25 replies to this topic

[markus]

http://www.eweek.com...,1774091,00.asp

I totally agree with the article.

[supernova_00]

Quote

...make sure to keep the browser patched up to avoid known security problems like the IDN (International Domain Name) bug.

First of all the dude needs to get crap straight and stop making it sound like firefox is at fault and the only one with the problem. This was not and is not firefox's fault, it is the fault of Domain registars and the browser, namely firefox and opera had to apply band-aids to fix those problems.

Quote

While Firefox does have an auto-update feature, the rollout of its first security patch, Firefox 1.0.1, was delayed for several days because of server overload problems.

Also misleading. Moz did not delay the release becuase of server overload problems, this was planned well in advance to do this.

Quote

It's not just Windows users who are facing a rocky upgrade route: Firefox 1.0.1 wasn't available for Linux and Mac users at all until several days later.

More like 16-24 hours later

Quote

Forget about trying to get new and better versions out. They're not going to be able to keep up on security fixes and bugs.

We aren't? We have hundreds of people capable of creating patches, only takes one to review a patch for a security fix in which any of the devs can check in be it asa, ben, mconnor, dbaron just to name a few and whose names weren't part of the "6" reviewers.

Quote

For example, it used to be that if you ran Firefox you never saw annoying pop-up ad windows. ... Today, instead of pop-ups, there are sites that feed you pop-unders: advertising windows that deploy under your current Web browser window, which you then see when you close your window.

It's annoying, it needs to be fixed, and if Connor is correct, I don't see that happening anytime soon. A Firefox extension, Adblock, can make the pop-under problem more manageable, but you must set it up manually for it to work.

Those are because of flash, we can't completly disable the flash popups because lots of sites use this legitly. IE even has the same problems becuase of flash pop-ups.

Quote

Here's the long and short of it. If the Mozilla Foundation and Firefox friends like Google don't start spending money—right now—to hire more programmers, more project managers and more servers, it won't matter how many ads in the New York Times Firefox supporters take out, Firefox will have already reached its high tide of popularity and we can only wait for the ebb to begin.

Umm no, we are no where near our high tide of popularity. And if the devs and hackers didn't have to rebutle and correct articles like that, we could spend more time on the browser.

[bangbang023]

Well the first page of the article sounds like whining, more than anything, although, in between that annoying writing, are raised some valid points. The girth of the article definitely comes in the second page, though, where Mr. Connor voices his concern over the slow pace of development. He has a point. Well, both men have points. People abuse MS for their patch release system, but at least it works right when they do release a patch. Fx definitely has some issues there. Also, it's taking a long time for things to get done and, like Mike says, I don't see how 1.5 is going to be out this year.

With Opera making some huge improvements and hype starting to build behind IE7, the Fx team needs to pull a rabbit out of their hat and gain back the steam they had in the last quarter of last year.

Heck, maybe they should spend less time worrying about guys like me using the name "Firefox" in my builds and actually work on the app itself.

[bangbang023]

Quote

Also misleading. Moz did not delay the release becuase of server overload problems, this was planned well in advance to do this.

They did plan it, though, to prevent server overload.

Quote

We aren't? We have hundreds of people capable of creating patches, only takes one to review a patch for a security fix in which any of the devs can check in be it asa, ben, mconnor, dbaron just to name a few and whose names weren't part of the "6" reviewers.

Even if it gets landed, an update isn't released. They don't release patches, only whole new builds, which takes too long.

Quote

Umm no, we are no where near our high tide of popularity. And if the devs and hackers didn't have to rebutle and correct articles like that, we could spend more time on the browser.

Firefox is already dipping in popularity in terms of hype and publicity. Also, the devs shouldn't have to respond to articles like this. They should be able to manage their time, firstly, and if these problems didn't exist, this article wouldn't even have been written.

Firefox's team is flawed, whether you wish to admit it or not.

[supernova_00]

I do agree that it is flawed at the moment but should be back to normal if not greater soon since no more Suite.

Most of the security fixes can't be fixed by just releasing a patch though, bummer there but I rather wait a few weeks for a whole new version instead of downloading firefox everytime a new patch is landed to fix a crasher bug or a security related bug. But generally when a security vulnerbility is found there is a quick fix that anyone compentent enough to click a few buttons and type about:config can fix themselves. Like how be tempoarliy disabled IDN support, disabling flash pop unders and at least a few others.

[markus]

supernova_00, on Mar 16 2005, 08:37, said:

But generally when a security vulnerbility is found there is a quick fix that anyone compentent enough to click a few buttons and type about:config can fix themselves.

*sigh* that is why open source will never get ahead!! Jesus and you think every tom, dick and harry know how to do that? why should I have to stay playing around with settings, and let's face it system admin's can't stay going around 'fixing' every browser around.

If MS used such a stupid mentality we would have never been were we are today!!

[supernova_00]

If it is so hard for someone to understand what I will write below then they should be shot.

1. In the address bar type about:config, next hit enter or the go key
2. In the filter bar type network.enableIDN
3. Double-click on the result below the filter, the line should now be bold
4. Close the tab and you are now safe from IDN spoofing

what is so hard about that?


Meant to put this in last post. MS doesn't release patches when they are ready, they wait up to a whole month afterwards to release the patch so not to make themselves look bad by having an update available every couple of days and having to make the users update their systems. Moz does the same thing, and like I said above "instead of downloading firefox everytime a new patch is landed to fix a crasher bug or a security related bug." as to not have their users bitch and moan every few days that they have another patch to install. Most things can't just be fixed with just a patch becuase of the way Firefox is secure and won't let certain things be changed by an api or whatever its called.

[kyro]

eweek =

[markus]

I did not say that it was hard to do, what I said was why should users have to do that!!

And MS releases patches after a month due to testing - they have to make sure that one patch will not break all the other software that is out there!!

And you said : "instead of downloading firefox everytime a new patch is landed to fix a crasher bug or a security related bug." Why should I have to download Firefox all over again? Imagine me having to donwload IE or Windows every time a new patch is released that would be insane!! having to install Firefox all over again everytime is just plain stupid!!

[supernova_00]

Like I said, becuase of security reasons a lot of things in the code just can't be changed via patches, and how would joe blow compile his own build after the patch was applied anyways. Oh and about MS so magically every first tuesday or whatever of each month MS somehow just releases all these patches that made it in just the nick of time for release day? I think not. A lot are fixed and tested and just wait for their release day every month. Why aren't these pushed as soon as they are ready via AutoUpdate?

[dhan]

oh you forgot one thing this is very intuitive !!!

supernova_00, on Mar 16 2005, 02:49, said:

If it is so hard for someone to understand what I will write below then they should be shot.

1. In the address bar type about:config, next hit enter or the go key
2. In the filter bar type network.enableIDN
3. Double-click on the result below the filter, the line should now be bold
4. Close the tab and you are now safe from IDN spoofing

what is so hard about that?
Meant to put this in last post. MS doesn't release patches when they are ready, they wait up to a whole month afterwards to release the patch so not to make themselves look bad by having an update available every couple of days and having to make the users update their systems. Moz does the same thing, and like I said above "instead of downloading firefox everytime a new patch is landed to fix a crasher bug or a security related bug." as to not have their users bitch and moan every few days that they have another patch to install. Most things can't just be fixed with just a patch becuase of the way Firefox is secure and won't let certain things be changed by an api or whatever its called.

[+IceDogg]

I'm sure there is problems with Fx, as with any company/product. I don't argue that. But this seems to happen anytime something or someone gains popularity to fast or people get tired of hearing about. I can name thousands, and I'm sure if I researched millions, of examples of people getting behind something or someone like this and then after they/it gets more popular they turn on it. My time here I have notice this very thing has happened with Firefox. Even the ones that didn't really care for it, before, was just like well I'll stick with IE or whatever, now, slam it hard and call people names for saying something good about it, like they had been slapped in the face or something. I remember when IE first came out and some people started to get behind it and this same kind of push came along for it.. then it became THE browser and everyone (almost everyone) starting hating it. My Favorite football team is either loved or hated.. very little middle ground, because they are one of the most popular teams. It's like that with everything. Thats why I knew it would happen with Fx too.

Now, what's my point? The point is now is the REAL test for Fx and the people developing it. This kind of thing has brought down many teams/companys/people/countrys and so on. This is the beginning of the test now. I hope Fx can make it through this as well. I really like the browser.. even with it's problems. But I do agree with some of what bangbang023 is saying. 1.5 by the end of the year is going to be really pushing it. And it is time to admit there is flaws and get to the work of fixing them.. wow sorry this turned into a book.

Edited by IceDogg, 16 March 2005 - 08:18.

[kaffra]

supernova_00, on Mar 16 2005, 08:49, said:

If it is so hard for someone to understand what I will write below then they should be shot.

1. In the address bar type about:config, next hit enter or the go key
2. In the filter bar type network.enableIDN
3. Double-click on the result below the filter, the line should now be bold
4. Close the tab and you are now safe from IDN spoofing

what is so hard about that?...

lol, whats so hard about that? sure after reading it here, no problem, but you expect normal users to know how to fix this on their own?

[CoolCatBad]

Some considerations........Firefox does seem to appeal to the Geek crowd, but there is surely a second or even third generation of computer users coming along who can perform simple and effective hacking/modding on their own.
My 10 year old nephew can easily negotiate game cheats and other nefarious patching tasks, so I doubt he or his contemporaries would be troubled by tinkering with browser settings.
Sourceforge.net currently lists eMule as the most downloaded (open source) program, at 85 million or so, followed by Azureus at 36 million- almost a tie with Firefox.
A creditable sum, but even more so if you appreciate the value of the given "market", not in traditional terms of disposable income or other demographic factors, but in being a solid base of savvy, front-line customers.

[supernova_00]

kaffra, on Mar 16 2005, 04:19, said:

lol, whats so hard about that? sure after reading it here, no problem, but you expect normal users to know how to fix this on their own? 

by following the directions. Moz posted same info when secunia and everybody blew up about the IDN spoofing. If people can't follow those directions then who knows how they get every day life, damn passing written test for driving is harder then following that or for the kiddies, if they are past 5 grade they should be able to understand and follow those directions.

anyways not going to argue that anymore.