozilla 1.0.1 and 1.1 are pretty stable. (Don't expect the betas to be stable though, they're not meant to be, and often aren't)

Also be aware that Mozilla prefers to be installed into an empty directory. Installing one Mozilla over another is not supported, and can sometimes result in an unstable Mozilla install.

How about https?

[WankersRevenge]

I've been using Mozilla for over a year now and for the life of me, I still can't access anything via. https. So, I have to open IE to do anything secure forms. I've read that I must do a complete install in order for this to work which I do, but still no dice.

Anyone have this problem?

Re:How about https?

[Dr+Caleb]

Anyone have this problem?

With some sites, yes. If they don't support the Mozilla certificates, they won't allow https. I use Mozilla for my Banking (switched banks because they supported Mozilla) and things like Hushmail. For some things at work, I still have to use IE for sites that don't support Mozilla's certs.

Re:How about https?

[Elwood+P+Dowd]

I use Chimera, a moz based browser for the mac, and https works for me.

Re:How about https?

[Dr+Caleb]

Sorry, that should have been "Digital Certificate". Mozilla is great at encryption, but the entity at the other end may not support Mozilla because they are too lazy to incorporate it's user agent tag into their 'accepted' list. I dumped the above bank because it didn't allow Mozilla, even though it met all their requirements.

31 security vulnerabilities in IE

[Futurepower(R)]

Here's a link. On November 6, 2002, there were 31 security vulnerabilities in Microsoft Internet Explorer

The link is taken from: Windows XP Shows the Direction Microsoft is Going.. If Spanish is your native language: Windows XP muestra la dirección que Microsoft está tomando.

Re:Bug reporting?

[BigBir3d]

takes ether a complete re download to fix it, a download of a source patch then a recompile, or possibly even fixing the source yourself

How very odd. I just used Redhat's up2date and received/installed the latest version of Mozilla that Redhat uses, and it is just as easy Windows Update. No compiling by me, it does it all for me. By the time my soup was warm (mmmm lunch...) I had a newer, safer version up and running.

The soup only took 5 minutes...

Mozilla 1.1 is the best browser.

[Futurepower(R)]

My experience: On Windows XP, Mozilla 1.1 is the best browser.

Re:javascript?

[bunratty]

It's not the JavaScript language itself that differs between IE and Mozilla. It's the DOM, which is the data structure for accessing elements on the web page. Your friend is incorrect about Mozilla; it's IE that makes up its own DOM standards.

Re:The one thing it doesn't do

[IvyMike]

I've never walked into a Fortune 500 company and seen Mozilla running on a PC. Never.

Are you sure you're looking? Quite a few people at my company (it is in the Fortune 500) use it, and we're nothing special. It's not the majority of people, or even close, but certainly not zero either.

DoS'ing not very hard...

[kh0ng]

This bug was reportet 2 years ago, seemed to be fixed, then again seems to be still present. It refers to tables with 'colspan' Tags that have a large 'span' value. They DoS the browser and can be embedded in any HTML Source - Webpage and EMail and (perhaps) Newsgroup articles.

On a funny sidenode, while trying to use the link above:
"Sorry, links to Bugzilla from Slashdot are disabled."

Re:The one thing it doesn't do

[Loki_1929]

How sad. You don't 'talk' to a support technician with Mozilla, but you can usually get in contact with the person who actually wrote the code that's giving you trouble. Personally, I find this preferable to sitting on hold, paying through the nose for phone support, and talking to someone who hardly has the technical knowledge to use a computer, let alone code a browser. Mozilla's problems and bugs are well-documented; IE's are well-hidden. Mozilla has an excellent secuity track record; IE's security track record can be seen by the seemingly endless stream of advirories and patchs.

It's a shame that these Fortune 500 companies choose inferior products with inferior support on the basis that they're able to hear a human voice when there's some sort of problem; regardless of whether or not that human voice has the slightest understanding of the problem, the solution, or even the product.

The 101 list is bullshit

[bmajik]

1. You can do this by writing a 12 line VB app that embeds the MSHTML COM control on separate tab controls. Some projects already do this. (Yawn)

5. uh, hit ctrl-H in IE6

7,8. Hold control, scroll mouse-wheel

17. IE does this

22. This can be set in IE

31. IE can do this

46. Is this a joke ?

77. I don't buy this. IE is a ship-component of Windows XP, and thus exists in 25 distinct locales.

97. This is just fanboyism. There is no substance here.

101. Got me there, champ.

These are just the things I know are crap off the top of my _head_. Why does fanboy shit like this make it to slashdot on such a consistant basis ?

Re:The 101 list is bullshit

[Edgewize]

While the 101 list goes a bit overboard, you're wrong to dismiss a lot of the items.

1. Tabbed browsing is inherantly slower with IE because it creates a new browser instance for each tab.

5. The side bar is NOT just a history window. You can put virtually anything in it, including slashdot headlines or a google box.

7-8. MSIE does NOT adjust font sizes if the CSS specifies it in pixels. Mozilla does.

17. At least with 5.5, the "cookie manager" is nothing more than a listview of all your temporary internet files. Mozilla has a real interface with more capabilities.

22. The average user will not set this, and will inevitably install Bonzi Buddy or some other crap because they click OK too fast. Mozilla comes secure by default.

46. You can run Mozilla from a network share without ever launching an installer. I'd like to see you do try with MSIE 6.

77. Yeah, assuming that you have the appropriate locale of Windows. And that you'd never want to run a version that was different from your operating system's locale settings.

97. True. But you must admit that Mozilla's security process is more open than IEs, and that there won't be major vulnerabilities that go unpatched for months. With IE you have no such guarantee.

101. You just can't argue with that one. The lizard is cool.

Re:The 101 list is bullshit

[Loki_1929]

Assuming we granted you all these things as being valid/correct (and most have been refuted by a previous reply), you've said nothing about the other 90 features that Mozilla either does better than IE, or that IE completely lacks. Let's assume that 50 of these are rarely used or are trivial. We're left with about 40 nice features that IE either lacks or impliments poorly.

I'd love to see you either respond to the other 90 listed items you never mentioned, or boil the list down to the 40 strongest points and take a shot refuting them. Mozilla is far superior in my opinion, if not for the features, then for the stability and security.

Re:The 101 list is bullshit

[Fweeky]

7,8. Hold control, scroll mouse-wheel

8 is "Can zoom any text, even that with fixed pixel sizes".

IE can't do this. Try it:

<html>
<body>
<p style="font-size: 8px;">Go on, just try to resize this in IE. Ah hahaha.</p>
</body>
</html>

Highly annoying, especially since weenies who like tiny font sizes usually specify them in pixels.

17. IE does this

"The cookie manager lets you view the cookies that have been set, their values and their expiry times."

It does? It has nice P3P support, don't recall anything like that though.

46. Is this a joke ?

"Can be installed quickly and without much fuss. It can generally be run off a network or CD as well."

Well, given how IE can't be installed (well, upgraded) without replacing core system files, where as Mozilla can just be extracted from a zip..

Now, I'll pick a few.

"Popup blocking":
Provided in a number of replacement IE UI's such as MyIE.

"Can select from multiple stylesheets provided by page":
But you can't save it; even going to another page on the same site with the same stylesheets looses the alternate stylesheet selection.

"View the syntax coloured source of a page, without having to view it in Notepad.":
*shrug*, mine loads vim, which is rather better than Mozilla's View Source.

"You can select any search engine you wish, not just one that has been chosen for you.":
You can change a lot of this using regedit; including stuff like "g foo" googling for foo.

"Can fill-in complete forms automatically":
Um, IE has AutoComplete.

"Properly handles MIME types":
Yup, IE's mimetype handling is a complete joke.

"Displays ABBR/ACRONYM titles in tooltips":
IE supports ACRONYM. No ABBR though, *grumble*.

"You can make text blink. This list isn't subjective.":
This is good. I've even used it once, and it saved me using an animgif. I used it to make a fake blinking cursor :)

"CSS position:fixed":
IE breaks this completely, not even falling back to the previous value it was set to. Those responsible are going to hell.

"CSS2 selectors":
Again, something IE developers are going to hell for, even if it gives us a way to hide CSS from it which it would otherwise break...

"Can use the finger protocol. This has been disabled in newer versions of Mozilla.":
Aww. And I want dict:// support!

"Supports irc protocol":
Barely, and if you use it you'll wish it didn't.

"Preferences are all stored in a single file (prefs.js) which one can easily edit to add custom settings which have no UI.":
Uhm, right. Good luck working out which prefs.js is actually loaded for your profile. Ditto for the unsettable userContent.css - even IE lets you specify a path to a user stylesheet; hardcoded paths to one *suck*.

Re:The 101 list is bullshit

[Fastolfe]

7-8. MSIE does NOT adjust font sizes if the CSS specifies it in pixels. Mozilla does.

I'm not sure if I like this.. If the user is specifying a pixel size instead of a point or 'em' size, he's probably doing that for a reason. Personally, I think it's kind of brain-dead to use pixel sizes for fonts in the first place, but if a content author is going to do it, don't "scale" fonts with pixel sizes unless you're prepared to scale everything on the page defined with pixel sizes (like images).

Taking this a step further, users that routinely need to "zoom in" probably just don't have their DPI settings correct in their windowing system. A typical 21" monitor at 1280x1024 is probably working at closer to 110dpi instead of the default (92?) dpi. Simply making that adjustment could increase the readability of most everything rather significantly.

Re:The 101 list is bullshit

[Hektor_Troy]

1. Tabbed browsing is inherantly slower with IE because it creates a new browser instance for each tab.

Perhaps, but tabbed browsing in Mozilla (even with the multizilla plug-in) just plain sucks when compared to Opera.

Point in case: <a href='http://google.com' target='_blank'>this window opens in a new browser per default</a>. In Opera it opens in a new window. The only way to avoid issues like that in Mozilla is to use another browser or wait for them to fix that issue. That Opera has issues when you want to use more than one browser-window, is another thing entirely.

And the gestures suck as well (optimoz). Especially in Linux.

Oh, and the "back" and "forward" handling also sucks. Opera is the only browser I've found that DOESN'T load the pages that I can access with back/forward. This is particularly nice when you're replying to something like this, where it it's sometimes needed to go back to the previous page, because the forum puts the comment form on a page all by it self.

101. You just can't argue with that one. The lizard is cool.

No, the lizard is ugly. It's nicer than the e, but it's still ugly. And it's totally uncool when compared to the big O.

Oh yeah, and the plug-in management suck as well in Linux. Why the fuck do I have to su to root, chown the entire mozilla directory to my regular user, JUST to be able to change the fucking skin? WTF? The same goes for plug-ins. And don't give me the "but then you have to be carefull when you install plug-ins!" rutine. Yeah, well, when they're installed as root they have ROOT access to the box. If they're installed as MY user, then they can't fuck up my machine, can they? Put the fucking plug-ins in ~/.mozilla where they belong. We've got plenty of drive space these days, and just because I want a plug-in doesn't mean my coworker wants it. Same goes for skins.

Oh yeah, it's nice that Mozilla can restore the page you were at, when it crashed, but why only one of them? What's the point in having tabbed browsing AND a feature to restore the pages, when you can only restore one page?

I like Mozilla; I've spent 2 months trying to get it to behave the way I want, and at the same time to get used to the way it behaves. Then I threw it out and went back to Opera. Yeah sure, I only spent time with Mozilla 1.1b and 1.1a and 1.01 and 0.99, so I should try it now, right? Nope, sticking to Opera.

There are also dislikes about Opera, but they can be worked around with Internet Explorer (yes) or by buying a licence for Opera.

Some questions or suggestions....

[Anthony+Boyd]

I think Mozilla is in a position to really get innovation going again. Being a Web developer who started back in 1994, I remember first using Mosaic and Netscape back when features came so fast and furious that you really like progress was an everyday thing. I haven't felt that way lately (at least about Internet Explorer). So without further ado, here are some ways to innovate at a fundamental level, changing some things that should have been obvious.

First, making navigation buttons out of the link tags is great. But does Mozilla pre-fetch the "next" link, so that if I actually decide to go to the next page (likely), it comes up fast? WebTV has this feature. Makes the Web feel faster.

Second, why am I entering HTML tags into a plain text field? Where is the HTML text field? You know, a form object that comes with B, I, and U buttons, and allows me to visually format the text before sending (and which is delievered as standard, XHTML 1.0 compliant markup)? I've seen that Microsoft's new Web-based Outlook tools have this, but they use over 100k of JavaScript files to accomplish it. Shouldn't we just have something like this: <htmlarea></htmlarea>???

Finally, one of the things I've been waiting for is the ability to set images or other objects on angles. For example, if I wanted to have the slashdot logo appear as if it were on an incline, I might use CSS to specify the image display at -15 degrees. And if this were exposed to JavaScript, I could make some interesting animations. But I haven't seen this in CSS yet.

In short, I remember fondly when Netscape pushed the envelope -- I remember Andreesen adding the img tag, I remember Netscape implementing the file upload tag. I think some working demos of this stuff might help it gain acceptance, and give people a reference model to work from. Not to mention make Mozilla seem much more useful than Explorer.

Re:Some questions or suggestions....

[ChristTrekker]

First, yup. Pre-fetch FAQ.

Second, XHTML 2.0 is being developed, which will radically change things. Make your suggestions known now.

Finally, I believe that's what SVG is for. Mozilla has some support for SVG, but it's not enabled in regular builds, IIRC.

Andreesen adding the IMG tag was a big mistake, and a very bad implementation of embedding media. The OBJECT tag is what we should have had all along.

Re:Some questions or suggestions....

[poot_rootbeer]

Shouldn't we just have something like this: <htmlarea></htmlarea>?

Is that in the XHTML spec? If not, then the answer is NO.

It ain't Mozilla Team's job to extend the standards to include WYSIWYG text entry and CSS-based rotation of bitmapped graphics. Propose it to the W3C, and if anyone besides you thinks it's sufficiently useful it might become a standard.

We already survived one browser-feature arms race, and it resulted in a morass of cross-browser incompatibilities. Please don't try to start another.

Re:Some questions or suggestions....

[Anthony+Boyd]

ChristTrekker, thanks for the great response. The links were excellent. I have one response to a comment you made, veering into the philosophical.

Andreesen adding the IMG tag was a big mistake, and a very bad implementation of embedding media. The OBJECT tag is what we should have had all along.

Oh, I agree about the specific implementation: img was very short-sighted in that it presumed a specific type of media. But your comment also presumes another thing -- that all types of objects, not just images, should be embeddable. And that's where I think the img tag was so wonderful: it changed people's thinking. If you remember Mark's early posts about it, the naysayers didn't hate img because it was "only" for images, they hated the idea of non-textual display. They hated the idea that scholarly documents were moving into a realm that included visual elements they considered "fluff." And that's an argument that was lost long ago, thankfully. I'm not arguing in favor of short-sighted specific implementations (img and font) so much as the concept that visual cues matter. CSS and object tags are far better than the early days, but they advance and improve the concept, rather than beating HTML back to the stone-age. I love the img tag not for its implementation, but for the idea (which was revolutionary back then) that there can be more to the Web than Lynx.

Re:The one thing it doesn't do

[erikdotla]

I've found that the Bugzilla for Mozilla, Newsgroup usefulness, and general web resources are better, or at least equal to, that of Microsoft. Microsoft has an edge with phone support but, I run 10 servers and 50 workstations, all running Microsoft with SQL, Exchange, NT, 2000, and more - and I've never had to call them. I won't.

I dread calling them. It costs money, immense amounts of time, and I would sit on hold just knowing I'd end up with a moron who would suggest that I try rebooting.

This notion that a software company must be responsible for it's software, so that someone can be held liable and can be counted on to help, is really just dependency and lack of personal responsiblity, and ultimately a crutch. MCSE means Must Consult Someone Else.

Perhaps Fortune 500 companies ARE Fortune 500 companies because they pass the task of software support and maintanence off to the companies that make the software, and focus on their core business.

But they're also the ones spending obscene amounts of money and time trying to understand Microsofts insane licensing policies.

They're spending time and money evaluating Microsoft's DRM moves, preparing to deal with the inevitable (some would say immediate) consequences of Microsoft's negative, condescending attitude toward it's customers.

They're the ones who woke up one day and realized they were renting software, not buying it, and that they have an evil landlord and can't do anything about it. They're just happy their investors also like Microsoft so that they percieve this dependency as a "strategic relationship". They're the ones subject to the whip hand.

I've never walked into a Fortune 500 company and seen Mozilla. I've also never let the public see me having sex. Neither of those means that it doesn't happen.

Re:Bug reporting?

[cybermace5]

Look.

Microsoft notifes us *when a patch is available*.

The Mozilla community notifies us *when a security flaw is found*.

Do you want to know about a problem when it is discovered, or after someone has already engineered a fix?

If your car was discovered to be prone to stopping dead on the highway and blowing up, you'd want to know before the manufacturer figured out how to make it stop doing that. You'd want to have the option of choosing to risk it, or parking the car and driving something else for a little while.

Now you know what activies are prone to security dangers, and can either avoid those activities or use another browser for a while.

Re:The one thing it doesn't do

[Asic+Eng]

Uhm - are you really talking to MS when something doesn't work in your webbrowser?

I'm a bit flabbergasted by that argument. Is that support free? What do they do to help? Can you cite an example of a problem they fixed? Do you seriously need help to control the settings in IE?

I've never walked into a Fortune 500 company and seen Mozilla running on a PC. Never.

Fine. I have though, now what? :-)

Re:How about https? -- check for mozilla-psm

[zrodney]

I've been using Mozilla for over a year now and for the life of me, I still can't access anything via. https...

do you have the mozilla-psm package installed?

the https part of mozilla is often in a second package, maybe for export or something. if you
only installed the rpm for mozilla, you may still have to install the personal security manager part.

here's what rpm on my redhat 7.2 based machine shows for example:

[root@mouser root]# rpm -qa | grep mozilla
mozilla-1.0.1-2.7.3
mozilla-nspr-1.0.1-2 .7.3
mozilla-psm-1.0.1-2.7.3
mozilla-nss-1.0.1-2 .7.3
nautilus-mozilla-1.0.6-16

so, check to see if you can install the mozilla-psm package and https should be all set

here's the rpm -qi Description for mozilla-psm:
Description :
The mozilla-psm package provides Secure Sockets Layer (SSL) support
for the Mozilla Web browser.

Productive?

[Gruneun]

One way would be to use the browser ID to add a little 'info' strip to the top of pages, specifically for IE users. It could be just a small one-line table at the top of pages -- maybe with a contrasting background to be noticeable, and say something like:

"Internet Explorer has several vulnerabilities [bellaonline.com] that may allow others to take over your machine. You may want to apply fixes or try [opera.com] alternatives [mozilla.org].


My guess is it will get ignored just as quickly as the recent pop-ups that warn, "Your computer is broadcasting an IP address. Someone can use this information to attack your computer."

People who know better (or think they know better) will use Mozilla or Opera. Those who don't know, or more commonly, don't care, will continue to use the easiest way to access the web. Like it or not, IE is immediately available to the masses and it will be the first choice for those people for a long time.

Re:Bug reporting?

[Iamthefallen]

If I can't do crap about fixing it, what should I do, stop using the www? What other browser is secure to use as a replacement? Lynx?

Yeah sure it's great to find out there's a bug, but, I'm gonna bet that 95% of users on the internet couldn't care less about what software they use as long as it gets the job done.

Geeks care about what software they use, geeks also make sure they have the latest version by visiting the sites now and then and by reading tech news, then it doesn't matter if they use IE, Opera, Mozilla, Netscape, Lynx, Mosaic or if they hold the ethernet cable to their tongue to read webpages, geeks will make sure to have the latest version and all relevant patches.

An insecure browser is an insecure browser, whether it's made by MS or not is irrelevant.

*blink*

[Dave2+Wickham]

"Supports blinking text
You can make text blink."

*blink*

This is GOOD?

JavaScript, other standards

[Cardinal]

He also complained about Mozilla's vaunted "standards compliance." His exact words: "Mozilla invents its own standards, and it's the only one to comply to them."

For the most part, this is only true if your friend believes that the W3 is a subsidiary of AOL. Needless to say, it isn't, and in fact many of the standards which Mozilla follows (While IE only sorta follows) were written by groups that included representatives from Microsoft. A partial list of the (real, non-Mozilla invented) standards that Mozilla enforces can be found here.

Isn't javascript "write once, run anyware" kinda stuff?

It'd be nice, wouldn't it.

JavaScript is a Netscape invention, always has been. As such, Netscape did write its own standard and is the only one to comply with it. However, there IS a real standard known as ECMAScript that Moz and IE both do a reasonably good job of supporting. Unfortunately, this does not cover everything. ECMAScript can be thought of as defining the 'core' of what scripting on browsers is often used for.

Beyond the core are the areas of scripting that make up the buzzword-compliant DHTML (Dynamic HTML, a fancy way of saying JS, CSS, and HTML)

This is where cross-browser scripting gets hairy. The standards used for manipulating documents dynamically are collectively defined by the W3 as the DOM, or Document Object Model, which has many uses outside of HTML, but we'll stick to its HTML uses for now. Unfortunately, some of the more advanced elements of the DOM are still in a drafting phase, and as such are not ready to be used as standards. Meanwhile, browsers implement support in their own ways, lacking any sort of rules to adhere to. It's my hope that as these drafts are finalized into W3 Recommendations, that MS will include support for them as I know Mozilla will. Until then, browser detection will continue being a way of life for advanced client side scripting.

Re:There is something

[Rick_T]

> It has much fewer bugs and still retains all the
> functionality needed to have a decent web
> experience.

Let's get real here. Dillo is great to browse simple stuff like local HTML documentation, and it's good for checking on the local news sites (when it doesn't choke on them too badly), but that's about all it's good for.

It has some sort of annoying cache bug that lets it get "stuck" (refusing to load a document whether you hit reload or not) on pages like Google's search results.

As distributed (version 0.6.6), Dillo doesn't do any kind of authentication or SSL. It also doesn't do Javascript/Java. So it has to be *very* casual browsing. It also doesn't print.

(I use Dillo myelf for viewing local copies of web pages I make for my students. This is mainly because it's so FAST.)

Already fixed?

[Sj0]

I recall reading about this; those bugs were fixed before the bugs were reported this weekend.

Point 77 (Mozilla translations) is not really true

[Kiwi]

The problem with Mozilla's translation method is that it is designed in such a way that a translation team has to update a translation for every single release of Mozilla. That means that if a given translation team doesn't update the translation, newer versions of Mozilla have to be used in English.

In particular, if I wish to have Spanish-language dialogues in Mozilla, I (as of a month ago) can not upgrade to Mozilla 1.0.1 because none of the volunteer Spanish translation teams [1] has updated their 1.0.0 translations to version 1.0.1; instead they chose to direct their translation efforts towards 1.1 and 1.2.

Compare this to AbiWord, which has a translation structure such that, if a given translation team decides that meeting girls at dance clubs is far more fun than spending Saturday night translating dialogues, the translations still work for new versions of the program. If any new dialogues appear, those dialogues will be in English until someone steps up to bat to translate them, but any unchanged dialogues remain translated.

IE has an edge here, since their translation teams are paid; guaranteeing that any formal release of IE will be translated in to all officially supported languages. The disadvantage to this is, if a given language is deemed by Bill Gates to not be worthy of translation, you have to use the application in English (or one of the other official languages).

This structure causes Mozilla 1.0.1 to have translations available in languages like Estonian (a beautiful language [2] which has about, as I recall, 2 million speakers) but not in Spanish (which has more native speakers than English--about 325 million).

OK, thinking out loud, it should not be too hard to set up a perl script which unzips a translation for a given version of Mozilla, compares the labels against the English version for a given later version of Mozilla, and then translates all of the labels it can; leaving the untranslated labels in English. This would be far more productive than posting to Slashdot; perhaps a Mozilla guru can tell me if a tool like this already exists.

- Sam

[1] There are three Spanish trnaslation teams: One for Latin American spanish, one for Argentinian Spanish, and one in Spain. The Argentian is the most active group right now.

[2] One of my linguist teachers is a native Estonian speaker; she once talked to us in Estonian to demonstrate a language learning technique.

Re:Time to smell the roses

[xtinct]

the desire for standards compliance is so web designers can write their sites once and have it work everywhere, without having to worry about what browser the client is using...

however, your statement for using IE as a base for a standard is not only silly, it's stupid:

we've written an in-house webapp that only works on IE5.5+ (5.0 does NOT work, something in the DOM or javascript), and testing on IE6 i found using the javascript "prompt" command doesn't work and throws javascript errors -- but everything else seems to work okay.

so, for our in-house webapp, we require IE5.5SP2, because we can ( sidenote: i wanted to target mozilla). having a website on the internet cannot, for the most part, require any specific version of a browser. because they are all incompatible with each other... should we use IE3, IE4, IE5, IE5.5, or IE6???

so, which version of IE should we all use as the standard? and if you come up with a particular version, the penetration % is not nearly as high...

i'm rambling and responding to a troll... oh boy

I opened this thread with mozilla...

[gleather]

...and my crotch started to burn. Is that bad?

Let's not get ahead of ourselves....

[CoolVibe]

Mozilla is BIG. Web brouwser projects tend to be. That means lots of code. That also means more bugs than one would love to care about.

Sure, IE has bug, Mozilla has bugs, Konqueror has bugs, Opera too, has bugs. Big whoop.

Yes, they need to get fixed, but don't get your panties in a knot if another (or several) bugs are found. They get fixed. We get a better browser as a result of this fixing. Yeehah. We all win.

The whole buissness over IE is just stupid. I, as a UNIX user can't use MSIE because my *nix boxen (except for my Mac OS X and SPARC/Solaris ones) can't even run MSIE. So I use something else. Moz is nice. Konq is also nice. I understand people thing Opera is snazzy. Hey I can browse the web! yippee. Get over it.

Re:Obligatory Opera plug

[Sj0]

Try K-Meleon. It's a stable, quick version of mozilla. It also has a nicer interface, IMHO, and is brutally easy to make skins for(which, as we know, is all a web browser is good for -- showing off skins! :) )

Worked with Galeon

[dmaxwell]

I was able to access it fine with Galeon. I'm also using Privoxy which may nullify whatever lame Javascript trick kept you from getting through.

Re:Bug reporting?

[Khazunga]

If I can't do crap about fixing it, what should I do, stop using the www?

YES!!! Let me repeat that if you didn't get it:
If the software you are using has a security flaw with grave enough consequences, you should stop using the software.

Now, who can better evaluate whether a security breach is serious enough to stop me from using the software? Microsoft, or my organization??? Isn't this obvious?

And I don't come whining with the "users don't care" crapshit. I care. That's enough reason for Microsoft to release advisories when the flaws are found, not when they're patched.

Re:Here's two

[Yunzil]

2) View source opens notepad. I want to be able to edit, save (without it downloading the damn thing again!), and whatever.

File --> Edit Page

Entering HTML in a form

[Cardinal]

What you're looking for is over here.

Of course, it's a proprietary solution. A much better option is to implement a similar editing tool in JS/DOM that works in both Moz and IE6+ (Maybe Opera 7 if it actually includes some respectable DOM support)

Re:Bug reporting?

[corey_lawson]

...but what if the bug is "fixed" by microsoft saying, "you need to upgrade to IE6"?

These are only the publicly known bugs

[alanjstr]

I'm sure there are security bugs in Mozilla that haven't been made public yet. That was the problem with the onUnload(). It was known about for a long time, but not until it became public did it get fixed.

Re:These are only the publicly known bugs

[Chris+Pimlott]

Would you mind enlightening me about what specifically the bug was? The entry in the 'vulnerability database' was incredibly vague.

Open enough?

[KjetilK]

Well, are they open enough? their policy allows for not disclosing vulnerabilities.

The main reasoning seems to be that vendors should be able to protect their customers.

But what happened with the privacy leak recently found in Mozilla? Granted, it was a minor glitch, but it is nevertheless useful in studying how policy affects security.

Did it help end users that it was marked sensitive? Well, Netscape knew about the glitch when they shipped their browser, yet, they shipped it. On the other hand, the leak was patched shortly after the story broke, so the answer should be a clear "No!"

This is an example that it is not sufficient to have the sources open, you have to get some light onto the problems too.

Re:javascript?

[bunratty]

So is Mozilla's DOM implementation crappy compared to IE or what? I got into an argument with him about whether IE or Moz was better, and he said IE is a lot easier to design webpages for.

No, Mozilla just follows the standard.

The tipoff in what your friend says is "for IE". You don't design web pages "for IE", you design them according to the standards so that anyone using a standard web browser can use them.

Are your CDs designed for your brand of CD player? Is the television signal you get designed for your brand of TV? Is your friend's phone designed to work well with your brand of phone? NO! They're all designed to work according to the standards, so they all interoperate seamlessly. It's time for that to happen with the web.

Re:Bug reporting?

[Iamthefallen]

Would you? If I decide to stop using the web, how will I find out when a patch is released if I don't have a browser? Call a friend and ask him to look for it, download it, burn to CD, come over, and install it... Or, I take the risk that nothing will happen, go about business as usual and patch when a patch is out. Guess which option 99.99% will opt for.

Re:101 Reasons to switch to Mozilla

[afidel]

Alpha works in IE on the mac, then again that isn't really IE =) recently I found that most of the features I use that were lacking from IE (popup blocking, tabbed browsing and a few otheres) are taken care of by crazybrowser (www.crazybrowser.com), but I still use mozilla 99+% of the time. I guess the reason that I won't use IE even with crazybrowser is that there is no good email client with it. OE is horrible (on a fresh XP install I fired up OE6 because I hadn't yet installed mozilla and I wanted to check something, well I got my mail fine but the next time I launch OE it ate all my email! Never again.) Outlook proper is better but as a support professional I see it eat someones email on an almost weekly basis.

Mozilla Still Bug Ridden

[Naum]

I love Mozilla. I use it on Linux, on Win-XP and Win-2000. But there's a major bug with it on Win-XP that will not permit me to use the mail client and/or set extensive preferences. At random points, all of my email settings and preference (font, size, etc.) settings get wiped out and revert back to the default settings that come with the deal just after you install. I've tried various solutions to no avail, and even posted a problem record to their bugzilla setup that looked like it never even got a glance.

I think there is a newer version available - maybe that will solve my ills. I still use it as my main browser, though I like Galeon on Linux better - I haven't given Phoenix a try yet ...

news flash: people don't like automatic updates

[DunbarTheInept]

Like the subject says. Automatic updates are not a feature that will make people love MS over Linux. Even people who like MS would typically still prefer to decide for THEMSELVES when it's a good time to upgrade instead of having no choice over the matter.

Re:news flash: people don't like automatic updates

[jonadab]

s/automatic//;

Seriously, most people will continue using whatever was already on
the computer when they bought the thing, until the day they buy a
new one. This is generally a Bad Thing(TM) for all concerned, but
it's what people think they want.

Re:The one thing it doesn't do

[Sj0]

If you want to send me 30 dollars per call, go right ahead and fire away.

how do you know?

[DunbarTheInept]

I understand that it would PROBABLY tend to be be more readable, but on what authority can you make the statement that you know this is the case. You will only ever be able to see a very unrepresentative sample of closed source code. You can only see that closed source which is put out by companies you have worked for or are working for. That's what "closed source" means. So what are you comparing with to make the judgement that open source "tends" to be more readable. If you could make the comparasin with it, it wouldn't be closed source.

Why do you want Mozilla to have NTLM support?

[germinatoras]

Isn't NTLM an proprietary authentication protocol? There are plenty of existing, secure, standard HTTP authentication methods that are already implemented in Mozilla. If we implement every proprietary extension that various vendors create, we're shooting ourselves in the foot, to say the least. If the Mozilla coders create NTLM authentication, it's like saying, "Go ahead and deploy Windows with IIS and proprietary authentication instead of Apache and OpenSSL, we support you!".

Re:Why do you want Mozilla to have NTLM support?

[arkanes]

Because I write web apps for our lan, and I would dearly love to be able to use Mozillas superior DOM and javascript debugging tools, but I can't, because we use NTLM for everything. Cry.

Re:Why do you want Mozilla to have NTLM support?

[DigitalCH]

If you want Mozilla to be usable by corporations you got to support NTLM.

I have worked for numerous corporations that have hundreds if not thousands of applications written using NTLM. They can't recode these applications(cost and time issues) and we shouldn't expect them to. Instead we should make the browser support what is out there.

In fact I remember a meeting where someone brought up the fact that the html design of an application wasn't compliant with Open Source browsers. One of the people in the meeting made a comment that it was a moot point because open source browsers were unusable because they couldn't support NTLM so there was no point in worrying about it till they did.

Something to think about.

Re:101 reasons why not to switch

[Yunzil]

8. NEVER have i had this or heard of it happening

I had it happen to me back somewhere around 0.99. It always wanted to save .exe files with a .jpg extension, as in foo.exe.jpg. Made it kind of annoying downloading patches for Dungeon Siege. :)

Re:Bug reporting?

[roca]

This isn't true. We don't tell users as soon as a security bug is found, which is probably actually a good thing. What we don't do well, as this Register article shows, is publicising the bugs that we have fixed, even after we've distributed the fix in new stable releases.

Re:101 Reasons to switch to Mozilla

[arkanes]

ctrl-mousewheel zooms the whole document, not just the text.

number 23 - colored source viewing

[DunbarTheInept]

Number 23 on the "101 things mozilla can do that IE cannot." list was colored source viewing, with HTML syntax markup. This is NOT a win for mozilla, seeing as how in their attempt to add color highlighting, they screwed up the primary purpose of "view source" which is to try to determine what's wrong when a page isn't displaying right. Their color highlighting algorithm, whatever it is, tends to LIE about what the source looked like omitting things that it didn't understand.

Re:Not-zilla

[arkanes]

There's a big problem with typeing "mozilla.org" and clicking on the big link that says "windows installer download"? I mean, how stupid of people do we have to allow for, anyway?

Re:Bug reporting?

[Dave_bsr]

...but what if the bug is "fixed" by microsoft saying, "you need to upgrade to IE6"?

Last I checked, updating Internet Explorer required you to only upgrade IE, and required you to reboot after install. There isn't much of a comparison there.

Re:How about https? -- check for mozilla-psm

[MAXOMENOS]

I had this same problem running Mozilla 1.0.1 (Ximian version) even *with* mozilla-psm installed. Apparently this was a problem with the RPM rather than the actual software. I fixed it the dumb way, by upgrading to 1.1.

Re:Mac version of Mozilla *is* usable

[donutz]

My wife's been running Mozilla 1.0 or so on a Mac OS 9.2 system, and while her computer has crashed a couple times while using Mozilla, it crashes equally as frequently using Internet Explorer. It's definitely useable on a Mac.

Re:Bug reporting?

[Dave_bsr]

sign up to a security list. plenty of free, easy email readers that *are* secure. If you know that your browser has a problem, either get the patch or switch to something else temporarily. If neccessary, use lynx. :P

For me, it's nice to have an upgrade setup that doesn't require IE.

Re:number 23 - colored source viewing

[bunratty]

Could you give an example or a bug report that describes this problem?

Excellent point

[Dave_bsr]

Excellent poing, kalidasa. I was about to say the same thing, but don't have to now. If us IE-bashers were whining about bugs in IE 5.000 that were patched in 5.01, or *gasp% 6.X, we would get yelled at.

Summary: There are securtity bugs in older versions of mozilla. As of now they are patched! Crap-ola! : )

Re:Excellent point

[Dave_bsr]

Summary: There are securtity bugs in older versions of mozilla. As of now they are patched! Crap-ola! : )

Hrm. "securtity." So where do i get these "secure titties??" :D

Re:Excellent point

[Erik+Hollensbe]

"Secure Titties" generally require things like:

1) A Ring
2) An Expensive Wedding
3) House
4) Kids

Not all that fun anymore eh? I'd prefer 'titties with security holes' that I can fill myself :)

This shows they did the right thing

[Arker]

I cut and pasted the link and read the whole thing. You're wrong, they're right.

In other words it is not GENERALLY acceptable that the page width is unpredictable e.g. that it depends on the length of the page.

Hello? HTML 101. The page width, and any other physical attributes of the output device, are unknown and unknowable. That's the entire point to the abstraction involved in HTML, as opposed to .pdf or something. You don't even have to have a screen to parse html to, the end user may well be using a reader. The entire point to using HTML is to mark up the content in such a way that the browser can then determine how to best present it.

Seriously, people like you are killing the web, choking it to death with your bullshit 'I'm a designer' attitude and it really pisses me off. People worthy of the title 'designer' in any field know enough to educate themselves about a particular media before they use it, but for some reason 'web designers' seem to almost universally feel that it works the other way around, that the media should adapt itself to their goals. It's like whining that charcoal needs to be fixed because it doesn't allow you to use colours.

Re:This shows they did the right thing

[c13v3rm0nk3y]

Hello? HTML 101. The page width, and any other physical attributes of the output device, are unknown and unknowable. That's the entire point to the abstraction involved in HTML, as opposed to .pdf or something.

You don't have to shout, I can hear you just fine.

Seriously, you are making my exact point. This is why designers will use relative widths to ensure their content can be rendered nicely in a variety of interfaces.

My assertion is simple: the existence or non-existence of a height scrollbar should not change the relative width of the viewframe. The scrollbars belong to the application, and not the content. I don't know any designer or user who expects a scrollbar to cause a reflow of the contents, shortening or lengthening all responsibly stated relative widths by X pixels.

You are right: designers should expect the width and height to change. This why we have used percentiles to describe relative widths to make sure things flow nicely, regardless of the interface. Having a situation where the width changes on arbitrary changes to height is, IMHO, plain stupid.

Anyway, if the history of that bug, and the conversation threads here say anything, it's that this is not one of those cases where anyone is concretely "right" or "wrong". This is a usability issue, and I would challenge the Moz team (or anyone else) to submit this behaviour to a battery of real usability tests. If it was determined that the majority of users and designers don't mind how a good number of existing pages render, then I'd reconsider.

Until then, I'm not convinced.

Re:This shows they did the right thing

[Arker]

You don't have to shout, I can hear you just fine.

Good. At least one way in which you're different from the usual self-proclaimed web designer.

Seriously, you are making my exact point. This is why designers will use relative widths to ensure their content can be rendered nicely in a variety of interfaces.

And, before doing that, think about whether or not there's really any need to use frames to begin with. There almost always is not.

My assertion is simple: the existence or non-existence of a height scrollbar should not change the relative width of the viewframe. The scrollbars belong to the application, and not the content. I don't know any designer or user who expects a scrollbar to cause a reflow of the contents, shortening or lengthening all responsibly stated relative widths by X pixels.

That's the best argument you had, for sure, unfortunately it was not the first or the loudest. Most of them were quite senseless - for instance claiming that this behaviour was inconsistent with all other browsers which is absolute nonsense - I think the only browser I've seen that does what you want on a Mac is Opera. IE for Mac, NS4, etc. all do the same thing as Mozilla.

So this is a much better argument, yes, but it still fails. Yes, I agree that scrollbars are part of the application, not the content. But many of us do expect that scrollbars are only displayed when needed, they behave that way in numerous instances on numerous different platforms, and it seem quite the sensible way for them to behave.

The fact that you're worried so much about a handfull of pixels tells me you want to control the presentation layer, which is exactly what I disagree with.

You are right: designers should expect the width and height to change. This why we have used percentiles to describe relative widths to make sure things flow nicely, regardless of the interface. Having a situation where the width changes on arbitrary changes to height is, IMHO, plain stupid.

But whether you think it's stupid or not, as a web designer, it's quite simply not your concern. It will happen on some systems, not on others, and it doesn't matter one bit either way.

BTW I looked at your test page, in Mozilla and IE on Mac, and frankly I think you've gotten very worked up about nothing at all. Both of them have the behaviour you object to, and I seriously doubt that one user in 10,000 would even notice it, let alone care. And if I were you, I'd have avoided even the (IMOP tiny) potential for annoyance here by not having used frames to begin with.

Anyway, if the history of that bug, and the conversation threads here say anything, it's that this is not one of those cases where anyone is concretely "right" or "wrong". This is a usability issue, and I would challenge the Moz team (or anyone else) to submit this behaviour to a battery of real usability tests. If it was determined that the majority of users and designers don't mind how a good number of existing pages render, then I'd reconsider.

Well that would be quite expensive of course, but if you'll foot the bill I am quite certain I could probably use the facilities here for the testing.

Until then, all we have is anecdotal evidence, but it certainly seems to me that the current behaviour has as many fans as critics, and that the whole issue is so incredibly minor it just seems absurd to me that you seem to feel it's so important.

I agree completely that this is indeed a case where there isn't necessarily an iron-clad 'right' or 'wrong' behaviour of the browser, but there is a definate right behaviour of the designer, which is not to obsess about pixel-level layout issues.

HTML isn't about pixel level control, it's about making content accessible. I haven't seen anything, here or on bugzilla, to even suggest credibly that this is the usability issue you seem to think it is. And the worst thing they could do for Mozilla would be to start 'fixing' things like this - it's bad enough they wasted as much time as they did talking about it. It's not a bug, at worst it's a 'quirk' - and hardly a noticeable one to anyone not fixated on pixel level control it looks like to me.

Re:This shows they did the right thing

[c13v3rm0nk3y]

...think about whether or not there's really any need to use frames to begin with. There almost always is not

Whoops. I think there may be a misunderstanding here. When I say "viewframe" I mean "the part of the page that you can see in the browser, bounded by what may or may not have scrollbar controls". I don't mean Netscape framesets, and I don't think anyone else in the Moz bug meant that.

Note that I only mentioned pixels in in my previous reply because there was a thread in the bug posting talking about how to paint the scrollbar on (or under) the content, and what width it would be (since it is absolute, and not affected by "normal" page mark-up). I certianly do not measure my pages to the pixel, and do not use pixels in my CSS. I use only percentiles and ems. No tables (for layout) and framesets.

I've pretty much made my case as best I can in other threads, so I won't go any further into this for now. Suffice it to say that I subscribe deeply to letting the page flow as it may. I also know that scrollbars will either be there, or not, and that we cannot count on it.

Actually, this is my main reason for disagreeing with the decision to WONTFIX for this bug. Having an application control affect content offends my sensibilities. I suppose having a hack like reserving the (again, I'm using absolute dimensions because it was mentioned in the bug) 10 pixels for the missing scrollbar, or having a greyed-out scrollbar, or painting the scrollbar over/under the content offends others' sensibilties.

I don't know what the solution is, but I do know that the current behaviour seems wrong. Minor, perhaps, but wrong.

While helping a non-designer friend make some personal pages she remarked, "why do the pages jump around so much", when going back and forth between some top-level centred pages (the problem is most obvious when you have a navbar at the top that is X% wide, and the width changes only when you navigate between long and short pages).

"That's a long story", I answered. And is certainly is.

Re:This shows they did the right thing

[c13v3rm0nk3y]

I've heard this explanation, and I understand that this is not a simple thing I'm asking. Then again, I don't have the solution, I just have a beef with the current behaviour. I guess the Moz team had three choices:

1. Add the scrollbar, having it take up viewport space, triggering a reflow because the width has changed

2. Always have the scrollbar take up the space (whether it is visible or not)

3. Paint the scrollbar over or under the content when necessary

So, they chose (1) as the most correct behaviour, and I can almost see why. I almost want there to be a 4th option:

4. Draw the scrollbar, or lack thereof, on the frame of the application, treating it like a toolbar or button bar.

This is obviously not optimal either, but I just don't like the current behaviour, and mostly because simple, well designed pages will cause things like navbars to move out from underneath the mouse point. I think this bug came down to whether you consider the current behaviour "correct", and whether you found any other solution "elegant". Of course, what one person things is correct or not is a bit of opinion.

I'm pretty sure this horse is dead, so I'll shut up now.

Re:This shows they did the right thing

[c13v3rm0nk3y]

There isn't an easy solution. The tweaker in me would want to solve this in a better manner.

*shrug* Meanwhile, I just added a "min-height" property to one of my container CSS classes (to fix a column flow problem if a left-hand column was shorter than the right) which had an unintended side-effect of forcing the scrollbar always on in most user agents.

A hack, to be sure.

I don't know about whether people prefer always-present scrollbars or not. I don't think anyone of us here are in a position to say for sure, as all we have are anecdotal evidence (as far as I know). I do know that one non-designer I helped with a web site noted that her X% wide centred (via generic CSS, not tables) pages would jump around during simple navigation in Mozilla -- activity where she would not expect the content to reflow. She's savvy enough to know that she can't count on a particular sized viewport, nor would she want to; but it is jarring for some users to see things reflow on a gesture they didn't expect. It's pretty common to toggle back and forth between top-level navigation to make sure you got all the text and links to match up.

What could I say? From an end-user perspective, Mozilla could look a bit broken. I'd say a good number of people I know have noticed it, and either hated it or chalked it up as a user agent difference.

As a developer, I spend a good portion of my life saying "that's by design" in response to a bug posting or feature request. Sometimes I have to accept that this may not be good enough for some users.

I personally don't see the problem with always-present scrollbars that are greyed-out if not in active (as per Internet Explorer). It's just an application thing I can live with. This seems to be one of those things that really attracts strong feelings, so I'm not going to suggest it as a solution. It would solve a boat-load of problems and (to my mind) doesn't really introduce any new ones.

Anyway, I'd say I'm really done on this subject. Obviously I have an opinion, but contrary to the volume of this thread, I don't mind all that much. If there was an O'Reilly book called "Mozilla Annoynances", I'd expect this to be in there.

Re:Time to smell the roses

[Dave_bsr]

So you can't add attachements using a W3C standard browser because the company that owns the mail site, also owns a competing browser. sounds like a legal problem to me. PS - fake Hotmail into thinking your using IE, and your problem should be solved. There are ways to do it, IIRC, just google for it.

Re:Bug reporting?

user_pref("capability.policy.default.Window.onunlo ad", "noAccess");

[take out the space]

I love the fact that security bugs are made public. I can decide whether to implement a workaround, disable a functionility, switch to an alternative, or wait a few days for the binaries to come out for my distro.

Re:The one thing it doesn't do

[4of12]

Sure Mozilla may offer some neat "underground" type features but the one thing it doesn't do is offer the ability to talk to a support technician on the phone when it won't work properly.

You make a very good point. It certainly does reflect my experience to date.

Practically speaking, IT managers are a cautions conservative bunch, and when they rollout a product to the desktop they

• want,
• are willing,
• expect,
• and are suspicious if they don't have to

pay money for a deep bench of support.

In fact, that conservative view on making sure things are stable is why most companies are no where near the level of XP deployment that MS is trying to push onto them.

However, I think most Fortune 500 companies are like mine: mere mortal users don't talk with tech support at Microsoft or, heaven forbid, the actual programmer at Microsoft.

No, our support calls get culled and binned. When and if a local tech decides that it's a problem with say, IE, then he logs it with Microsoft. And we pay for that privilege.

Whether Microsoft does anything about the problem is a whole other matter. While we have gotten genuine concerned support on some occasions (not for IE, for Exchange), other times you get:

1. "that's not really a problem"
2. "that's an extension"
3. "we know about it already; it's fixed in the next Service Pack coming out RSN"

and where there's not a competing vendor for support that has the same kind of access to the source code. If we're unhappy with our support contract for Internet Explorer, then it's not like there's another choice.

With Mozilla, support outfits are going to have to compete based on how well they perform in a competitive environment - anyone and everyone has direct access to source code.

Mozilla support companies won't be able to rely on contracts that are artificially fattened, based on some exclusive access to the source code.

IT organizations are getting pretty tired of paying big bucks to MS and feeling as if they have absolutely no choice in the matter.

Mozilla gives them a new choice that they haven't had until very recently.

Being cost conscious, I think they'll look into it.

Stupid bug-submission contest

[shren]

I worked at a wave pool as a lifeguard. Some of the lifeguards that had worked there longer mentioned one year they had a "rescue contest" to see who could save the most people.

That year saw more "rescues" of people to whom the description of "swimmer in trouble" only fit loosely, if at all. To win the contest the lifeguards would jump in to rescue anyone who could even loosely be interpreted as drowning.

The contest got canceled. Why? All of the 'rescues' were creating a paperwork overload and a perception of a dangerous enviornment - while doing nothing to make the place actually safer.

I predict the same thing for the mozilla bug contest. Lots of submissions, lots of work to process and order the submissions, some negative publicity, and at the end of the day, few additional bugs are found.

So why'd you let it degrade?

[Inoshiro]

If they posted something off the point, you should've said, "Hey, in this case of standands compliant code, Mozilla is misrendering it because of the flow changes."

Instead you went off on a tangent. I've always hated IE's default scroll bar crap, being a person who never got on the IE train (the entire browser feels wrong.. the way it refreshes, etc.. it's a horrid caricature of browsing).

If Mozilla has an internal reflow which doesn't properly trigger when a page which is valid and standards compliant is viewed, that is a bug. File it as such, with that wording. When you sit and see 20,000 new bugs in your mailbox after coming back from a weekend somewhere, you will often times lose track of specifics, and bmark bugs as invalid based on the poor summaries people tend to write.

Re:So why'd you let it degrade?

[c13v3rm0nk3y]

I'm reasonably sure this is what has been said, over and over again. To be sure, the bug as posted was a misnomer. The original poster just knew something was wrong.

My point in posting was simple: in some very generalized cases, decisions about browsing behaviour have been arbitrarily made.

Perhaps it was a case of too many bugs in an inbox, or unclear explanation of the problem. There are example test cases listed that were submitted consisting of standards-compliant HTML that do the unexpected, with calm descriptions of the problem.

These voices of reason ended up being drowned out by the clamor on both sides of the "IEs permanent scrollbars suck!" argument.

Re:javascript?

[WebMasterJoe]

This is odd to me. Since Mozilla hit 1.0, I've been creating pages for Mozilla first, then checking them in IE and they always come out right. This is partly because IE makes lots of assumptions to cover up bad code (such as not closing tags). While that might seem nice, it really is a band-aid solution that only makes the application unnecessarily large and encourages bad practices.

Mozilla doesn't invent its own standards - why don't you look at the HTML code generated by MS Word if you want to see invented standards! Look at IE's "page transitions," which seem to exist only to alert you that the web "designer" found a "really cool feature" in FrontPage.

Lastly, Java was intended to be "write once, run anywhere." JavaScript was originally a Netscape extension in the browser wars which MS picked up on, and has now become ECMAScript.

And frankly, your url (http://www.geocities.com/scotthallexpress/Bio.htm l) doesn't lend you a whole lot of credibility in terms of web design knowledge. Anybody who has a Geocities Wrestling fansite (created with Yahoo pagebuilder no less) is going to have a tough time finding an audience to talk to about proper web design.

And even if they weren't...

[Alethes]

At least we know about them, and are able to fix them unlike with IE.

Re:And even if they weren't...

[cscx]

Jesus, it's the same old argument every time!! Have you ever dived into Mozilla's code? No? Then STFU. That is all.

Re:And even if they weren't...

[Alethes]

1) It's "the same old argument" because it remains true and there still hasn't been a valid rebutal to the statement.

2) I haven't had the need to dig into Mozilla's code, but I always have the option. When's the last time Microsoft gave you that option?

That is all.

Well said.

[sphealey]

In the future, you may want to consider being a little bit less snide about people posting feature requests. Feature requests give a project direction, by allowing the coders to get a feel for what people would like the product to be like. Scoffing at them is intentionally ignoring the requests of your audience.

Well said. The NTLM thing really puzzles me. It has been out there for almost two years. It is absolutely vital to acceptance of Mozilla at corporate sites (read "most of the marketplace"). Yet it doesn't seem to get any respect. Oh well.

sPh

Re:Bug reporting?

[gol64738]

yes, patches makes life easier when upgrading, but how about when you put a new system together. geez, now you gotta download patch on top of patch to get it all fixed up. don't forget one!

i like the fact that when i download the latest mozilla, that's it! nothing more to do than install and go.

Ahhh, banging the tired standards drum again

[mccrew]

>the interesting battle is to get enough users to use standards compliant browsers

Ahhh, the tired standards bandwagon... Here we go again...

developers can finally just write according to web standards and know their websites can work for more than 99% of users

Here's the clue: you can do that now. You code for the browser that has the 99% market share. Like it or not, that browser is InternetExplorer. With a fraction of a point in market share, the Mozilla-based browsers can only follow, and try to duplicate the IE experience, "standard" or otherwise.

Though we here don't seem to acknowledge it, real end users don't give a rat's ass about "standards". They just want to get their work done. Preaching about how a browser, which many claim has an inferior user experience (e.g support for "non-standard" stuff like flash, or whatever), fully supports some-incomprehensible-acronym standard is a losing strategy.

Please don't mention standards again. IE is the standard.

Re:Ahhh, banging the tired standards drum again

[mccrew]

WC3 is the standard, not IE.

Um, no. There are two kinds of standards, committee standards and de-facto standards. Of these, de-facto standards are most important, because they tend to address real-world user expectations and experience.

W3C puts forward nice, ivory-tower, theoretical committee standards, and it would be great if all players tried to conform to them. But to blindly insist on only following W3C standards and ignore the de-facto standards as dictated by the marketplace is arrogant and delusional.

In my experience, the people who express hard-core insistance on W3C standards, and disdain for de-facto standards, tend to be those who either don't have paying customers or run websites of insignificance.

The goal is to serve the user. Like it or not, the user uses IE.

Re:The one thing it doesn't do

[Just+Some+Guy]

I've never walked into a Fortune 500 company and seen Mozilla. I've also never let the public see me having sex. Neither of those means that it doesn't happen.

I used to use Mozilla all the time at a largish national phone company. Coincidentally, there was also that time at the beach...

Re:Yes, I've run into some of these

[cscx]

Does IE let you do that? Why do you need JavaScript in Mail anyway? I won't even accept HTML email.

First of all, IE is a web browser, not an e-mail client.

Second, I get a little yellow bar that says "This HTML message contains script, which Outlook cannot display. This may affect how the message appears."

Satisfied?

Different version of IE don't support crappy code

[JohnDenver]

What are you doing, throwing undefined variables at the prompt function?

I have no idea what you're doing to the poor prompt function on IE6, but it's works just fine on all our machines, our customers machines, etc.

Seriously, Maybe you should post the offending snippet of code so we can tell you what you're doing wrong.

Re:NTLM auth - download it here!

[Jens]

http://toastytech.com/evil/msproxy.html has a proxy server which inserts those stupid NTLM headers so that I can use Konqueror and Mozilla at work to browse through Philips's NT proxy. (The funny part is that I HAVE to use Linux becaus our current project requires it, and I don't get a second machine to use the net, so I have to do it this way.)

I also use http://ttcplinux.sourceforge.net/tools/stunnel to use SSH via HTTPS, because the firewall here doesn't forward anything other than HTTP and HTTPS, but allows HTTPS to any port. Go figure. Type "gg:firewall-piercing-howto" in any Konqueror URL to get more information.

Re:Ignorace != Missing Feature.

[cant_get_a_good_nick]

JavaScript Debugger...

IE has this too, though in a separate download. Probably makes more sense, ma and pa probably aren't gonna debug that game that you screwed up your coding on.

Utility for debugging JavaScript.

ahh so thats what that does.

You can't control the user agent.

[ubernostrum]

This is a fundamental rule which you are flaunting. As I've said, if you need things to always be exactly the same width, you must specify their sizes absolutely. You might even want to resort to JavaScript to resize the viewing area.

But when you persist in complaining, you remind me all too much of people who put notices up that their sites are "best viewed" on a particular OS/browser/version/resolution/color depth, and that's hallmark bad web design.

Re:You can't control the user agent.

[c13v3rm0nk3y]

I don't know how you are getting that from me. I'm the last to say I want an absolute width, and have made that clear several times. I am using percentiles to describe CSS objects which are floated left. This is pretty generic. I am not flaunting anything. I have no problem with the width changing if the container the text is in, or near, changes.

I can't put it any plainer: I object to the scrollbar, which is an application widget, counting as any width in the viewable contents of a page. If it was anything else, I'd be agreeing with you, but it is a scrollbar. I do not consider the scrollbar a CSS object around which I must flow my content. If you do, fine. This is what the bug is essentially about. Some agree, some don't.

It's pretty common to build a site with a common navbar across the top. If some of those pages happen to have a maximum height above the viewport, and some that do not, navigating between the pages does two major things:

1. Causes the right margin to jump by however many pixels the scrollbar is set to

2. Causes the hyperlink that the mouse pointer is currently under to move away from the pointer

This last is especially insidious. UIs where gestures cause controls to move away from the the pointer are just bad.

From a usability standpoint, I cannot agree that this is not a problem. Scrollbars are part of the chrome, and not the content. Gestures shouldn't move the UI around in unexpected ways. An interface that encourages this behaviour is flawed.

The first item just makes Moz look unpolished unfinished. It's a graphical browser, for crying out loud! It should look good.

It should be easy for designers to develop simple pages that do not violate good usability. It should be easy for Mozilla to render standards-compliant pages in a friendly manner.

Mozilla is the only browser that does this, AFAIK. This is not a user agent issue. It is an application issue squarely in the domain of the Mozilla presentation code. Just because we can access the application chrome with a URL doesn't mean we should, in this case.

Just to make it clear, I am not trying to establish an abolute size. I am not trying to enforce a particular width. I am objecting to 60% + 20% in a simple CSS property that is changing because of an application control, and not content. I have no problem with reflows being forced due to content changes. Scrollbars are not content. If you must disagree with me on this, so be it. Please do not conflate my issues with usability with any type of fixed or absolute positioning.

#102

[JimR]

They missed out a feature that I found extremely useful and find it annoying that it's not there in pre-1.2 Mozilla, which is Ctrl-Shift-F takes you straight to your defined search engine (which is Google if you have a clue).

... or maybe IE does this - I wouldn't know as #49 means I can't use IE (even if I chose to).

Are you sure IE can't do those things?

[HorsePunchKid]

I started on this, but don't have the time or patience to complete it. IE really can do a lot of those things. I hate IE, despite the fact that I use it every day. But at least I hate it for reasons based on fact. You'll have to read down the link provided in the article, so open it up in a different window or tab or something.

1. I don't use it (yet), so I won't comment on it.
2. Disable Javascript to disable popups. Not as good a solution, but it works fine for me.
3. Again, I can disable scripting altogether. There are also some "advanced" security settings that give you some control over these.
4. Woo-hoo! This is actually very cool, and I wish IE would just do it.
5. Same in IE, but whether they're better may be a matter of opinion.
6. As far as I know, it is possible for third-party developers to make sidebar plugins, but I don't use them anyway.
7. Yeah, more sizes would be nice, especially for presentations and when people are looking over my shoulder. The "shortcut" is that you hold down control and use the scrollwheel. Quite nice, actually.
8. I assume this doesn't work properly in IE. You shouldn't use absolute font sizes on the web, anyway (think accessibility).
9. Yes! I also love this feature.
10. This is available under File -> Properties, but it sounds like it's not quite as complete as Mozilla's. Combine with View Source and #11 below, and it's all there.
11. This is part of the "Web Tools" or whatever MS calls it now. They'll give you the complete DOM representation of the page.
12. Definitely not available in IE. How useful is it? (I know that's not the issue at hand, though.)
13. A minimal amount of customization is available, largely through the windowing system. Fortunately, the "theme" that they have (nasty Windows widgets) is at least generally consistent with the rest of the operating system.
14. "Displays more informatin" doesn't sound like a "can't do" kind of thing. Fact is, it does display some info, even if it's not the best.
15. Sweet. Can't quite do that, but the "Quick Search" thing that MS provides sounds similar. I have it set up, for example, so that when I type "dict lentiform" it maps to "http://www.dictionary.com/search?q=lentiform". I have similar mappings for the Java API, AcronymFinder.com, etc.
16. Nice.
17. IE just does it differently. The funtionality is still there, and perhaps difficult to get to for the novice. But then is a novice going to be doing this, anyway?
18. See #17. I don't have to "search around my filesystem". They're in exactly one place, which you can get to through a control panel in IE.
19. ...

Not such an excellent point after all

[Anonymous+Brave+Guy]

Unfortunately, what you say is not quite true. While most of the six bugs on BugTraq were fixed in Moz 1.0.1 or 1.1, there is still one outstanding. And bear in mind that 1.1 is actually the current version of Mozilla. There's a beta out of 1.2, but I tried it and reverted to 1.1 when lots of basic stuff broke (and from other posts on this thread, I am far from alone). So in fact, there are security bugs in the current version of Mozilla, and they are not yet patched.

Rebuttals and why "fix-your-own-bug" doesn't work

[Anonymous+Brave+Guy]

It's "the same old argument" because it remains true and there still hasn't been a valid rebutal to the statement.

Here's your undeniable rebuttal: there are still security flaws in the current version of Mozilla.

Would you like to take a quick look at the code, and point out where to fix the remaining one of these six bugs, which is still in 1.1? I'm sure they'd be grateful to receive your patch.

Now, me, I like Moz. I use it in preference to IE most of the time, though I keep the latter around because Moz is too picky for its own good sometimes. I've even taken a look at the source code to see whether I might be able to help out, and one of these days I may submit a patch or two if no-one else has gotten there first.

However, having done that, and speaking as a guy who writes software for a living, I can promise you that most people who use Moz could not just go fix such a bug if they wanted to, even with the source code available to them. And bear in mind that the user base of Moz is likely to be considerably more technically competent than the average PC user.

Most development on big open-source projects is still done by a very small group of people, with a second layer of enthusiastic volunteers who are prepared to spend the time learning enough about the overall framework to get into it and write the patch they want. It takes a very significant amount of time invested before you can do this, which is why most people never will. Anyone who hasn't gains no benefit from the open-source nature of the product, as they are still dependent on third parties for both the code, and assurances about its security and robustness.

IE is the standard for *users*

[Anonymous+Brave+Guy]

IE is effectively the standard for end-users, at present, yes. However, it very much is in the interests of those users for the developers to get standards compliance out there, simply because the current standards allow those developers to do way more than IE's hacks. If you're talking about improving the user experience, you have to talk about letting developers use the cool tools instead of writing hacks to get IE to behave itself, and only write the damn thing once, so they can spend the rest of their time improving usability and such.

Also, note that IE's 9x% market penetration is only if you count all its currently popular versions, each of which behaves very differently in some key areas. You cannot write one page in "IE HTML" and expect them all to display it correctly. That kinda defeats the whole "you should write for IE" argument without further ado.

A few more ones where IE is way ahead

[Anonymous+Brave+Guy]

The one you mention about not saving the address is annoying as hell, I agree. Here are a couple other pet peeves of mine that I really wish they'd fix...

• Contrary to the 101 list's claims, some basic XSLT support is missing from Moz at present. Try using xsl:number anywhere. There are numerous bugs in about this, and apparently it should be fixed in 1.2, but the advice they gave previously was "don't use it". They don't do much work with XML/XSLT, do they?
• My #1 biggest Moz peeve in the universe: if a page is served with the wrong MIME type, Moz in standards mode insists on ignoring it. Say what you like about standards compliance, this sucks when it doesn't get CSS or XSLT stylesheets properly. I'll take an IE that renders the page sensibly over a holier-than-thou Moz that doesn't any day. If the web designer provides the right content in the file, and I as the user ask to see it, one wrong text string from a server shouldn't screw it up.

My favorite bug

[Hard_Code]

My favorit

My favorite bug is wh

My favorite bug is when mail cras

My favorite bug is when mail crashes whenever I tr

My favorite bug is when mail crashes whenever I try to sen

My favorite bug is when mail crashes whenever I try to send a message

Re:i had no probs 1.2b linux and windows

[Anonymous+Brave+Guy]

It seems to be hit and miss, but for some people, basic functionality like saving downloaded files seems to be messed up. My guess is that there is/was a bad build around somewhere on the beta site, and a whole chunk 'o stuff doesn't work in that build. I'm sure they'll fix it before 1.2 is released, it just means that some of us who'd like 1.2 features now can't have them yet, which is a shame if we're going to go bashing IE about security flaws. ;-)

This is expected behavior.

[ubernostrum]

And not at all "unpolished" or "unfinished". When I am using an application and it does not need a scrollbar, I expect the scrollbar to not exist. When a scrollbar becomes necessary, I expect one to appear. I also expect that since the scrollbar takes up screen real estate, the viewing area of my application will be decreased by the size of the scrollbar.

That seems quite logical to me. And it's exactly what Mozilla does. If you dislike that, it's your prerogative. But it's not a serious issue to a lot of people, the Mozilla developers included.

But to reiterate, what you apparently want is to control the user agent; rather than understand the quite logical reason why this behavior happens and adapt to it, you wish to dictate the UA behavior and have it conform to you. This is, in my mind, a serious no-no of web development.

Re:This is expected behavior.

[c13v3rm0nk3y]

Well, we will just have to agree to disagree. I don't consider a scrollbar part of the content, and don't care if it is there or not. I object to an application control behaving as a CSS object.

I build pages that flow well in any reader, be it Lynx, screen readers or a graphical browser. I leave the flow up to the user agent.

It may be "logical" to you, but when I build applications, I tend to not have my application controls be part of the user's data.

I'm pretty sure this horse is well and dead by now.

one thing that IE does that Mozilla doesn't

[nomadicGeek]

I've grown used to typing 'google' and hitting ctrl + enter and having the http://www. and .com added automatically. I really miss it when using Mozilla. Is there a comparable function?

That's never happened to me

[cascadingstylesheet]

Mozilla is my main mail client now, on Windows XP, and that never happens to me. Maybe I'm just lucky, or maybe there is some other issue at work here, but I thought I'd share that.

Re:The one thing it doesn't do

[Ars-Fartsica]

Todays market, more than ever, relies on support for a product and this is where Microsoft wins all the big corporate clients while Mozilla and other non coporapte sponsored rpoducts remain as basically toys used by tech saavy teens.

Has anyone EVER phoned Microsoft for tech support for IE? "Hey I was having a problem because IE kept crashing so I just picked up the phone and talked with their cheif engineer! Problem solved in just two minutes!!" Yeah right.

I've never walked into a Fortune 500 company and seen Mozilla running on a PC. Never.

I see far more Chrylsers in the parking lot at work than Ferraris. That must mean Chryslers are better.

101 things perha[ps, but...

[Skim123]

there's no way I'll stop using IE until there exists the equivalent of the Google toolbar for Mozilla. I don't know if I could function without it.

Re:101 things perha[ps, but...

[horza]

there's no way I'll stop using IE until there exists the equivalent of the Google toolbar [google.com] for Mozilla. I don't know if I could function without it.

I don't know about Mozilla but Phoenix certainly has it. It's much better than the Google toolbar as with one click I can make it search the online PHP or MySql documentation (as well as other things). Phoenix is faster than IE on my machine too.

Phillip.

Re:101 things perha[ps, but...

[Skim123]

I actually use Phoenix on my box, but IE runs faster for me, I guess YMMV.

What's nice about the Google toolbar, and I don't know/think Phoenix can do this, is when you view a page you can click those little search term buttons to be automatically taken to the first occurrence, then the next, etc. Use it all time time, much faster than doing Ctrl+F and typing in the word. (Also, the Google toolbar, as you probably know, allows you to highlight the search terms on the page with a click of the Highlight button, and the "Search Site" feature it very nice... can Phoenix do that?)

Just add Reason 102...

[wirefarm]

102.) If you don't like Mozilla, you have the option of uninstalling it.

Why would I want to have IE on a dedicated database server box?

Cheers,
Jim

The one option Mozilla desperately needs is

[Zapdos]

Being able to associate external applications with mailto: and news: I prefer my email client and my newsreader. The corporation, I work for, paid for the email client they use, and would never consider using a browser that would not use their preferred email client. This really affects the usability of the product. They will have to add this feature if they want us to adopt mozilla or Netscape for use in the business world.

More things IE can do (and other crap on the list)

[Tensor]

I REALLLLY wish the guy(s) who wrote the article had at leat used ie a couple of times in their lives. This is exactly the thing that makes M$ say us OSS supporters are full of crap.

IE is not all evil, i use moz, opera, and ie when making sites, but usually i browse with ie. I like it. Sorry.

2) is this really good? some sites use popups to show important information, when it only blocks popup ads call me, otherwise i will still use hosts.

3) IE does it on closing windows and setting 3rd parties cookies

4) IE provides a list of all links in a document and all images in a document in a separate window (d/l ie powertoys)

5) CTRL-I

7) CTRL-wheel

8) fixed size is fixed for a reason (hence its name)

11) see 4

16) when clicking add to favourites, check the "make avail offline box" it works in reality, not in theory

23) The edit button is configured automatically with your HTML editors, dreamweaver, Homesite, TopStyle and SlickEdit currently in mine. So no notepad.

25) ie has this, error by error (tools, internet options, advanced, inside the browsing cat)

26) ie has a debugger, its a POS but its there. (same place as 25)

27) Ie does the same but it searches the web for that term (maybe part of the powertoys) currently using yahoo in mine (dont use it so i dont know if you can change this or not)

30) clck the search button then on customize, you can even choose an array of searchers.

31) ie does this since 3.0

32) ?? which ones use it ?

33) you must be joking if you think this is good.

34) ie does this since 5.0

36) ie does this since 4.0

38) autocomplete its there since 5.0

41) view source? so it uses notepad... takes 1 sec to open it.

44) ctrl-wheel changes font size, ctrl-shift goes back & forward

46) comes preinstalled (ok, not a good point, but what's easier than that). Its installed off the net if you dont have it.

49) mac has ie too so it is cross platform.

I got bored ... all the rest are too technical. but i see it supports the tag ... WOW ! and PNG transparency ...

IOW a complete re-download

[DABANSHEE]

nt

both are the go

[DABANSHEE]

It's called choice

It works in 1.1

[Quila]

You can also go to Edit : Preferences : Navigator : Internet Search and set your default search engine to Google.

Then type your search criteria into the address bar and hit the Search button; you'll get the Google results.

Re:It works in 1.1

[nomadicGeek]

That helps but IE will insert the http://wwww and .com to anything. Thus if I type cnn and hit cntrl+enter, it will put http://www.cnn.com on the address line and bring up CNN. It is fast and I've grown pretty used to it.

Eezer good, eezer good

[Bazman]

101. Giant lizards are cool
Much more exciting than a blue e.

I know plenty of ravers who would deny that - some have probably even seen giant lizards after a few too many blue e's....

Baz

It still works in Mozilla

[Quila]

I just typed in "cnn" and ended up with http://www.cnn.com/

there are always security bugs

[Khopesh]

i refer you to:
bug 159450
bug 95735
bug 152701 (fixed on trunk)
bug 157646 (fixed on trunk)
bug 164695 (fixed on trunk)
bug 171274 (fixed on trunk)

all of which are 'permission denied'
which almost always indicates a security issue.
see http://bugzilla.mozilla.org/show_bug.cgi?id=1.2
( slashdot is a blocked referrer, so no links)

Re:101 reasons why not to switch

[oliverthered]

since most filing systems don't save mime types more or less impossible.
You'd need end to end mime typing e.g. ftp that supports mime types.

Not part of content. Not part of data.

[ubernostrum]

This is the thing you're missing here...this is not anything to do with the scrollbar somehow being part of the content or "user data"; this is the scrollbar appearing and taking up screen space, which is inevitable; would you rather it obstruct content?. I prefer Mozilla's behavior to, say, a space reserved which would be empty otherwise, since that could make right-aligned elements look bad or possibly even throw them off.

And again, you are trying to control the user agent.

Re:number 23 - colored source viewing

[DunbarTheInept]

The actual HTML file had links in it that looked like so: href="foo.txt", but the view source displayed them with a fake space in the quotes like so href=" foo.txt". Since we were trying to debug why the link wasn't working at the time, this apparent extra space led us on a wild goose chase.

Re:Not part of content. Not part of data.

[c13v3rm0nk3y]

Ok, I'll let you get the last word in.

Err. Maybe not.

Ok, you win. I'm am trying to control the user agent. In fact, I'm trying to control all user agents, including the one you are using right now.

Seriously, I'm not missing anything, trust me. I've gone over this one-point-two million times, it feels like (once in the bug posting, once here). I'm not alone here. For every sane and logical argument you have for this decision, there are others with just as many sane and logical arguments counter to yours. You will ust never convince me that an applicaton control should effect the flow of content in this manner. It'll never happen.

I understand why this is happening, I just don't agree with the solution. I, in fact, don't have a solution, but probably would have chosen one of the other poor solutions.

This is one of those things we will have to just agree to disagree on.

Jim, the horse is dead.

New instance of Mozilla took 2 seconds.

[Futurepower(R)]

I've never understood when people talk about speed. On an 866 MHz Pentium III with Intel motherboard, loading a new instance of IE just took 3 seconds. Loading a new instance of Mozilla took 2 seconds.

Since Moz has tabs, I don't need to load a new instance. I can load a new tab in under 2 seconds.

It's essential, when running a Windows OS, to have plenty of memory. 256 MB is good for Windows XP. The virtual memory of Windows XP, for example, is very poor quality. Taking info off the hard disk is slow in any OS.

Make sure your hard disk is defragmented.