Firefox and Open Standards the Way Forward 254
lamasquerade writes "A major Australian newspaper has a lengthy and detailed feature on open source/standards, avoiding vendor lock-in, and specifically the increasing uptake of Firefox by major organisations' IT departments. It touches on security and price advantages of open source but mainly focuses on open standards -- the perils of vendor lock-in, and their importance to technologies like the Internet and digital music. Linux, OpenOffice.org and even Bugzilla get a mention and all told it is a very pro-open source/standards article, especially considering it is in a mass-circulation publication."
Shame (Score:5, Interesting)
Re:Shame (Score:5, Interesting)
MoFo == US based charity? (Score:4, Interesting)
In any case, it got me interested in De Bortoli Wines [debortoli.com.au]. So I checked out their webserver OS: Netcraft reports:
I wonder if they financed this article...? I mean, Firefox is pretty damn kewl.The next generation web apps will be different (Score:5, Interesting)
Although, I am gonna get burnt for ignoring the benefits of cross platform capability, rich clients do have some significant advantages over web pages. This is especially true when it comes to businesses. For intranet applications, cross-browser compatibility will NEVER be the deciding factor. Security too will not be, since the application will be trusted. Features however will be.
Personally, I don't like the idea of hundreds of powerful PCs simply used for rendering web pages. They are not that incapable.
I know XUL is similar, but I doubt applications will be built on that. IE is standard in most organizations. And most of the Firefox acceptance is since HTML is supported on IE and Firefox. Building an application that will work only of Firefox (with XUL) might be a more difficult decision.
Re:Is Firefox really more secure than IE (Score:5, Interesting)
Yeah, just like what happened to Apache becuase it has a bigger market share than IIS, right?
which I consider to be a superior product
And I consider a 1975 Skoda is a superior product to a Rolls Royce.
You must really like Active X as that is the only "advantage" IE offers that I can think of.
Re:For those who don't know.... (Score:5, Interesting)
What standards? (Score:4, Interesting)
Re:Is Firefox really more secure than IE (Score:2, Interesting)
Re:Shame (Score:1, Interesting)
grumble grumble.... (Score:3, Interesting)
is that bad....or good
Tech Coverage at The Age (Score:3, Interesting)
They had this interview with Theo de Raadt last October.
Theo de Raadt Interview [theage.com.au]
Re:Shame (Score:4, Interesting)
*i.e., more than the cost of switching to Firefox
Re:Is Firefox really more secure than IE (Score:2, Interesting)
Firefox and Mozilla have had the benefit of learning from the copious mistakes of both Microsoft and the old Netscape browsers.
Re:Is Firefox really more secure than IE (Score:2, Interesting)
Of 24 vulnerabilities in Apache, only two remain unpatched - that's about 8%. They're both local system vulnerabilities, not remote. Neither is rated critical. One of them has been around for a full year, but "This has been rated "Not Critical" because an administrative user of a proxy server can retrieve this information in other ways." Not a big deal, methinks.
Conversely, one of three (33%) IIS vulnerabilities remains unpatched, and it's a remote vulnerability within IIS itself (not the house of sand, sorry). Oh, and look at that - it has remained unpatched for nearly two years! OK, fine, it's only 20 months. But it's a current remote vulnerability that is rated "moderately" critical, whereas Apache has neither any open remote nor any open "moderately" or higher vulnerabilities.
Looks like 37% of the vulnerabilities in Apache are rated "moderately" critical or higher, compared with 67% for IIS. Several of the vulnerabilities for Apache only occur on Windows servers. The most severe ones appear to actually be the result of openSSL vulnerabilities. When one of these vulnerabilities is actually an Apache problem and rated "moderately" critical or more, a patch is (from what I could tell from reading Secunia) generally issued within two weeks, and often within days.
The IIS vulnerabilities were 1) fixed within a few days of announcement, 2) fixed within 5 months (!), and 3) still outstanding after 20 months. Fixed meaning that patches or workarounds were available.
The overall trend, based on the reference site you provided, is that Apache reports and repairs vulnerabilities quickly, but Microsoft takes their time about effecting repairs. Other stories have suggested that MS also have a tendency not to announce vulnerabilities until they have a fix ready, which suggests that the actual time between discovery and repair may be longer still than reported. Of course, Secunia doesn't have that information and so I shan't try to defend what is, after all, hearsay.
Doesn't appear that Secunia supports your assertion that IIS is more secure than Apache, either in terms of current known and unpatched vulnerabilities or in terms of security review and repair processes. You're welcome to disagree.
Re:The next generation web apps will be different (Score:5, Interesting)
Anyone who is in two minds about this should simply try Outlook Web Access in Exchange 2k3. You have the option of the 'Premier' interface in IE (its very very good - good enough to ditch lookOut) or 'Standard' in anything else (which is ok, but relative to Premier its poor).
Richness of web apps is MSs bet on what will force a new defacto standard for the web. Remember - MS **do not care** about standards - they care about customer lock in, they care about protection of their dominant position on the desktop and (at the most basic) the bottom line.
So with that in mind - look at what is coming down the pipeline:
Uhh, look at the chart (Score:3, Interesting)
If this carries on, IE will have 97% in just a few months...
Re:Shame (Score:5, Interesting)
Note that I understand the lock-in and other bad aspects of ActiveX. Just wondering if it is a totally philosophical decision by the FireFox team or partly a technical one.
Re:Shame (Score:5, Interesting)
Here is the response:
"Thank you for your email and information. You are the first to request this and quite frankly I had not considered it. I had always followed corporate policy - with central IT not supporting these I figured why should I? "
This is what we are up against.
Needless to say I have just forwarded a link to the main article!
But Slashdot worked with Mozilla back then! (Score:3, Interesting)
(Yes, I know I can get it to work by changing the font size with ctrl-plus or ctrl-minus, but I shouldn't need to.)
Re:It's all about standards... (Score:2, Interesting)
The web in general needs security without personal identifying info, or info submitted to one trusted base with forwarding of yes/no authentication to other sites that ask for it.
While buying a product I read Digital River's Privacy policy and it is truly scary. They will hand over my info to anyone 'law enforcement related' without telling me, and without a subpoena. Oh, and they'll tell all their buddies about me. Appropriately labelled 'Complete lack of privacy policy'.
Only open standards can get around this kind of problem.
Re:Shame (Score:1, Interesting)
Comeon, which University? Especially with the larger universities, there's most likely enough diversity to potentially cause a stir. And which service department too, they might be mistaken about central IT policy.
Browser Applications (Score:3, Interesting)
Shame on you! First of all, XUL is *SLOW*. I really think it was a bad idea. Firefox has some major bottlenecks in UI responsiveness because of it. That's not really the big issue for me though. Quite simply, websites should not be applications. Period. I really don't believe in the idea, it annoys me. Let's keep the web simple, it's going to come to the point soon where you need a 1GHz CPU just to browse the web with any speed,
Re:1998 called.... (Score:5, Interesting)
Netscape 4 was *not* still good in 2000. I used it exclusively, but only because I was too much of an anti-MS zealot to use IE (now I'm too used to Gecko-based browsers to use IE 6, but I digress).
NN 4 crashed at the drop of a hat, was dog-slow at rendering anything even vaguely complicated, and had to reload the page to resize it (which is utterly, utterly unforgivable).
Re:1998 called.... (Score:1, Interesting)
Linux has has good browsers for a while. Firefox is nifty and I run it on windows, but personally I still prefer Konqueror on Linux.
Re:It's all about the new car smell (Score:3, Interesting)
Ok -- I am one of those (grey hair, beard, used to be a Staff Engineer at SUN).
Now, Unix *has* been open. Open implementations, open specs. There was a strange kerfuffle with AT&T, along with some restrictions on Minix (that gave us Linux).
But -- we thought that EVEN if software wasn't redistributable, it should come with source. After all, its kind of useless without it. We thought that the OS itself is a commoditity. Unix is Unix is... Unix. Different flavour, same great taste. May not be the best, but certainly better than the rest.
Even DEC VMS came with source, for $DEITY sake! (on microfiche, but it *was* delivered). For $DEITY sake, it just needed gentle ASKING to get the source for SunOS!
It wasn't until these new-fangled micros came out that the source was COMPLETELY closed. CP/M-80 came as a binary only! The horror. So did MS-DOS, and Windows. Couldn't even get the source on microfiche for reference.
Now, as it turns out, Microsoft is a contemporary of SUN (I think Microsoft predates SUN by a bit). Still, the philosophy is different. SUN builds computers. They happen to need an OS. Microsoft builds OSs (but not for SUN computers).
Now, lets go one level deeper. The SPARC architecture is open. Windows is closed. MIPs is open; Intel is closed.
Yes, I have made money in the closed world. Shameful, but people seem to like it (check out all the games available on Windows). I just take offense to being pointed to as the "culprit" here.
We had user groups devoted to sharing source before you "younger folks" were born. Remember DECUS? Remember SHARE? All "open source" or OSS as you would see it today. Including OS, compilers, and application code.
Ratboy
(not because I am young -- because I get obsessed with detail)
Firefox needs ActiveX (Score:2, Interesting)