Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

Mozilla to corporate users – F.O.A.D

Mozilla to corporate users – F.O.A.D

  • Comments 1

Last month, I read Ed Bott’s article on ZDNet about Mozilla’s stance regarding its supporting of enterprise users.  Enterprise users, people within a company whose Internet browsers are selected by its IT department, have different needs than home users.  Home users upgrade their browsers whenever theywant to get a new one.  Companies build a lot of applications on certain versions of browsers (which is why 10-15% of users are still on IE6) and if they upgrade, they have to check to that all of those applications still work.  If not, they have to fix those applications. 

Companies will “support” browsers for a number of years before finally sending them to the recycle bin.  Microsoft, for example, supports software releases for 10 years.  This means that when they release a browser,  they issue patches for it for the next 10 years before finally saying “Okay, that’s it.  Time for you to stop using this and upgrade.  You’ve had a decade to upgrade your hardware.”  So, as a home user you might snub Internet Explorer, but if you’re an IT admin you can count on a big company not end-of-life’ing something you depend on while you’re still in the same job (assuming you move on at least every ten years).

Earlier this year, Firefox released version 4 of its software.  A mere three months later, it released version 5.  Firefox 6 is due out by the end of 2011, according to Geek.  This is a big deal because Firefox supports (issues patches to) the current version of Firefox and one version back.  Thus, right now they support Firefox 4 and 5.  If you were a corporate user on Firefox 3.x at the start of the year and hadn’t even gotten around to upgrading to version 4, you’re out of luck now.  Support for version 3 is gone-zo bonzo!

Enterprise users aren’t thrilled about this. From Ed Bott’s article:

If you are even considering migrating your business to Firefox, I strongly recommend you read two recent blog posts by consultant Mike Kaply.

Kaply, whose consulting company specializes in customizing Firefox for enterprises, calls the new rapid-release policy “a really bad idea.” The worst part is that with each new release, Mozilla is completely dropping support for the previous one.

Unlike consumers, who are thrilled at the chance to install new code every six weeks, enterprises crave stability:

Companies simply can’t turn around major browser updates in six weeks (and each one of these is a major update). With security releases, there was a reasonable expectation that web applications wouldn’t break as a result of changes. With these releases, there is no such expectation. So a full test cycle needs to be run with every release. By the time this cycle is completed and the browser is piloted and deployed, another version of Firefox would already be released so they’d already be behind.

What did Mozilla say to these folks?  That maybe they’d consider supporting these older versions a few years or months longer?  No, they didn’t.  In a comment in reply to Kaply’s post, Asa Dotzler said in a blog post:

Enterprise has never been (and I'll argue, shouldn't be) a focus of ours," Dotzler stated. "Until we run out of people who don't have sysadmins and enterprise deployment teams looking out for them, I can't imagine why we'd focus at all on the kinds of environments you care so much about."

Who is Dotzler?  Some random ham-and-egger?  No, he is a co-founder of the Spread Firefox project  and was a key developer of the Mozilla 1.0 Firefox browser and Thunderbird email client.  He has some influence within the Firefox community, he isn’t some random guy spouting his opinion about the browser.  To cherry-pick a few more of his quotes:

"Yes, I’m basically saying that I don’t care about making Firefox enterprise friendly."  - Responding to a question about Mozilla's support for corporate users; from Dotzler's comments: Mike Kaply's Blog

As for John’s concern, “By the time I validate Firefox 5, what guarantee would I have that Firefox 5 won’t go EOL [end of life] when Firefox 6 is released?”

He has the opposite of guarantees that won’t happen. He has my promise that it will happen. Firefox 6 will be the EOL of Firefox 5. And Firefox 7 will be the EOL for Firefox 6.

To sum up Dotzler’s position, Mozilla has limited resources and they are focused on getting the browser out there to millions of users who run the most used versions of Windows, Mac and Linux.  They don’t have the time or resources to support the long tail of corporate environments who have different needs than most regular users. 

Firefox is free, after all.  If you don’t like it, you can always go and pay for another browser.  Since you’re paying for it, you should get the support you’re paying for.  Oh, wait, all browsers are free, just like everything on the Internet…  Fine, then just pay your network administrators to do the upgrades, that’s what their there for!

Does Dotzler speak for Mozilla Firefox?  He might be influential but he doesn’t necessarily speak for the entire board of directors.  After all, I write tons of stuff on this blog but I hardly speak for the entire spam team here in Forefront Online.  The Mozilla team, in a blog post, said the following:

The Mozilla Community has focused our efforts on the needs of the individual user, and prioritized the product roadmap and features accordingly. However, as is the case with many technologies, loyal Firefox users and their IT departments have sought to bring Firefox into their places of work.

A key challenge for enterprises is that they need to certify their websites, apps and add-ons each time Firefox is updated. This can take weeks or months. Security is also paramount, enterprises need access to a version that includes all known security fixes.

We are exploring solutions that balance these needs, with active discussion in our community.  Open Source software is well-suited to these challenges, as interested parties can come together to build what is needed.

Let me translate this post.  It’s filled corporate speak (surprising coming from Firefox):

  • We built this browser for users.
  • People love it so much that they brought it into the work place.
  • When we release new versions, it takes businesses forever to update to the new version.
  • Yep, that’s a problem for businesses.

This sentence here –> We are exploring solutions that balance these needs <—that is classic double-speak.  It’s meant to reassure the user that the other side hears your problems but in reality they are not committing to anything.  Why should Firefox?  Their focus is consumers.  If they want to figure out a way to support this stuff, they have to basically slow down their release cycle or provide extended support to older versions, or come up with some other innovative way to accomplish something that it wasn’t really designed to do.  It takes money and personnel to do that; Firefox would need a group of volunteers to do that for them, which I grant is possible but not likely.  Mozilla only has certain size of pie, and there are only so many pieces to go around.

Sure, Dotzler’s blog post needed some tact and diplomacy, and the Firefox official blog post achieves that.  But don’t be fooled into thinking that the two positions are very far apart.

Leave a Comment
  • Please add 4 and 8 and type the answer here:
  • Post
  • They must have changed their mind because I'm still receiving security updates for Firefox 3.6 an Thunderbird 3.1, I received the last one almost in sync with the launch of Firefox 8.0 (for me the "update-stopper" are outdated extensions that don't work in newer versions of FF/TB). I suppose that they also offers updates for version 4 and up.

    PS: Version numbers are going to be meaningless anymore if everyone follows the trend started by Google of "version inflation" (come on, version numbers can have up to four parts, use at least two of then, especially if the new version doesn't have any major new features).

Page 1 of 1 (1 items)