A Blog From Behind the Trenches

According to Computerworld, security firm Cenzic has released a report showing that Firefox and Safari were the least secure browsers in the first half of 2009. That's the impression you get by simply skimming the article anyway. The actual report from Cenzic only counts the number of security flaws, and concludes that Firefox had 44% of all vulnerabilities, Safari had 35%, IE had 15%, and Opera a mere 6%.

Does that really mean that IE is more secure than Firefox and Safari?

I'm not sure a conclusion like that can be drawn at all. There are other aspects to security vulnerabilities that were not covered, such as the severity, and how long the vendor takes to fix them. Furthermore, security reports sometimes elevate standard crash bugs into security bugs, for example referring to them as "Denial of Service Vulnerabilities".

It's great to see that Opera has a low number of vulnerabilities, and I am confident that we would look good if severity and "time to fix" were taken into account as well. But until the report actually includes those relevant details, it isn't really that useful.

Statistics are great, though. You can make them show just about anything.

According to StatCounter, March was a tough month for Firefox. It dropped 1.73% in Europe (down to 36.81%). On the other hand, IE gained 1.01% (up to 50.15%), and Opera gained 0,55% (up to 7.9%). It looks like Firefox users may actually be switching to IE and perhaps also to Opera, which must be worrying for Mozilla. Is Firefox is more vulnerable to changes in the market than other browsers? As we recall, Chrome actually caused an increase in the number of Opera downloads, and accelerated Opera's desktop user growth.

Read more...

Mozilla won't fix 80% of Firefox 3.0's bugs, says Computerworld. This sounds like a lot, and that is probably true.

However, this is not exclusive to Firefox. All software, including Opera, is released with known bugs. If just about all bugs were to be fixed before release, new versions would be few and far between, leaving users waiting for other bugfixes for a very long time. At some point you simply have to draw the line, and release the new version. New versions will often include many important bugfixes and additions, and many people will benefit from these even if other bugs remain.

One should also realize that browsers are extremely complex programs. They have to handle text, images, audio, plugins, and so on. And they have to handle any strange kind of input from the user or strange code on Web pages.

In an ideal world, all bugs would have been fixed before release. Perhaps if the Web was ideal, with perfect code on websites and perfect input from the user, browsers would be easier to debug. But the real world is quite different. Browsers have to deal with the real Web, which means that there is a huge potential for bugs.

So before we jump on the "bash the buggy program" bandwagon, we should consider for a moment the hugely complex application that a Web browser is (whether it is Firefox, Opera or Internet Explorer), and the benefit new versions bring to a lot of people even if not all bugs have been fixed.

Even applications that may not be half as complex as a Web browser are released with known bugs. It might be right or it might be wrong, but it's how the industry works.

It's the real world.

Part of the OSS (Open Source Software) community is now angrily lashing out at its darling, Mozilla (also covered on digg).

Why?

The Mozilla Corporation wants Ubuntu and Debian to use the Firefox name and logo correctly, and to run custom patches by Mozilla Corp. before including them in their distributions. Naturally, this makes the process of updating the program harder, and it will be a lot more time consuming to include custom patches for these distributions.

Ubuntu and Debian's position is certainly understandable since it creates more work for them, but some of the criticizm against Mozilla regarding this matter seems to be a bit rash.

If I am not mistaken, a trademark is lost if one does not protect it. This means that anyone can create "Firefox" and distribute it as such. The logo itself is covered by copyright which cannot be lost anyway, but the value of having only one official version of a program to relate to is not to be underestimated. (Please correct me if I'm getting anything wrong here.)

Think of a scenario where everyone can create a product like yours and put your name and logo of it. Theirs is a cheap ripoff which gives your trademark and logo a bad reputation. Does that sound nice to you?

Mozilla Corp. is protecting its trademarks and logos because it benefits them (users use their products rather than products pretending to be theirs), and it benefits the users (users know that what they are using is an official Mozilla Corporation product, so they know who is responsible for it).

Now, I am not saying that Ubuntu or Debian would give Mozilla a bad name - not at all. The scenario I mention above is purely hypothetical, but I still believe that this is closer to the reason why Mozilla Corp. is doing this than the various conspiracy theories about how Mozilla Corp. is turning into Microsoft and similar remarks from around the Web...

In the end, Mozilla Corp., Ubuntu and Debian may come to an agreement on how to handle this. Maybe Mozilla will be able to give special permission in some cases, or maybe the two Linux distributions will eventually sympathize with Mozilla Corp.'s position and find a way to handle it anyway.

Protecting a brand is beneficial to the owner of the brand as well as the users/customers, so it is no wonder that Mozilla Corp. takes steps to ensure that their brand is kept intact and exclusive.