It's backwards to the vast majority of people who never used the network capabilities of X.

Sadly, even when you demonstrate it in these days of Terminal Services / Remote Desktop / VNC, people aren't impressed. The fact that it worked just as well 20 years ago (when it was in fact more use - you generally had a thinner, dumber X terminal, and a choice of minis / servers to do your computation on) passes them by ..

Amen. I'm not generally a big fan of rich capitalists, but this guy saw what needed doing and had a go. I've got a lot of respect for people who actually try to get stuff done rather than just moaning, even if they are still aiming to make money off of it in the long term. With any luck he'll learn some lessons, and be able to use of the hardware, and come back later with a better plan.

I'm not a big fan of the aesthetics of these things either, but I accept their necessity.

Look at it this way - with fugly great wind farms all over the place, we'd have a constant visual reminder of the impact of our energy requirements. More incentive to reduce them than with invisible CO2 emissions and fossil fuel depletion..

Process creation / switching overheads have been pretty good on Linux for years, not sure about Windows. IPC is a different issue, but again with shared memory (rather than pushing stuff through pipes and sockets), the overhead should be minimal - assuming a well-designed architecture.

Having said that, I seem to recall that there are under-the-hood settings in Chrome that can be tweaked to control how enthusiastically it compartmentalizes - I imagine (and hope) FF will do the same.

My completely uninformed and amateur opinion is that it all went to nuts with the introduction of XUL. It blurred the distinction between the data the application was supposed to be processing and the application itself. I'm sure cool stuff can be, and has, been done in XUL, and I imagine the add-on system depends heavily on it (and related technologies), but I think it has overcomplicated the browser tremendously.

Still, Chrome's raised the bar in many ways, and managed (apparently) to implement extensions in a simpler way, so OSS has still won. The Right Thing is not always obvious, particularly for projects that started earlier and had to guess which way reality was going to jump. Five years ago it was probably quite a plausible idea that we'd be pulling down rich XUL applications from web, the technologies that won in the end (Web2.0-y Ajax-y stuff) were only just coming over the horizon ..

I'm more-or-less with you, but .. Netscape 4. Ugh. IIRC, version 3 hit the sweet spot regarding performance, footprint, and all the rest .. A bit like Win2K.

Tabs are just another form of MDI, and as such really chuck the whole document-centric computing idea out the window.

In reality, of course, they're pretty useful, but if someone could find a way of having another go at document-centricity while keeping the tabs, that would be nice. In theory the Win9x-style taskbar isn't much different from tabs, but in reality it doesn't seem to work nearly as well, regardless of all the bells and whistles MS seem to keep adding to it..

When HTML (and thus, rendering engines) were simpler, starting multiple copies of the browser was probably a perfectly reasonable approach, as any duplicated data wouldn't be that big. In the modern era, I agree, it has to be done more intelligently.

Hmm.. I've been using Firefox since 1.0, and I don't recall ever having a crash. Admittedly I'm getting old and my memory is going, but I'm more certain that I haven't seen one in recent history (2.0 upwards.) And yes, I do use flash. Not heavily, it has to be said, but often enough. The speed improvements in 3.5 were, IMNSHO, a higher priority than this multiprocess stuff ..

It is also possible to do non-blocking or async I/O, of course. A pain in the arse in many situations, but some applications are a good fit for a single process / thread model. Given the amount of state involved in modern web browsers, though, they're probably not one of them.

There always seems to be an arms race. I hate to say it, but for years, Windows offered a superior desktop experience for normal users, and that fact incited the OSS world to catch up, and arguably overtake. Similarly, Firefox leap-frogged IE quite drastically, causing MS to play catch-up, which they may just about have managed (not sure here, I gave up web design long ago, and don't have IE 8 anywhere to play with.)

In this picture, OSS doesn't always have the lead on features, but what I'm trying to point out is that there are other qualities where OSS does (IMNSHO) consistently trump commercial software, but these are difficult to identify, describe, and communicate to end-users. Should we continue to over-simplify and just tell people "OSS is better", or should we have a go at explaining, in more detail, exactly why?

(The word "consumer" has always squicked me, I have to say .. what was wrong with "customer"? "Consumer" conjures up visions of something hippo-like lying on a sofa, watching daytime TV and ingesting liquidized burgers through a tube .. whereas a customer is somebody who exercises their own judgement and returns to vendors whom they have previous good experiences with.)

Commercial software always seems to pander to user's short-term needs .. "You want to do XYZ? Here, we'll automate it for you, make it happen at the click of a button." Whereas OSS is aware of future consequences, security, the risks to architectural integrity posed by feature creep, and that one size doesn't fit all. Stuff that used to be known under that now sadly under-used word "craftsmanship."

From an amateur sysadmin's PoV, I'd have to say "yes, looks like it." I trust dpkg. I know when I install something that dpkg WILL NOT proceed if that package overwrites files in another package. Years of experience of (admittedly earlier versions of) Windows have made me really appreciate that. Plus all the little elaborations like dpkg-divert, and the alternatives system, that allow people who understand their system to tweak things without tripping up the package manager later.

Having a user-friendly installer that runs everywhere is superficially nice, but I like the trust that comes from understanding the underlying architecture. And anyway, you could implement something like that on-top of dpkg/apt if necessary - simply detecting the distro version and adding an appropriate line to /etc/apt/sources.lists would have the same effect as far as user was concerned.

Actually being able to install the same .exe on multiple OS versions is a double-edged sword. You either have to statically link things like the C run-time library, upgrade the system-wide version (historically dangerous and avoided on Windows), or supply the app with a local copy - which means it won't get updated by security fixes released by the OS vendor.

Superficially easily installation is trumped in my book my a system which does the Right Thing and which has earned the trust I place in it ..

At the risk of being slightly controversial .. how much of the difference between commercial and OSS really is technical?

Don't get me wrong, I'm rabidly pro-F/L/OSS, and nudge "ordinary" people towards it wherever I can, but I think it's a bit of a simplification to describe it as purely technically superior. When it does push the envelope, it normally drives the commercial world to react and improve, so they're usually roughly level-pegging at the feature level.

Where it really shines, I think, is in harder-to-define areas. Ethics, for one. Architectural taste, for another (debian got package management right 10 - 15 years ago - has windows caught up yet?) Social/organizational factors - the maintenance and repository models used by open OS distributions works so well that the commercial world is mimicking it with "app stores." Lastly, of course, there's motivation - I trust Ubuntu and Mozilla to fix security holes because it's the Right Thing and because they want to do a good job, and not just because they're scared of getting caught out, which I always feel is the mindset in the commercial world.

I understand these things are probably harder to explain to the general public, but can we at least be a bit more honest / precise amongst ourselves?

If IE and Firefox were both using Sun's JVM (which I imagine they were), perhaps it was the JVM's security settings that got changed? That's my best guess for that one.

Because IE is almost always shipped with Windows, other apps often use its rendering engine to display HTML - they might be also be vulnerable if they use it to display untrusted content. The advisory mentioned the Outlook Express isn't vulnerable in its default configuration because of its use of IE's "zones" feature, but that does rather imply that it, and other apps, might be vulnerable in certain circumstances.

Usually, anything that uses IE's rendering engine to display untrusted content is also vulnerable. MS's advisory mentions that Outlook Express isn't vulnerable by default in this situation because of the it's use of the zoning stuff, which implies that it, and other apps, might be vulnerable otherwise.