Slashdot Mirror
Firefox and Open Standards the Way Forward
lamasquerade writes "A major Australian newspaper has a lengthy and detailed feature on open source/standards, avoiding vendor lock-in, and specifically the increasing uptake of Firefox by major organisations' IT departments. It touches on security and price advantages of open source but mainly focuses on open standards -- the perils of vendor lock-in, and their importance to technologies like the Internet and digital music. Linux, OpenOffice.org and even Bugzilla get a mention and all told it is a very pro-open source/standards article, especially considering it is in a mass-circulation publication."
I work for a large company and sadly most of their intranet sites use ActiveX. This pretty much makes Firefox unusable to the point where most pages will display the dreaded non-IE page. There are ways around it for people that know what they're doing but for the average user it's a sad state. The cost involved in switching over to be compliant with non IE browsers is never going to be justified by the IT dept either I imagine this is the same with many large organizations and could be a stumbling block for Mozilla
In any case, it got me interested in De Bortoli Wines. So I checked out their webserver OS: Netcraft reports:
I wonder if they financed this article...? I mean, Firefox is pretty damn kewl.Make sure everyone's vote counts: Verified Voting
Anyone who is following the IE/Windows road-maps will find that the article is fundamentally flawed, in analyzing the intentions of the Vole. They are not trying to fight Firefox with better HTML and CSS compliance (though that is what they want people to believe). It is all about turning web applications into rich clients. In Longhorn, web sites can present a fully rich client to browsers through Avalon.
Although, I am gonna get burnt for ignoring the benefits of cross platform capability, rich clients do have some significant advantages over web pages. This is especially true when it comes to businesses. For intranet applications, cross-browser compatibility will NEVER be the deciding factor. Security too will not be, since the application will be trusted. Features however will be.
Personally, I don't like the idea of hundreds of powerful PCs simply used for rendering web pages. They are not that incapable.
I know XUL is similar, but I doubt applications will be built on that. IE is standard in most organizations. And most of the Firefox acceptance is since HTML is supported on IE and Firefox. Building an application that will work only of Firefox (with XUL) might be a more difficult decision.
Life is just a conviction.
Yeah, just like what happened to Apache becuase it has a bigger market share than IIS, right?
which I consider to be a superior product
And I consider a 1975 Skoda is a superior product to a Rolls Royce.
You must really like Active X as that is the only "advantage" IE offers that I can think of.
exactly, smh even managed to put the firefox logo on their frontpage (albeit slightly rotated for some bizzare reason). see it for yourself: jpg version or pdf version
*** I am the real stylewagon
I've been searching in vain to find exactly what standards Firefox supports (or the gecko rendering engine, or whatever is responsible for it). Is there some mystical list somewhere that will tell me what Firefox does and doesn't support? What about XHTML 1.1? Or full CSS 2.1?
It's superior because Microsoft didn't make it and Microsoft doesn't like it. That is reason enough for most people around here; whichever product is actually "superior" is almost irrelevant. Their apparent preference to use software which doesn't tie them to Microsoft does have merit, though. Due to Microsoft's extensive history of security problems (for whatever reason), I'd say any alternatives are a Good Thing, if for no other reason than that there are other options.
Moof.
I get more and more pop-ups in firefox every day.
is that bad....or good
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
They had this interview with Theo de Raadt last October.
Theo de Raadt Interview
IE is a huge collection of cludges and hacks tied directly into the OS.
Firefox and Mozilla have had the benefit of learning from the copious mistakes of both Microsoft and the old Netscape browsers.
Go on, tell the rest of the story.
Of 24 vulnerabilities in Apache, only two remain unpatched - that's about 8%. They're both local system vulnerabilities, not remote. Neither is rated critical. One of them has been around for a full year, but "This has been rated "Not Critical" because an administrative user of a proxy server can retrieve this information in other ways." Not a big deal, methinks.
Conversely, one of three (33%) IIS vulnerabilities remains unpatched, and it's a remote vulnerability within IIS itself (not the house of sand, sorry). Oh, and look at that - it has remained unpatched for nearly two years! OK, fine, it's only 20 months. But it's a current remote vulnerability that is rated "moderately" critical, whereas Apache has neither any open remote nor any open "moderately" or higher vulnerabilities.
Looks like 37% of the vulnerabilities in Apache are rated "moderately" critical or higher, compared with 67% for IIS. Several of the vulnerabilities for Apache only occur on Windows servers. The most severe ones appear to actually be the result of openSSL vulnerabilities. When one of these vulnerabilities is actually an Apache problem and rated "moderately" critical or more, a patch is (from what I could tell from reading Secunia) generally issued within two weeks, and often within days.
The IIS vulnerabilities were 1) fixed within a few days of announcement, 2) fixed within 5 months (!), and 3) still outstanding after 20 months. Fixed meaning that patches or workarounds were available.
The overall trend, based on the reference site you provided, is that Apache reports and repairs vulnerabilities quickly, but Microsoft takes their time about effecting repairs. Other stories have suggested that MS also have a tendency not to announce vulnerabilities until they have a fix ready, which suggests that the actual time between discovery and repair may be longer still than reported. Of course, Secunia doesn't have that information and so I shan't try to defend what is, after all, hearsay.
Doesn't appear that Secunia supports your assertion that IIS is more secure than Apache, either in terms of current known and unpatched vulnerabilities or in terms of security review and repair processes. You're welcome to disagree.
Things aren't looking so rosey if you look at the chart in the article. Apparently IE usage has increased from 20 May 2004 to February 2005, and Firefox use has decreased.
If this carries on, IE will have 97% in just a few months...
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
(Yes, I know I can get it to work by changing the font size with ctrl-plus or ctrl-minus, but I shouldn't need to.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
An excellent article, but it fails to highlight the importance of open, transparent standards in security and authentication in general. I would like to be able to digitally sign my docs, but I won't do it with a proprietry format, supporting vendor lock-in. Similarly, email needs uniform, open encryption standards.
The web in general needs security without personal identifying info, or info submitted to one trusted base with forwarding of yes/no authentication to other sites that ask for it.
While buying a product I read Digital River's Privacy policy and it is truly scary. They will hand over my info to anyone 'law enforcement related' without telling me, and without a subpoena. Oh, and they'll tell all their buddies about me. Appropriately labelled 'Complete lack of privacy policy'.
Only open standards can get around this kind of problem.
I see many people talking about writing XUL plugins for other browsers, so people may start using that.
::sigh::.
Shame on you! First of all, XUL is *SLOW*. I really think it was a bad idea. Firefox has some major bottlenecks in UI responsiveness because of it. That's not really the big issue for me though. Quite simply, websites should not be applications. Period. I really don't believe in the idea, it annoys me. Let's keep the web simple, it's going to come to the point soon where you need a 1GHz CPU just to browse the web with any speed,
Netscape 4 was still good in 2000.
Netscape 4 was *not* still good in 2000. I used it exclusively, but only because I was too much of an anti-MS zealot to use IE (now I'm too used to Gecko-based browsers to use IE 6, but I digress).
NN 4 crashed at the drop of a hat, was dog-slow at rendering anything even vaguely complicated, and had to reload the page to resize it (which is utterly, utterly unforgivable).
It's official. Most of you are morons.
The huge difference is: now mozilla (firefox etc) is actually a good browser! We take it for granted now, but linux wasn't as fun before it had a good browser.
Linux has has good browsers for a while. Firefox is nifty and I run it on windows, but personally I still prefer Konqueror on Linux.
So, its the fault of "old-school" Unix hacks (now managers).
Ok -- I am one of those (grey hair, beard, used to be a Staff Engineer at SUN).
Now, Unix *has* been open. Open implementations, open specs. There was a strange kerfuffle with AT&T, along with some restrictions on Minix (that gave us Linux).
But -- we thought that EVEN if software wasn't redistributable, it should come with source. After all, its kind of useless without it. We thought that the OS itself is a commoditity. Unix is Unix is... Unix. Different flavour, same great taste. May not be the best, but certainly better than the rest.
Even DEC VMS came with source, for $DEITY sake! (on microfiche, but it *was* delivered). For $DEITY sake, it just needed gentle ASKING to get the source for SunOS!
It wasn't until these new-fangled micros came out that the source was COMPLETELY closed. CP/M-80 came as a binary only! The horror. So did MS-DOS, and Windows. Couldn't even get the source on microfiche for reference.
Now, as it turns out, Microsoft is a contemporary of SUN (I think Microsoft predates SUN by a bit). Still, the philosophy is different. SUN builds computers. They happen to need an OS. Microsoft builds OSs (but not for SUN computers).
Now, lets go one level deeper. The SPARC architecture is open. Windows is closed. MIPs is open; Intel is closed.
Yes, I have made money in the closed world. Shameful, but people seem to like it (check out all the games available on Windows). I just take offense to being pointed to as the "culprit" here.
We had user groups devoted to sharing source before you "younger folks" were born. Remember DECUS? Remember SHARE? All "open source" or OSS as you would see it today. Including OS, compilers, and application code.
Ratboy
(not because I am young -- because I get obsessed with detail)
Just another "Cubible(sic) Joe" 2 17 3061
Firefox needs an ActiveX extension or plugin of some sort. Not built in by default, of course, but available for intranet applications in enterprises. Probably this kind of plugin would be a good candidate for a service (that's what open source is about, right?) to ease companies in migrating off browser-dependent software.
random underscore blankspace at ya know hoo dot comedy.