I'm late to the party, but since it was me you asked, my answer would have been exactly what the other two responders said: early updates that fix glitches (ask anyone who uses Reddit how long it takes to get RES updates on Firefox these days) and occasionally something proprietary for my/my business's own purposes.

More generally, I'm getting awfully bored with browsers and plug-ins throwing constant warnings and sometimes outright blocked functionality in the way of doing the work I need to do every day, all in the name of security and stopping me from being exposed to vulnerabilities that never actually seem to have caused me problems in the first place. Google seem to have backtracked on removing NPAPI from Chrome (and therefore completely blocking various plug-ins like Silverlight and Java even for those who do still have legitimate uses for them). Let's hope Mozilla grow a pair and admit they called this one wrong as well.

And a system so "secure" that the user can no longer use it for its original purpose is a failure. My house would be more secure against intruders if I concreted over all the windows and doors, but it wouldn't be a very useful house any more.

You can, but 99.999% of Firefox users won't, and probably 99.99% couldn't do it even if they wanted to. Even the geeks who could mostly won't have the time to learn a major OSS code base like Firefox's in order to actually do it.

I've looked at contributing to this sort of project a few times to see if I could help out. I've then given up when I realised it would take me longer just to set up the development environment and be able to build it than it would take me to write from scratch and give away entire useful software packages of my own, or to chip in a significant amount of extra help to some existing small but useful project on someone's GitHub that they are otherwise trying to maintain alone or with just a couple of regular contributors.

In practice, that lack of user base then has a direct effect on some add-on developers, and if those developers stop producing or maintaining their add-ons then even users who have compiled their own unlocked version of Firefox won't be able to enjoy them. Killing off part of an ecosystem affects everyone.

Better signal-to-noise ratios in widely used package manager/app store systems is often helpful. As you say, we don't need thousands of copies of the same trivial tool, and we certainly don't need many of them to be substandard implementations or outright malware.

However, you can achieve that through some sort of endorsement or prioritisation process, without adopting a zero tolerance attitude. The words "without any possible user override" should make anyone nervous about the future of a software ecosystem, because the words "so anything the user wants to do is subject to approval by a gatekeeper with their own best interests at heart" implicitly follow.

The state of the browser world is not a happy one at the moment, at Google/Chrome is already almost established as the new Microsoft/IE from the first big browser wars, and now both Mozilla and Microsoft seem determined to chase Google instead of staying true to the different, distinctive, but still widely valued principles and policies they followed a few years ago. If Chrome want to go killing off useful but older technologies and adding bleeding edge features every few weeks, let them, some people will enjoy it. But let Microsoft continue to focus on things like stability, quality of implementation and large deployments over pushing bleeding edge developments, and let Mozilla continue to provide an independent competing browser and an open ecosystem with a solid basic product and the flexibility to install or even write plug-ins to enhance it as each user wanted.

There's plenty of room for everyone, and there's a certain hypocrisy in arguing for locking down the plug-in ecosystem to prevent the proliferation of substandard clones at a time when both the IE and Firefox teams seem obsessed with chasing Chrome instead of playing to their own strengths and innovating in other ways.

They're not the only game in town any more, though. In fact, one of the things I find reassuring about the recent push to make mainstream software a service is how quickly viable alternatives are springing up.

Not so long ago, if you asked professionals what their alternative to Photoshop or Illustrator was, most of them would say there wasn't one. Certainly not many people who made their living doing graphics work were using the likes of the GIMP or Inkscape.

Today, at least if you're running on Apple gear, you have several promising alternatives available and much cheaper than going the Adobe route. Sketch is probably the most popular in actual use among people I know who do professional web work like logos, icons and banner graphics. Serif also have a new range of packages coming out; I haven't seen them myself yet, but I've heard favourable comments, again from people who do this stuff for a living.

I wonder whether Adobe may have made a serious strategic error here, by taking a significant short term win through increasing revenues with the subscription model but at the expense of long term customer/brand loyalty. Now they've created a ready-made market for smaller, more focused tools made by smaller, more focused businesses that, most importantly, are each as good or better at the specific job they are designed to do as Adobe's incumbents have been.

I'd like to believe that, but unfortunately a significant fraction of the customer base for software appears to be quite happy paying up. Adobe show no remorse over moving to subscription-only with Creative Cloud. Games companies show no remorse about requiring always-online DRM schemes, and little sympathy even when the servers fall over and people can't play their new game on Christmas morning. I assume the amount of money they're making from the people who still pay up outweighs the amount they've lost in customers choosing not to buy (rent?) their new software on those terms.

I hope -- and expect -- that this situation will change in time, as the reality of paying or being literally shut off sinks in, and as people get tired of having forced upgrades they didn't want or need that sometimes make things worse than they were before.

Personally, I would never voluntarily rely on software for anything important where it stopped working completely if I stopped paying. This is the so-called "rental model" for software sales, and can be very customer-hostile -- stop paying and you actually lose something you had before.

However, some software -- particularly system software -- naturally becomes less useful over time unless it receives updates to ensure compatibility with newer things and to protect against newer security and privacy risks. So, my take is that big software companies like Microsoft are missing a huge opportunity right now. I would happily pay a reasonable recurring fee to a software company in return for ongoing compatibility and security fixes, if that meant I could keep using the version of software I actually liked and found useful indefinitely, without having to buy into "upgrades" that might break something. Some of the big names have taken some steps in this direction with various corporate licensing schemes, but these are usually the preserve of big business customers, while smaller businesses and private customers are stuck with off-the-shelf, upgrade-when-it-runs-out software.

There's no commercial need for turkeys like Windows 8 to be rushed out if you have a decent product in Windows 7 and your customers are willing to pay you real money to maintain it for the long term. And as a customer, given some reasonable and clearly stated initial period of support with a software purchase, I don't think it's unreasonable to then provide some more money to the developers in return for ongoing support after that time. After all, software doesn't magically grow on trees, and I'd rather pay them for working on something I value than have them to try force/trick me into paying them for something that isn't really what I want.

You're assuming that most people realise the data is transmitted to any external party at all.

I suspect if you did a random survey of people who had bought Smart TVs, knowing that they had voice and/or image recognition included, you would find a significant fraction of those people assumed it was done by the TV itself and had no idea that anyone else was going to see or hear anything.

So now all you have to worry about is any time you visit anyone else's house and they might have unexpected surveillance running, perhaps not even realising it themselves.

Having ubiquitous devices that have sensors and transmission equipment is fundamentally a risky situation that should be handled with care. It doesn't matter whether it's Smart TVs, or Google Glass, or universal CCTV networks, or the smartphone in your friend/boss/mother's pocket.

Thanks for the reply. I was indeed thinking of running dovecot or something similar as well.

I think my fundamental problem is that I understand maybe 75% of the underlying theory of how the relevant e-mail infrastructure and general Linux sysadmin work. That's certainly enough to figure out roughly which combination of packages I need to install and what should be possible. However, it's not enough to be confident of not getting some of the details wrong and potentially losing data or otherwise bringing the system down.

I mostly work from home and would potentially be running the mail for some family businesses through the same system, so that risk looks like a very high barrier to entry until I can find the time to learn the remaining 25% and make sure the information I've got is all current. That last point seems to be one of the recurring problems with finding good documentation for some of the popular mail-related tools -- many people have written about one aspect or another, but a lot of the case studies are just a little too far out of date to work with recent versions of everything, which is why I was interested in whether you'd written anything up about a system you're currently working with today.

I won't trouble you for any more information right now, as I don't want to waste your time when realistically I probably won't have time to have another shot at this for a while myself, but thanks again, I do appreciate the offer.

Do you by any chance have a more detailed write-up of how you configured your system anywhere? I have no interest in using an external webmail service, but I've been considering setting up some sort of networked mail store so I can read and send from multiple devices while keeping everything centrally for admin/back-up/security purposes. However, that would be a side project that needs to be done in my spare time, and every time I start looking into it, the documentation and UIs I find for relevant FOSS packages usually seem to be either incomplete or so comprehensive and detailed that I find them overwhelming.

I agree with almost everything you wrote there. A month ago, I could watch Flash videos just fine in Firefox. Firefox update comes round, then install a couple of security updates for Flash, and now roughly half the time I play a Flash video the browser locks up and I have to kill the process. Given that I've spent much of this week watching training/conference material on sites using Flash videos, I'm no longer able to use Firefox for work. (Bonus snide remark: If the Firefox team spent more time fixing fundamental architectural flaws that need some real work and less time redecorating for the seventeenth time this week to make my desktop browser less usable but more like a mobile browser no-one uses, at least those hangs wouldn't take out all my other tabs at the same time.)

Something I've written before and will no doubt write again is that if Microsoft actually played to their strengths in terms of long term stability, and then added a transparent fee for continuing compatibility and security fixes after some reasonable initial period of free support so they were making real money in return for keeping things like Windows 7 running indefinitely, I think they would absolutely clean up with business users. Every Apple user I know seems to be fed up of Apple messing up their previously working gear with OS "upgrades". I'm not sure I even know anyone who still relies on ever-changing web apps for professional work any more -- they're obviously popular in some quarters, but software-as-a-service is already over around here, having utterly failed to live up to the hype and proven in practice to be a combination of recurring charges and frequent unwanted minor changes. What do lots of business people I know actually run? Windows 7 and Office (the locally installed version).

People with real work to do couldn't care less about rapid release cycles, agile development processes, and proudly telling interview candidates that you'll push code into production on your first day. They just want software that helps them to do whatever they need to do, and that will still be helping them to do it tomorrow.

I hope you're not recommending OpenBSD as an alternative for better long term support.

More than a year old? You're out of luck.

It is certainly possible that performing very high levels of physical activity is worse for the human body in some respects than performing lower levels. However, this study doesn't support that theory to any statistically useful degree.

Sorry, I misread the figures in the parent post. Actually there were only 36 strenuous joggers studied. Go read the Larry Husten link under TFS, he explains the problem here better than I did.

Look at the small number of participants shown in the original data here, and the conclusion that is being echoed all over the Internet seems dramatically overstated. The original authors acknowledged this and called for further research, as did the editorial accompanying publication, but of course that hardly gets mentioned in all the Internet echo chamber "don't do too much exercise, you might just as well slob around on the sofa" rhetoric.

I can't find a publicly available primary source to cite, but it looks like only a little over a hundred "strenuous" joggers were included in the study, and of those only two actually died. The remaining ones could go jog their normal route and still not travel the length of the error bars here.