Tag Archives: Mozilla

The Pitfalls of Firefox’s Rapid Release Cycle [Editorial]

If you have been following the recent Firefox releases, you are probably already aware that Mozilla is now following a rapid release cyclefor Firefox. Frustrated by the innumerable delays that plagued the release of Firefox 4, Mozilla decided to take a leaf out of Google’s book, and release a new version of Firefox every six weeks. Unfortunately, the new quick-fire release policy creates some major issues that Mozilla doesn’t seem to be willing to tackle.

Firefox-Rapid-Release

The first problem is that it makes version numbers redundant. A major version number bump normally indicates the introduction of major new features along with significant enhancements to existing features. However, the biggest new feature in Firefox 6 domain highlighting in the address bar, is something that wouldn’t excite even the most passionate Firefox user. Firefox 5 was even worse.

The biggest feature in Firefox 5 is that the Do Not Trackfeature, which we have discussed in a fair amount of detail in the past, is now more accessible. It is now available under the Privacytab, instead of being buried under Advancedoptions. Yep, the biggest user-perceivable change in Firefox 5 is a minor interface tweak.

Of course, this alone isn’t such a big problem. Undoubtedly, it’s annoying and stupid. However, Firefox’s auto-update does a good job at making the update process hassle free. Add-on compatibility was another issue that I was worried about. However, Mozilla seems to be doing something right in this area. All the add-ons I used were compatible with Firefox 6 at launch. At the time of writing, 99% of the top extensions, which constitute 95% of the total extension usage, are compatible with Firefox 6.

Unfortunately, there is one issue that Mozilla doesn’t seem to have a solution for. The rapid fire update policy means that every year we will be witnessing eight to nine major version trunks of Mozilla. However, Mozilla isn’t willing to support the older version trunks. If you are on version 4, which was released just a few months back, then tough luck. Mozilla won’t be providing any further updates to the 4.x trunk. Updating to newer versions might not be a big issue for home users, but it is a major undertaking for enterprises. Each major update has to be tested for regressions and other issues before it can be deployed. Mozilla’s reluctance to support older trunks mean that enterprises stand the risk of being left vulnerable to serious security vulnerabilities over extended periods.

Enterprises are notorious for their reluctance to switch to newer and better browsers. It’s only recently that some of them have begun to opt for Firefox. However, with the new rapid release cycle, Mozilla will almost certain succeed in making all of them revert to Microsoft Internet Explorer, since Google Chrome also follows the same quick-fire release cycle and Opera has too many website compatibility problems (often due to factors out of its control) to be considered seriously. In contrast to Mozilla, Microsoft will be supporting Internet Explorer 9 till January 2020.

Facebook Rewards $500 for Every Bug Reported

Remember Google’s Chrome Bug Bountyprogram? Well, when Google released Google Chrome 12, it announced on its blog that it rewarded developers/researchers who found vulnerabilities (bugs) in its code. Earlier in August 2010, it was reported that Google gave away a total estimate of $10k of rewards. Mozilla too has the bug bounty program which pays $3,000 in hard cash plus a free Mozilla T-shirt for finding bugs!

Facebook has joined Google and Mozilla, and is following the “Bug Bounty” program, by rewarding its security researchers. However, the reward offered is way too less. For security related bugs – cross site scripting flaws, for example – the company will pay a base rate of $500, but if they’re highly significant flaws, Facebook has promised to pay more. However, the company executives haven’t revealed the bonus reward.

“To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs,” Facebook stated on its portal.

Facebook launched a new Whitehat hacking portal where researchers can sign up for the program and report bugs. They have also published a list of about 42 researchers who have made responsible disclosuresin the past.

Facebook Bug Bounty Program

With over 750 million  active  users, looks like Facebook is highly concerned about its security issues. Facebook hired a computer hacker who was recently sued by Sony for hacking the online gaming system PlayStation 3, last month.

If a bug has been discovered, the researchers  are asked to provide  as much information as possible. In order to receive the award, a detailed  explanation of steps is  required and all legitimate reports will be investigated.

Here’s the company’s policy –

“If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.”

In addition to that, the researcher who reports a bug first is only rewarded. For instance, if two researchers find the same bug individually, the first one who reports it will be eligible to claim the reward.

Facebook’s Bug Bounty Eligibility Rules

In order to be eligible for the reward, researchers must follow to Facebook’s Responsible Disclosure Policy.

  • You must be the first person to responsibly disclose the bug.
  • Give Facebook a reasonable time to respond to your report before making any information public.
  • You must live in a country not under any current U.S. Sanctions.
  • You agree to report issues that may compromise a user’s information including Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF) and Remote Code injection.
  • Only one payment per bug will be awarded.
  • Bugs in third-party applications, third-party websites that integrate with Facebook, Denial of Service Vulnerabilities or Spam or Social Engineering techniques will not be eligible.

Google, Mozilla and Facebook are not the only ones who reward its security researchers. Microsoft does it too. Microsoft, on the other hand, offers a big reward of US$250,000 to anyone who provides information on a virus culprit who masquerades in the Windows theme.

Mozilla Working on New Mobile OS – Boot to Gecko

Mozilla has announced its newest project – Boot to Gecko. It will be a mobile operating system powered by Gecko, the layout rendering engine which is used by Firefox and Thunderbird.

Here’s the official announcement by Andreas Gal, a Mozilla engineer.

“We propose a project we’re calling “Boot to Gecko” [http://wiki.mozilla.org/B2G] (B2G) to pursue the goal of building a complete, standalone operating system for the open web. It’s going to require work in a number of areas. We will do this work in the open, we will release the source [http://github.com/andreasgal/B2G] in real-time, we will take all successful additions to an appropriate standards group, and we will track changes that come out of that process. We aren’t trying to have these native-grade apps just run on Firefox, we’re trying to have them run on the web.”

Unlike Android, it will be a “true” open OS with the complete source freely available. Apparently, Mozilla plans to use some parts of Android as a base for hardware compatibility and then build a new user interface, application stack and APIs based on Gecko which will run on it.

I doubt that this new effort will see much success, or even see the light of the day. There are multiple smartphone OS options now, and there is space only for a few major players at the top. In all probability, Mozilla is too late to the game.

You can check out a detailed explanation of the Mozilla Boot to Gecko project by ArsTechnica.

Here’s the official wiki – Mozilla B2G Wiki

How Google Chrome is Growing in India and Hurting Microsoft and Mozilla [Editorial]

India has had a history of being a tech savvy country for more than a decade now. The adaption rate of newer technology in India has been higher than many other countries, which is why there are around 840 million mobile users (TRAI data – PDF File). However, hardly 10-15% of the Indian population have access to internet.

Indian Internet Penetration

According to public data available in Google, the total internet users in India was over 61 million in 2009. This should be more than 100 million now. However, this is a really small number considering a population of 1.2 billion. Nevertheless, this is still 1/3rd of the population of U.S. on which most of the metrics and measurements are made.

This definitely makes India a very lucrative market and considering the growing economy and purchasing power there it should definitely be. Consider this, when I bought my first mobile phone in 2002 or so (it was a Motorola), I parted with Rs. 4500 (~$115) with a heavy heart. This was a second hand phone with no contracts etc. Coming back to 2011, I see people splurging Rs. 20,000-30,000+ for a mobile phone without blinking an eye. This shows how the spending power has increased in India.

Looking at some of the public data available today, I was intrigued to look at who is dominating the market and guess what, it is none other than good old Google. I did some research and here are some facts on how Google is dominating the browser market which was once the forts of Microsoft and Mozilla.

Browser Growth in India

browser_global_stats_june

Recently, there were quite a few blog posts about overtaking 20% market share worldwide in the Internet browser market. In those cases, people were measuring Global traffic (U.S market share is still below 20%). However, one region where Google Chrome is really putting the pressure on Internet Explorer  and is India.

Browser Stats - April to June 2011 India

Take for example the above chart which displays the usage for Google Chrome in India for the past three months. The total usage for IE was around 36%, Firefox was around 33% and Chrome was around 27%.

Browser Stats June 2011 India

The scenario remained the same if you take June 2011 into consideration. No surprises there.

Browser Stats July 2011 India

However, if we now take a look at the stats for July 2011 (which is only for 8 days), you will see a huge jump in the number of users who are using Google Chrome. Of course, this data is premature, but it does reflect a huge jump. What could be the reason? It could be anything any everything including more and more users shifting to Google Chrome thanks to .

The %age gain in the above graph may not look significant, but even a 1-2% jump might mean that around 2 million users switched to Google Chrome in the last 8 days, that is a significant number in itself. The loser was Internet Explorer which shed their percentage. Firefox remained almost stagnant.

Browser Versions in India

Browser Versions India June 2011

In June 2011, was the most used browser in India followed by Google Chrome 12 and . Firefox 5 which launched last month was at 8, followed by Internet Explorer 9 which launched earlier this year. There were several other users who were using outdated browsers, but the growth of the latest stable version of Google Chrome is significant.

Browser Versions India July 2011

However, July 2011 tells a completely different story altogether. Chrome 12 has jumped to become the number 1 browser in India by a huge margin followed by Internet Explorer 8 and Firefox 5. The traffic measured during this period might not add up when we see monthly stats at the end of July 2011, but it is definitely surprising that there is such a huge difference.

Looking Back and Summarizing the Future

In 2009, Google Chrome had a 8% market in India even though it was released only in September 2008. This says a lot because it took market share from both Firefox and IE and jumped who have been languishing at the bottom for quite sometime now. A new browser gaining so much traction was unknown prior to that. During that same period, Google Chrome’s worldwide market share was around 2%.

In 2010, Google Chrome had a 10% market share worldwide, whereas in India it had a 18% market share. The growth rate more than double for Indian users. Since January 2011 till date, Google Chrome has a 26% market share in India whereas the worldwide usage is still less than 20%.

All in all, Indian users have adapted Google Chrome at a much higher rate than any other country and this definitely means that they are moving ahead towards newer technology. The adaption rate for Firefox in these periods have either remained the same or have dropped, similar for Internet explorer.

India is definitely a lucrative market for Internet Browsers, Mobile Phones and Operating systems. This goes on to show where these companies will invest in the future. Even if the internet usage in India grows by 20-30% all these companies will be vying for around 300 million users, and that is not a small number by any denomination.

So how did this happen? Money power, sheer brilliance or the power of Google? I will leave that to another editorial I will write in the next few days. Till then, tell me your thoughts through your comments.

(All stats in this post were collected using Google, TRAI and Stat Counter)

Firefox 6 Beta is Available for Downloads

Mozilla has pushed out the 6 beta to the beta channel. The new version contains new security related changes along with several other enhancements to Firefox 5 (Read: Firefox 5 Review).

Firefox 6 Beta

One of the visual changes included in this version is that, Firefox now highlights the domain name of the website you are visiting while graying out the rest of the URL. This can come in handy to users to quickly find a domain name and avoid phishing attacks.

Firefox 6 Highlighted Domain

Firefox 6 Grayed Subdomain

When you visit a site, it will highlight just the domain name and now the subdomain. So if someone is claiming to be Citibank, it will be easy to spot it out by just looking at the highlighted domain name (see screenshots above). In addition to that, they have also streamlined the site identity block.

There are several other new features which have been included in Firefox 6.0 Beta which include:

  • The address bar now highlights the domain of the website you’re visiting
  • Streamlined the look of the site identity block
  • Added support for the latest draft version of WebSockets with a prefixed API
  • Added support for EventSource / server-sent events
  • Added support for window.matchMedia
  • Added Scratchpad, an interactive JavaScript prototyping environment
  • Added a new Web Developer menu item and moved development-related items into it
  • Improved usability of the Web Console
  • Improved the discoverability of Firefox Sync
  • Reduced browser startup time when using Panorama

I will be doing a full review of this new beta in the next few days. In the meantime, you can download the latest Firefox 6 Beta from here.

Will Firefox Lose its Enterprise Love for this Rapid Roadmap?

On one hand when the end user is ready to adapt to the latest version of browsers, there is another well-established user base that just won’t move to a newer version of browsers. These are numerous Enterprise, which make it very clear that their internal forums are going to work only on older unsupported versions of Internet Explorer and Firefox.

firefox-5

Firefox is on a crash course and apparently, it is not that easy for an Enterprise to switch to new browsers as and when they release. The reason? Well, you can spot it easily. Their internal networks are not created with web-standards in mind. This leaves them more compatible with older versions of browsers and takes a toll on their uses as well. What makes matters worse is when these enterprise solutions develop specifically for older versions of web-browsers (blame IE6).

Until now, Firefox has been a parallel browser of choice for Enterprise works and the reason is quite obvious. Their development was moving at a considerably  slow pace. Now, when Firefox wants to gather pace and reach a competitive position in the browser market, it runs a huge risk of losing Enterprise usage.

Read through this blog post and tell me why these lines sounds wrong.

For corporate customers, we’ll support each version of Internet Explorer as long as the latest version of Windows that it runs on is supported. For example, Windows 7 Enterprise is supported through January 2020. Internet Explorer 9 will therefore also be supported through January 2020.

It is exactly this attitude that will kill the web as we know it. What use is all the advancement in web technologies if your browser cannot leverage its power? Likewise, your app is not good enough either, if it is not agnostic to new browsers.

Clearly, Mozilla has done the math here. The number of Enterprise users using Firefox out of compulsion might be far less than the number of users it can gain from this move. The browser space has become extremely competitive and this was a right step towards a brighter future for Firefox.

Firefox 5 Review

Mozilla-Firefox-5After Firefox 4 was plagued by innumerable delays, Mozilla did some course-correction and decided to switch from a traditional release cycle to the quick release cycle used by Google Chrome. As a result, Firefox 5 arrived in record time. However, how good is Firefox 5? Let’s have a look.

At first glance, Firefox 5 looks and feels identical to Firefox 4. In fact, even after using it for a couple of days, I couldn’t tell the difference between Firefox 4 and 5. A quick look at the changelog confirmed that Firefox 5 has barely any new features of note. Yeah, it fixes close to a thousand bugs, and takes care of some serious security issues; however, it has very few new goodies to offer.

The biggest feature in Firefox 5 is that the “Do Not Track” feature, which we have discussed in a fair amount of detail in the past, is now more accessible. It is now available under the Privacytab, instead of being buried under Advancedoptions. Yep, the biggest user-perceivable change in Firefox 5 is a minor interface tweak.

Firefox-5

Other than this, Firefox 5 adds supports for CSS animations, improves canvas, JavaScript, memory, and networking performance, and improves standards support for HTML5, XHR, MathML, SMIL, and canvas. As mentioned earlier, it also fixes some extremely critical security issues. Five of the vulnerabilities patched were rated as critical, and a couple were rated as high risk by Mozilla. Two of these issues dealt with WebGL, which has making headlines of late due to Microsoft’s allegation that it will become an on-going source of hard to fix vulnerabilities.

To be honest, Firefox 5 doesn’t merit being called anything other than Firefox 4.02. However, Google has been doing the same thing for quite some time, and has been getting away with it. Mozilla has announced that it doesn’t plan on maintaining the Firefox 4.x trunk, so users have no choice but to jump aboard Firefox 5 in order to stay secure. Firefox 5 is a great browser, because Firefox was already a great browser. However, Firefox 5 brings very little to the table other than improved security, and the additional headache of incompatible extensions.

IE Team Sends Mozilla a Cake Again for Firefox 5 Launch

The web browser teams at Mozilla, Microsoft, Google and might definitely hate each other secretly, but there are times when all of these come together to set standards or further the future of the web.

Microsoft and Mozilla have had a love hate relationship for a while now. After all, was the web browser which turned the browser industry on its head and gave the dominant Internet Explorer a run for it’s money.

IE Congratulates Mozilla for Firefox 5 Launch Cake

Lot has changed since then, but one thing continues to remain common including Microsoft sending cakes with the IE logo to Mozilla on a product launch. The last time I remember them sending a cake was for the launch of Firefox 3, and with the launch of Firefox 5 today they have repeated the act.

The cake had a similar message from the earlier one which said:

Congratulations on Shipping! Love, the IE Team

The image was posted by @damons, who is the VP of Engineering at Mozilla. This definitely makes for some good rivalry. Here is wishing the Mozilla team a great launch and look forward to some exciting new features in Firefox 6 and beyond.

Mozilla’s Prospector Extension for Firefox Guesses Which Website You Want to Browse Next

Speed dials, in one form or the other, has become the norm in modern browsers. Opera invented the feature, and it has since then been adopted by Chrome, Safari, and Internet Explorer. One browser that has been missing this feature is Firefox. However, that might be about to change.

Mozilla has announced a new Labs initiative called Prospector. Mozilla is attempting to take speed dials to the next level by making it context aware. The Prospector extension adds predictive speed dials, which lists bookmarks and previously visited webpages that it feels are relevant to the webpage you are currently browsing. In short, it tries to guess which website you are most likely to browse next.

Firefox searches both your bookmarks and history for similar websites that you may be interested in based on what you were recently browsing. This is currently displayed along with some experimental statistics such as score (which is how similar the tags are), frequency (which is a measure of frequency and recency) and others.

Prospector-Predictive-Speed-Dial-Firefox

All the computation required for the predictive speed dial is done locally, and no data is sent out by your browser. Mozilla says that a well maintained and tagged set of bookmarks will help Firefox is throwing up more relevant results; however, it is not essential.

While the idea behind Predictive Newtab is undoubtedly interesting, it’s impossible to say how well it works without testing it for a few days. Opera’s speed dial concept works as well as it does because it is simple. Most people have a dozen websites that they visit really frequently, and Opera allows users to set those websites as speed dials. Chrome tries to do this automatically by relying on frequency count to cull a list of most visited websites. Firefox is trying to rank websites based on frequency and relevance. However, without a well maintained set of tagged bookmarks (or crowdsourcing), determining relevance can be a hard thing. Additional indicators like meta-tags can be considered; however, Firefox doesn’t appear to be doing that. Moreover, relevance often doesn’t have anything to do with the next website that I am likely to browse. The fact that I currently have a Gmail tab open doesn’t necessarily imply that I am going to browse Yahoo Mail or Hotmail next.

You can go ahead and download the Prospector extension from here. Don’t forget to share your experience with the Prospector extension. If Mozilla’s experiment succeeds, then Predictive Newtab could very well show up in future versions of Firefox.

Mozilla Project MemShrink Looks Into Speeding Up Firefox

Firefox has a long standing history of excessive memory usage and slow startups. No matter how much of tweaking and customization we make, Firefox will still remain the same slow browser. This is finally identified as a problem at Mozilla and they are working on fixing the biggest annoyance in Firefox: the speed issues.

firefox-fast-web

When I talk about speed in this post, it is not related to the speed of surfing the Internet. I am talking about the responsiveness and startup of Firefox. The long waiting hours will soon be over and project MemShrink is here to make sure of that.

MemShrink is a project that aims to reduce Firefox’s memory consumption. There are three potential benefits:

  1. Speed: less cache pressure, and less paging. The latter is crucial, as it can destroy performance.
  2. Stability: fewer OOMs, whether due to address space exhaustion or otherwise. This results in fewer crashes (due to mishandling of OOM) or aborts.
  3. Perception: fewer people will complain about Firefox being a memory hog.

From what this page tells me, Mozilla has a number of leaks to take care of which have piled up over time. Mozilla developer Johnny Stenback has talked of the project MemShrink saying,

to help get more attention to this issue we’ll be starting up a MemShrink effort, where a group of people will get together to look at the big picture, triage bugs, investigate general approaches, and do some brainstorming.

One positive outcome from this will definitely be some improvement on Firefox memory usage, which shoots up with time and does that abnormally. The same problem is encountered on other browsers as well and sometimes, the Windows Task Manager cannot be trusted for correct memory usage readings. The fact is, Firefox is slow and this needs to change in future versions.