Friday, February 8, 2013

Mozilla's direction

Am I the only one who's disappointed with the route Mozilla's taking and left wondering what the direction is? First they killed off the development of Thunderbird because, as we all know, people mainly use webmail these days. Then they presented us their view that the big Certificate Authorities are too big to fail, as CAs gravely violated our trust (c.f. Trustwave and their MitM authority). And "now" they're also blocking the introduction of new formats into their browser because they cannot be the one who innovates. Instead Microsoft and Apple obviously need to take the lead in introducing a format into their browsers because otherwise it wouldn't be useful. Even though it's safe to say that Chrome and Firefox make up for more than half of the desktop browser market share. It might be that Chrome's nibbling from Firefox's, still IE seems to be in decline and Safari is rather a further mention than something many people would care strongly about.

There were of course some valid reasons for not supporting WebP yet. But most of them got fixed in the meantime and all we hear is the referal to proprietary vendors who need to move first. If I'd want to depend on such vendors I'd go with proprietary operating systems. (Having to deal with hardware products of proprietary vendors at $dayjob is enough.) So what's up Mozilla? The solution is to ignore your users and tag bugs with patches wontfix?

The only real advantage of Firefox over Chromium these days is the vast amount of plugins and extensions (e.g. Pentadactyl, for which there is no real equivalent available). Another sad fact is that you need to pull Firefox from a 3rd party repository (even though packages are coming from the 2nd party) to get a current version onto your Debian system to work with the web. But then it's not Mozilla who's to blame here. Maybe we should've introduced one Iceweasel version that's allowed to have reverse-dependencies and one that cannot.

(This post might contain hyberboles, which should be considered as such.)


  1. [quote] another sad fact is that you need to pull Firefox from a 3rd party repository (even though packages are coming from the 2nd party) to get a current version onto your Debian system to work with the web.[/quote]

    Perhaps I'm missing something - but what is the problem with the seperate repo for a non-stable package?
    it's not hard to manage and it keeps Stable, um, stable. Choices are good

    # wget -O- -q | gpg --import
    # also requires backports.list enabled
    # deb squeeze-backports iceweasel-esr
    deb squeeze-backports iceweasel-release
    # deb squeeze-backports iceweasel-beta
    #deb squeeze-backports iceweasel-aurora

    deb squeeze-backports main

    I certainly agree with you about Icedove - KMail is OK, but it's definitely not as featureful. I only hope some nice Debian team is willing to take over the development task and reap the unlimited love it will earn them.

    1. There are several problems with using a separate repository:

      * A user's default choice will be a browser that doesn't work with many of today's websites (e.g. Google Mail), unless he takes extra care to educate himself about the impact of the staleness of the software. As an example: The web browsing kiosks at my university use Iceweasel 3.5 from Debian stable. Obviously the ones who offer this service don't use it themselves as many pages will complain about it.

      * Time-intensive security work is duplicated for an ancient browser to backport the changes or outright skipped because the difference's between the two code bases are too large.

      * If you happen to use a less popular architecture like powerpc (I sometimes use an iBook G4) you don't get to benefit from But granted, there is currently 10 ESR in stable-backports, which is autobuilt for all architectures.

      And we'll ship Wheezy with a Firefox version that will be end-of-life by the time it is released. Despite it being an Extended Support Release.

    2. Blame, in no particular order:
      - The freeze
      - The length of the freeze
      - Debian lack of flexibility
      - Debian lack of PPA-like stuff

      That being said:
      * Whatever version of Firefox ends up in wheezy, it will be end-of-lifed way before wheezy is end-of-lifed.
      * I'd love to give packages for more architectures on, but it's a PITA to automate and my build machine is already spending long hours on x86+x86-64, so adding emulated architectures to the equation is out of question.
      * I would like to strongly encourage people to use stable-backports for their browser, but no-one came up with a solution how to do it.