Mozilla: The Good And The Bad 582
Rui del-Negro writes "According to this article at The Register, six security flaws in Mozilla were posted to BugTraq last weekend. They have not been added to the official Mozilla vulnerability list yet. But details can be found here, here, here and here (phew!).
Finally, two other bugs were found, relating to loading GIF files (in several Linux browsers) and Mozilla's (JavaScript) implementation of onUnload ( ).
Are they trying to prove they can beat Microsoft at their own game..? Or is someone just trying to win a prize?" On a brighter note, Zerbey writes "From Neil's Place here is 101 Things Mozilla can do which IE cannot. Very interesting reading and an excellent resource for convincing stubborn Internet Explorer users why they should switch. This article was also reported at Mozillazine. I'm still waiting for NTLM auth to be implemented so we can switch over at my workplace, the only reason we still have to use Internet Explorer."
6 bug more !? (Score:5, Funny)
Most are already fixed (Score:5, Insightful)
Re:Most are already fixed (Score:5, Informative)
Seriously, this isn't as big a deal as it looks, folks.
Re:Most are already fixed (Score:3, Insightful)
The problem is, and will continue to be older distros. At least something like WindowsUpdate pushes the updates to your desktop more or less transparently. How do you update RedHat 6.2 transparently, or Mandrake 7? I have yet to see this kind of transparent updating under Linux, and I don't see that rosy a future for desktop Linux without it. I know RH7+ has RedHat network, but IMO it still doesn't work quite as slickly.
Re:Most are already fixed (Score:3, Informative)
news flash: people don't like automatic updates (Score:3, Insightful)
Re:Most are already fixed (Score:4, Insightful)
And even if they weren't... (Score:3, Interesting)
Why users "should" switch (Score:5, Insightful)
"...resource for convincing stubborn Internet Explorer users why they should switch..."
Should be:
- Provides a better subjective browsing experience
If that's not true, you'll never win.Re:Why users "should" switch (Score:3, Interesting)
BSD
Re:Why users "should" switch (Score:3, Informative)
Why do you need to remove IE to use another browser? Even if you could, why would you want to? I still need IE once in a while because some dumb-ass sites think they need to embed Quicktime movies inside their page. Never could quite get QT to work quite right in other browsers.
Re:Why users "should" switch (Score:2, Insightful)
Oh... that one isn't so hard.
If you don't have 256 MB of RAM, but you like to have your favourite browser loaded into memory 24x7 so it pops up as fast as IE, you'd need IE removed to free the (many) megabytes of RAM it wastes.
Re:Why users "should" switch (Score:3, Interesting)
I'm not running at 256 megs of ram. I'm running at 128. Frankly, I don't think 2-3 megs are going to significantly improve my browsing experience. It would, however, severely impact my file operations in Windows. It'd also cause Outlook to bloat up a bit so it could interpret it's own HTML.
Sorry, not sold. IE's not my primary browser, but I have plenty of interest in not removing it.
Re:Why users "should" switch (Score:3, Informative)
Re:Why users "should" switch (Score:5, Funny)
Well, damn, your computer is so fast it can finish an infinite loop in ten minutes.
Re:Why users "should" switch (Score:2)
Re:Why users "should" switch (Score:5, Insightful)
To me the interesting battle is to get enough users to use standards compliant browsers and not use old browsers such as Netscape 4 and IE 4 that web developers can finally just write according to web standards and know their websites can work for more than 99% of users.
Re:Time to smell the roses (Score:3, Insightful)
however, your statement for using IE as a base for a standard is not only silly, it's stupid:
we've written an in-house webapp that only works on IE5.5+ (5.0 does NOT work, something in the DOM or javascript), and testing on IE6 i found using the javascript "prompt" command doesn't work and throws javascript errors -- but everything else seems to work okay.
so, for our in-house webapp, we require IE5.5SP2, because we can ( sidenote: i wanted to target mozilla). having a website on the internet cannot, for the most part, require any specific version of a browser. because they are all incompatible with each other... should we use IE3, IE4, IE5, IE5.5, or IE6???
so, which version of IE should we all use as the standard? and if you come up with a particular version, the penetration % is not nearly as high...
i'm rambling and responding to a troll... oh boy
Re:Why users "should" switch (Score:3, Funny)
That seems to be working for Apple.
Re:Why users "should" switch (Score:2)
Read the entire article.... (Score:5, Informative)
Re:Read the entire article.... (Score:4, Informative)
I saw this mentioned on The Screensavers last night and IMO the Register article is greatly overstating the magnitude of the vulnerabilities. These are all known, patched bugs. Good to motivate people to stay up to date, but this is a lousy way to evaluate a product's security.
Let's talk about the known, unpatched bugs in MSIE instead.
31 security vulnerabilities in IE (Score:5, Informative)
Here's a link. On November 6, 2002, there were 31 security vulnerabilities in Microsoft Internet Explorer [pivx.com]
The link is taken from: Windows XP Shows the Direction Microsoft is Going. [hevanet.com]. If Spanish is your native language: Windows XP muestra la dirección que Microsoft está tomando. [hevanet.com]
Re:Read the entire article.... (Score:5, Insightful)
Re:Read the entire article.... (Score:2)
Actually the second paragraph (and second sentence) states:
"Versions of Mozilla previous to version 1.0.1 ..."
Newsflash: Old buggy release has bugs (Score:4, Informative)
NTLM auth (Score:5, Informative)
Re:NTLM auth (Score:3, Informative)
Except that it was also scheduled for 1.2 alpha, then beta, then... despite 107 votes and being topembed+ it keeps slipping.
Want to have NTLM support? Vote for it! http://bugzilla.mozilla.org/show_bug.cgi?id=23679 (Bugzilla doesn't allow slashdot.org referers anymore...)
-Robert
Re:NTLM auth (Score:5, Insightful)
Re:NTLM auth (Score:3, Informative)
It looks like there are three problems,
putting DES, MD4,MD5 somewhere sensible possibly using PSM
adding NTLM
and fixing a nasty bug where Mozilla opens too many connections.
Until the nasty blocker is fixed there can be no NTLM.
Re:NTLM auth (Score:3, Insightful)
Sadly, this is easier said that done. Simply getting into the Mozilla project is difficult at best--I myself have tried and failed, and no longer subscribe to the notion of "writing the damn code yourself."
Can we blame them for being ineffective at responding to new coders? Probably not. Mozilla is a massive project, and the people who keep tabs on that sort of thing most likely have more urgent things to do than respond to every newbie who offers to help out. On the other hand, the "write the code yourself" argument is arrogant and lazy, because it's not really an option for most people, even if they are willing to help and experienced coders. A better response would be that there are other things with higher priority which need doing first.
Additionally, as has been pointed out before, complete feature patches written by people who managed to get in to fix their "pet bug" often go unapplied for months. PNG alpha support under Windows (or was it Linux? I don't recall specifically) was an example for this--the patch was there for months, and the feature was continually ignored as it accumulated votes, until someone finally decided to put it in.
In the future, you may want to consider being a little bit less snide about people posting feature requests. Feature requests give a project direction, by allowing the coders to get a feel for what people would like the product to be like. Scoffing at them is intentionally ignoring the requests of your audience.
Re:NTLM auth (Score:3, Insightful)
shallow bugs (Score:2)
Re: (Score:2)
A Word on Mozilla (Score:2, Troll)
HOWEVER, the Mac versions are basically unusable and the Windows version is hurting. Mozilla still sucks when good web browsers exist on that platform.
Re:A Word on Mozilla (Score:5, Informative)
That's strange because I've found that Mozilla is more stable and faster in Windows vs. its Linux couterpart.
Mozilla 1.1 is the best browser. (Score:2)
agreed (Score:2)
Mozilla start time on my G4/667MHz/1GB RAM Powerbook: 29sec (!?)
IE start time on same machine: 2sec
Omniweb start time on same machine: 1.5sec
not to mention that Mozilla hangs for seconds at a time quite often, and looks and feels clunky and bolted-together.
Re:A Word on Mozilla (Score:2)
Don't know about Mac, but the windows verion is peachy. I'm using build id 2002091014 on Windows at work, and it provides a subjectively better browsing experience than does IE.
Re:A Word on Mozilla (Score:3, Informative)
Mac version of Mozilla is unusable? (Score:2, Informative)
...the Mac versions are basically unusable...
How are the Mac versions unusable? I've been using Mozilla 1.2 beta on OS X for weeks, and it's working wonderfully. Extremely stable (hasn't crashed once), reasonably fast rendering, and the best standards compliance I've seen on any browser. It would be great if the overall browsing speed were improved, but as the browser I use on a daily basis, it's certainly usable even in its current state.Trollesque (Score:2)
Why do you say "the Windows version is hurting"? what problems do you have with it? For me, it works just fine and I prefer it over IE, even with the slower loading time, and even on my slow K62-400 with 48 MB RAM. I did say "for me", but in all truth I can't find any instances where it is "hurting".
Your final comment seems to imply Mozilla is not good, which in my oppinion is not true. Hey, we're all expressing our oppinions here, nothing more
Re:A Word on Mozilla (Score:2, Insightful)
I have convinced many people to try Mozilla, and from what I've seen none of them have switched back to IE.
Re:A Word on Mozilla (Score:2)
These are already fixed (Score:5, Informative)
10 Things... (Score:5, Insightful)
Now, is there a 10 Things IE Can Do That Mozilla Can Not such as run ActiveX properly if at all so one can go to most msn.com sponsored sites such as MSN Chat? Or how about properly running the Java plugin so Yahoo! Chat doesn't crash after a few minutes. I'm not making this up. This happens everytime.
Believe me, like the rest of you, I love Mozilla, and I live by the tabbed browsing. But unfortunetly, there are a lot of things I do on the Internet that still force me to crawl back to IE.
Re:10 Things... (Score:5, Insightful)
Frankly, I didn't think the '101 things you can do with Mozilla' was that interesting. Most of the stuff there I'd only care about if I were doing web development today. In that case, yes it'd be really cool. But they're trying to oversell features that most people don't use. I just wanna browse the web, I don't care about color coded source viewing. I do care about the browser opening fast without hogging all the RAM. (Fortunately I'm an Opera user.)
Re:10 Things... (Score:2)
Re:10 Things... (Score:2)
Re:10 Things... (Score:2)
That's true, but AFAIK the same thing happens with newer versions of IE - the only browser which seems to work properly with the Yahoo-Chat seems to be Netscape 4.7.
I don't really understand why that is, but it seems IE and Mozilla are on par there.... unfortunately. :-/
Re:10 Things... (Score:2, Informative)
I've always found Moz to have *significantly* better CSS support than IE. IE doesn't even have full CSS 1 support, and supports even less of CSS 2.
e.g. position: fixed; doesn't work in IE (and even does very odd things sometimes), and absolutely positioned elements are not sized according to their bounds (top, left, right, bottom) but by width and height (my pick for most silly IE bug)
Re:10 Things... (Score:3, Insightful)
Re:Here's two (Score:4, Informative)
File --> Edit Page
Bug Confirmation (Score:3, Insightful)
Take the time to compare Mozilla's submitted bug report and their official bug list versus Microsoft's (that is if you can find a copy of it).
It's about the browser (Score:5, Insightful)
How my favourite bug [mozilla.org] was turned into a feature is the best example I have of how easy it is to get off the track with big projects like this.
The bug got lost in several threads, flames and arguments about what IE does or does not do, until it was finally marked WONTFIX by a Mozilla demi-god. IMHO, they missed the point. There is a constant refrain in Bugzilla about whether something is "standard" or not.
From my experience, the argument about web standards is used to either fix or not fix something, depending on how someone feels about a problem.
Don't think it's a problem? don't fix it and say "it's not standard, so we won;t" or "it's not standard, but we break the standard everywhere where it makes sense". Some behaviour need changing? The same arguments apply.
I may be just whining here, but sometime I think the fact that Mozilla is a web browser is lost in the arguments. I still love Moz, but the fact that the right-margin jumps around on my otherwise fine HTML 4.x and CSS pages will always bother me.
Re:This shows they did the right thing (Score:3, Insightful)
You don't have to shout, I can hear you just fine.
Seriously, you are making my exact point. This is why designers will use relative widths to ensure their content can be rendered nicely in a variety of interfaces.
My assertion is simple: the existence or non-existence of a height scrollbar should not change the relative width of the viewframe. The scrollbars belong to the application, and not the content. I don't know any designer or user who expects a scrollbar to cause a reflow of the contents, shortening or lengthening all responsibly stated relative widths by X pixels.
You are right: designers should expect the width and height to change. This why we have used percentiles to describe relative widths to make sure things flow nicely, regardless of the interface. Having a situation where the width changes on arbitrary changes to height is, IMHO, plain stupid.
Anyway, if the history of that bug, and the conversation threads here say anything, it's that this is not one of those cases where anyone is concretely "right" or "wrong". This is a usability issue, and I would challenge the Moz team (or anyone else) to submit this behaviour to a battery of real usability tests. If it was determined that the majority of users and designers don't mind how a good number of existing pages render, then I'd reconsider.
Until then, I'm not convinced.
Re:You can't control the user agent. (Score:3, Insightful)
I don't know how you are getting that from me. I'm the last to say I want an absolute width, and have made that clear several times. I am using percentiles to describe CSS objects which are floated left. This is pretty generic. I am not flaunting anything. I have no problem with the width changing if the container the text is in, or near, changes.
I can't put it any plainer: I object to the scrollbar, which is an application widget, counting as any width in the viewable contents of a page. If it was anything else, I'd be agreeing with you, but it is a scrollbar. I do not consider the scrollbar a CSS object around which I must flow my content. If you do, fine. This is what the bug is essentially about. Some agree, some don't.
It's pretty common to build a site with a common navbar across the top. If some of those pages happen to have a maximum height above the viewport, and some that do not, navigating between the pages does two major things:
1. Causes the right margin to jump by however many pixels the scrollbar is set to
2. Causes the hyperlink that the mouse pointer is currently under to move away from the pointer
This last is especially insidious. UIs where gestures cause controls to move away from the the pointer are just bad.
From a usability standpoint, I cannot agree that this is not a problem. Scrollbars are part of the chrome, and not the content. Gestures shouldn't move the UI around in unexpected ways. An interface that encourages this behaviour is flawed.
The first item just makes Moz look unpolished unfinished. It's a graphical browser, for crying out loud! It should look good.
It should be easy for designers to develop simple pages that do not violate good usability. It should be easy for Mozilla to render standards-compliant pages in a friendly manner.
Mozilla is the only browser that does this, AFAIK. This is not a user agent issue. It is an application issue squarely in the domain of the Mozilla presentation code. Just because we can access the application chrome with a URL doesn't mean we should, in this case.
Just to make it clear, I am not trying to establish an abolute size. I am not trying to enforce a particular width. I am objecting to 60% + 20% in a simple CSS property that is changing because of an application control, and not content. I have no problem with reflows being forced due to content changes. Scrollbars are not content. If you must disagree with me on this, so be it. Please do not conflate my issues with usability with any type of fixed or absolute positioning.
All this news about bugs is Good & Bad... (Score:2)
The only negative is that people who don't look behind the facade of the headlines just think that the programs are buggy and that they should stay away from them...
M$ makes out because although there's just about as much negative press about their IE bugs & flaws...the places where they're discussed and "fixed" aren't out in the open enough.
People forget what they can't see (Out of Sight-Out of Mind).
User Experience (Score:2, Interesting)
IE definitely has the best user experience. I regularly use IE (Win2000), Opera (Win2000 and Linux), Mozilla (Win2000 and Linux), and Galeon (Linux). And without a doubt, IE has the best overall user experience. It's fluid, it's quick, and it never crashes (for me anyways). Galeon would be my second choice, but even it crashes occasionally (I use the latest Ximian release always).
Just sharing my experience for those that always come out saying Mozilla has feature X, which IE doesn't. Who cares?
Misinformation (Score:5, Interesting)
Just some great investigative reporting on The Register's part. My friend's half-brother's cousin says...
Mozilla has had a lot more security bugs then six, anyway. So if they were trying to be silly and sensational, they could have done better. Most "security bugs", in Mozilla and other applications, and very minor and require very special sets of circumstances. Every app has them.
The only difference is they're fixed in Mozilla in days. MSIE still has unpatched holes. (There's a page somewhere that lists them with example code, maybe someone could post that URL, it's rather interesting... lists when the hole was discovered, and when [if] a patch was made available).
Re:Misinformation (Score:5, Informative)
How many times does it need to be said? (Score:2, Informative)
This is fix just about every webbrowser exploit. It won't fix buffer overflows in the actual renderer, but it will fix all the Javascript holes. Most of the other exploits use Javascript to load them, so those won't work either (of course, they could be re-written).
If you come across a website that requires javascript to function, and you actually have a need to use that website, then keep a second browser on your system that you use for those. And it wouldn't hurt to use something like Opera or Mozilla where you can lock down some of the Javascript features that they can use.
Mozilla rules (Score:2, Informative)
1. Smart Features -- not bloat-ware.
2. Tab Surfing.
3. No spyware or ads.
The information exchange is one factor of why open source is better, however, consider this as well: every decision you make adds to the total inertia of a project. Therefore, when you base a product on open source, you are creating a momentum that is going to carry on through your whole project. By saying, "Yes, we will listen to our public", you are also saying that you will like your public, and your public will like you in the end.
Microsoft has never done that. They put you on hold, put you off, ignore you and they do what they want. How long can they continue to take that stance in the face of an angry public?
Marshall Berman said it best when he said you can't slow progress or stop it. You can only guide it. He goes on to say that anyone who tries to resist change is going to pay the price in the end. Well I can't think of any other company that has resisted change as much as Microsoft has - especially recently.
Here's a productive idea for IE users.. (Score:2, Interesting)
One way would be to use the browser ID to add a little 'info' strip to the top of pages, specifically for IE users. It could be just a small one-line table at the top of pages -- maybe with a contrasting background to be noticeable, and say something like:
"Internet Explorer has several vulnerabilities [bellaonline.com] that may allow others to take over your machine. You may want to apply fixes or try [opera.com] alternatives [mozilla.org].
I can't find the link to the 'master list' of unpatched IE flaws, I had it bookmarked somewhere.. But I would imagine using the browser ID string the client sends to apache, this could be done in PHP or something similar. Yeah, it'd probably be a performance hit, but for anything but the biggest sites, it might work.
I've also noticed that some IE browsers appear to be sending the actual patch revision! Example:
217.81.215.xxx - - [06/Nov/2002:00:00:19 -0600] "GET / HTTP/1.1" 200 34629 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; QXW0339a; Q312461; .NET CLR 1.0.3705)"
Q312461 leads us to a MS Knowledgebase [microsoft.com]
article. I've no idea what the QXW0339a is, though.
Interesting. So one could go so far as to take the patch version off the browser ID string, check it against a database of strings, and return a comment that mentions the serious vulnerabilities affecting that version. I'd be happy to just run something that added a small tagline to the top of pages for all IE browsers, though. The more sites that did something like this, the more the word would get out. I think it'd be productive. :)
I can do them! (Score:3, Interesting)
But, looking over the list of 101 things Mozilla does that IE doesn't, there are plenty of things that IE does, and has done for years. (It may not do them on Windows -- I have no idea.)
I can view cookies, block individual cookies, disable tooltips and a bunch of other things listed. I'd also argue that IE can be trivially installed and uninstalled and has a more complete, and certainly much more usable bookmark manager.
Re:I can do them! (Score:2, Informative)
FYI, If you do that you can use the MS filemanager if you are stuck in on a web site. Just type or Cut and paste the url (incl http:// bit) into filemanager and presto it morphs into IE.
Lately Amazon.com is getting more IE centric on their view content of books and I have to resort to this. FYI, I have complained to Amazon.com
Re:I can do them! (Score:3, Informative)
Maybe things are different on the Mac.
How about https? (Score:3, Interesting)
Anyone have this problem?
Re:How about https? (Score:5, Informative)
With some sites, yes. If they don't support the Mozilla certificates, they won't allow https. I use Mozilla for my Banking (switched banks because they supported Mozilla) and things like Hushmail. For some things at work, I still have to use IE for sites that don't support Mozilla's certs.
Re:How about https? -- check for mozilla-psm (Score:3, Informative)
I've been using Mozilla for over a year now and for the life of me, I still can't access anything via. https...
do you have the mozilla-psm package installed?
the https part of mozilla is often in a second package, maybe for export or something. if you
only installed the rpm for mozilla, you may still have to install the personal security manager part.
here's what rpm on my redhat 7.2 based machine shows for example:
[root@mouser root]# rpm -qa | grep mozilla
mozilla-1.0.1-2.7.3
mozilla-nspr-1.0.1-
mozilla-psm-1.0.1-2.7.3
mozilla-nss-1.0.1-
nautilus-mozilla-1.0.6-16
so, check to see if you can install the mozilla-psm package and https should be all set
here's the rpm -qi Description for mozilla-psm:
Description
The mozilla-psm package provides Secure Sockets Layer (SSL) support
for the Mozilla Web browser.
DoS'ing not very hard... (Score:2, Interesting)
On a funny sidenode, while trying to use the link above:
"Sorry, links to Bugzilla from Slashdot are disabled."
The 101 list is bullshit (Score:4, Interesting)
5. uh, hit ctrl-H in IE6
7,8. Hold control, scroll mouse-wheel
17. IE does this
22. This can be set in IE
31. IE can do this
46. Is this a joke ?
77. I don't buy this. IE is a ship-component of Windows XP, and thus exists in 25 distinct locales.
97. This is just fanboyism. There is no substance here.
101. Got me there, champ.
These are just the things I know are crap off the top of my _head_. Why does fanboy shit like this make it to slashdot on such a consistant basis ?
Re:The 101 list is bullshit (Score:5, Informative)
1. Tabbed browsing is inherantly slower with IE because it creates a new browser instance for each tab.
5. The side bar is NOT just a history window. You can put virtually anything in it, including slashdot headlines or a google box.
7-8. MSIE does NOT adjust font sizes if the CSS specifies it in pixels. Mozilla does.
17. At least with 5.5, the "cookie manager" is nothing more than a listview of all your temporary internet files. Mozilla has a real interface with more capabilities.
22. The average user will not set this, and will inevitably install Bonzi Buddy or some other crap because they click OK too fast. Mozilla comes secure by default.
46. You can run Mozilla from a network share without ever launching an installer. I'd like to see you do try with MSIE 6.
77. Yeah, assuming that you have the appropriate locale of Windows. And that you'd never want to run a version that was different from your operating system's locale settings.
97. True. But you must admit that Mozilla's security process is more open than IEs, and that there won't be major vulnerabilities that go unpatched for months. With IE you have no such guarantee.
101. You just can't argue with that one. The lizard is cool.
Some questions or suggestions.... (Score:3, Insightful)
I think Mozilla is in a position to really get innovation going again. Being a Web developer who started back in 1994, I remember first using Mosaic and Netscape back when features came so fast and furious that you really like progress was an everyday thing. I haven't felt that way lately (at least about Internet Explorer). So without further ado, here are some ways to innovate at a fundamental level, changing some things that should have been obvious.
First, making navigation buttons out of the link tags is great. But does Mozilla pre-fetch the "next" link, so that if I actually decide to go to the next page (likely), it comes up fast? WebTV has this feature. Makes the Web feel faster.
Second, why am I entering HTML tags into a plain text field? Where is the HTML text field? You know, a form object that comes with B, I, and U buttons, and allows me to visually format the text before sending (and which is delievered as standard, XHTML 1.0 compliant markup)? I've seen that Microsoft's new Web-based Outlook tools have this, but they use over 100k of JavaScript files to accomplish it. Shouldn't we just have something like this: <htmlarea></htmlarea>???
Finally, one of the things I've been waiting for is the ability to set images or other objects on angles. For example, if I wanted to have the slashdot logo appear as if it were on an incline, I might use CSS to specify the image display at -15 degrees. And if this were exposed to JavaScript, I could make some interesting animations. But I haven't seen this in CSS yet.
In short, I remember fondly when Netscape pushed the envelope -- I remember Andreesen adding the img tag, I remember Netscape implementing the file upload tag. I think some working demos of this stuff might help it gain acceptance, and give people a reference model to work from. Not to mention make Mozilla seem much more useful than Explorer.
*blink* (Score:5, Funny)
You can make text blink."
*blink*
This is GOOD?
Already fixed? (Score:3, Informative)
Point 77 (Mozilla translations) is not really true (Score:4, Interesting)
In particular, if I wish to have Spanish-language dialogues in Mozilla, I (as of a month ago) can not upgrade to Mozilla 1.0.1 because none of the volunteer Spanish translation teams [1] has updated their 1.0.0 translations to version 1.0.1; instead they chose to direct their translation efforts towards 1.1 and 1.2.
Compare this to AbiWord, which has a translation structure such that, if a given translation team decides that meeting girls at dance clubs is far more fun than spending Saturday night translating dialogues, the translations still work for new versions of the program. If any new dialogues appear, those dialogues will be in English until someone steps up to bat to translate them, but any unchanged dialogues remain translated.
IE has an edge here, since their translation teams are paid; guaranteeing that any formal release of IE will be translated in to all officially supported languages. The disadvantage to this is, if a given language is deemed by Bill Gates to not be worthy of translation, you have to use the application in English (or one of the other official languages).
This structure causes Mozilla 1.0.1 to have translations available in languages like Estonian (a beautiful language [2] which has about, as I recall, 2 million speakers) but not in Spanish (which has more native speakers than English--about 325 million).
OK, thinking out loud, it should not be too hard to set up a perl script which unzips a translation for a given version of Mozilla, compares the labels against the English version for a given later version of Mozilla, and then translates all of the labels it can; leaving the untranslated labels in English. This would be far more productive than posting to Slashdot; perhaps a Mozilla guru can tell me if a tool like this already exists.
- Sam
[1] There are three Spanish trnaslation teams: One for Latin American spanish, one for Argentinian Spanish, and one in Spain. The Argentian is the most active group right now.
[2] One of my linguist teachers is a native Estonian speaker; she once talked to us in Estonian to demonstrate a language learning technique.
These are only the publicly known bugs (Score:4, Interesting)
My favorite bug (Score:4, Funny)
My favorite bug is wh
My favorite bug is when mail cras
My favorite bug is when mail crashes whenever I tr
My favorite bug is when mail crashes whenever I try to sen
My favorite bug is when mail crashes whenever I try to send a message
Re:Bug reporting? (Score:2, Informative)
Re:Bug reporting? (Score:2, Insightful)
How very odd. I just used Redhat's up2date and received/installed the latest version of Mozilla that Redhat uses, and it is just as easy Windows Update. No compiling by me, it does it all for me. By the time my soup was warm (mmmm lunch...) I had a newer, safer version up and running.
The soup only took 5 minutes...
Re:Bug reporting? (Score:5, Insightful)
Yeah, imagine that, the Evil MS notifies customers that an update is avaliable, but the wonderful Mozilla organisation has people visiting the site looking for an updated version or patch. I know that my family at least finds that much easier because they have a deep interest in what web browser they use to browse the interweb...
If you're gonna complain about MS, at least use a valid argument, god knows there's a lot of them, but the kneejerk whining about MS being evil doesn't really do any good for anyone.
Re:Bug reporting? (Score:4, Insightful)
Microsoft notifes us *when a patch is available*.
The Mozilla community notifies us *when a security flaw is found*.
Do you want to know about a problem when it is discovered, or after someone has already engineered a fix?
If your car was discovered to be prone to stopping dead on the highway and blowing up, you'd want to know before the manufacturer figured out how to make it stop doing that. You'd want to have the option of choosing to risk it, or parking the car and driving something else for a little while.
Now you know what activies are prone to security dangers, and can either avoid those activities or use another browser for a while.
Re:Bug reporting? (Score:3, Insightful)
If I can't do crap about fixing it, what should I do, stop using the www? What other browser is secure to use as a replacement? Lynx?
Yeah sure it's great to find out there's a bug, but, I'm gonna bet that 95% of users on the internet couldn't care less about what software they use as long as it gets the job done.
Geeks care about what software they use, geeks also make sure they have the latest version by visiting the sites now and then and by reading tech news, then it doesn't matter if they use IE, Opera, Mozilla, Netscape, Lynx, Mosaic or if they hold the ethernet cable to their tongue to read webpages, geeks will make sure to have the latest version and all relevant patches.
An insecure browser is an insecure browser, whether it's made by MS or not is irrelevant.
Re:Bug reporting? (Score:3, Insightful)
If the software you are using has a security flaw with grave enough consequences, you should stop using the software.
Now, who can better evaluate whether a security breach is serious enough to stop me from using the software? Microsoft, or my organization??? Isn't this obvious?
And I don't come whining with the "users don't care" crapshit. I care. That's enough reason for Microsoft to release advisories when the flaws are found, not when they're patched.
Re:Bug reporting? (Score:3, Informative)
[take out the space]
I love the fact that security bugs are made public. I can decide whether to implement a workaround, disable a functionility, switch to an alternative, or wait a few days for the binaries to come out for my distro.
Open enough? (Score:4, Interesting)
The main reasoning seems to be that vendors should be able to protect their customers.
But what happened with the privacy leak [slashdot.org] recently found in Mozilla? Granted, it was a minor glitch, but it is nevertheless useful in studying how policy affects security.
Did it help end users that it was marked sensitive? Well, Netscape knew about the glitch when they shipped their browser, yet, they shipped it. On the other hand, the leak was patched shortly after the story broke, so the answer should be a clear "No!"
This is an example that it is not sufficient to have the sources open, you have to get some light onto the problems too.
Re:Yes, I've run into some of these (Score:2)
Re:Yes, I've run into some of these (Score:3, Insightful)
Or you could go to "Edit" -> "Preferences" -> "Advanced" -> "Scripts and Plugins" -> and uncheck "Enable JavaScript for...Mail and Newsgroups".
Does IE let you do that? Why do you need JavaScript in Mail anyway? I won't even accept HTML email.
Text is fine. I get the content without all the cookies and graphics.
Re:Why Use Mozilla? Only Need 1 Reason Not 101! (Score:2)
Re:101 Reasons to switch to Mozilla (Score:2)
Probably many more incorrect ones in there as well.
Only thing that Mozilla does that IE doesn't that bothers me is PNG and MNG support. I really wish IE would clear those two up.
Re:There is something (Score:3, Informative)
> functionality needed to have a decent web
> experience.
Let's get real here. Dillo is great to browse simple stuff like local HTML documentation, and it's good for checking on the local news sites (when it doesn't choke on them too badly), but that's about all it's good for.
It has some sort of annoying cache bug that lets it get "stuck" (refusing to load a document whether you hit reload or not) on pages like Google's search results.
As distributed (version 0.6.6), Dillo doesn't do any kind of authentication or SSL. It also doesn't do Javascript/Java. So it has to be *very* casual browsing. It also doesn't print.
(I use Dillo myelf for viewing local copies of web pages I make for my students. This is mainly because it's so FAST.)
Re:Obligatory Opera plug (Score:2)
Also be aware that Mozilla prefers to be installed into an empty directory. Installing one Mozilla over another is not supported, and can sometimes result in an unstable Mozilla install.
Re:javascript? (Score:2)
JavaScript, other standards (Score:3, Informative)
For the most part, this is only true if your friend believes that the W3 [w3.org] is a subsidiary of AOL. Needless to say, it isn't, and in fact many of the standards which Mozilla follows (While IE only sorta follows) were written by groups that included representatives from Microsoft. A partial list of the (real, non-Mozilla invented) standards that Mozilla enforces can be found here [mozilla.org].
Isn't javascript "write once, run anyware" kinda stuff?
It'd be nice, wouldn't it.
JavaScript is a Netscape invention, always has been. As such, Netscape did write its own standard [netscape.com] and is the only one to comply with it. However, there IS a real standard known as ECMAScript [el-mundo.es] that Moz and IE both do a reasonably good job of supporting. Unfortunately, this does not cover everything. ECMAScript can be thought of as defining the 'core' of what scripting on browsers is often used for.
Beyond the core are the areas of scripting that make up the buzzword-compliant DHTML (Dynamic HTML, a fancy way of saying JS, CSS, and HTML)
This is where cross-browser scripting gets hairy. The standards used for manipulating documents dynamically are collectively defined by the W3 as the DOM [w3.org], or Document Object Model, which has many uses outside of HTML, but we'll stick to its HTML uses for now. Unfortunately, some of the more advanced elements of the DOM are still in a drafting phase, and as such are not ready to be used as standards. Meanwhile, browsers implement support in their own ways, lacking any sort of rules to adhere to. It's my hope that as these drafts are finalized into W3 Recommendations, that MS will include support for them as I know Mozilla will. Until then, browser detection will continue being a way of life for advanced client side scripting.
Re:The one thing it doesn't do (Score:3, Informative)
I've never walked into a Fortune 500 company and seen Mozilla running on a PC. Never.
Are you sure you're looking? Quite a few people at my company (it is in the Fortune 500) use it, and we're nothing special. It's not the majority of people, or even close, but certainly not zero either.
Re:The one thing it doesn't do (Score:5, Insightful)
It's a shame that these Fortune 500 companies choose inferior products with inferior support on the basis that they're able to hear a human voice when there's some sort of problem; regardless of whether or not that human voice has the slightest understanding of the problem, the solution, or even the product.
Re:The one thing it doesn't do (Score:5, Insightful)
I dread calling them. It costs money, immense amounts of time, and I would sit on hold just knowing I'd end up with a moron who would suggest that I try rebooting.
This notion that a software company must be responsible for it's software, so that someone can be held liable and can be counted on to help, is really just dependency and lack of personal responsiblity, and ultimately a crutch. MCSE means Must Consult Someone Else.
Perhaps Fortune 500 companies ARE Fortune 500 companies because they pass the task of software support and maintanence off to the companies that make the software, and focus on their core business.
But they're also the ones spending obscene amounts of money and time trying to understand Microsofts insane licensing policies.
They're spending time and money evaluating Microsoft's DRM moves, preparing to deal with the inevitable (some would say immediate) consequences of Microsoft's negative, condescending attitude toward it's customers.
They're the ones who woke up one day and realized they were renting software, not buying it, and that they have an evil landlord and can't do anything about it. They're just happy their investors also like Microsoft so that they percieve this dependency as a "strategic relationship". They're the ones subject to the whip hand.
I've never walked into a Fortune 500 company and seen Mozilla. I've also never let the public see me having sex. Neither of those means that it doesn't happen.
Re:Why would I switch? (Score:3, Interesting)
I agree completely - when IE displays that "we apologize for the inconvenience..." (you know, the crash message), I think to myself, "gee, that's a pretty window". Sarcasm aside, I prefer Mozilla because I've found it to be FAR more stable, more secure, and I like the extra features such as image blocking and explicit control of what scripts can do. There are many more features of Mozilla I like as well, but to me, the stability was reason enough to switch. I've been using Mozilla for about 2 months now, and I've seen it crash one time. Between work and home, I was seeing several IE crashes per week. The lost productivity and frustration of IE drove me away from it, and I'm very happy it did. As a side note, I've not had a single crash on Mozilla 1.2beta yet, although I only use it at home. I'm still impressed with the stability of the beta product, and I'm anxious to try 1.3alpha when it's released to see how it compares to IE in terms of stability.
Re:scratch one of those things... (Score:2)
So... the non-trivial aspects of Mozilla's superiority only number in the 50's? 60's?