Slashdot Mirror
Firefox and Open Standards the Way Forward
lamasquerade writes "A major Australian newspaper has a lengthy and detailed feature on open source/standards, avoiding vendor lock-in, and specifically the increasing uptake of Firefox by major organisations' IT departments. It touches on security and price advantages of open source but mainly focuses on open standards -- the perils of vendor lock-in, and their importance to technologies like the Internet and digital music. Linux, OpenOffice.org and even Bugzilla get a mention and all told it is a very pro-open source/standards article, especially considering it is in a mass-circulation publication."
... it's in the other Fairfax paper too
Identical article, but shows that the coverage is even bigger than you might initially expect if you weren't familiar with Fairfax.
Screw you all! I'm off to the pub
...and wants its article back.
Substitute Firefox with Mozilla, and throw in a reference to The Cathedral and the Bazaar while you're at it.
These posts express my own personal views, not those of my employer
It's great to see a mainstream article taking this relatively well-rounded look at Firefox. There have been a million stories about how it has tabs and is free and secure, but that's just a part of the story.
Even if people don't care about any of the end-user features, it's important to support a more open Internet by using clients that at least make an attempt at conforming to standards. Many people may not care about this but there's no way they can care if they don't have the chance to hear about it.
"I'm staggered and close to offended that some businesses choose the risk of vendor lock-in, and I'm staggered by the timidity of some IT managers," he says.
There are a variety of orgranizations, large and small, that utilize open source technologies. As was pointed out in a recent thread about the looming IE7, the lack of a centralized, push-button management tool for corporate customers is one thing hampering Firefox. Another thing are applications that utilize Active X and are dependent upon an MS browser as part of their platform. Isn't a lot of high tier banking and insurance software like this; I've read that anyways?
I don't think it's timid IT people. As frightening as it may be, folks who are of my age bracket (28 this summer) are now being put into positions of leadership in technology. People who've spent 5 to 10 years with Linux and accept it. I can't imagine life without Perl and Apache. Simply unthinkable. Firefox and Google are part of this scenerio as well, which is what the author of the article is alluding to: a culture of open source software and open standards.
What I think is so great about Firefox is that it shows the promise of open source in full bloom and it speaks for itself. Nothing's worse than an OSS nerd trying to convince a normal person why they should switch to XYZ program or platform. Not that the reasons lack legitimacy; I'm just saying it's physically painful to watch because most folks don't want to hear it.
But plop a slick "modern car", as the article puts it, in front of them and they immediately reach for the steering wheel.
I Want To Believe
Of course major organizations use Firefox. A lot of the filtering software (i.e, Bess) only works on Internet Explorer (or whatever default browser they have). And if they can't play Solitare anymore, they have to do something...
Tluin natha Linux xxizzuss uriu olt bwael mon'tun.
"Which Australian paper did you say it was in?"
"A major one"
"Yeah, but which one?"
"A mass-circulation publication"
"Seriously, which one?"
"It has an article about open source!"
"I see".
The Internet is generally stupid
I work for a large company and sadly most of their intranet sites use ActiveX. This pretty much makes Firefox unusable to the point where most pages will display the dreaded non-IE page. There are ways around it for people that know what they're doing but for the average user it's a sad state. The cost involved in switching over to be compliant with non IE browsers is never going to be justified by the IT dept either I imagine this is the same with many large organizations and could be a stumbling block for Mozilla
In any case, it got me interested in De Bortoli Wines. So I checked out their webserver OS: Netcraft reports:
I wonder if they financed this article...? I mean, Firefox is pretty damn kewl.Make sure everyone's vote counts: Verified Voting
After a while, the Firefox uptake will slow and so will its overall satisfaction rates, seeing as how I'm already getting popups on some sites now. Sure Firefox is infinitely safer than browsing in IE for excessive reasons, but at the same time, it's only safe because the whole malware world isn't targeting it. When IE7 comes out, I can only imagine a handbrake-style stop in Firefox growth.
Anyone who is following the IE/Windows road-maps will find that the article is fundamentally flawed, in analyzing the intentions of the Vole. They are not trying to fight Firefox with better HTML and CSS compliance (though that is what they want people to believe). It is all about turning web applications into rich clients. In Longhorn, web sites can present a fully rich client to browsers through Avalon.
Although, I am gonna get burnt for ignoring the benefits of cross platform capability, rich clients do have some significant advantages over web pages. This is especially true when it comes to businesses. For intranet applications, cross-browser compatibility will NEVER be the deciding factor. Security too will not be, since the application will be trusted. Features however will be.
Personally, I don't like the idea of hundreds of powerful PCs simply used for rendering web pages. They are not that incapable.
I know XUL is similar, but I doubt applications will be built on that. IE is standard in most organizations. And most of the Firefox acceptance is since HTML is supported on IE and Firefox. Building an application that will work only of Firefox (with XUL) might be a more difficult decision.
Life is just a conviction.
Yeah, just like what happened to Apache becuase it has a bigger market share than IIS, right?
which I consider to be a superior product
And I consider a 1975 Skoda is a superior product to a Rolls Royce.
You must really like Active X as that is the only "advantage" IE offers that I can think of.
What hacks? The link you supplied is about a book which teaches several Firefox tricks, but not about designing Firefox-only websites. It's for those who want to learn how to take the most from their browser.
Yes, there are features specific for Mozilla browsers, but they are mostly for internal use (XUL, for instance). Not to mention they're all prefixed (CSS properties start with "-moz-"), so you know for sure when you're making something that is not standards-oriented, unlike IE's exclusive features.
I've been searching in vain to find exactly what standards Firefox supports (or the gecko rendering engine, or whatever is responsible for it). Is there some mystical list somewhere that will tell me what Firefox does and doesn't support? What about XHTML 1.1? Or full CSS 2.1?
It's superior because Microsoft didn't make it and Microsoft doesn't like it. That is reason enough for most people around here; whichever product is actually "superior" is almost irrelevant. Their apparent preference to use software which doesn't tie them to Microsoft does have merit, though. Due to Microsoft's extensive history of security problems (for whatever reason), I'd say any alternatives are a Good Thing, if for no other reason than that there are other options.
Moof.
I get more and more pop-ups in firefox every day.
is that bad....or good
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
We really need an "idiot" mod.
To save everyone the pain of having to read this cliche five times under every article, I am pre-emptively posting the formula here. From now on, rather than posting it, please simply read this, filling in the template with the appropriate year and item, and keep it to yourself; we'll all be better off that way:
"YYYY called and it wants it's _____ back!"
Thank you for your attention.
They had this interview with Theo de Raadt last October.
Theo de Raadt Interview
No. Active. X.
If you think that's three words, I got news for ya - X is a letter buddy.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Check out this from the article:
On standards, Firefox has an advantage over Explorer. That gives organisations latitude to commit to standards rather than to products. That in turn reduces the leverage that vendors have over customers.
Microsoft has hampered standards support in Explorer for five years with its go-slow campaign against the web. Standards-oriented page layout is not possible on most versions of Explorer (CSS box model). Explorer has never met standards for web document identification (HTTP MIME content types), or if one is supported, then simultaneously the other is not. Microsoft has shown an antipathy to web standards, because in the view of many they provide an alternative to the Windows desktop - Microsoft's core business. The success of web-based applications such as Amazon, Google, eBay, the open source Wikipedia encyclopedia and online banking point to the decreasing importance of Windows in a world where a web browser is sufficient.
Look, a major newspaper calling out Microsoft for its obvious "Go-Slow" campaign. When more and more businesses start understanding at this point, and more and more businesses start understanding the implications of the lock-in they have let themselves get into - then things will get interesting.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Messed up the italics - the full quote is:
On standards, Firefox has an advantage over Explorer. That gives organisations latitude to commit to standards rather than to products. That in turn reduces the leverage that vendors have over customers.
Microsoft has hampered standards support in Explorer for five years with its go-slow campaign against the web. Standards-oriented page layout is not possible on most versions of Explorer (CSS box model). Explorer has never met standards for web document identification (HTTP MIME content types), or if one is supported, then simultaneously the other is not. Microsoft has shown an antipathy to web standards, because in the view of many they provide an alternative to the Windows desktop - Microsoft's core business. The success of web-based applications such as Amazon, Google, eBay, the open source Wikipedia encyclopedia and online banking point to the decreasing importance of Windows in a world where a web browser is sufficient.
That'll teach me not to always use Preview...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Think a little smarter. Think compatibility with more standards than that 'other' browser. Your purported superiority is nothing more than another symptom of an anti-competitive monopoly exercising its evil powers. You see, there's a difference between quality and quantity. It's not that IE renders websites better, it's that too many short-sighted web designers write webpages which violate perfectly good and accepted standards so that IE is capable of rendering them (more or less) correctly. That's due to greater numbers of IE users, which in turn is due to the Microsoft monopoly (sorry, but it's true) shipping IE with their OS and making it impossible to really uninstall. Not only is IE the default choice for the overwhelming majority of PC users, there are actually barriers to making any other choice which have nothing to do with the relative quality of the browser. Worse yet, IE intentionally renders correct W3C-compliant code incorrectly - you have to assume it's intentional, as there are few places on this planet with a greater aggregation of programming talent than Redmond, WA. If they wanted it to render clean code correctly, it would. This deliberate perversion of web standards is nothing more than a transparent and immoral (and technically illegal, although intentional lack of enforcement renders that point moot) attempt by Microsoft to maintain a dominant position in the operating system market.
The preceding has been a waste of nearly everyone's time. You, being a troll, are uninterested in relevant facts. You are also unable to spell correctly or even to operate a spellchecker. Nor, apparently, are you capable of offering anything of substance to a conversation, and so you simply spout meaningless and poorly-constructed garbage in a feeble and pitiful attempt to garner the attention of your betters. The fact that the few responses are invariably negative serves, amazingly enough, to whet your appetite further. Why do you torture yourself so? Why do you yearn for the disdain and scorn of others? Can you not see that this path inevitably leads to a complete loss of self-esteem, and that you'll eventually wind up behind the counter at a Radio Shack (or [shudder] Best Buy), pushing cell phones and overpriced cables to the techno-retarded? You are truly a conundrum, o slashdot troll.
Wow. Slashdot forums in article form. Scary. :::shudders:::
Microsoft has always been a software company. And they may put out operating systems and be most-known for Windows, but really their goal is just to control software platforms. The reason they sell the X-Box at a loss is to push the DirectNext platform. They sell Windows, no matter how insecure, just to push their APIs.
Avalon and its related technologies are Microsoft's long-planned attempt to finally gain control of this Internet thing as its own software platform. It's the final fulfilment of the process that started way back with IE4, when Microsoft decided to do anything and everything to get rid of Netscape and prevent the Web from becoming its own software platform. Microsoft ignores web standards because that takes the control of the platform away from them. Right now, if you run a major website, you code for IE hacks and all and hope it works for "fringe" browsers.
Web developers will need to do absolutely everything they can and speak very LOUDLY to prevent the Web from becoming closed. Fortunately, it appears that Longhorn will not be as successful as it was hyped in previous years, but the fact Microsoft is porting a lot of Longhorn's technologies to XP just to get people to use it all is something to keep an eye on, as is the sudden announcement of a new version of IE7 which will no doubt take advantage of Avalon.
I just hope that they keep innovating.
Extensions for IE such as Avant and Maxthon can do pretty much everything that firefox can do (tabs, popup blocking, gestures), so don't get too comfortable with catching up based on a few features missing in the de facto standard.
Not everyone, sadly, cares about the free principles, open standards, etc.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Which web sites?
What version of Firefox?
Do you have Flash installed? Flash uses a loophole in popup-blocking, since plugins are actually different programs (or modules) and can use alternate methods to open popups.
To fix this, install Flashblock (requires you to click to open Flash movies/games (in other words, you have a choice not to open advertisements that create popups.
Adblock is another method that works well. Simply right click to block ads, and there are numbers of blocklists already on the web for you to import.
If you install these two programs (or else just uninstall Flash), I can guarantee that you won't see popups often if at all.
I understand that alternate methods exist, like tricking the browser into thinking it is a "requested" popup, but this can be disabled, and from my experience, I've never had a problem with this.
The last time I have seen a popup was when I was using a public computer, and I didn't have enough time to install Firefox on it. Even there, if you go to the right sites, you will see only at most one popup or so.
And before you bust out those "paranoia" modifiers, really think about Avalon. It delivers rich client support through the web. Microsoft is trying to leverage .NET and Avalon to eventually fully replace client-side Win32 with a web-based delivery platform. You'll use Office as a subscription-based service through the web, delivered through the web into your Longhorn browser and run as a rich client. None of it will happen immediately, but it's the inevitable process they're headed on, and you can see it coming a mile away. Microsoft is tired of fighting with this open, standards-based web thing and is creating their own software platform using the web, so they don't have to worry about the Internet anymore once everything goes to high-speed Internet2 where app delivery would happen in less than a second.
IE is a huge collection of cludges and hacks tied directly into the OS.
Firefox and Mozilla have had the benefit of learning from the copious mistakes of both Microsoft and the old Netscape browsers.
Neither open standards in general nor the state of Massachusetts program (which was recently interpreted to allow in Microsoft's proprietary formats) mean that users get software freedom. For this, one has to request the freedoms of free software and avoid software which doesn't users these freedoms. So, no, it's not "all about standards", it's partially about standards. Free software (with a mature license that has something to say about modern-day freedom-removing dangers like DRM and software patents) will give you open standards, but open standards will not give you software freedom.
Photoshop's ability to load and save PNG files doesn't mean I can inspect, share, or modify Photoshop to suit my needs. Depending on the license agreement and the method by which I have to install the program, I might even be restricted from running the software whenever I want. The closest free software image editing program to Photoshop is The GIMP. The GIMP's native image format is well-documented, at the very least, within the source code of that program which all are free to inspect, share, and modify.
Digital Citizen
Go on, tell the rest of the story.
Of 24 vulnerabilities in Apache, only two remain unpatched - that's about 8%. They're both local system vulnerabilities, not remote. Neither is rated critical. One of them has been around for a full year, but "This has been rated "Not Critical" because an administrative user of a proxy server can retrieve this information in other ways." Not a big deal, methinks.
Conversely, one of three (33%) IIS vulnerabilities remains unpatched, and it's a remote vulnerability within IIS itself (not the house of sand, sorry). Oh, and look at that - it has remained unpatched for nearly two years! OK, fine, it's only 20 months. But it's a current remote vulnerability that is rated "moderately" critical, whereas Apache has neither any open remote nor any open "moderately" or higher vulnerabilities.
Looks like 37% of the vulnerabilities in Apache are rated "moderately" critical or higher, compared with 67% for IIS. Several of the vulnerabilities for Apache only occur on Windows servers. The most severe ones appear to actually be the result of openSSL vulnerabilities. When one of these vulnerabilities is actually an Apache problem and rated "moderately" critical or more, a patch is (from what I could tell from reading Secunia) generally issued within two weeks, and often within days.
The IIS vulnerabilities were 1) fixed within a few days of announcement, 2) fixed within 5 months (!), and 3) still outstanding after 20 months. Fixed meaning that patches or workarounds were available.
The overall trend, based on the reference site you provided, is that Apache reports and repairs vulnerabilities quickly, but Microsoft takes their time about effecting repairs. Other stories have suggested that MS also have a tendency not to announce vulnerabilities until they have a fix ready, which suggests that the actual time between discovery and repair may be longer still than reported. Of course, Secunia doesn't have that information and so I shan't try to defend what is, after all, hearsay.
Doesn't appear that Secunia supports your assertion that IIS is more secure than Apache, either in terms of current known and unpatched vulnerabilities or in terms of security review and repair processes. You're welcome to disagree.
Things aren't looking so rosey if you look at the chart in the article. Apparently IE usage has increased from 20 May 2004 to February 2005, and Firefox use has decreased.
If this carries on, IE will have 97% in just a few months...
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
The solution to that is to create an XUL plugin for IE: then, people have an open choice and alternative.
(Yes, I know I can get it to work by changing the font size with ctrl-plus or ctrl-minus, but I shouldn't need to.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
[sarcasm]I have to agree here. IE and ActiveX is where web development is heading. I am confident that Microsoft will continue to support IE long into the future and will not drop support for it at an arbitrary time, like when something more profitable comes along or they change focus and my business is OK with that. I don't see that I will have any problems migrating my data away from any of their closed formats that I might be using, I won't have any problems updating their product with security patches, new features etc etc.[/sarcasm]
:-)
But, on the other hand there is a reason I am writing a point of sale system with mysql and gtk on Debian:
1. I can be confident that the system I am using is totally open to my every whim.
2. I can implement whatever feature I need/want.
3. My data will be in a format *I* want, and open to me for as long as it exists.
4. I can have an operating system/distro which suits my business (and not arrange my business to suit somebody else's product). (I am surprised at list of software I have patched/modified to behave the way *I* want and I am not even a great programmer).
5. I *own* my system in every sense of the word, one can only "license" a MS product for a non-specific amount of time.
I have been using Linux for seven years and still find new things and new ways of doing things. The flexibility and abilities are apparently endless, not last week I built my own very small distro just for kicks in an existing install, a single file including it's own filesystem and linux distro which I loopback mounted and chrooted to work on/run. After all these years I am still grateful I don't have to use inferior products anymore. I haven't even begun to touch on stuff like virtual machines but they look... well they are just amazing
Just think: People all around the world are working/developing on some great stuff *right now* , the possibilities truly are only limited only by *us* and not some company who mandates how/what we can do.
Mozilla-1.7.6 was just released this morning
Politics is Treachery, Religion is Brainwashing
Firefox is great for the home user but the lack of good support for patching and scripting installation / configuration of the core packages and extensions makes it a non-starter in the corporate world.
Get that sorted and it can take over.
I see many people talking about writing XUL plugins for other browsers, so people may start using that.
::sigh::.
Shame on you! First of all, XUL is *SLOW*. I really think it was a bad idea. Firefox has some major bottlenecks in UI responsiveness because of it. That's not really the big issue for me though. Quite simply, websites should not be applications. Period. I really don't believe in the idea, it annoys me. Let's keep the web simple, it's going to come to the point soon where you need a 1GHz CPU just to browse the web with any speed,
Well, I think on /. you could cut him some slack on a typo, given that you missed capitalisation of your third sentence ;-)
To answer your questions:
I'll accept that very light grey isn't a well-thought out colour if the page has a #fff background...
Using HTML in email is like putting sound effects on your phone calls. Just say <strong>no</strong>.
You can't judge the security of a software for its POPULARITY.
Firefox is safer because its design is ROCK SOLID. While it may have one or two buffer overflow bugs lurking in the shadows (and when discovered these get fixed rather quickly), but that's very different from saying it has a structural flaw *cough* activex *cough*, which allows REMOTE CODE execution. To have remote code executing in a buffer overflow, you have to CAREFULLY CRAFT the overflow. It just doesn't happen like magic. Buffer overflows are the hardest kind of attack to do on a certain software.
However, when you run an activex control (i.e. media player), that's remote code being executed directly. No "careful craft" and guesswork is needed. You compile your code and let IE run it. That simple. Whether IE considers it safe or not, that's a very different matter.
Firefox, on the other hand, has only ONE way to install "remote code": Firefox extensions. And these don't get published on a website on a daily basis. Have you ever seen a website saying "This website requires Firefox extension XYZ to be seen?
No, this is a habit inherited from Internet Explorer's activeX. As for flash, etc. running in Firefox, that's "plugins", not "extensions", and they're all provided by THIRD PARTIES, not the website in question. How are they executed? By handling the MIME Type for a certain object. And these are managed by Firefox, not the website.
In summary, saying Firefox is as insecure as IE6 is like saying that the three little pigs made all their houses with straw.
I wonder if you still use IE because "Firefox is as insecure, so what's the difference if I switch?" Yeah, great wisdom, indeed.
Actually, I think it's probably more to do with the fact that IE versions 4 and 5 were far better than Netscape 4, and the fact that Netscape (and then Mozilla) took far too long to catch up. Sure, alternatives to IE are better now, but there was a period when IE was simply better than the competition. Since they gained enough market share, there has been little incentive to improve. Hopefully pressure from FireFox / Safari / etc. will change this.
I am TheRaven on Soylent News
Firefox needs an ActiveX extension or plugin of some sort. Not built in by default, of course, but available for intranet applications in enterprises. Probably this kind of plugin would be a good candidate for a service (that's what open source is about, right?) to ease companies in migrating off browser-dependent software.
random underscore blankspace at ya know hoo dot comedy.