Understanding the Corporate Impact

Update: I’ve done two other posts on this, Why Do Companies Stay on Old Technology? and Why Do Companies Need Time to Deploy Browsers?

This comment on my previous blog post from John Walicki is so important, everyone needs to see it.

I have 500,000 corporate users on Firefox 3.6. We just completing a test cycle of Firefox 4 on many thousands of internal business web applications. Many hundreds of application owners and their test teams have participated. We gave them several months to ready themselves. We worked with dozens of internal Add-On developers and product teams to prepare their add-ons for Firefox 4. We’re poised to deploy Firefox 4.01 in 3Q when the corporate change freeze lifts. Education programs, documentation updates, communications all are planned. While several of us keep up with Aurora, I can’t expect thousands of app owners to do the same. I applaud the effort to accelerate the pace of Web experience and I expect to chase version releases well into the future. The Firefox 4 EOL is a kick in the stomach. I’m now in the terrible position of choosing to deploy a Firefox 4 release with potentially unpatched vulnerabilities, reset the test cycle for thousands of internal apps to validate Firefox 5 or stay on a patched Firefox 3.6.x. By the time I validate Firefox 5, what guarantee would I have that Firefox 5 won’t go EOL when Firefox 6 is released?

Are you starting to get the picture? And if that didn’t make it clear, here’s someone else from another very large company (>150,000 employees) that deploys Firefox:

I’ve been wearing the same corporate hat all day and beating my head on the desk. For most corporations, the technology is a tool for accomplishing their core competency and the business drives the technology. Being faced with deciding which is more important: security updates or the critical production web application needed to manufacture your product is not a happy place to be. A more stable release is needed when you are looking at large corporations with millions of pages of web content (sites, applications, etc.)

While the rapid release process sounds great, it’s an absolute fail for large deployments of Firefox.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply to Mike Kaply Cancel reply

Your email address will not be published. Required fields are marked *

420 thoughts on “Understanding the Corporate Impact

  1. To me, this seems like a problem that could be solved relatively easily.

    Currently we have a number of channels that move at different speeds, having a “legacy” channel that updates less frequently, but stays maintained for longer might be worthwhile for corporations (as well as stick-in-the-mud, “I’ll upgrade my apps when I want” users)

    The concept being that there would be a fixed release schedule, say one every 9 months or so, that would receive important security fixes after release (and nothing else) and stay supported while the other rapid-release channels would age much faster.

    The stick-in-the-mud channel might be as simple as pulling the latest “release” channel build when scheduled, and ensuring that some resources are devoted to back-porting exploitable vulnerabilities when needed. Corporations might be expected (although not forced) to donate to keep this service alive, lest it die of lack of interest.

  2. I was thinking about this yesterday and came up with the idea of mirroring the Ubuntu LTS strategy for Firefox. That is, maybe every 4th (or 6th, or whatever) Firefox release could get the Long Term Support stamp, which would mean that it would receive security updates until the next Firefox LTS release happens. That, to me, seems like a sane compromise.

    Of course, it wouldn’t be completely out of the question for large corporations that actively use Firefox to actually pitch in and help maintain such a setup. It being open source and all that. I’m not sure how the numbers look in terms of developers that contribute to Firefox on company time where the company isn’t Mozilla Corp.

  3. Yeah, it’s the same for my company, if on a smaller scale – time spent certifying compatibility with FF4 has proven a complete waste of time. It may be that the differences between 4 and 5 are small, but that doesn’t really register at a management level – it’s a major version change, so it needs re-testing.

    For what it’s worth, I don’t think the rapid cycle is unmanageable in this regard. But when 4 came out and we started testing it, nobody had a clue that it would be obsolete in just a few months time. I saw hints that the gap to FF5 would be shorter, and talk of “Aurora” (whatever that might be), but the release this week just came from nowhere. “Blindsided” is the word that comes to mind… it’s a major communications failure…

      • Gosh your comment reminds of the Vogons in “Hitchhiker’s Guide to the Galaxy”:

        There’s no point acting all surprised about it. All the planning charts and demolition orders have been on display in your local planning department in Alpha Centauri for fifty of your Earth years, so you’ve had plenty of time to lodge any formal complaint and it’s far too late to start making a fuss about it now.

        What do you mean you’ve never been to Alpha Centauri? For heaven’s sake mankind, it’s only four light years away you know. I’m sorry, but if you can’t be bothered to take an interest in local affairs that’s your own lookout.

        • If part of your role is to certify software for corporate distribution, surely this just makes sense? Mozilla.org isn’t a secret and is hardly as inaccessible as Alpha Centauri!

      • I *do* follow Planet Mozilla, which is how I spotted this blog post. But even following that, I believe it wasn’t at all clear just how quickly FF 5 was going to be arriving. Plenty of talk of a shorter release cycle, but I was anticipating that to mean annual releases, or bi-annual at the most. Not every three months!

  4. Precisely. Thanks for that post.

    Just as a reminder: years ago, I was the main contributor for the corporate Web and Web Software internal policy at Electricité de France, a 140,000+ employees company. I am 100% sure the person holding my former role there does not see Mozilla’s faster release process in a good way, precisely for the reasons outlined in your article.

  5. Mike, you do realize that we get about 2 million Firefox downloads per day from regular user types, right? Your “big numbers” here are really just a drop in the bucket, fractions of fractions of a percent of our user base.

    Enterprise has never been (and I’ll argue, shouldn’t be) a focus of ours. Until we run out of people who don’t have sysadmins and enterprise deployment teams looking out for them, I can’t imagine why we’d focus at all on the kinds of environments you care so much about.

    – A

    • You can’t play the marktshare card. Because even years ago when supporting enterprise meant getting a lot of marketshare, Mozilla didn’t care.

      Enterprise is a simple technical problem. If MoCo would simply throw a few resources at it and try to solve it, we wouldn’t be having this discussion.

      • Years ago, we didn’t have the resources. Today, I argue, we shouldn’t care even if we do have the resources because of the cost benefit trade. A minute spent making a corporate user happy can better be spent making many regular users happy. I’d much rather Mozilla spending its limited resources looking out for the billions of users that don’t have enterprise support systems already taking care of them.

        • An argument that conveniently ignores that what makes corporate users happy might also make regular users happy. This version number march is going to be pretty fascinating to watch unfold for those of us on the outside looking at the impending train wreck.

        • So you are leaving us to blind faith that Mozilla has taken due diligence to release a perfect build every single time?

          Been burned by that many times already….

        • This attitude has me very concerned. We’ve been using firefox since 1.x, in a K-12 Public educational institution.

          But we’ve always been frustrated by the lack of a convenient method to centrally manage it in a cross-platform manner.

          And now, new releases at such a rapid pace, with short shrift given to enterprise deployments, as well as third parties supporting Firefox on their commercial and non-commercial websites.

          Let me lay it out for you. Vendor X some years ago sees the uptake of Firefox and FINALLY starts supporting it, and hopefully sees the benefit of coding to a published standard rather than a product or platform. If the rapid release cycle breaks their sites compatibility, it will mean much more development work much more frequently, and likely a strong motivator to stop supporting FF. Vendor (understandably) decides it’s just not worth it and starts testing user-agent strings again, blocking Firefox from accessing their content since it makes their site “look bad”.

          We have a TON of Linux systems deployed now as student workstations, and IE is simply not an option.

          Sorry dude but your attitude is amazingly short-sited, and just a “little” arrogant.

          Those of us supporting Firefox in an enterprise environment would very much appreciate your not throwing us all under the bus.

          This would be so easily solved by adapting as one other poster mentioned something like the Ubuntu LTS strategy. And adding a framework for platform-agnostic, centralized configuration control would be HUGE.

          • EXACTLY!

            stuff breaks. the big-time vendor “Log Me In” has not yet released a fully-functioning (proxy issues) plugin for FF4 yet. now it’s onto 5?

        • asa – i am a corporate user at work, we use IE6, STILL, because it had such a long, useful, supported life. now moving to IE8.

          but as a consumer? i DONT want short releases! i have to “support” my family & friends. i just set them up w/ FF4…i cant try to research and study FF5, 6, 7, X, all in the next year 6-12 mos. not my idea of fun.

          what do you gain by release major point releases this often?

        • Except that you’re also pissing off ordinary users and addon authors (which in turn pisses off ordinary users more by breaking addons for no reason every few weeks).

          This is just a stupid idea and only people inside Mozilla can’t see that.

        • Average user who goes to office(School, college, corporate..whatever) uses web as much as regular user. (they access everything from social network to internal sites) Enterprise needs are different…absolutely true…But instead of running from problem, why not address it ? Similar to Ubuntu…LTS concepts should work ? Or building echo system outside Mozilla such that people like Kaply find it easier to deploy FF on corporate network,

          I know lots of enterprises started using FF just because people loved it, employees loved it. since these “employees” use FF at their place.

          Several time these “employees” put proposal to management to allow using FF in office…and making internal IT software to be compatible with it…I know a several thousand employee organization doing it 🙂

          Hope MoCo gives another thought to this.

        • When corporate users go home at night, they are regular users. It’s sometimes painful to use different software for the same task. I know lots of people using the same browser at home as in their job, because it’s the only one they know, or because they don’t want to learn how to use another software for the same task.
          People spend lots of hours at work. Would be sad they have no choice but using IE the whole day long because microsoft is the only company which care about entreprises.

          • I’m sorry, but anyone who knew enough to install FF is savvy enough to figure out how to use different browsers at home and the office.

            On a side note, it’s nuts to try to support 500k users on a browser with sketchy support. I *hate* IE, but there is no way I would expose a company to that kind of risk.

        • You are missing something…

          Firefox it the most used web browser in Europe ?

          Do you know why ? Not about users but about administrations.

          All schools, university use Firefox as default browser… (student, personnal, …).

          With this new policy, switching to something else seems to be urgent…

        • This is the problem with you guys. You don’t have “corporate users” and “users”, you just have users, and you don’t listen to any of us. Glad you’re making that browser just for yourselves, because you’ll be the only ones still using it soon.

    • Asa,

      Very curious about Mozilla’s dedication to security threats if you don’t care about Enterprise systems. Are you stating that Mozilla will be the end point for all SecDev on your software? Even MS cannot attain such a feat and rely upon Enterprise to discover issues as they pop up. Firefox releases have in the past been spotty. If I remember right, you nearly crippled your user base with a poorly developed Javascript parser a few releases ago, that took ages to fix. “Enterprise” was forced to backtrack several releases to fix your problem.

      Your only net gain on this is alienating your corporate/government base and loosing them. Which… BTW… Funded Mozilla… I’d imagine that your funding stream would slowly trickle to a halt if you continue with this kind of attitude.

    • If that’s your attitude, then it’s time to dump FF as an enterprise tool and go with a browser that is more business-friendly.

      Which, as painful as it is, probably means IE.

    • > Mike, you do realize that we get about 2 million Firefox downloads per day
      > from regular user types, right? Your “big numbers” here are really just a
      > drop in the bucket

      Asa, where do you get your arrogance from that you say IBM doesn’t matter? Last time we chatted, you planned to farm goats.

      First, the 2 millions are probably not new users, but also updates. Second, IBM also writes software. In fact, IBM used to be or is a big contributor to Mozilla. IBM *owns* part of Mozilla. You simply have no right to say that their problems don’t matter.

      Such arrogance makes the news and is extremely bad PR for Mozilla. Watch the news articles, some of which have pingbacks here. Other companies pay big amounts to get a foot in the door, and you kick these users out.

      Wanting to use one major version of a software for 2-3 years is not unreasonable. In fact, even I am getting tired of updates, and I am a Mozilla developer.

      You talk about “one dollar spent”. How much dollars would it cost to maintain a stable branch and backport security fixes to it? My educated guess (I have a bit experience, as you well know) would be less than 1 million per year. Compare that to how much Mozilla Corporation spends currently, and how many of your users are in companies. I think this will show how single-minded and short-sighted this is.

      I am all on your side to ignore corporate users when they make unrealistic demands or demands that are against private end users’ interests. But we’re not even talking about that.

      It was never reasonable to run after only one competitor, be it AOL, Microsoft or Google Chrome.

    • Oh yeah, we all know that the true reason IBM has chosen firefox as its default browser is a strategic move to counter Microsoft’s browser dominance in the market, and the influence it has on the web. Big UNIX corporations are tired of windows dominance on the desktop computer market, and they are countering it as fiercely as they can. Mozilla might not be that enterprise aware or enterprise player, but they are sure a much more strategic partner than Microsoft. Besides that, IBM can, if it wants, to support an own version of firefox, it has the resources, but it just want to invest its resources on the more profitable services and products in the industry.
      Maybe this is a wake up call for the Big Blue, that a community browser should be made, maybe a branch of firefox, maybe a browser using gecko engine, like Camino in Mac OS, but definitely, I have the feeling Mozilla will suffer the consequences of its short commitment to the enterprise in the mid term or even the short term.
      “Until we run out of people who don’t have sysadmins and enterprise deployment teams looking out for them, I can’t imagine why we’d focus at all on the kinds of environments you care so much about.”
      SysAdmins manage servers, services and the software their users uses, we don’t develop browser add-ons, web intranet systems, or has the power to make a software vendor company to change its whole product because Mozilla guys decided to make a major improvement instead of a minor release. Honestly guys… really disappointed, you downplayed the enterprise and the sysadmins role and our influence on the IT industry and its feature. Today the world is becoming more and more enterprise like, and let me remind you that we, big enterprise, make the big investments that have supported IT technology evolution, past, present and future. We big companies manage and sell SaS that power the big industry business, we, not only Big Blue, have the greater influence on IT future, than you, smaller companies who develop pieces of technology today, so what if the browser, http/html/css/flash is the heart of the client side web ? It might not be from 10 years on, or even less, specially if companies like you keep downplaying the enterprise card. Don’t overestimate your power of influence your decisions has on the future and the way IT interacts in the internet, otherwise if you keep making bad decisions like this, every big industry player will try to downplay you and the power of impact your technology has in the whole industry. ( So true..)

      The enterprise IT use and technology is rising rapidly again, ride on that wave, don’t dodge it, and it will surely help you with your product, but seems like you care most with the “2 million daily download clicks”, mark, oh well, I wish I had no read this news today, wish it had not happened, what a shame to me, and open source advocate, longtime UNIX user, I used mozilla since its first release, and it was like a hope for the internet freedom and freedom of choice, I really miss the netscape days!!
      NetScape would never have downplayed the enterprise card like you did this month, never ever. Awaken your enterprise side spirit, otherwise you might just become a domestic centric company, competing mainly with google chrome, and IE might increase its market share again.

      I think I will use lynx today in honor to the UNIX principle:
      KISS, but today with a different meaning;
      Keep It Stable Stupid

    • It is true that enterprises are only a a tiny tiny piece of the user base, BUT the most visited websites are developed
      for this tiny tiny piece of the user base. So when they are unable to use a recent firefox-version within their enterprise, they are likely not giving firefox much focus.

    • What arrogance! You get 2M downloads per day now. That doesn’t mean you will continue to do so if Mozilla keeps up with this insanity. I didn’t upgrade from FF4 to FF5, much less FF6 beta, due to extension compatibility issues. No more security updates for FF4? No problem – I’ve stopped using your browser. And I’m not the only one. I wonder how long your extension writers are going to hang on before they give up? No extensions? More users jump ship.

      You want to give your users — regular users, not the corporate types you seem to despise — the finger? Fine, we’ll give it right back.

  6. As for John’s concern, “By the time I validate Firefox 5, what guarantee would I have that Firefox 5 won’t go EOL when Firefox 6 is released?”

    He has the opposite of guarantees that won’t happen. He has my promise that it will happen. Firefox 6 will be the EOL of Firefox 5. And Firefox 7 will be the EOL for Firefox 6.

    – A

    • You don’t see just how retarded this all is? Bumping the MAJOR version number every 6 weeks? What is the point? To get all those end users all excited every month and a half because they have a major release of FireFox to much around with? Guess what, they don’t care. My wife could care less, as long as it works for what she needs it for.

      So you guys are happy with the fact that in 18 months, we will be at Firefox 15? And 18 months after that, Firefox 25?

      I can see following a schedule to send out major updates in terms of functionality support, but seriously, someone needs to get a reality check in this department.

      How about you just bump the MINOR version number every 6 months, and the MAJOR version number every 12 months.

      And once a MAJOR version is considered stable, have a Long Term Support release that will continue to get security updates and fixes for the next 12 months so so. Corporations can stick to say 5.1 and get security updates, and all those end users who love their Firefox updates can get 5.2, 5.3, 5.4 through to 5.20.

      At the end of the day, a single, supported version for long term support is pretty damn important, even for end users IMHO.

      • I think anyone would be hard pushed to argue that it’s not a marketing ploy, your wife may not care, but that’s just it, she doesn’t care, may as well be version 103. Meanwhile to people who do care, it matters a lot in the fight between Firefox and Chrome.

        The best solution is to explain this to management overlords; they grasp the concept of marketing right? And meanwhile judge for yourselves if it genuinely needs verbose retesting, based on change logs and info coming out of Mozilla.

        I’m not saying it’s ideal, but asking Mozilla to go back on a change that’s aimed at reclaiming it’s agile image is only ever going to fall on deaf ears.

      • It’s depressing to see people talking so loudly here without even a basic understanding of the new approach. Go read http://mozilla.github.com/process-releases/draft/development_overview/ AIUI, there is no MINOR and MAJOR any more. A “release after the next release” is already in progress right now. Because of time-based releasing, *nobody knows* with certainty what features will be in it. Maybe a bunch of amazing features from https://wiki.mozilla.org/Features/Desktop will be in it, but maybe features already in its Nightly builds will be dropped in the Aurora or Beta phase. Maybe by the time it becomes the new Firefox release it will only have lots of bug fixes and some polish. So demanding that marketing get involved late in the process to name it 7, 5.2, or 6.5.1 doesn’t make much sense.

        • This is the problem with Agile processes I think. People are more concerned about following the process than creating a product. It may be a modern style followed by some groups but it’s not necessarily a better style.

          The problem here is that Mozilla has not just announced End of Life one some particular versions, but that they’ve announced End of Life on Mozilla itself. They’re going to be losing customers at a massive rate. Alienate the corporate users and you’ll alienate home users. It was a nice run while it lasted though. And when they die off they’ll give their last gasp of “at least we were Agile…”

          • Hahaha
            «Alienate the corporate users and you’ll alienate home users»
            Yeah, that must be why Apple are doing so poorly

          • I don’t see how we’re going to loose home users because of rapid releases. I think silent updates are a good thing for most of the people, since they don’t want to be bothered (and they shouldn’t be bothered by default). Those who do want to get a notification about updates can set this option in the preferences. I can only applaud for the more frequent software updates rolling out of Mozilla and hope the user (with default settings) sees as less as possible about the fact that an update was installed. Ideally nothing, just a feature-wise experience that some cool new website works.

            But all (or most) of those home users also have a job and and some of them spend a substantial amount of time surfing at work. It would be a loss for Mozilla if everybody at work uses Internet Explorer simply because Mozilla does not take the extra effort of maintaining an extra LTS channel.

      • Agree w/ this. As a non-corporate user new bells and whistles still get under feet and detract from ff’s usefulness to me. As for my wife, well she prefers the appearance of stability anyhaw.

        Slanting your development cycle to the part of the user base that has to have the latest and greatest every 6 weeks may blow up in your face: this group is notoriously fickle.

      • >”Guess what, they don’t care. My wife could care less, as long as it works for what she needs it for.”

        Professional web developer here, and I care. Web technology moves fast, and waiting for corporate IT to catch up is what we’ve been doing for the past 40 years in IT. Also, what makes you think that Mozilla cares about your wife? This is about getting better technology in the hands of developers AND users faster.

        Also, you’re kind of missing the point of OPEN SOURCE SOFTWARE.

        >”And once a MAJOR version is considered stable, have a Long Term Support release that will continue to get security updates and fixes for the next 12 months so so. Whine whine whine…”

        If you want this, DO IT YOURSELF. Actually, you could probably get together and share it with others. If you’re that invested in Firefox, hire a developer or three to backport patches from newer versions and run those through your dinosaur deployment cycle. You should have automated software testing set up by now; there are so many tools available to help you.

        OR you could switch to Google’s browser (Google is, by far, the biggest customer for Mozilla)…OOH WAIT, THEY DO THE EXACT SAME THING.

        Go cry back to Internet Explorer. I hear 9 is good…but it sounds like you still run 6.

        • Interesting perspective. As a web developer myself, I actually have concerns about the ever-accelerating rate-of-change going on in Browser War 2.0.

          Maybe you don’t care if your sites work for most of your users, but I do. And, right now, 50% of the Firefox users of the site I work for now use FF 4. The other 50% still use 3.x variants (and even a few 2.x here and there). I don’t have the luxury of assuming, even if Mozilla and Chrome DO step up their development cycles to add new features and release new versions every 6 weeks, that my users will actually be upgrading (in part because of the enterprise users this blog post addresses–people use the web from work too).

          In fact, the faster upgrade cycle just makes my job harder, as it adds to the already-multiple variations of browsers I need to test my code in to make sure the site works and looks properly in all of the major ones.

          • By saying it makes your job harder you *assume* every new version number brings major breakthrough improvements that might break your websites. This is quite false for these 3-month cycles. Besides, tell me honestly, has any of your websites that is W3C compliant broke between FF 3.6 and FF4 ?

          • Spot on! Releasing new version in a relatively short period of time may bring compatibility issues with them. As a web designer I still remember the Netscape 4 debacle with all those alphas and betas available to the public.

        • What about those of us that are using Fedora or another distributions package manager to get our updates. When is yum and apt-get going to get updated packages for firefox? I am on fedora 13 and am still waiting for a firefox 4 package to make it to the yum repo. The fact is that Mozilla is rapidly increasing the number of versions of browsers that we will all need to test on. I don’t like it one bit.

          • You will wait forever. Fedora 13 will NEVER get Firefox 4 or 5. It was never even planned. And in fact, Fedora 13 will not get ANY further updates at all, as it has reached its end of life on June 24.

            The third-party repository at http://blog.famillecollet.com/ has updated Firefox builds. However, you will not get any further security updates for all the other packages in Fedora 13, so I can only recommend upgrading to Fedora 14 or 15 as soon as possible. (You are expected to have already upgraded by now.)

    • Sorry Asa… I seriously do not know if this is a joke or if you honestly think that the world loves FF that much. As an avid user of the browser, I get extremely frustrated with the constant upgrade nags. Its one thing to patch your security goofs every couple weeks, but end users are not going to enjoy a full download every 2 months for a ‘few’ neat tricks… Chrome is looking a lot more viable for Gov now.

      You don’t seem very rational today as well. In the words of DeAndre Cole, “What’s Up With That?”

      • >”Chrome is looking a lot more viable for Gov now.”

        Chrome, which iterates through versions MORE rapidly and less predictably? You realise that Chrome is on version 13 right now, yes?

        If you’re that locked in to your ancient release cycle, you’ll need to go back to Internet Explorer (or Opera!…and good luck getting /that/ working with your internal apps!)

        • Unless you’re in the enterprise using Chrome, ironically enough. We just switched to Google Apps for e-mail, etc… which comes with Chrome, which is awesome, in that we used to use IE 8. However, even Chrome is locked down…no automatic updating for us. We’re on 11.x and IT says they’re testing 12.x now and will deploy it in the next few months. I don’t understand why it’s a big deal, since we still have IE to fall back on, but it’s what my organization has chosen to do so it’s what I need to use.

        • i dont use that either — at home, or in enterprise.

          i cant sell & support web solutions on a platform that is shifting so rapidly. it opens me to a world of hurt.

    • Asa, I like your arguments here, and I can clearly see that this decision will work well for your team and for consumers. Unfortunately, it’s not going to work well for USCYBERCOM, to which I have to report; my coworker who just built the Navy’s package for Firefox pointed this article out to me in despair, and I think he’s basically right that all his work just went down the toilet.

      A lot of people are comparing Firefox’s new model to Chrome’s. That’s superficially correct, but a better comparison would be to Linux, which both developed the model first and has applied it to actual enterprise deployment (with tons of support from enterprise developers). I think Firefox should hope to be in such a situation!

      Unfortunately, the kernel is NOT like a browser in many ways, and the entire kernel team has a deep team understanding of the sorts of decisions they can make that would hurt and help their customers, enterprise and regular; the facts that they employ would not help Firefox. For example, the kernel team knows that new user-visible APIs have to be developed over years because once they’re released they can never be changed. That statement is of no use whatsoever to Firefox; it can’t even be translated.

      But there is another meaning of Linux; not just the kernel, but the distributions, foremost among them RHEL and Fedora (note: I mean foremost for my example, not for any general idea of goodness; no off-topic flames, please). Perhaps Ice Weasel, currently developed for Debian, will be picked up by RHEL as well and maintained as a major.minor.security release format, with features carefully cherrypicked and arranged into current or upcoming releases depending on extent. The result would be a browser with a roadmap for stable features and guarantees of security fixes. And hopefully the two teams would cooperate so that the freedom of the consumer-product team would be enhanced by the stable focus of the enterprise product team.


  7. I wonder if Mozilla should adopt a support cycle similar to Ubuntu whereas every few major releases, there is an LTS (Long Term Support) release which is supported for security fixes over the next 2 years (or some amount of time).

  8. Imagine what will happen when we have to roll out the Linux kernel 3.0 everywhere. That will make Firefox 5 look like small peanuts.

    After all, it’s not only the kernel, much more fundamental than a web browser… it’s the first major kernel release since Linux 2.0 in 1996! Also, imagine how unstable it must be since it’s a 3.0 release.

    I for one will be staying with Linux 2.0.40.

    • Linus has already explained that the bump in the kernel’s major version number to 3.0 has no major structural significance. It’s just an ordinary incremental increase and should present no more risk than the previous incremental release. They’re only doing the major version number bump to mark Linux’s 20th anniversary. Yes, it’s lame, just like this change to Firefox version numbering is lame.

      • You seem to have completely misunderstood the post you’re replying to, so let me spell it out for you: the GP is saying that release numbers don’t matter much, and that people are complaining about Firefox’s new release scheme using logic that would make Linux 3.0 seem like a horrible thing, despite the fact that Linux 3.0 is just like any other kernel release. This serves as a simple counterexample to argue against the reasoning people are using in this page.

        Hope this helps. Also, maybe you should read up on what sarcasm is, to prevent this from happening again in the future.

  9. How about simply pretending that 5 is 4.0.2 and that Mozilla simply includes new features even wit .x versions like Opera always did?

    Or how about using Linux distribution which package maintainers do the back-porting of security fixes (but one should keep in mind that there are not only security but also usability issues like the memory problems that Fx4 has).

    • You are missing the main point of the complaint. It is not so much process of software update itself. That is trivial to some extent. The Problem is in consequences of software update, particularly to locally created content and apps’ which are typically not developed with stringent web standards in mind but to be done and over with. Such things happily break on browser updates, even minor ones. Also, it costs too much in time and money to develop them perfectly and/or fix them on new software release. Resources are limited for that purpose.

      Hence my response (and strategy) to question raised: no one is forcing you at the point of a gun or power of Law to update. So, update once per year to the latest stable release at the time. In this example – you just switched to v4, next year this time update from v4 to say, v9…

      • The problem with staying on FF4 or any of the follow-on releases is that they don’t receive any of the security fixes once a “new” version is out. It’s really not an option for anyone who cares about security.

    • Because this is not just a minor change with some security patches. Version 4 had a major change to functionality and the look. We’ve been given no hint that FF 5 or FF 6 will be small security patch changes.

  10. We should hold back web progress for stubborn “corporate” users, as with IE6? Lol, no

    You’re making the compatibility issue out to be more than it is. Don’t write bad code! We don’t have to fix everything with a new Chrome releases. Write according to standards, and if you choose to use bleeding-edge stuff that isn’t standardized, suck it up

      • And you’re clearly arguing ad hominem. Wheaton’s law: Don’t be a jerk.

        Directly addressing the previous post: Standards change. Legacy (old) code written to now-unsupported standards is the issue here. If backwards compatibility can be guaranteed then some (not all) of this goes away as testing requirements lessen (not to zero, but down). According to most management-folks, there aren’t always resources (time, developers, cash, etc.) to port old code, especially when that code is business-critical. It’s a simple question of ROI.

        That being said, it’s a corporate management issue and not Mozilla’s problem. If they corporate threw the resources at the problem, they *could* keep up. But for most (re:all), the ROI just isn’t there so they don’t.

        IT guys complaining about it fixes nothing. In my opinion, Mozilla is right.

        • So the choice is between Mozilla throwing a few resources at the problem and fixing it, or EVERY company throwing a few resources at it and fixing the problem.

          That choice seems obvious, doesn’t it?

          • Yes, the companies should fix their problems. Mozilla doesn’t have a problem, and the companies aren’t paying Mozilla to fix the company’s problems.

          • Then, since it’s OPEN SOURCE SOFTWARE, why not get “EVERY” company together and they can fork Firefox and support it themselves?

  11. I don’t have any experience of large-scale corporate deployments so this may be completely impractical, but would it make sense for Mozilla to nominate certain releases, perhaps once per year, of Firefox as Long-Term Support releases, as Canonical do with Ubuntu?

      • once a year? get real. MS does 10 years, and you know why the corporate loves it – their investment is supported for 10 years.

        the refresh cycle in the corporate world is typically a lot longer than that.

  12. Does anybody know how do corporations cope with Google Chrome deployments? Because that iterates incredibly quickly – there is no version as such, just the latest stable code.

    I wonder if the big step to version 5 means people will see FF5 as a major new release? Without wishing to belittle people’s hard work, it’s actually a relatively small iteration, a 4.1 if you will.

    I wonder if keeping around FF5 for one calendar year, providing security updates etc would be a good idea? Similar to Ubuntu’s LTS. 6/7/8/9/etc can come and go, and the next LTS release would be FF10. Or something.

    • Corporates cope with Chrome, to the extent that they do at all, by using the Enterprise Chrome release that doesn’t update itself. That means not getting security updates. Alternatively, and more often, they get Chrome Frame, and update it rapidly, because Chrome Frame only activates itself in webpages that ask for it – so you can run a good old IE version on those older internal pages that still need it.

      • up to today, corporate uses IE/Firefox – not Chrome, for this reason. but looks like Firefox is shooting themselves in the foot and it’s IE9 from now on.

  13. Google is a large company and their employees don’t have any problems using the latest Chrome versions on their internal apps.

    But I guess enterprise users just want a repeat of the IE6 debacle.

    • Chrome doesn’t break its own add-on system when it self-patches. Firefox trying to retrofit Chrome’s process onto their clearly incompatible architecture is a breaking change in a way that Chrome’s designed-from-the-outset patching system is not.

      • “Chrome doesn’t break its own add-on system when it self-patches.”

        I think this is the only critical issue of this whole debate. Chrome works just fine with automated updates, but only because their internal interface is stable.

        Corporations supporting broken websites are *supporting broken websites*. Tautological, but this is not Mozilla’s problem, and the corporations should fix their own problems. However, the instability of internal APIs for add-ons *is* a problem.

        • if the company has a malfunction function due to the browser auto-updating itself to a new version, and there are 1k staff… that’s a lot of lost time

          if you can’t guarantee that the website will function correctly for the next 5-10 years, then the company would not buy it and seek alternative solutions.

          there are lots of corporate web apps that are v complicated, and very often break in between major web browser releases

  14. Perhaps Mozilla should adopt the concept of LTS (long term support) releases that Ubuntu has. One Firefox release per year would be designated an LTS release which would receive backported security and stability patches for a certain amount of time (say a year to 18 months).

    On the downside this would be an extra support burden for Mozilla but it would be better than those corporations using outdated, vulnerable versions of FF or switching away to a slower moving target (IE).

  15. “While the rapid release process sounds great, it’s an absolute fail for large deployments of Firefox.”

    I always perceived this. It’s not just large deployments, it’s anyone who needs assurance. We are not Chrome. We’re not distributing to single users with basic requirements. Simply adopting their model (with the dubious rationales offered) has always appeared somewhat naive.

    What do people who need privacy do? Do they use an EOL release or do they use a cutting-edge browser with lots of new 0-day privacy issues that still need resolution? Neither seems acceptable.

    There’s a lot of discussion about what Mozilla get out of this… notsomuch what the end-users do.

  16. Unfortunately this kind of ignorance is a very Mozillan issue.

    “We’re not targeting the corporate market, so let’s ingore the millions of corporate installations”. It’s really like a punch in the face for those people that made Firefox initially successful.

    I welcome the rapid release cycle due its positive effect on the web. But a different versioning system like 4.1, 4.2 where 4.x ensures API compat may have been better. Version numbers are invisible for Joe and Jane User anyway.

  17. What if you thought Fx 5 as a security update to Fx 4
    (which it is among other things).

    I assume, or hope, corporations have updated their Fx3.6.z installations
    pretty fast to Fx3.6.(z + 1) when such has became available.
    Is updating from Fx(x) to Fx(x+1) really that different – especially when
    the changes between x and x+1 are significantly smaller than say
    from 3.(y) to 3.(y+1).

    • Just judging by the last year or so, Mozilla in general hasn’t really figured out that major.minor.security is the best numbering scheme for their platform. They even release 3.6.4 when it should have been 3.7 now they are releasing 5 when it should be 4.1

      • Best is subjective. For internal IT, I’d agree with you, but Mozilla isn’t internal IT, it’s primarily a consumer facing outfit.

        Maybe corporate IT just needs to figure out that the new numbering is not consistent with their understanding of version numbers, and address that problem.

        • We are, unfortunately; the conclusion is that Firefox management just disqualified itself for their own management reasons.

          This is a pity. I spent a lot of personal energy getting Firefox accepted and deployed in the enterprise I work for; I just learned about this thread from the guy who’s newly tasked with unwinding all my work (and his, by the way; he’s not happy with having to do that). He’s not going to have to start for a while, and hopefully Asa will reverse course before that happens.

          There is another solution — a fork. This has worked very well for Red Hat Linux, with Fedora serving as a fast-moving consumer/techie/development vehicle while RHEL serves as the Enterprise version. It might be useful to have Debian and Red Hat cooperate on the “Ice Weasel” branch, merging and selecting features to produce a completely different browser with a stable feature/defect-fixing plan. Unfortunately, the result will be devastating for Firefox, resulting in losing a TON of developers.


          • There’s a lighter solution than a fork, it’s a small team contributing ressource to backport security patches on some selected LTS versions for longer than mozilla aims too.

            Red Hat did that at one time with Firefox 1.5. They’ve stopped, but that solution is very much acceptable to Mozilla.

          • jmdesp: that will work, barely. There’s a reason RedHat dropped the effort — it results in immense and increasing duplicated effort, and if the teams aren’t cooperating, after a while there’s just no way to use the other team’s work at all.
            When I say “barely”, therefore, I mean “better than nothing”. If there’s any alternative the alternative should be taken instead. It so happens that there are alternatives — both other browsers and other development plans.
            For Windows the universal alternative is unfortunately clear, and its PR agents have already written some of Asa’s comments in this thread into a column and published it. In a few months, Firefox won’t run on any Navy computers.
            For Linux, the alternative used to be almost nonexistent. This is why Redhat tried to form a backport team. Now it’s no longer the case; Apple isn’t a good bet (their products tend to be AWFUL for enterprises, the third worst company I deal with) but they’re based on KHTML, a product that’s proven itself.
            I want to think that Red Hat will choose Firefox for their backport; but the more I think about it, the more I’m realizing that KHTML will be the browser of choice.
            What kinda sucks is that I just switched back to Firefox when they officially released 4.0. I really like Firefox, and if the worst happens I’m going to miss it. It’s nice to have user experience put above plugin security (I think that’s the right choice even for an enterprise browser, BTW), something Chrome gets wrong. Well, I should cheer up. Firefox hasn’t died yet; and I haven’t stopped using it. I simply won’t get to use it at work, that’s all.

          • @jmdesp: I don’t think anyone will be doing that (or at least for long). When you work on LTS branches of any product, you need at least some respect for your work from the mainline guys. If they continuously dismiss your work and pretend it’s useless, you can be sure they will never help you backport complex issues and at one point, you’ll give up.

            LTS requires a lot, and I really mean *a lot* of cooperation. LTS helps mainline by letting them code instead of focusing too much on old versions, and mainline helps LTS by bringing them their knowledge. It cannot work any other way.

            If an LTS team is started for firefox, it will be a constant fight.

            I really suspect that IE will get adoption again in enterprise… I’ve always said that firefox’s bugs and heavy weight were IE’s best proponent ! Now their lack of support will add some fuel.

        • Maybe Mozilla needs to figure out that corporate users drive the consumer market. Home users typically stick with either the browser that comes on the computer or the browser that they use at work. If they lose their market share in the enterprise it will be reflected by consumers as well.

  18. I understand the points made here, but I would point out for a lot of corporations, the whole problem is one of hegemony.

    That is, at the last few companies I’ve worked, the IT dept. has insisted on “certifying” all new software, a lengthy process.

    However, without fail, I found members of that department to be largely inconsistent and also misinformed about what they think should constitute “certification.”

    For example, they won’t let me run a newer version of Wireshark, for “security reasons,” but they’ll leave me on an 3 year old unpatched Java VM?

    A lot of companies would do well to outsource their QA process to established players like Mozilla and Google. They’d be better of for it and so would their users.

    • …except neither Google nor Mozilla know our internal applications, nor can we grant them access to our sensitive data. if one dishonest outside employee did something bad itd be all over the papers.

  19. @Asa: oh come on… A few years ago you were one of the most proeminent voices around here supporting the removal of the JS console from FF. Because of the community, this decision was overturned. Now, FF includes every day more and more developer tools, the developer tools that were considered harmful to the “clean” nature of Firefox a few years ago. Mozilla was wrong a few years ago, and there is nothing wrong saying it was wrong. That is _sane_.
    Mozilla never considered the corporate market? So Google and Mozilla are now competing on the same battlefield, with the same weapons and even better, with the same strategy. Where is the differenciating factor? Could Mozilla be wrong again? You say the corporate market is small in comparison to individual end-users. In terms of number of users, possible but I’m not even sure. In terms of ecosystem, that’s a blatantly false assumption.
    Mozilla lost the embedding battle, for many good reasons. It could win the corporate battle because of its remarkably customizable and extensible architecture. Think a bit about it…

  20. Corporate, schmorporate… it’s exactly this kind of lazy thinking why corporate intranets are still running on IE6.
    Guess what corporate peeps, browser technology evolves to keep peace with emerging standards and new technology, either get with the program or get left behind.

    • Corporates got stuck on IE6 precisely because the likes of Mozilla chose to utterly ignore them. There was a time when making it quick and easy to roll out updates and manage settings centrally via Group Policy would’ve pretty much handed Mozilla every corporate desktop on the planet. Now IE is clawing back ground and it’s the king of centralized management support.

      As it stands today, any corporate IT department mandating a browser other than IE has made a poor choice and I don’t see that changing anytime soon.

      • exactly. the “major.minor.security” versioning convention assures us that minor changes arent going to break major functionality. only a major release forces us to spend money doing QA on it.

        w/ the rapid model we cant know which releases are the “real” major releases and which are minor.

  21. Those reading these depressing corporate comments without appropriate background music are missing out. I recommend Mendelssohn’s Violin Concerto in E Minor, 2nd movement. Use smaller speakers for the full tiny violin effect.

  22. Dump Firefox since they are incapable of understanding simple concepts.

    They don’t even have an auto-update! Mozilla has changed…

    • So let me get this straight…in the same breath, you’re complaining about how Firefox updates too fast, but also that it doesn’t support auto-update?

      Maybe you are the one incapable of understanding simple concepts?

    • Easy to say, but unrealistic. Even if an intranet app is 100% standards compliant, corporates are still only going to use a browser that’s been certified by the vendor. And even if no problems are found, that still means three to four weeks of testing effort.

    • what happens when a browser version number changes the way it treats a standard?

      this is not hypothetical, its happened.

  23. Æ!!

    Why not to test all add-ons and internal on the beta version? All add-on owners should do that. Simple as that.

    Following this plan you will get everything running great when the new version comes in.


  24. So basically what they are saying, is they want a free product that is exploitable. That’s the real problem with web browsers, they are browser exploits just around the corner and the real reason to stay on top by using the latest greatest browser is that you are ensured to have the latest greatest bugfixes.

    If these whiners continue to ignore reality they will be exploited by malicious users. It’s costly but one has to accept that if you don’t use the patched software, you are in danger.

  25. Also my favorite thing is an IT department full of non-developers trying to certify software. What do they do? Smell it? The actual certification of software requires expertise that your IT department lacks unless they have real developers.

    • Instead of actually testing, some people just rely on a bullet list of supported (but not tested as working) software.

      • Yup, and this can be automated, and that automation can save everyone time and point out EXACTLY what doesn’t work. Also, it’ll be quantifiable beyond people who get paid to do pointless work.

        • Oh, and you think that automated tests (whose writing and maintenance won’t cost “paying people to do pointless work”) will catch every possible bug there might be? If that were the case, Firefox (and Thunderbird, and SeaMonkey) would never have any bug, because Mozilla already runs automated tests on every single build compiled, and if any one of these tests fail, the build in question is not made available for download.

    • i work in IT for a major bank (cough whats in your wallet). we use web apps. and yes, we test them via QA groups that then report issues to developers.

    • You don’t need real developers to run litmus tests or to use a version of an application possibly deployed at some future time, noting that it responds to keyboard and mouse the way it ought to, that it displays known websites the way it is expected to, etc. There are (thankfully) other ways to test a browser than by peering at the code.

  26. Firefox has done some great things in order to gain market share and disrupt IE’s dominance. The corporate user segment may represent a relatively small market, but its an important one because there’s a lot of money in it. If you want to kill IE, you have to win in the corporation.

    Its not about being lazy, its about money. Corporations don’t build internal software so they can keep updating it every year a new browser version comes out. Consider that corporations still use mainframe systems because they are low maintenance. You want the to make updates to web based applications every 9mo because a new browser version is no longer supported?

    You’re basically saying you don’t care about corporations. Does that mean you want a large user base to stay attached to IE? Doesn’t that contradict the mission of the Mozilla Corporation?

    • “If you want to kill IE, you have to win in the corporation.”

      I don’t want to kill IE. I want to empower users, promote innovation, and increase participation on the Open Web.

      “You’re basically saying you don’t care about corporations.”

      Yes, I’m basically saying that I don’t care about making Firefox enterprise friendly.

      “Does that mean you want a large user base to stay attached to IE?”

      IE9 is a fine browser and probably better suited to those who want long-term support. It’ll always be behind the consumer browsers (Firefox, Chrome, Safari, and Opera) but it does offer enterprises a more conservative and slow-moving option.

      • Asa, If corporates doesn’t adopt new web features because they have to wait for MS to decide to spend the money on improving their browser to support the latest standard, and since most of the sites on the web has to support corporate users, because as you know people surf the net not only from home, then web developers like me will have to support the relatively old IE’s and will have no incentive to do extra work to support the new and shiny features coming to my FF every 6 weeks.

        How exactly will this serve the mozilla mission to improve the web?

        BTW, One of the sites I developed recently has a bug with the latest chrome, some little complicated css positioning issue which works fine in FF and IE, and I told the site owner that I’m not going to test his site against any new chrome version, because no one assures me that the bug will not be fixed with the next version, and that there will not be new bugs.

    • >”but its an important one because there’s a lot of money in it.”

      Money for who? If you’re so heavily invested in Firefox, hire some devs to help you fork it and backport security fixes.

      • riiiight.

        we’re going to divert our application devs to become browser devs. keep dreaming, bud.

        in reality, we’ll just have to stick w/ IE due to its major.minor guarantee.

  27. We could do something similar to Ubuntu, where we could have special long support releases that would be released about once a year.

  28. Stop whining and being lazy. It is your job to upgrade the browsers as fast as possible for your team/company. Firefox doesn’t bring in new gimmicky features, it’s mainly just security patches.

    New things aren’t by default more vulnerable than old things, especially in the browser world.

    • True, Firefox 5 doesn’t bring much new to the table, but it still managed to break a hefty number of extensions that worked in version 4.

    • v5 may not introduce new features or break compatibility, but what about v12? v37? as developers and support staff, how will we know which version is the “real” version, the “major” version that poses a higher risk and requires more in-depth QA?

  29. @Christopher Johnson

    “Corporate users should be testing their applications against standards, not browser version numbers.”
    -Kroc Camen

    • 3rd party apps/webapps which are based on the lowest common denominator are the biggest headaches for corporate browser upgrades.

    • No, developers should be testing their applications, not browser version.

      Corporate IT get lumbered with what they’re given and expected to “make it work”, they don’t have the option of breaking mission critical business apps just so users can have the shiny new browsers.

  30. What was the “contract” for 3.x.y updates? All newest 3.x versions kept compatibility with the previous? Has that been broken? Is 5.x breaking compatibility with 4.x? I mean, version numbers are really just names+conventions… see Linux 3.0, which is mostly kernel developers way of dropping a (now) meaningless digit…

    • Correct, and that’s why almost all distributions roll their own kernels based on backporting patches; doubly so for the LTS distributions like RHEL and Ubuntu-LTS.
      It would be nice if the outcome of this minor marketing fiasco would be a dual development process for Firefox where one team churned out features into a consumer browser, while another team organized and prioritized those features into a prioritised and roadmapped enterprise browser. If the teams cooperated this would become much more than a mere LTS/normal release; it would allow the LTS team to help develop, fund, and encourage the features that naturally take a long time to come to fruition, while the consumer team would be able to hit the quick and fun features that are appropriate for six-week release cycles.

  31. I’m always having a lot of fun reading mentions “Users should…” or “Users should not…” denoting a complete shift with reality. Guys, wake up, we’re not living in an ideal world: the ultimate power to decide is detained by the users, not by the SW providers or the standards zealots.

    • Daniel, I always have a lot of fun reading your “Mozilla should…” or “Mozilla should not…” without saying where you propose the resources come from or what Mozilla should stop doing in order to accomplish those things you think Mozilla should be doing.

      • Just hilarious. I started my company and did BlueGriffon alone from A to Z and you tell me I have no idea what are the resources needed for the plans I outline. Let me think back at E4X and Panorama and smile.

  32. The new scheme means that everytime a new version breaks anything, then we have the choice either continue to use a version with now known vulnerabilities, or stop using things that we need.

    That’s not only unacceptable for the computers, that I administrate at work, that’s also unacceptable for my private computer at home.

    • The FF development nightly channel is probably the most secure version of FF at any given point in time. Lots of Companies use IE because stupid 3rd party developers don’t know how to write in standard code.

  33. For those of us that have been striving for years to move corporations _away_ from IE6, the rapid release cycle is a big problem. The previous 12-18 month cycles made it practical to test each major release prior to deployment, but if switching to Firefox means going through that process every couple of months, corporations are more likely to stick with something stable… like IE6.

    • This is such a cop out now.. Most used don’t need XP with IE6. Most stuff runs on Windows 7 with IE8, if that ain’t enough, MS even throws in XP Mode that you can run IE6 on if you need to in Virtual Machine. Now where I work, we use Chrome/FF5/IE8 and IE6.
      Chrome for google features, FF for daily use, IE8 for supported installs and IE6 for backwards compatibility apps if something doesn’t work in new versions of FF/IE.

    • I’m somewhat sympathetic, but I absolutely don’t get this.

      If this cycle is known to be so cumbersome, why hasn’t it been automated? What’s going on here?

      • The problem is that corporates like stability. Security patches are a special case, but they don’t upgrade *anything* without going through extensive testing and certification, and even then, usually only when forced to by the end-of-life process.

        This is especially true for browsers, which act as a client for multiple web apps – any upgrade needs to be coordinated across half a dozen or more different vendors.

  34. It’s really too bad that the Firefox source isn’t available so these “staggeringly huge companies” don’t have the option of pooling their money to fund a project to maintain a stable Firefox version so that they can upgrade on their own timetable… oh wait, they could be doing that. Why aren’t they?

    • Because they have the option to move back to Internet Explorer.
      With this move they even additionally gain fully automatic updates.

    • and because so far they had no idea that the support for Firefox would be shortened so drastically. I was completely surprised two days ago that there was no version 4.02. So far I have seen no official announcement that the bugs of 4.01 will remain unpatched. You can’t expect that everybody reads the newsgroups with developer discussions.

      • “So far I have seen no official announcement that the bugs of 4.01 will remain unpatched.”

        You missed the “Mozilla ships Firefox 5” announcement and press coverage? Because that’s where we patched bugs in 4.0.1.

        • Where does the announcement of version 5 say that version 4 has security issues?
          Where does it say that there won’t be any more versions of the 4 series?

          • There is no “4 series”. There only is a “Firefox release series” left, and it will get small security + feature updates every six weeks from now on. Firefox “4” is still maintained in the form of the current Firefox release (which happens to have the internal but useless-to-the-user denominator of a “5” version) and that is still maintained in the future in the form of further Firefox releases (with other internal, useless-to-the-user version denominators).

  35. I don’t see the problem really.

    * For internal applications where you can’t afford the slightest compatibility problem: Keep an old “certified” version installed.

    * For all other web browsing: Give the users an updated browser and make sure the browser isn’t running as administrator or as a user with access to other company data.

    With Firefox you can have multiple different versions installed. As opposed to IE, biggest mistake of microsofts IE team was to not make this possible.

  36. *sigh*

    It’s not worth arguing with MoCo about corporate use – just look at bug 231062.

    I’m fascinated to see how it plays out… hopefully not that corporates re-standardise on IE…

  37. @Ronald
    That’s all well and good, but completely ignores the real issues around (valid, non-evil) use of vendor plugins/extensions.

  38. @Daniel Glazman

    “I’m always having a lot of fun reading mentions ‘Users should…’ or ‘Users should not…’ denoting a complete shift with reality.”

    Mozilla *are* doing a rapid release cycle, as are Google. As are Opera.

    That *is* reality. Perhaps corporations should face up to that reality?

    • heres a dose of reality for you:

      FF4 broken compatibility w/ a third-party plugin, Log Me In, when behind a proxy (as nearly all corp FF users are). LMI hasnt yet been able to fix it in FF4, and FF5 is out. meanwhile, we cant connect to remote machines.

  39. Mozilla is also hurting the users of add-ons basically giving them the finger, and telling them if you want to use those add-ons that won’t be updated soon you will live without a patched browser, i’m sure hackers and scammers are jumping in joy with these EOL developments. Now add-on developers will have to work so much more just to keep up with version never mind features.
    This is just Mozilla going blind with fear of chrome and its fast paced development, you can’t win and you’ll just hurt the users.
    Also, good job on breaking one of the most awesome updating experiences, all my users (im IT support) just mindlessly hit continue when presented with the security patches, unknownly securing their browser now thats lost.
    Man i’m so pissed, now there’s no where left to go, chrome’s addons feel so hacked up.

  40. LTS releases won’t work. They are trying to push new features out faster. The problem is one of communication. Mozilla needs to have a way to indicate which releases are backward compatible and which are not. Fundamentally, most are ok with deploying security patches and patches that add features. They are just not ok with deploying new versions that have radically changed the platform and require extensive testing. The dot numbering system was good for that.

    • The case where Mozilla breaks standardized HTML, CSS, and JavaScript are very few and far between. That’s basically the same as saying that pretty much all releases are backwards compatible. If your intranet Web app was designed to work in Firefox 4, it will work in Firefox 5. It will also work in Firefox 6, 7, 8, 9, 10, and probably a dozen or two releases after that. If we were not backwards compatible, hundreds of millions of users would find their amazingly powerful web apps like Gmail and Facebook broken with every release. These powerful Web apps are probably significantly more complex than most intranet Web apps so as long as the intranet Web apps are well written, they should be fine with pretty much every new Firefox release.

      • “should be fine with pretty much every new release”, “so long as apps are well written” is cold comfort.

        Gmail, facebook etc are continually maintained at great expense; they’re updated as browsers change, and even effect the development of browsers. They’re widely used, but very much the exception. The vast majority of webdevs are building much smaller sites (internal webapp or external site) with *tiny* budgets in comparison.

        We have no way of testing that apps “are well written” before deployment. There is no stable HTML4.01 like standard (even HTML4 didn’t match the browsers). There are only standards in progress and plenty of good practice (which evolves over time). There is nothing we can do to test that a deployed web app is written such as it *will* work with FF9+ (we certainly can’t put it in a contract).

        We’re a small department with users on Win, Mac and Linux (tiny, if you think 500k is insignificant for you), Firefox is a natural choice. If an app we rely on stops department business it’s a catastrophe. Getting things fixed at short notice is very hard. The new policy doesn’t allow the choice to delay upgrade until department business systems have been fully tested. “Should be fine” doesn’t help at all.

        This makes me feel that those who went with Flash rather than open standards are in a better place. It’s even beginning to look like those who went with Java applets are better off. It’s astonishing; for those of us with mixed technology departments, this is like going back to 2003 (I remember having XP boxes on everyone’s desk so people can run IE). Now the only business browser approved by the Firefox Product manager is IE, the rest are “consumer”. What do we do for our next internal tool, look away from webapps?

        I don’t actually recognise this hard distinction between work users and home users. Our more technical users installed Firefox (or Chrome) at home, then pushed for the same browser at work. Thus our less techy users users end up with Firefox at work so install at home. There are benefits for users in using the same browser everywhere (Firefox even has built-in sync to assist). People access business systems from home computers; they want to access from their portable devices; the world in general is eroding the difference. Saying enterprise is not in Firefox’s mission seems awfully short sighted.

        Don’t get me wrong, personally, I love the progress Firefox has been making recently. But our IT department is not employed to install great tech; we’re there to support corporate business needs; to do as much as we can with tiny budgets, but also to manage future risk.

        It makes me despair!

          • wrong. he’s saying that while the *usage* is high, the *development effort* is not the norm. this is fact… most web apps do not have the people, budget or resources as the expansive teams behind Gmail or Facebook.

            i worked for a law enforcement software company w/ a small staff. we could only support a few options. FF is no longer one of them, id wager.

  41. Of course, shorter cycles tends to mean les stuff in the release. So, you may be better off to keep up so that you don’t have a massive testing effort later.

  42. So, going back to IE6 is better than staying with your certified FF4 for a while? What about automatic unit testing?

    • …which we do. still a major hassle. automated testing tools such as QTP have their own compatibility issues w/ browser releases.

  43. Would’nt it be cheaper in the long run to rewrite these apps once, using standards, and then never having to think about it again or am i missing something here?

    • @da_deef, have you ever actually tried to do that. You can reduce your problems, but NOBODY implements standards exactly and completely, so real apps have to do workarounds. And then there is the choice of the standard to follow. If you choose wrong, your app suffers premature obsolescense. Oh, and then there’s the little issue of justifying the rewrite of an app that currently does what it’s supposed to instead of building or rebuilding something else that doesn’t work or meet current needs.

      Standards are good. People should follow them. They aren’t a panacea and you won’t find businesses changing their priorities solely on the basis of adherence to standards.

    • what about non-app problems?

      FF4 broke a third-party plugin we use for remote administration — Log Me In. they have yet to resolve the issue, leaving us in the cold.

      not a web app, not relevant to standards. still a problem. yes?

  44. I upgraded to Firefox 5 and it shut down my antivirus saying it was not compatible. I was unable to turn it back on. It also disabled my my System Restore and The Weather Channel Add On did not work at all. Fortunately I had a mirror image and back up of my computer and was eventually able to restore it. That brought me back to Firefox 4 which works just fine. If this is hwat we have in store, time to go back to IE.

    • You should ask your Firefox add-on vendors to use Firefox’s stable APIs available through the Add-on SDK. If they do that, their add-ons won’t break with Firefox releases.

      • if its that simple, can you please ask major vendor Log Me In to fix their plugin that no longer works when behind a proxy on FF4? they dont seem to think it’s such a simple issue.

      • In Utopia everyone will use the SDK and every Add-on developer will write solid code and will be good enough to contribute to the firefox code base. But now lets welcome you to the real world. We live in a world like this http://www.youtube.com/watch?v=o4MwTvtyrUQ [ Google asking people in Times Square “What is a browser” ] Your real users dont know what a “browser” is. As an _regular_ user I need a platform which doesnt break the add ons, websites [ corporate or otherwise ] I use. Iam not a add-ons person , I use one or two and those break. When I do some minimal web development and I try to run Firebug, oops no Add-on for you says firefox!

        I use firefox at work and at home and I still love it. I have lots of friends who don’t like having two laptops around so end up using corporate laptops for their personal use. And guess what the _sysadmins_ lock them down to IE or worse IE6.

        In my humble opinion you are going to move more users out of firefox with just this attitude of desperately finding ways to say I stick it up the corporate a**

  45. I have to say, this just hits me as large-scale corporate IT complaining about something that nearly everyone else wants.

    I’ve been using Chrome for some time at work and home, as has my wife. She has never ONCE mentioned the version of Chrome she’s using. She doesn’t care! It just works for her. Occasionally there might be a glitch; we can check it out and say “it should be fixed soon, no update necessary.” This is vastly, vastly superior to her than reading “Chrome 10.200X and higher fix this; you are on Chrome 9.203”

    Only Corporate IT could possibly desire that world. (Almost) everybody else wants the best-working most awesome and featureful version of their favorite tool.

    Are your web-apps versioned?

    This is an area where corporate IT will keep losing users if they maintain their preferred lockdown control structure. Even major software vendors aren’t interested in keeping up with things in this way..

  46. We seem to be using this term of “intranet apps” or “internal corporate apps” just as a euphemism for poorly written code.

    Consumer facing apps have been handling new and unknown browser versions day in and day out for years. Like Kroc said, “Corporate users should be testing their applications against standards, not browser version numbers.”

    If you want a browser that doesn’t change so you don’t have to update your code, use IE6. Use Firefox 2.

    If you’re opting into a using a good browser, then it’s your responsibility to serve good code to it.

    • Paul, I think the argument they’re making is that browser vendors should cater to that poorly written code because they’d rather not. I can see the win for enterprises there, but I fail to see the win for browser vendors, the Web, or the billion or two consumers who use the Web outside of the enterprise.

      • I believe that is the fallacy commonly known as a “straw man.” (i.e. propping up scarecrows of others using words they haven’t been heard to say.)

        Maybe what we’re concerned about when we do certifications against major number revisions is not whether our code is good… but whether the new browser’s is.

      • yes, strawman asa.

        the entire point of the major.minor system is to indicate when releases are “safe” and minor, versus drastic and expensive to test. by eliminating major.minor we have no way to know how much to spend on testing.

        get it? sure you do.

        • There is a concept beyond just major.minor.patch numbering. There are also code branches which Mozilla seems to not use.

          That is, keep a version 4 branch while also having a more modern version 5 branch. All the new cool stuff and user visible changes go into version 5. Version 4 however also gets critical security patches and some significant bug fixes. Best of both worlds, you get bleeding edge Agile development while also having stability.

  47. Any corporation who has built dependencies on Firefox for the primary browser either is in the fast-moving net-savvy business and are demanding new net technologies quicker be damned the regression/vulnerability issues or is in other “traditional” businesses. For the latter, the decision to use Firefox as a primary corporate browser was misguided and unwise. There is a gecko alternative though called, SeaMonkey, which I don’t believe has plans on being on as fast-paced delivery cycle as Firefox.

    I agree with the Firefox team, shorter release cycles with incremental enhancements are what is needed today, especially in the ever-increasing smartphone and tablet markets which, btw, also represent a similar exposure for corporate IT.

    • There is a gecko alternative though called, SeaMonkey, which I don’t believe has plans on being on as fast-paced delivery cycle as Firefox.

      Yes and no.
      In one sense, SeaMonkey has no choice: it is based on the same Gecko, Toolkit and MailNews-Core code as Firefox and Thunderbird and its volunteer community hasn’t got the manpower to maintain a totally independent source base, so willy-nilly it is going to board the quick-release train.
      In another sense, SeaMonkey won’t EOL its “major versions” as fast as Firefox because the SeaMonkey guys have chosen a different numbering scheme: SeaMonkey 2.0 corresponds with Firefox 3.5, SeaMonkey 2.1 to Firefox 4, SeaMonkey 2.2 with Firefox 5, SeaMonkey 2.3 with Firefox 6 and SeaMonkey 2.4 with Firefox 7. On which Gecko/Toolkit version SeaMonkey 3.0 will be based has not yet been decided AFAIK.

  48. So, let’s say you work at a company with tens of thousands of people a year. You’re churning out dozens of custom applications yearly across the corporation. Now, you code to standards, but you decide to start using a feature introduced in Firefox 6.

    Sometime, around Firefox 11, Asa or someone decides to deprecate the feature. Firefox 12 comes, out, 11 is EOL. Or a bug is fixed, but it breaks previous code without anyone knowing that it was relying on a bug. Perhaps something is marked WONTFIX going forward that worked in previous versions.

    Suddenly, the corporation is spending hundreds of thousands of dollars in a short amount of time because security updates are discontinued. You assume that everyone is responsible for one application. Corporations, in some cases, are deploying hundreds of applications internally in a year.

    IE is looking a lot better….

    • “Now, you code to standards, but you decide to start using a feature introduced in Firefox 6.”

      If it’s a standardized Web feature, then use it. If it’s an experimental feature, say a vendor prefixed CSS feature, then maybe don’t use it.

      “Sometime, around Firefox 11, Asa or someone decides to deprecate the feature.”

      You misunderstand the Web. Browser vendors don’t deprecate Web features willy-nilly. The only time this is likely to happen is if you’re using an experimental feature in the browser and those are clearly labeled as experimental (for example, a -moz or -webkit CSS feature) so you have only yourself to blame if you made your app dependent on it. Even so, the feature very likely wouldn’t be deprecated. It would be slightly modified to bring it in line with the final standard and the other browser vendor’s implementation of that feature.

      Your hypothetical is based on a fundamental misunderstanding of how the Web evolves.

      • Honestly, the arrogance and black-and-white of these replies is killing me.

        First, there was a comment above that I think is being overlooked: “…what makes corporate users happy might also make regular users happy.” Most people I know have no interest in juggling multiple browsers. If they have to use IE at work, they’re going to use IE at home. Firefox is going to lose more than just enterprises; they’re going to lose some of those consumers, too.

        But the comments above really get my goat, because, Asa, you seem to think something either adheres to the standard, or it doesn’t, but it’s not that simple. Take CSS specifications. Far too often, vendors implement according to the spec, and have to make judgment calls on edge cases that are not well defined in the spec. Then, later, someone clarifies that an edge case should operate a certain way, but Mozilla had it operate a different way. So Mozilla backs down and decides, okay, we had it wrong, and they implement it the “right” way. But by now, thousands of apps were tested against what was previously thought to be the right way; now they no longer render properly.

        This doesn’t happen in the HTML space, but in CSS specs? All the time. Even today, and /especially/ today, even with accepted (not draft) standards.

        Furthermore, there’s more to a web app than just HTML and CSS. Subtle changes to JavaScript can break code that was written long ago, even if it was to the standards at the time. I’ve seen numerous browsers break plugin launching behavior, and tracking that down is always a nightmare and a half.

        This is why companies test their web applications before rolling out a new browser version or calling it certified. And suggesting they do it every 6 weeks…well, you’ve heard that complaint already.

        • I think the point asa is making and really seems perfectly acceptable is, if your web app is breaking because some experimental css changed, “you’re doing it wrong”.

          I completely agree, use the experimental ones to spruce things up and make them prettier but if you can’t fall back to a usable application without the experimental stuff you should re-think what you’re doing.

          • I think Anthony, you completely missed Keith’s point above and again repeated exactly what he is pointing out. He is not talking about “experimental” feature of the day, but the “accepted” features, which get changed later on for some reason or the other (and it does happen, it just seems its less frequent, usually because all these types of changes are rarely listed in one place).

      • Is it really? I think that’s a difficult argument to make. In this business we’re all bandying about the term HTML5, despite the fact that it wasn’t originally expected to reach Rec status until 2022 (before the incremental model kicked in.)

        Despite the insistence about “fundamental misunderstandings” are you prepared to give us your personal guarantee that Firefox 173.x will support HTML5 the way we think of it today?

    • >”are deploying hundreds of applications internally in a year”

      Sounds like you have bigger problems than browser versions, I’d say.

  49. I’m just not buying the article’s opening quote: “hundreds of thousands of corporate users” using “thousands of internal business web applications”. Really? If such a large corporation threw all their faith behind one version of one web browser and willingly marched themselves into such an evolutionary cul-de-sac, they deserve to fail. No web browser made is deserving of such control over the fate of a corporation. Management should be firing the “developers” of such “web applications” and “Add-On(s)”. And then the board of directors should fire anyone in management who approved such bone-headed decisions.

    This is indeed “important” to read, as the author states, but not for the reasons he thinks. This is a lesson in stupidity and the nameless business referred to is exhibit A.

    All the disagreements here seem to revolve around the definition of a web application. Seriously, I’m having a hard time trying to think of an example where a properly written a web app would break in any modern web browser. Web browsers render HTML. Period. A web app should only be using the browser as a presentation layer. If you, as a developer of a mission-critical web app, are so dependent upon the HTML rendering of a particular browser don’t point fingers at the company making the browser when they make changes to their product. Look in the mirror.

    • With the rapid evolution of JQuery and JQuery mobile, I have to scratch my head at comments like this. We all know that the presentation layer in modern applications has to be sophisticated, handling some of the onscreen workflow decisions so that response/request becomes plumbing, and not, 90s style, how the thing actually behaves onscreen.

      I would hate to think people are going to go back to targeting IE8 (which is the new IE6 in my opinion, due to the platform barrier presented by XP) just because it is the only way to ensure there’s enough time to change an application that they’re willing to change… within their resource constraints!

      • @Bob, I totally agree with you regarding the need for “sophisticated” presentation layers, but your comment only reinforces my point: developers should NOT be depending on HTML for sophisticated user interfaces. HTML was never intended for that. Devs can waste a lot of time hammering a square peg (sophisticated UIs) through a round hole (HTML rendering), which is only going to make that app brittle.

        Instead of blaming Mozilla when a developer’s code breaks, we should be looking at that dev’s work and how it could have been made more future-proof. Sadly, this usually means coding to the lowest common denominator (HTML standards) and sacrificing a lot of the bells and whistles of a modern UI.

        Not to throw stones at JQuery, but again you reinforce my point that since the browser is not capable of what JQuery can do we use JQuery at the risk that any browser can change at any time and then the JQuery code can break. Should MS & Mozilla be held responsible for that? Certainly not. In this example, the dev is depending on a third-party. Live by that sword; and … well you know…

        (BTW, we hear so many devs carping about the “risk” of using Adobe Flash and so being dependant upon third-party plug-ins. How frightful! How awful! How risky! How insecure! But I’d like to see how many of these same devs do NOT use ANY third-party code libraries like JQuery or use AJAX solutions and other programming frameworks–and then they are at the mercy of another third-party. My guess is that most do use them because of the requirement for a modern UI, as you so rightly stated Bob. But every choice made in the quest for a modern UI has good and not-so-good consequences. Nothing is perfect. So, I’m not comparing frameworks here; it’s the dev’s choice which to use and I am not one to judge other’s choices. That’s up to their clients. But we shouldn’t be complaining over having such awesome programming alternatives to choose from nowadays.)

        Any code written to the HTML *standards should (**for the most part) work in any modern browser. Any use of third-party code libraries and add-ons are to be used with great care and the knowledge that they can and will, someday, break with subsequent browser changes. The enterprise should be prepared for this and budget for it. It’s part of the cost of writing your own web apps, duh. (Those cheap corporate titans! They probably also whine about their golf scores when their Club changes the brand of lawn mowers used on the courses. “Yes, it’s Toro’s fault–couldn’t be mine! I was great last week!”)

        And don’t get me started about monolithic, slow-moving IT departments at enterprises. These behemoths deserve much credit for slowing down progress with their incessant desire to have a hand in any and every process at the site in order to secure their own survival when their contract comes up for renewal. (Of course, I’m certainaly not referring to anyone from a large IT department who happens to be reading this. I think you are all wonderful hard-working people who deserve raises! Ummm, btw, how’s the approval process going on the web app I submitted three months ago? You know, the one for Susan in marketing that just shows the current total quarterly gross sales for region 5 in a little text box at the top of the page?)

        Thanks for reading this.

        * yes, I know about the incompatibilities between browsers’ support of web standards. But I’m assuming the unnamed corporation settled on Firefox and coded to its interpretation of the HTML standard, and was not targeting any other browser.

        ** most exceptions are related to CSS issues and shouldn’t seriously impact a data-driven web app written for a corporate intranet; such an app is typically using back-end technology for data access and processing and normally isn’t dependant on the browser for anything beyond presenting the data. Unless you are using a client-side framework. But then you already know you are owning any resulting difficulties, right? Don’t call Mozilla when your code breaks.

    • “Seriously, I’m having a hard time trying to think of an example where a properly written a web app would break in any modern web browser.”

      FF 3.6.18, a fairly recent version.
      http://translate.google.com <= probably "properly written"
      Type in a word
      Click "Listen" and…silence
      It does work with the add-on IE Tab Plus.

      I don't use FF4 as an add-on I need won't run on it.

  50. You can have your cake and eat it, too. Use Firefox for intranet and web-apps, and when a user needs to access the internet, have them use Internet Explorer. If all your apps work fine with Firefox 3.6, then there is no need to upgrade to Firefox 4 or 5. I know of several programs that are actually web-apps that ship with and run off of an internal Firefox 2.x, and when hyperlinks are clicked on that reference the internet, it launches your default (and hopefully updated & patched) web-browser. There are Firefox addons that allow you to launch another browser (such as IE Tab) within Firefox; you can, with a little bit of programming, customize Firefox to render external pages with the (continuously updated by Microsoft) Internet Explorer engine. Thus, your web-apps are safe from being broken by an update, and you still maintain a secure presence in the internet.

  51. What if companies like IBM sponsored a group to provide longer-term support for Fx 4, and 8, and 12…?

    Then Mozilla Co wouldn’t have to “waste” precious resources on it, big enterprises would have their stable releases, and everybody would be happy.

    • Or, a consortium of companies that have a vested interest in long term support provide funding for a splinter group to provide this. A few off the top of my head are IBM, HP, Dell, &c.

      • Or, instead of spending so much (effort and money) for backing up an “Open source” for the community browser, which incidently they were backing up and which now says it did not and does not care for them, these consortium of companies decide to take up another browser, open or not, which atleast says it will try to provide few years of service …..

  52. see, here’s what you’re missing: we don’t care. “enterprise” “users” aren’t real people to us and their needs don’t matter. when you tell us you want a way to deploy updates at a pace that lets you keep testing, we know you’re lying, so we ignore you–you’re still running IE6 somewhere, so why should we listen to anything you say?

  53. Read Kev Needham, Channel Manager at Mozilla official response: http://www.pcmag.com/article2/0,2817,2387514,00.asp?f=2

    He says, that this is better “for the web” who is the web? Mozilla is basically saying, this is better because we say so, maybe backed up by a standards group yes, but what about those people that actually need stability(like everybody) and no just bleeding edge, Mozilla just transformed Firefox in the Fedora of the browsers.
    We all want wide spread use of HTML5 but this is not the way to push things forward, this will actually anger your users and keep them on their current versions, this is innovation blindness at its best.

  54. Whilst Asa’s language is effectively pouring petrol onto the fire, I do see his points. After all Mozilla is free. But as I work in a large University, I see John’s too.

    Firefox is our backup recommendation for users where IE either stops working or becomes too slow – these are common occurrences by the way. Our users are spread across various campuses and hospitals all with different IT departments so it’s not my job to fix IE.
    Often when there is a new release of Firefox we get a flood of calls about the app I support not working properly in it. Again I administer the app, I don’t work for the company that develops it so the argument about not encouraging crap software is specious – many of us just don’t have the choice or the power to affect these things.

    The solution is to tell users to stay back a version. FF does keep it’s older versions available for quite some time. This, I think, is the solution for corporate users. Sure you won’t get updates but it buys you time to test the next release in a controlled and stable manner which is what large organisations need. We currently tell users not to go to FF4 because our app doesn’t work well with it and this has been adequate so far and buys us some time to try and force the developer to address it.

    • Except, you’ve now introduced an officially sanctioned window of security vulnerability into your company, because Mozilla won’t fix any security bugs in the last version.

      If Mozilla want such a fast release schedule, they have several options:

      – Make upgrading to each new release transparent to users, even when they’re not administrator.
      – Continue to support security fixes in at least one previous version, and probably more.
      – Bring out stable versions like Ubuntu, as many have suggested.

      In my opinion, Mozilla took the wrong lesson from Google with regard to version numbers. I think they should have kept the major.minor.security scheme, as it tells users who want that information useful things. But try finding the version of Chrome you’re about to install… The version shouldn’t be on the home page, or even a marketing feature – you just install the current Firefox, and its version number is available to those who really want to know.

      • And finally, this isn’t about web compatibility for me – it’s the add-on support that gets borked with every release, and Firefox desperately need to fix that in a way that doesn’t lead to their users having to herd the cats that are all the developers.

        Mozilla made this ecosystem, and if they change the way it works and don’t do the clean-up themselves, it just seems like arrogance; never a good PR move.

  55. definitely time to move to IE and Chrome. Not only enterprise users are doomed with Firefox now. Even as end-user addons from AV are not compatible with jumping around. Guys want to have Firefox 250 so let them be. Maybe people like Asa need something like this to feed their ego and say to each other “least we are number one in current version we have”..

    P.S. Yes, I know.. I dont have to use it. And I wont. Not even as end user.

    P.P.S. To all of you Firefox fans:
    1. Flash still sucks big time in Firefox
    2. Even AV addons are not compatible
    3. It still uses significant amount of RAM even on 8gb
    4. With this “Firefox 250 wild goose chase” I wish you all luck 🙂
    5. Asa it wont hurt if you are less arrogant toward community 🙂 It can do even more good then this tone you have 🙂

  56. I will repeat thing visible in one of earlier comments: web applications should be compliant with STANDARDS, not with concrete VERSIONs. I’m tester and developer and I will say clear – it’s possible to make something like, it just needs good developers. Bad will always cry…and search for thousands of excuses. If you want to create good company application (without some bells and whistles), you can always do it. You need only solid knowledge and experience to do it and in 99,9% required changes will be cosmetic (and can be made ad-hoc).

    • Agreed! The arrogance shown by Asa made my jaw drop. I want to discontinue using Firefox now just because of the horrific attitude shown by Mozilla representatives here.

  57. I think the concept of the enterprise world needs to change. The world has evolved from the once every 3 years upgrade plan applied by the suits. One, there is a rapid clip of innovations going on that it would be stupid to miss out on them. Two, risks on the web are constantly evolving. The best way to escape is to upgrade as soon as the browsers bring in the counter measures.

    What enterprise guys should be fighting for is that their fancy “enterprise” grade applications should be future-proof. After all they paid one hell of a money to buy them.

    Over the last 1 month, hardly a day has passed without some hapless company getting hacked. So much for the enterprise.

    • Massive companies have certified their apps (for example Oracle) against Firefox, so I would be surprised they would do that unless there was demand from large enterprise. Potentially that may well change with the new release schedule but that does not seem to concern Mozilla at this point in time.

  58. Asa – you may not want to support large enterprises. OK. But what about small businesses? We have 100 computers. Our users do not have admin rights on their computers. This is, as far as I can tell, pretty standard. I would hazard a guess that many are in this situation.

    We use a few web apps – LogMeIn, LotusLive, Webex, etc.

    We use Firefox. Before upgrading to a point release, or a number release, I check to make sure that the new version of FF was on the “supported” list of those web app vendors.

    Now, I’m stuck with the choice of choosing a web browser….FF5 is not listed as supported with any of our webapps. But FF4 is unpatched, and potentially insecure.

    I can tell our app vendors, but they are going to move at their own pace before supporting FF5 – they end up having to support the damn things, and they are not going to support it until they have made sure that it will work.

    The result – and I think you will see this in many small businesses – is that we are moving to IE 9 – because we know that we won’t have to wait to install a security update for our app vendors to “support” it.

    • You may find that IE 9 is too new for some app vendors too, though it does have compatibility mode that seems to fix some issues.

    • I keep hearing people say this, but IE10 is on a scheduled release for September. What happens when even Microsoft wants to kill off it’s way of 3-4+ stable browser cycles?

  59. Firefox 4 is the same as Firefox 5, it’s just a f* number. Think of Firefox 5 as Firefox 4.0.1, happy now m*f*? [Censored]

    • Actually, it’s not even close. A 4.0.1 would contain only security and crash fixes. Firefox 5 contains lots more than that including some small visual changes. Do the research.

  60. I remember many years back the huge effort that went into evangelism to get web sites to support users accessing them with Mozilla Suite / Firefox. I expect there are still thousands (if not 10s or 100s of thousands) of websites that still using user agent sniffing rather than feature sniffing.

    I know some of the hardest ones to convince (and some still remain I’m sure) to support Suite / Firefox were those that offered financial services. I would be interested to find out if Mozilla have spoken to those institutions about what their plans are for allowing customers to access their online services via the ever increasing version of Firefox. They do tend to restrict which versions of various browsers they let in.

    There may possibly be issues with other things like on-line shopping. I seem to remember certain things in Amazon did not work properly when FF4 first came out, can you see the likes of Amazon wanting to fix things every 6 weeks.

    If, due to new release cycle, companies decide to stop testing their on-line services against Firefox, then I can see the home user either not upgrading (so potential security issues) or moving to an alternative browser.

  61. I have been using Firefox since Version 1 partly because it was the preferred Browser at work. I know other people who changed their home browser to Firefox for the same reason. Your argument is that people at home always act independently of the decision of their work organisation’s It direction. Well let me tell you that this is not always the case at all. Also Why do you think that your accelerated release of major Versions is what the Home user wants. I have already gone from Version 3.6.17 to Version 5.00 and back again to Version 3.6.18 because of the memory leaks it created on my system. I don’t want to have to work out if this is the browser itself or some interaction with one of the Extensions I had.

  62. Ask yourself this: if your bank doesn’t support FF internally, why should their home users? If Amazon, Yahoo!, and Symantec don’t support Firefox, why should their customers? And how about schools? Governments? This will have a ripple affect. Mozilla has been rising in users in part because it had a great release cycle. As Matt pointed out: major.minor.security. It worked. And so does the RHEL/Fedora cycle, as does Ubuntu. While a billion users will mindlessly migrate, the others will hold off.

    And if Mozilla doesn’t care about the version number, then why change it? Let’s go back to what works: major.minor.security. For the new features, stick with the beta plan. Most people do not follow the Mozilla blogs. So when they visit the update sites right now, they dismiss Aurora since they do not realize their version will be obsolete in 2 months – no matter what they have now. Yikes!! When users get wind of this, they’re going to be confused, and many will go to IE9, which even Asa is touting as good. What a shame. I hate to watch a good product die. Not like this. Please, there are plenty of great suggestions here that will keep all but the most “give me the Alpha and the Beta NOW!!” users. If they want radically new that badly, they can develop it themselves. Sorry, but the real world likes stability, and this is *not* a stable upgrade path.

  63. I am just a “regular” user that leverages FF in the enterprise which in turn generates more “regular” users at home. Home user or enterprise you will most definitely start to alienate users with this move, if anything because it’s confusing to flip years of understanding what a X.0 release is on it’s head.

    This is complicated by the reality of compatibility issues, unintended consequences of new features, etc. without giving users a way to stabilize themselves on a version with long term support.

  64. Umm, yeah. So tell me one thing – you’re talking about all these mighty corporations with hundreds of thousands of users. And in the meantime they’re whining about an open source project with scarce resources not being able to deliver something they want.

    Why not simply help deliver Group Policies, stable branches or whatever you want in the product itself? Bugs in Mozilla’s Bugzilla about “corporate features” are nearly 10 years old – why hasn’t anyone actually interested in these things picked up the actual work?

    Instead you write tons of meaningless blog posts and blab about corporate culture, cry about old technology. Don’t tell me that all these corps can’t spare a few “resources” as you call them to do the work or donate money to people who can do it at Mozilla or anywhere else with the know-how.

    Seems to me like a systemic failure in your attitude towards technology, not a problem with Mozilla.

    I support Asa.

    • IT depts are seen as overheads to the business. Most businesses (big & small) will definitely not offer resources to help deliver group policies, fork Firefox, etc. They ‘could’ do it but there’s about as much chance of this as the rich nations solving world hunger.

    • Where do you think Mozilla gets its money? It certainly isn’t from all those billions of “consumers” they so desperately want to “help”

  65. I’m just a firefox enduser. When I did the update from 3.6 to firefox 4 things were messed up. Plugins didn’t work anymore. And why should I update. It’s a lot of work, I didn’t ask for. For endusers always something goes wrong with an update. Things are missing, works different, so I don’t update unless I will be forced. If firefox will force me to update every 6 weeks, I’m gone and look to another webbrowser.

    (btw I’m still on 3.6.something)

  66. Era un usuario individual de Firefox. Lo desinstalé porque su nueva versión no permite agregadas, barra de google, etc.

  67. I’ve been a Firefox user from the beginning. My opinion was, it’s the best of bread, leading technology, much saver anf that other software vendors could react a little bit faster on Firefox updates. But now Firefox is a No-Go for me. The arrogance and ignorance of the the leadings guys at Mozilla is unbelievable.

    I have only 3 PCs to support, but I’m tired of checking addons every 6 weeks for compatibility with Firefox 6,7,8…. In the past it was no problem to do an upgrade on Firefox when offered, 90% of my addons were running without a problem, but now 50% of my most important addons want run.

    I’m working in sales for a software vendor and have about 15 key accounts here in Germany, togther handling about 1 million clients. Up to now I’ve always been asked, “does your software run with Firefox as webbrowser?” I’m sure they wan’t ask me in the future.

    So I will switch to IE or Chrome and Firefox is history. Good luck to you at Mozilla and go back to your niche.

  68. The thing about this is that you’re all acting like you don’t get to preview what’s coming out soon. In addition to the rapipd release schedule, Mozilla has also adopted a couple new branches available for public use: Beta, Aurora, and Nightly.

    The Beta branch is exactly what you’d expect, a beta version or RC of something to come in the near future. Aurora is a branch that’s a Major Version number higher than beta, and Nightly is a similar step up from Aurora. This means you can test on the Beta or even Aurora and be confident that no shockingly major changes will slam at you when it hits release.

    Now, I understand that all of those branches [b]are still under development,[/b] and as such [b]aren’t as stable as a full release,[/b] but it isn’t that difficult to get a list of bugs slated to land in your branch from bugzilla and get the clear picture about what’s going to be different in the full release of Firefox 6 or 7 fairly early in the game. Yes, it is subject to change, but a single person keeping an eye on the list you procured from bugzilla will keep you in the loop about what changed and when.

    Something else enterprise staff should keep in mind is that they aren’t customers of MoCo. There are no customers of MoCo. As such you shouldn’t expect an email in your inbox when they decide to change something, small or large. Firefox isn’t licensed software, and it isn’t targeted at enterprises. Mozilla’s goal is a healthier, better web for [b]everyone[/b], and who do you think there are more of, enterprise users or non-enterprise users?

  69. Long-time Linux developer and Firefox user, also (like earlier poster) maintain things for family and friends, often asked to consult informally for larger enterprise IT issues.

    Long and short of this is that changing major version numbers/rolling ahead is a terrible idea. I really hope you change your mind on it, because honestly I will no longer be able to recommend Firefox to users.

    The point being: How can I honestly recommend anything that has no reasonably known stable releases? I’m NOT going to spend all my time following Firefox blogs, sheesh. Long-term stable releases need to be roughly around for at least 6-12 months if not multiple years.

    • Uh?

      Just have them automatically upgrade it to the latest release.

      People are NOT SUPPOSED to not upgrade; software should always be the latest release.

      If releases happens often, it means software has more features sooner, which is simply awesome.

      • Have the browser upgrade automatically behind users’ backs. And disable three quarters of installed addons in the process (no joke, I’ve had it happen to me). You must be kidding.

  70. You mention “corporate environment” and “IT department” as if it is a good thing. Do you realise that most users on all levels caught in such a work environment do not share you enthusiasm? Your model is based on distrust. You micromanage your employees with IT department bureaucracy. You should ask yourself why you employed a person if you do not trust him or her. I let my employees choose the tools they need for their tasks. They are the experts. Of course my trust has sometimes been misplaced but the damage of one black sheep is far less than that of am IT department demotivating my staff with micromanagement of their working environments.

    Imho Firefox is not the problem. The problem is sitting in front of the keyboard.

    • Err no. The ‘corporate environment’ and ‘IT department’ are not ‘good things’. They’re a necessary evil. They’re there so that the PCs work – so that the users can do their job. Distrust is a bit harsh. In the corporate world an important concept is reduction of risk. If you give users carte blanche then your IT dept will be very busy, your overheads will go through the roof, etc. Not good. Locking down the environment can be demotivating of course and sometimes counter productive but I think that it’s possible to strike a balance.

    • No, I’m not an expert; I’m a programmer, not a security expert. And the security experts are not deployment experts. I work in an industry with a lot of highly financed hostility; we will receive attacks of every imaginable profile, and I am not using figures of speech. Our users are therefore armored in as many ways as we can manage, and the enterprise is armored in depth.

      Some companies would be foolish to imitate my employer, because they’re not a target for that kind of attack or can defend against the risks by decentralization. Others are foolish to not.

  71. Any decent webdev will adhere to W3C standards that ensure the site / application will work in both webkit browsers and firefox. I have never had a firefox update break a page (i cannot say the same about IE).
    Also, do you know for a fact that the plugins don’t work in Firefox or is that just speculation?

    • It’s a fact that 50% of my “musthave” addons don’t work with FF5. It took me half a day to sort it out after following the recommendation to “update” FF (as usual in the past).
      And don’t tell me that the devs of those addons are idiots not knowing what they are doing.
      These addons are parts of other commercial software I payed for and therefore the devs are responsible, that there product works with every browser they claimed to support. But I’m sure that many devs/software vendors will stop supporting FF, as they are not willing to live with a beta forever.
      But anyway FF is history for me and I wish good luck all those of you following those “gurus” at Mo. 😉

    • From the corporate point of view, the issue isn’t so much – will a particular application still work? In many cases the answer is yes. The issue is will vendor A’s product that we spent zillions on last month be certified to work against Firefox v32145 that was released this week. The fact is that IT dept’s have their hands tied re browser selection. Some forward thinking IT dept would like to use Firefox (cos it’s a great browser) but they need to jump through hoops to do this and MoCo’s attitude just adds further obstacles. Ce la vie.

  72. I’ve read through all the comments and, I have to say, I agree with Asa.

    Ok, hands up I’m not responsible for deploying in a commercial environment but, as a web developer, I understand what each upgrade means.

    At work I’m stuck on IE6 – they’ve installed Firefox alongside this after they found that one of the new products they installed simply wouldn’t work with a version of IE that old. Rather than sort that they slapped Firefox on our PCs but JUST for running this one application.

    What I don’t understand is what the need is for corporations to be doing these constant checks and tests – and, hence, the issue that there appears to be here. Why can’t corporations simply allow users’ Firefox installs to update themselves? As Asa has said, unlike earlier release of IE where they were having to make dramatic changes just to get CSS anywhere near standards, an upgrade in Firefox is not going to break websites. Third party add-ons maybe, but that’s the fault and responsibility of those authors – again, it’s already been stated that using the API correctly shouldn’t lead to each Firefox release “breaking” add-ons.

    As a developer, I test sites on the latest Firefox, Chrome and Opera builds (with each having their own rendering engine). As for IE, I find myself having to use IE9, IE8 and IE7 (although I don’t have to install the latter as it can be emulated from IE8). I’ve only just dropped support for IE6.

    I think the real demon in all this isn’t Firefox but Microsoft, for consistently delivering slow releases of browsers that constantly broke websites due to their poor following of standards (and they’re still vastly behind even with IE9). Because of this corporations feel the need to have to thoroughly test each release – something which, for Firefox, isn’t actually needed (IMHO anyway).

    For those in the UK, you may have heard of the problems Tesco has had the last week with their new banking site. It doesn’t work with IE9, and they’re recommending users switch to Firefox or Chrome. How did this occur? I suspect they tested on an earlier IE release. But I can’t think of the last time I designed a site that wasn’t cross-compatible between all the other browsers – and past versions. IE is the only one that causes this level of disruption.

    Instead of staying away from Firefox, corporations should be embracing it (or Chrome). And the 6 week upgrade cycle. My IE6 installation at work rarely gets updated and I suspect it is an horrendous security risk. Is it worth all that?

    • Oh boy, that comment of yours is another slap in the face of every hardworking admin out there! That’s like asking your doctor why he’s performing the same routine tests again and again.

      We have to test new software for lots of reasons, some of them being security issues, others are to make sure everything works fine and continues to work fine: We can’t just sit there and watch hell break loose by allowing users to upgrade their software as they think fit. “Compliance” and “IT sec” are just two key words to keep in mind here.

      By making sure your IT’s as streamlined as possible, you’re able to eliminate lots of probs and bugs in a rather straightforward fashion instead of having to worry about each user’s individual environment.

      Being one of the main advocates of Firefox in my company, Asa’s comments like “we don’t care about corporate IT and why should we bother to? We got lots of other users, anyway” do leave me a bit shocked. Think of it this way: If a user has to work with a crappy / unpatched / old browser at work because for that frantic pace of yours their IT dept. can’t keep up testing every release, how big a chance he’ll install it on his home PC? So, by devoting just a small fraction of your valuable time to corporate IT, you’ll gain even more users — and many happy admins with a smile on their faces.

      • Sorry, the “we have to test for security reason” answer doesn’t wash with me. That’s the same mentality which means I’m stuck at work with IE6 – possibly the least secure browser around.

        What I’m saying is that Asa is right not to be concerned about corporations and to concentrate on simply providing a stable, secure platform. The fact that Admins feel the need to justify spending so much time doing so much testing is not his fault. IE over the years has put the Admin into a mindset where he needs to do this kind of testing – hence my Tesco example – whereas I don’t think it is justified if you switch to Firefox.

        Can you really say the risk of installing the latest Firefox is greater than leaving an old IE installation in place?

        • Huh? I don’t need to justify spending my time on anything I do or have been doing. Problem is, you can’t just rely on people telling you: “It’s fine, nothing’s gonna break. Trust me.” Yeah, right… If I had gotten a penny each time people approach me like this, I’d be enjoying an early retirement somewhere nice and warm.

          If you were in my / our shoes you’d quickly change your tune. In the end, you’re the one who clicked the “Deploy” button. As a matter of fact, an admin needs his or her time in order to test patches and new releases thoroughly before deploying them to their production environment. Having to do this all over again every six weeks or so is utter nonsense; for such an update cycle is hardly worth wasting any admin’s time!

          In the end, though, you’ll have to update your browser if you don’t want to risk compromising your IT. I just think, it’s a bad idea that there will be no more minor releases fixing some bugs without introducing new features that again would need testing.

          Another take are support contracts: Nowadays lots of software companies define a certain environment in which their software has been tested and which they agree to support.

          What are you to do, then? Break the contract (and no software company will update their support contracts / agreements every six weeks) or have your users online with a piece of vulnerable software? You’re in deep trouble, there…

          • The point I’m making is that the vulnerable software here is the old browser. I would never sign a contract that restricts my browser version. Would you sign a contract that says some software is not supported unless it’s running on a specific OS service pack?

            The company I work for have – to save money they’re running some software that won’t work above IE6. The money to upgrade this software to work in a more recent IE is horrendous and they’re not doing it. More fool my company for signing up for that.

            Firefox is releasing constant cycles to improve security and the user experience. Sadly admins are stuck in the mindset that every browser release is going to break their company, and that’s all down to the downright shoddiness of IE. I’m not an anti-Microsoft person but IE really is a disgrace.

            Looking back at my comments, I can see I’m going round in circles so I’ll leave it at that. My point has been made. Etc.

          • “The money to upgrade this software to work in a more
            recent IE is horrendous and they’re not doing it.”
            Well, technically the changes to fix an IE6 web app to work in IE7 are pretty small.

        • Except that newer versions do break stable addons. I’ve been thru it in practically all FF major version changes. Now I’ll probably get this every month and a half. Unacceptable for an ordinary user.
          Fast major version changes brings me (user) absolutely no gain. And it brings me losses. In my view, it’s an absolutely pointless decision, just to keep up with Google marketing strategies. But I user browsers, not marketing strategies. Why do we need bigger version numbers at all?
          Best regards,

  73. I have used Firefox since v.2. and i am a companyuser/homeuser. Every major upgrade to a new version means that addons stop working. Sometimes the addons i really need. Now when version 4 was released it was the same again, several became deactivated due to incompability as Firefox put it. From version 4 to 5 even more stopped working. Every time i have to change a line in each addons install.rdf-file – max version number. After done that they work without any problems at all. What i don’t understand is why Mozilla don’t remove the compabilitycheck when it is only this line that need to be changed ? I know some addons might not work fully after that change, but they sure are accepted and work helpful enough. Now i have changed from Firefox to Palemoon, coz it takes a lot less systemresources to run and it is clearly a lot faster to renedering java and flash. It is tweaked in a great way i have to say. Why can’t Mozilla do this to ? Firefox eats too much systemresources. 🙁

  74. As a user I too really like the idea of quicker releases. I can’t keep track of the times that I have seen something fixed but it wouldn’t be released until a new major version came out. On the other hand, I see a danger of not having a LTS plan. It took a long time for sites to accept Mozilla and not reject it outright because it was not IE, despite the fact that the only problem was that the useragent check blocked the page. It keeps being pointed out that the major version release doesn’t *have* to break anything and that the changes may be small. However, the only reason to make a major version change is to allow the *possibility* that it could break something. The reason that some fixes did not go into the minor releases was to prevent the *possibility* of breakages. The breakages are not necessarily bugs but just a change in the way things are done. That change may be much better overall but causes problems in certain situations. While enterprises may prefer at a least a year of support on a major version, I would think that at least having a major release supported for at least three or maybe four revisions afterwards would be beneficial to enterprise and user alike. As a user I have to access pages that someone else runs. If they update their pages slowly, or worse, decide to not support Mozilla any longer due to the *potential* for breakages then the browser becomes unusable to me as a user. The user needs to be protected as much as enterprises do from such things. As the Mozilla Foundation has always done what they want without regard to the users I don’t expect a change in policy so can only hope that the breakages will be few and far between so that the platform remains viable into the future.

  75. BTW, has anyone seen the kind of new stuff Asa is talking about? Here’s an example. I cannot see the difference, but perhaps some of you can. To me, such a small and insignificant change should be in a point release, and not be the bragging talking point of a major change – because there is no major change.


    So what do we have so far?
    1. The Mozilla managers state that they do not care about enterprise, gov’t, or small business.

    2. The admins that have spoken highly of FF in the past ten years will no longer be using FF at work, home, and won’t be installing it on friend/family PC’s either anymore.

    3. Enhancements warranting a major version upgrade are mostly visual changes, which some users may not notice.

    4. The upgrades are breaking more than 10% of users add-ons.

    5. With the primary focus being new features, at least some of them will carry new security risks and bugs. Note: Microsoft did this for years until they finally got the message from the community at large to get the product right instead of adding new stuff. A new version every three weeks will not fix bugs in the previous one, it is a *new version*, with new features.

    6. The Google grant of +$100M two years ago may not be renewed, especially with the FF community in such an uproar.

    7. Add-on vendors and developers have had significant delays in making their products compatible with the new versions of FF.

    8. For years, the stability – and security – of FF has lead the way to a gradual acceptance in the enterprise for many open-source products. This move will effectively end it. If Asa’s has a dislike for big business, he has just handed them a silver platter because they are now going to drop open source and go with big business. Asa, you picked the wrong approach. Please come back.

    9. Some developers are happy about this approach. They, too, will be out of a job. Who do you think employs them? The mom and pop print shops on the corner? No, the enterprise. And when the enterprise stops using FF, they’ll go to IE. But IE doesn’t really have add-ons, except from Adobe, Oracle, and other big companies (see a trned?), and certainly none of them compare to the diversity, functionality, and security offered by FF.

    Diversity is the spice of life, and we certainly know that FF has offered the best spices in the web browser. But that diversity will be all but dead within 12 months at this rate. The good news for Mozilla is that they will be able to save a lot of money on bandwidth, because a lot fewer people will be downloading Firefox. What a complete shame. And all because of arrogance, ignorance, and perhaps some greed that we don’t see. What a shame. Shame on you, Asa.

  76. …and in one short-sighted, moronic decision (and subsequent lame-*ss justifications), Mozilla effectively eliminates their Firefox browser’s viability in the long run.

    Mark these words: “Internet Explorer will now become the dominant, default browser for the Internet worldwide. Corporations, private individuals, and public entities will all use IE by default.”

    And we are all *worse* off for it, because security hacks will only require the exploit to defeat a single browser’s security vulnerabilities.

  77. In my humble opinion … this is f***d up decision. Why?
    -Security bugs? -time to find before the bad guys and patch them
    -Add-ons compatibility – and i’m not talking about some sh*t add-on that helps someone to share their stupid picture to everyone else or some game…
    I’m talking about the add-ons developed and distributed by the banks/gov. What will happen every 6 weeks – i’m gonna hope that the add-on is still working so I can pay my bills through my online banking ? I’m gonna hope that I can send my 401k(or something else … signed via e-signature) to the gov????

    If Mozilla Corporation have thought about that, _please_ show me a link and statement, roadmap about how will change the API/SDK or whatever it will be called in 6 months. Ooohh, but you don’t care about the corp/gov … hmmm …you just want to push new release more often with new number infront ???!! – Thath is childish!!!! Ohh, you’re hurt by opinion of a user! It’s impossible !! Because you’ve devoted your time to make my life easier with new _BIG_ release … hmmm …

    I don’t have time to read the release/security/bug-fix log of the browser that i’m using … my time is devoted to develope/create new features for my company customers! And you’ll try to take the little time that i have left to read you’re not tested/highly bugged/blooded/etc code and rls log – I’ll tell you one thing – FSCK you and Mozilla Corporation and FF and whatever the new name is in a few weeks!

    Have a nice day/night/lunch/breakfast/etc

  78. Don’t like it? Make your *own* branch of mozilla…. surely with 500k staff you can afford to pay 1 developer to maintain it?

    • My company (50000+ employees worldwide), instead of doing this, has just removed Firefox from the basic package that is installed with every laptop. IE remains there alone without competitor now.

      • Ooh, sounds like a “Knee-Jerk” reaction to me … if that’s all really it takes to spook you it was probably well supported in-house anyway. Nobody ever got fired for buying IBM, right?

  79. Storm in a teacup.

    It’s not THAT hard to support older browser versions.

    At work >10,000 employees, we still ues IE6!

    Having home users find all the fine-level bugs is the way MS Office (Or Windows) works too in reality, as businesses use older versions for some time after the new kid in town arrives … I’d be willing to bet many are still on IE7 as well, and the XP market share speaks volumes for my theory.

    To me, FF versioniong decisions seem more like a tap on the shoulder than a kick in the stomach.

    For some companies the ‘latest version’ is a ‘must have’, for others it’s ho-hum and I doubt anyone’s being ‘forced’ to use IE5 …

    • Everyone who wants security updates is forced to update. And everyone who wants addons to work is forced not tu update. In an end user’s view, it’s a real storm.
      Best regards,

  80. Mozilla announced this new release schedule. So if you are serious about your stuff you’d know how to deal with this!

  81. Well Asa – you don’t care about corporate environment? How would you like see the 400,000 users at IBM have their Firefox removed because you don’t care about corporations? If you lose 400,000 licenses in any other organizations, you will have your butt booted out the door immediately.

    Your comments would have gotten you demoted (if not fired) if you were in any other organizations. You are lucky that you still have a job at Mozilla.

  82. Check this out: http://shaver.off.net/diary/2011/06/28/enterprise/


    “To be successful, I think we’re also going to need enterprises to be more than just consumers of the software and tools. We need to build a framework for enterprises to contribute to the things they care about, and we need for enterprises to make contributions.”

    Fine, I think, most of us can live with that.

  83. Chrome just hit global 20% mere days after Asa’s idiotic own goal comments. If ever there were two separate yet crucially linked events, these are it. Asa should be fired. Anybody who does anything to limit Mozilla’s market share, and thus concede even more ground to the eventual big 2 (Google/MS) oligopolies when Mozilla’s market share has been static for months if not years … well … that’s jut purely irresponsible at best, neglectful and viciously destructive at worst. Give him the arse. Whilst such action might make Asa a scapegoat for an immature and naive organization’s lack of leadership and direction, it would at least send a signal to the corporate world that such as attitude is not tolerated by Mozilla. It hopefully would also send a message to Mozilla bloggers that they cannot just say whatever they like willy nilly and hope it doesn’t effect the bigger picture.

    • There has been quite a lot of talk about “firing Asa” in these comments. Too much of it, IMO.

      I totally disagree with what Asa has been saying above, but I also remember that Mozilla (and OSS in general) is about both free choice and transparency, and that the USA (where Mountain View is located) is (for better or worse) the country of the First Amendment.

      If Asa had been living under an (expressed or implied) gag order, would that have prevented him from thinking what he’s be saying above? Never. From acting on it as “Mister Firefox”? Neither. What would it have prevented? A large part of the exchange of ideas which has been going back and forth on this blog.

      So I’ll stand with Voltaire in this matter: «Your opinions, Sir, are totally devoid of the most elementary common sense; but I’ll fight to the death» (well, almost, in my case) «for your right to express them».

      • “Asa should be fired”? Oh, c’mon! For speaking his mind? I don’t (have to) agree or share his point of view but I have to accept that this is his way of seeing things.

        Some called the online response a “storm in a teacup”, others may see it as an uproar on the net. I’d rather think of it as a starting point of an ongoing exchange between IT pros and Mozilla.

  84. It would be nice also if they focused sometimes on fixing bugs and what makes this browser the slowest on earth. Its speed has been cut in two with every release I’ve tried since 2004-2005 when it was still mozilla. 3.6 is barely usable on my laptop with freezes on may operations, 4.0 and 5.0 are not usable at all. They even freeze all tabs while a connection is being made to any site in any other tab. What a mess. Please give us a browser that works before adding new crap and forcing it down our through !

    I think that the new release principle is only a way to stop focusing on bug fixes and incite users to upgrade to the new version to see if their bugs are fixed. You know, one large company has been doing that for two decades, it was successful with this but it gave it a reputation of very poor quality products…

  85. Why hasn’t anyone compared this to what chrome does? They have a release every 6 weeks and they’re at version 13 already! Nobody seems to be complaining about google screwing over enterprise users?

      • And they provide the ability to control the auto-update for users so it doesn’t happen so fast.

        Doesn’t Firefox? In SeaMonkey I have a checkbox and two radio buttons:
        Edit → Preferences → Advanced → Software Installation → SeaMonkey →
        [ ] Automatically check for updates (*) daily ( ) weekly.

        Firefox should at least have the same about:config prefs, but I don’t know if they exist there if you don’t create them: app.update.enabled, app.update.auto, app.update.interval. (On SeaMonkey, where I check for the availability of the next nightly every day at the time I choose, I have them set to false, false and 86400 respectively. (The latter one is a default.))

  86. My reading is this. Mozilla have decided that technical innovation is their priority. Trailing ever further behind Google as innovators, and slowly becoming irrelevant, is far more frightening a prospect for Mozilla than the prospect of never overtaking Microsoft in market share. They lack the resources to support a mass-market browser as well as reach the technical goals they’ve set themselves and maintain commitment from the Firefox developers who’ve lost patience with slow release cycles. Losing enterprise users and other slow-moving users will reduce their operational burden and their costs, so they are saying that they are content for people to migrate to other providers. Mozilla is changing and moving on.

    • What makes it even more of a nonsense: Mozilla thinks bigger version numbers make them more innovative.
      Best regards,

  87. What a lot of people fail to realize is that is costs “Big Corporations” real money to update apps and keep them updated. Technology is contained in a sliding window, if you fall beihind that window you’re screwed, and if you get ahead you’re screwed. Applications must be written/developed with actual constraints of time and budget, and with support costs in mind. You can’t just pay some code monkey to continually tweak and change the code because the latest cool browser came out. Most new releases of browsers have only so much regression built in and you have be aware of what you can create (with the constraints of time, money, staff, etc.). It’s a balancing act, and large corporations have much more to balance, than a small company.

  88. I wonder what the fuss here is about. Mozilla has clearly indicated in words and in actions that they are not interested in serving the corporate IT with their Firefox browser.

    The logical step is then that corporate IT stops using products from Mozilla and moves to more corporate friendly alternatives (in terms of release schedules and support policies) such as Internet Explorer or Safari.

    Why fuss about what Mozilla should and could do to serve the corporate IT since they have clearly indicated that they are not interested in doing so. Thank you Asa for clearly communicating the priorities at Mozilla.

  89. “2 million downloads per day” – how many millions of people per day are you P.O.’ing because they choose to run firefox at home, BUT CAN’T run it at work? Oh, you didn’t THINK of that? Arrogance is at the root of clouded judgment and clouded perception. “You do realize that” you are an extremely short-sighted and arrogant SOB and you WOULD have been fired by now at any other established, respectable software company.

  90. It’s the same story across many platforms, I work with numerous embedded projects where there is a chance of staggered releae updates due to many factors, user availability, product activity and online availability (if the customer has it plugged in or not) and many other factors.
    Thankfully, the main reason I’d have for mass update is patching or feature-add rather than security and/or critical reasons.

  91. The biggest thing I think that FF developers fail to address is that of forcing add-on developers to play catch up. How do you justify this sudden increase in the expected time spent by developers of addons to keep them working? You are actually alienating allies and no doubt turning away a lot of future Mozilla developers. Maybe addon developers don’t have all day every day to spend on their software. But I guess that doesn’t matter does it?

    And if FF will move to a silent update system that means addons will just silently break? Unacceptable.

    I can’t believe the lack of comprehension by the FF developers about the corporate sphere. If you give end users control over the software they install and use, stuff breaks. Constantly. Typical end users have their brains located in their posterior and I’m thinking those at the top of the FF dev hierarchy have their brains located in the same region too.

  92. I sure hope FF doesn’t stick with the idea of a silent update system. It’s hard enough as is to keep these add-ons working correctly. Can’t imagine how difficult it will be when you are kept out of the loop on the update plans.

    I know this month we had a client who decided to stop updating their FF add-on because it has been too expensive lately to keep up with all the new updates. Shame…because it was an exceptional add-on with a large following. Would love to have FF consider add-on developers more when they make these decisions. 🙂

    • Unless the add-on uses binary components. it shouldn’t be a ton of work to keep up with the updates. There’s not a lot changing between releases…

  93. Mike i’m working on ESR24 and wanted to know if there is a lockpref to disable “Firefox Health Report” & “Crash Reporter” under Options\Advanced\Data Choices tab? I did not see this Tab in ESR17. I was able to uncheck the option but wanted to know if there is a lockpref to lock it down. Thanks

    • I believe you can lock datareporting.healthreport.uploadEnabled to false and it will work (that checkbox is actually about the upload, not the actual health report).

      With the crash reporter, there is no preference that can be locked.

      Both these features can be locked down with CCK2.