Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Mozilla VP Talks the State of Firefox 121

lisah writes "As Firefox downloads pass the 200 million mark, people are talking about how its security features stack up against IE7 and protect against malware. Mozilla VP Mike Schroepfer told NewsForge's Joe 'Zonker' Brockmeier that security will continue to be an issue 'for anything written in native code' but Mozilla intends to meet the challenge by including JavaScript 1.7 with the browser's 2.0 release. Schroepfer also talked about the timeline of future releases and offered just enough information to wet our whistles for 3.0."
This discussion has been archived. No new comments can be posted.

Mozilla VP Talks the State of Firefox

Comments Filter:
  • I believe... (Score:4, Informative)

    by archcommus ( 971287 ) on Friday August 04, 2006 @04:42PM (#15848782)
    It's spelled "whet." Either way the 3.0 stuff is interesting.
    • Why is this a troll? Mod it up! He's right!
    • Re:I believe... (Score:5, Informative)

      by jejones ( 115979 ) on Friday August 04, 2006 @04:49PM (#15848831) Journal
      Something "whets your appetite," and that's probably what the author intended to write. To "wet your whistle" is to moisten your dry mouth (not necessarily to slake your thirst--wetting your whistle doesn't go that far), and has nothing to do with making someone eager for anything... but maybe the author was thinking of something like

      "After a long day of coding, I like to kick back and sip an ice-cold bottle of Mozilla..."?
      • Ah, good catch... I didn't go back and reread the original post before replying that he was right.
      • Re:I believe... (Score:2, Insightful)

        by lisah ( 987921 )
        I thought it was "whet" as well but deferred to this site:

        http://www.takeourword.com/TOW114/page4.html [takeourword.com]

        for the final answer. I also prefered "whet" as in "stimulate" (always a good thing) but went with "wet" since it seemed to come first in the days of olde. At any rate, I spent more time looking up that than anything else pertaining to the submission 'cause I know you guys are all about the details. ;-)

        Now, I will go wet my whetstone and whistle while I do it.
      • To "wet your whistle" is to moisten your dry mouth (not necessarily to slake your thirst--wetting your whistle doesn't go that far), and has nothing to do with making someone eager for anything... but maybe the author was thinking of something like

        Actually it refers to litrally blowing on a whistle embedded into a beer mug to alert the waitress that you need a refill. Similar in style to modern day snapping your fingers for service. Perhaps rude today, but commonplace earlier in history.

        • Actually, not everyone believes that either [takeourword.com]. The bottom part of the page is the relevant part:

          Even when it is acknowledged that the correct form is wet your whistle, odd stories about the origin of the phrase continue. The ever-popular one is that mugs or tankards formerly had whistles baked or built into them, so that pub patrons could whistle to the bartender when they were ready for a refill. Apart from some modern creations, no such mug or tankard has ever been found, nor has any historical reference

      • "After a long day of coding, I like to kick back and sip an ice-cold bottle of Mozilla..."?

        Actually, there was a time a few years ago that you could brew up a cup of Mozilla [hyperborea.org] to keep yourself going through that coding session. Sadly, the company that used to do it (and contributed a percentage of his profits [mozillazine.org] to Mozilla) has long since closed up shop [spreadfirefox.com].

    • "Wet your whistle" is correct. It means "to have a drink", not to anticipate a (in this case, metaphorical) drink. The poster probably meant to say "whet your appetite", as that would be appropriate in this case.
    • Either way the 3.0 stuff is interesting.
      Uh, where did you read about the 3.0 features? I can only find a very short comment on something about bookmarks.
    • common hypercorrection. no. it is wet. in fact, the phrase predates "whet your appetite" by centuries [phrases.org.uk]. to whet means to sharpen (as in to make keen, like a blade or a sense, not sharp like a musical note). you cannot whet your whistle, unless you mean to take the metallic instrument to a grindstone to turn it into some insane woodwind weapon. :-)
    • The correct phrase (in the dictionary) is actually "wet your whistle", "whet" means sharpen or intensify desire. Also sharpen a tool. Just my contribution to all those "Internet English Professors".
  • Security? (Score:5, Insightful)

    by remembertomorrow ( 959064 ) on Friday August 04, 2006 @04:43PM (#15848785)
    As long as people are running programs from administrator accounts, there will be far more security problems than there should be.

    Maybe when Vista comes out (circa 2020 AD) and becomes widespread, this problem will be alleviated a bit. Those of us using other OSes (Linux, MacOS, etc.) are fine at the moment.
    • AD 2101 Vista was beginning...
      • Someone set up us the COM!
      • Nah, they'll just start an entirely new date system. Expect DNF to be released around 2 AV. Or Vista will be out 2 BDNF. If they aim for a 0 AV release, they can't be late!
        • So, in your calendar system, there will be a year zero?

          (there is no 0BC/0AD it skips from 1BC to 1AD)

          http://en.wikipedia.org/wiki/Year_zero [wikipedia.org]

          Yes, it's strange from our perspective, but keep in mind that we now have a concept for the mathematical value of "zero" and not all ancient cultures dealt with anything but positive whole numbers.
          • Well, it was a joke, but you can't easily release Vista (or DNF) one year prior to or after "0". In any case, I didn't come up with the calendar back when zeros hadn't yet been thought up (zeros not existing would just be too ironic).
          • Of course there should be a year zero ... It's the year during which enough updates are released to turn vista from a publicaly sold beta to a fairly usable OS!!
    • As long as people are running programs from administrator accounts, there will be far more security problems than there should be.
      Actually, in the Windows version, automatic updating of Firefox depends on Firefox being run with administrative priviledges. When running as a restricted user, I am not even informed about the availability of new updates.
      • Odd. Because I run as a non-administrator on Windows and I am not only informed of updates, but also able to install them (which would bother me if it was for any software besides Mozilla software). The same thing applies to Thunderbird too. I can't install new versions of them, but I can update them.
        • I run as a non-administrator on Windows and I am not only informed of updates, but also able to install them


          So there are three possibilities:
          1. Your normal program file location is writeable for normal users. Bad.

          2. You did not install your Mozilla software to the normal program file location. Messy.

          3. Your PC runs some kind of a Mozilla update daemon which has system priviledges. May be better, depending on personal taste.

    • Re:Security? (Score:3, Interesting)

      by Emetophobe ( 878584 )
      I run windows as an admin since it is much easier (iTunes is broken as a limited user, you can't sync your ipod unless you're an admin. This is just one of the dozens of problems you will encounter trying to run windows as a limited user). I use SysInternals' PsExec [sysinternals.com] to run certain programs as a limited user while I am logged in as an admin. For example, all my firefox shortcuts look like this: psexec -l -d "C:\Program Files\Mozilla Firefox\Firefox.exe".

      PsExec allows you to run a process under alternate cred
      • I use SysInternals' PsExec [sysinternals.com] to run certain programs as a limited user while I am logged in as an admin. For example, all my firefox shortcuts look like this: psexec -l -d "C:\Program Files\Mozilla Firefox\Firefox.exe".

        If you use the same method to launch Firefox Preloader [sourceforge.net] you'll ensure that Firefox always uses limited privileges, avoiding the possibility of a clicking a hyperlink from another application and invoking Firefox with admin privileges.

      • I sync my iPod every morning as a limited user.

        JOhn
      • You're going about this the wrong way. You may forget to run a program as a lesser user, and I have limited faith in the sysinternals app from having things "break out" and run as the regular user. What you should be doing is running select applications that need more priveledges as super user, and be logged in as a limited user. This is how almost all linux/non-windows operating systems are set up.
        • >I have limited faith in the sysinternals app from having things "break out" and run as the regular user.

          You describe the ideal situation, but hacks are written to exploit the browser, not the browser plus sysinternals, because that is a rare combination.
      • This is an interesting example of the differences between Windows and Unix

        In *nix you run as a limited user and only those processes which need administrative right you grant with sudo
        In Windows you run as an administrator and then those processes which could be potentially dangerous you run as a non-privelaged user

        I'm sure even the most average user could tell which of these two practises are the most insecure. (And yes, I run Windows as an administrator and Linux as a limited user)
        • "I'm sure even the most average user could tell which of these two practises are the most insecure."

          The grammar rule from long ago is to use "more" when comparing exactly two things, not "most."

          Also, I'm wearing my new pinpoint Oxford shirt today!
    • Maybe when Vista comes out (circa 2020 AD)...

      Dude, didn't you watch History Channel last night? The Maya say the world will end in 2012, so we'll never see Vista. (heh, never see the vista. Now that's a vista wasted)
    • So I suppose you don't mind if malware deletes your home directory...
  • by User 956 ( 568564 ) on Friday August 04, 2006 @04:44PM (#15848793) Homepage
    As Firefox downloads pass the 200 million mark, people are talking about how its security features stack up against IE7 and protect against malware.

    Protect against malware? They're bundling with it! [blogspot.com]
    • No no no! Haven't you been paying attention? It's the other way around. Right on the site it says this:
      Forbes reports that RealNetworks, the creators of the (un)popular media player RealPlayer, have signed a two-year agreement with Mozilla to bundle Firefox with its software
      Not the other way around.
    • "They" aren't bundling with it. Real Player is bundling "them" with itself.
    • But for some reason you give Apple a free pass.
    • Real Player is bundled with Firefox, not the other way around.

      This just means that Firefox will get users from Real Player user base, from those who don't already use it. It doesn't mean that Firefox will from now on delivered with Real Player. It might get some bad reputation for Firefox, but on the other hand it will get some reputation for Firefox and marketing is what OSS projects are usually missing badly. All the techies should know that this doesn't affect the Firefox product quality at all and other
      • It might get some bad reputation for Firefox

        I think that's exactly what a lot of people are concerned about. When you lie down with dogs, sometimes you end up with fleas.
  • by Billosaur ( 927319 ) * <wgrotherNO@SPAMoptonline.net> on Friday August 04, 2006 @04:45PM (#15848800) Journal

    Isn't that near Nevada? Or maybe Montana -- my geography's not good.

    • by Anonymous Coward
      I think it's North Carolina's Portugal.
    • Oh, come on. Everyone knows where it is. We all had to study ancient civilizations like Phoenix and Firebird in grade school, and they were located on the same land as the modern state of Firefox.
      • Oh, come on. Everyone knows where it is. We all had to study ancient civilizations like Phoenix and Firebird in grade school, and they were located on the same land as the modern state of Firefox.
        And the State Capital is, of course, Springfield. You may not find this in older textbooks or in Encyclopedias but I'm sure a source like Wikipedia would have an in depth article on its elephant population if nothing else.
  • They nailed it (Score:5, Interesting)

    by quokkapox ( 847798 ) <quokkapox@gmail.com> on Friday August 04, 2006 @04:47PM (#15848818)
    Security is no longer a concern with the Firefox installs I've set up for various family members. Firefox updates itself now, painlessly and seamlessly, and often within a day or two of serious security alerts. I wouldn't be surprised if some exploit gets announced over the weekend and everyone is on 1.5.0.7 by Tuesday morning. That is still way better than Microsoft.
    • I'm running Firefox 1.5.0.6 now, but since I use a livecd linux, I'll have to put it in there when I can. (automatic updates won't work on livecd linux)

      Right now, I just set it up in /ramdisk, and change the preferences as I want, for my ~./mozilla

      I run it from a user shell (knoppix) and here I am.

      My latest CD has Firefox 1.5.0.5, and I checked Mozillazine and found that the upgrade is mostly because of a flaw affecting Windows Media Player. Probably something else, too, but I guess they automatically make
  • "It's not hard to remember the days when sites using JavaScript would function properly only in Internet Explorer or Mozilla/Netscape"

    I must have missed these "days" they speak of. I can't remember a day going by without seeing a JavaScript error being thrown in ANY browser.
  • I can't wait until IE 8.0 comes out. And all the nice features that it will implement. Oh wait...

    I think another sticking point here is that we not even know for certainty that Firefox 3.0 is in the works, but what things are mapped to go into it! Can MS speak the same on IE 8? I really think that IE is looking to get another butt-whoopin'.
  • I hope Mozilla/Firefox can maintain security without adopting a restricted "protected" sandbox mode ala IE 7 on Vista. I use a simple HTML homepage stored locally on my PC and Vista's method decides to segregate it from other browser windows, making it near useless in its basic purpose. It seems like a lazy way out on the issue at the expense of convenience for the user.

    Keep Firefox its own entity, don't copy this "feature" designed to bludgeon-patch IE's giant flaws.
  • From TFA: Schroepfer also predicts that security will continue to be a problem "for anything written in native code," such as C and C++. For example, he notes that security problems caused by memory issues have evolved over the years; from stack-based exploits, to heap-based, to null pointer exploits.

    From http://vsftpd.beasts.org/IMPLEMENTATION [beasts.org]: The correct solution is to hide the buffer handling code behind an API. All buffer allocating, copying, size calculations, extending, etc. are done by a single piec
    • "Can somebody please tell me, why are we still having this discussion?"

      MOD PARENT UP!!!!

      I've been hearing about buffer overflows almost all of my long life! Let's have the OpenBSD [openbsd.org] (secure by design) people write one routine for buffer handling for each language and make everyone use it. Save people from boredom and frustration.
    • as far as I can tell, performance, performance, performance. Although the performance hit is negligable, in marketing speak not many people care about security by design, whereas people will certainly notice if their application is slower because every time an array element is read/written to it has to be checked for whether it is out of bounds of the array.

      Hopefully with computers getting faster these kinds of issues will take a back seat. I already write most of my code with my own little buffer handling
    • Firefox has had relatively few security holes due to buffer overflows. Most of the recent holes in Firefox have been dangling pointer dereferences or JavaScript privilege escalation bugs. The dangling pointer dereferences, in turn, have mostly been garbage collection hazards or bugs involving non-reference-counted layout data structures called "frames".
  • Since one of the updates earlier this week I am getting some kind of memory leak problem with Firefox, suddenly its hogging resources to the point where I have to kill the process. Seem to remember this was an issue at some point in the past but I thought it was history. Anyone else seen this again over the last week?
  • Firefoxpacks (Score:1, Redundant)

    by Doc Ruby ( 173196 )
    I've downloaded Firefox myself at least 40 times. And not for every version, certainly not the first several releases. And not including the automatic updates.

    If Firefox counts all those in the 200 million, there's probably less than a million people downloading.
    • Re:Firefoxpacks (Score:3, Insightful)

      by dvice_null ( 981029 )
      I have 4 computers that have Firefox installed on them. All those computers use Linux, so those installations are not counted at all. There are also loads of websites which offer Firefox downloads for their users, those are not counted either. And then we have companies that might have thousands of users and the it-staff propably downloads Firefox once and then copies that to all the computers. That is propably 199 million more downloads.
    • Re:Firefoxpacks (Score:5, Interesting)

      by Kelson ( 129150 ) * on Friday August 04, 2006 @05:52PM (#15849143) Homepage Journal
      I've lost count of the number of times I've downloaded Firefox, but I can also say that each Windows download has gotten installed on roughly 10 different computers. So you subtract some, and you add some, and eventually you lose any hope of having a useful estimate.

      The downloaded count is a simple metric that tells you that there's still a lot of interest int he product. It's easier to determine than the number of times it's been installed, the number of copies in use, or the number of users.

      The number means what it means. Trying to translate from #Downloaded to #InUse is pointless.

      (Incidentally: no, automatic updates are not included in the total. And IIRC there was some effort made to avoid double-counting manual updates, like not counting downloads made using Firefox. I don't remember exactly.)
    • Well, a couple of years ago I've downloaded it once and installed in about 50 computers. I even got a GMail account for it when it was still a "zomg zomg you have a GMail account you must get me one!!!111one111" craze. So we are way more than even.
    • I work in a whitebox store. When we clean a customer computer we will always instal firefox from one of several CD's that get burned for each release, they also have other utilities that we use. In the lsat two years I have installed Firefox on at least 300 boxes, with only one download for each release.
    • Mitchell Baker, Mozilla's "Chief Lizard Wrangler" cited the company's install base at 40m-50m in an interview a couple of months ago.

      link [telegraph.co.uk]
  • Lets just be honest for a moment, IE is the dominant web browser as it is preloaded on 90% of the worlds PC's before they are sold.

    As a web developer, clients are generally only interested in what their site will look like under IE. Even graphic designers who use Macs only ever check what the site will look like under IE for the Mac. (Or maybe IE for the PC when it looks shit on IE for the Mac and we explain why).

    Mozilla is working long and hard to try and make some inroads into this. And the best thing the
    • If you're the web developer then isn't it your job to make sure that the site works well in Explorer and Firefox and Opera?

      You're the expert; why wait for a client to tell you they need their stuff to work on Opera? They might not even know Opera or Firefox exists. If I hired someone I would assume they'd make it compatible with all the major browsers without me having to explicitly say so. Besides, Opera seems to render contents very true to HTML/CSS standards (more than Firefox and Explorer, in my experi

    • I know, "don't feed the troll" and all, but I disagree. It's important to respond to troll so that their lies do not stand without any objections.

      So I honestly think that regardless of which is the better browser the best thing to encourage a more diverse web, with more sites optimised for a more general platform rather than just IE would be if the Opera devs just packed it in and started contributing to mozilla / firefox.

      Yeah, who needs choice? It's not like anyone needs Konqueror or Opera. But hold on

  • Latest update is bugged.

    Clicking links wont work anymore.

try again

Working...