Mitch Kapor Warns Against Firefox Gloating

An anonymous reader writes "Mitch Kapor, Lotus co-founder and president and chair of the Open Source Applications Foundation, says open-source advocates should be relatively cautious and avoid making claims and predictions despite the huge success of Firefox. He also briefly touches on Chandler in a ZDNet interview. Chandler is OSAF's personal information manager which will offer e-mail, calendaring, address and task management. The goal for Chandler, Kapor says, is to make it as successful and popular as Firefox."

irony?

[comwiz56]

Oh the irony:

He says not to gloat about firefox's success, then he uses it is a standard he wants to meet.

Firefox? bleh.

[Gherald]

I want his opinion on Thunderbird-Sunbird [mozilla.org] integration.

Re:wow, that is saying a lot

[Jeremiah Cornelius]

Our product (code-named "Chandler" after the great master of Information Retreival, Chandler Bing) is a Personal Information Manager (PIM) intended for use in everyday information and communication tasks

What's not to like?

Re:wow, that is saying a lot

[Gherald]

> >The goal for Chandler, Kapor says, is to make it as successful and popular as Firefox
> Didn't read the article, but seriously, how is this worth mentioning? Who wouldn't want to start a project that was as popular as Firefox?

Perhaps some would rather their product be as "unsuccessful and unpopular" as Internet Explorer? ;)

Why are users and developers seperate?

[QuantumG]

Even when I speak to people who do development all day long they still talk about users and developers as if they're two different people. Even when they're talking about themselves they do it. I'm guilty of it myself: I use Mozilla, but I work on Boomerang [sourceforge.net]. Fact is, no matter how much I value my freedom to modify Mozilla, I've probably done it once in the whole time I've been using it. (My Mozilla doesn't have "Close All Other Tabs" right below "Close Tab" cause I accidentially clicked it one too many times.) Why is this? It's because it's just too much hard work to go-and-get-the-source-code that it's easier to just put up with bugs and poor ui decisions, and just hope it gets fixed in the next release. This is especially funny for Mozilla and FireFox cause a large part of them is written in Javascript, meaning you already have the source code. Unfortunately, the effort required to get from noticing an annoyance to finding the right file:line to make a change is still too much. Can anyone think of any way to ease this translation? It'd be really cool if I could hold down alt and middle click on a menu to get a javascript editor focused on the bit of code responsible for the thing I want to fix. Then we can add to that editor a button that says 'email patch'. How many millions of developers-as-users would contribute to projects like Mozilla if this was the case?

Re:Sour Grapes but with a cautionary note

[gad_zuki!]

>It's a long way from 2% market share to 98%.

I'd say the longest way is from 2% to 10% or 15%. At that point its not "weird software I never heard of" if 1 in 10 people are using it. Right now its still "well, my brother in law recommened it and I installed it, but havent used it much" stage in general, but it is doing a great job of infiltrating MS/IE only shops. The university I work for has it on all their lab computers in the CS departments, I see the laziest professors use it or even recommend it, etc. This was certainly not the case last semester.

Like the old saying goes - your first million dollars is always the hardest.

Roght now things are looking up for a healthy IT market. The Mac Mini is predicted to bring a lot of windows users over to the mac side, people understand the concept that the browser is not the "internet" and you can run other browsers, etc.

Dont get me wrong, the MS monopoly is still incredibly strong, but if they lose enough marketshare then it will be a win for standards and competitors will have a better chance of delivering better and more innovative software. It will also get people thinking that they dont have to use office or outlook and just like IE there are alternatives. Viva competition.

Re:Thanks for the advice...

[Anonymous Coward]

Check your history: Actually, Kapor left Lotus when they failed to realise the full potential of his "Agenda" PIM. Agenda was too powerful and general for the people lotus wanted to sell to (PHBs), and Lotus released "Notes" instead.

Agenda was personal information management the way it was meant to be (except for clunky DOS textual GUI interface) - GMail's interface is clearly influenced by it, for example.

Re:Good Luck

[amerinese]

But um, don't you think that if this is an open-source project that has plenty of proprietary competition, that a sign of being easy to us and all those other metrics you mentioned would be popularity? I mean, easy-to-use is pretty subjective. Easy-to-use such that lots of people would bother downloading and adopting Chandler is real and measurable.

Let's take a step off that pedestal. Sure, sophisticated minorities may choose better products some of the time, and monopolies can severely limit the choices that most people can make. But all the more, if they slay Outlook/Exchange the way that Firefox has started to really gain more than marginal acceptance against Internet Explorer, isn't that evidence that most people really do find Chandler to be better?

Mitch Kapor is basically running a charity with the fortune he's made. He wants to help as many people, create a useful product for as many people, as he can. Do you think the American Redcross sits around and says, oh boy, we sure do have really good accounting procedures, our transparency is good, and we have top notch volunteers and says to hell with how many people we're actually helping?

Re:Be careful...

[jp10558]

Well, I keep seeing people claim Opera is bloated, but how are you measuring bloat?

I generally think of bloated applications based on a few criteria:

1) Big download/space takes up: Is Opera a big download?

No, it's 3.5MB, including a flash plugin. FF is 4.7MB at my last check.

2) Slow to use: Is Opera slow?

No, it's far faster than IE, and at worst the same speed as FireFox on my machine.

3) Memory use: Does Opera use a lot of memory?

Not in the release versions on my machine...

Opera uses on average 22MB of RAM - not much on modern desktop machines, and I can of course turn off the "Use all available RAM" setting.

4) Has so many features they get in the way: Does Opera have so many features they get in the way?

Maybe. The level of customization lets me pare Opera 7.54 down to the way 5.12 looked, just a browser.

For others however, they might use some of the features I don't, or all.

The issue here is that the features don't get in the way - you can quickly turn them off, or move them around.

Frankly, #4 is all I can figure people mean when they refer to Opera as bloated, and it's really a misleading statement. It's at least as easy to remove things from Opera's interface as it is to find, download and install extensions to FireFox.

Not everyone uses Exchange

[briantr]

...and I think there will be sufficient interest in Chandler among people who don't to make the project successful.

Many people in the organization I work for use a program called Goldmine to help them maintain contact with sizable networks of people. Goldmine is one of a suprisingly small number of programs that provide person-centric organization of information. In one view, you can see a person's contact information plus all the phone calls, appointments and email communication with that person. Once you've used a system like this, a plain-old PIM (in which email, contact info, and appointments are all stored separately) just won't cut it.

Unfortunately, Goldmine is Windows-only. We've replaced almost all of our other Windows apps with ones that run in Linux, but at the moment there is no viable Goldmine replacement. Consequently, we're watching Chandler with eagerness.

Start Gloating

[FuzzzyLogik]

Ok i'm going to gloat... I have had this install of windows going for about 4-5 months. I have used Firefox for nearly everything web page related. I did load up IE once or twice to check a few things out. I haven't ran a spyware removal app since I installed windows... today my computer was running slow (something about the large 350mb tv shows i'm downloading i think) ... so i decided to run adaware.. it found 18 "files" all data mining and IE related. That was all the spyware my machine had gotten in 4-5 months use by using firefox.. i think that speaks for itself

Hey Mitch

[mnmn]

I have a question about Lotus. Why is there no Linux version? Do you know our company (~80 boxes) is entirely windows, due only to lotus notes (6.5.3) and ERP system being Windows only. Lotus is even part of IBM now, which spends over $1 billion on Linux annually.

Domino runs on Linux, great. But we use Notes quite heavily, lots of custom databases, pda apps, custom apps etc, so iNotes is out of the question. We really are paying alotta microsoft tax only because of the ERP system which is 'promising' linux binaries, and lotus, which claims no plans yet. Its mostly java-based anyway, just compile it for Linux for each version minor number, its not too much work.

I can volunteer time.

More secure? That's opinion.

[Nintendork]

"It's a great product, small, fast and more secure. You don't see anybody disputing that."

Actually, I dispute that. Most people that claim it's more secure say that it's because of the amount of vulnerabilities being found in Internet Explorer compared to Firefox. How many people are looking for unknown vulnerabilities in IE? How many are looking at Mozilla/Firefox? This is determined by the media. When there's a MS vulnerability, it's all over the news and the finder gets a ton of glory and hopeful job offers. I see MS patches making it into mainstream news such as the Associated Press. As Firefox gets a spotlight because of a good amount of security professionals (Which happen to be coders with a personal agenda) recommending people switch, I've seen an increase in the amount of vulnerabilities reported. Don't believe me? Look at the stats [secunia.com] and compare IE with Firefox. Yes, IEs numbers are higher, but think in proportion to how many skilled people are looking for vulnerabilities in each product. If you look at the different versions of Mozilla over the timeline they give, you can see that not many vulnerabilities were found early last year or before that compared to when Firefox really started to get attention. Imagine how many vulnerabilities would be found if they got the amount of media attention that IE vulns get. Until both products get the same amount of hacker attention, it's premature to say which is more secure.

As a security professional, I believe that as long as you keep your software patched up (computers, routers, switches, etc.), your only fear is a zero day. Hopefully you have other layers of security such as a border firewall, IPSec Transport mode with packet filtering at every host, multiple antivirus vendors software (with at least one of them configured to block password protected archives, known dangerous file types and dangerous content), ongoing training, locked down servers with all the fat trimmed, middle tier servers, etc. These things are not vendor specific. You can run Windows, Linux, OSX, BSD, Solaris and still be able to do these things. Assuming you have all that set up, one zero day most likely wouldn't be enough. If someone really wants in and you've done all these things, do you really think you're going to get "pwned" because you chose a specific vendor or software package? No. You're going to get pwned because someone will be social engineered or some aspect of physical security will be bypassed. It's a hell of a lot easier to get into a company by phishing than it is to hunt down a couple silver bullet zero days as you get through each layer of security. My point is that if someone wants to get in, they can do it. It only takes a few holes at most and enough patience to find them to get to a target. It's up to the admin to ensure that it's as difficult as possible to find them and to ensure that the damage is minimized. Auditing (logging), backups, intrusion detection, policies, procedures, security assessments, a good data structure with granular permissions, etc can help minimize impact.

My professional opinion is that it just doesn't matter what you use as long as it's well administered, but if you want to force me to pick one side and guess which code has less vulnerabilities, I'm going to pick MS. Security through obscurity isn't a magic elixir, but it's definitely another layer of protection. And with all the attention MS gets, they've had an opportunity to patch up a lot of their vulnerabilities. At this point, new vulns are probably easier to find on other vendors that aren't as popular.

-Lucas

Re:Why are users and developers seperate?

[QuantumG]

Why does open source have to design a UI the same way proprietary software does? Can't we give control of how this stuff looks to a userbase of tweakers and then do some survival-of-the-fittest collaboration to arrive at the defaults for the next person who downloads the app? I can imagine such a process:

1. Everyone tweaks their own copy of the app to their liking.
   
2. People who think they have done something smart/cool press the 'publish' button after making their change.
   
3. They review the change and enter a brief description (for example: "close all" shouldn't be so close to "close").
   
4. Satisfied with their patch they press the 'upload' button.
   
5. Other users review the change (say in the morning when they start their browser or whatever)
   
6. If they like it they accept the change.
   
7. Changes that have been accepted by some large amount of people become the default when users download the app.
   
   

   It could work.