Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
Posted Apr 28, 2009 15:27 UTC (Tue) by rfunk (subscriber, #4054)
Posted Apr 28, 2009 15:34 UTC (Tue) by pr1268 (subscriber, #24648)
Which may have been a bad idea to begin with.
Posted Apr 28, 2009 22:14 UTC (Tue) by jordanb (guest, #45668)
Netscape was losing marketshare like crazy when the code was released. It had little to do with the long release time for Mozilla 1.0. Also, the code that Netscape released was unbuildable. They basically ripped out anything that had a copyright question on it so all you got an incoherent blob of C code that nobody understood. So the long release time had was mostly a result of trying to figure out what they had and how they'd go about turning it into a functioning computer program.
2) I've poked around in the Mozilla codebase and there is a TON of "mcom" stuff in there. So if there was a serious effort to rewrite it (I don't think there was) they sure did leave a lot of truly ancient code.
Posted Apr 29, 2009 7:59 UTC (Wed) by sdalley (subscriber, #18550)
Is this a joke?
Posted Apr 28, 2009 19:37 UTC (Tue) by khim (subscriber, #9252)
Odd that WebKit doesn't seem to have this chronic
WebKit is somewhat better, but only marginally. You don't hear about it
because most WebKit-based browsers will just silently upgrade without even
offering you opt-out choice! And the ones without such "service" are
considered unsupported so you'll never know if you have any security issues
till rootkit will be installed on your system...
Posted Apr 28, 2009 20:03 UTC (Tue) by sbergman27 (subscriber, #10767)
Of course, I'm assuming, just for the sake of argument, that what you claim about WebKit-based browsers pushing out security updates against the users' will was true.
The lengths to which some die-hard Firefox fans will go... the logical contortions they are willing to accept... to "prove" that the endless stream of security vulnerabilities in Firefox is really a good thing is beyond just worrisome. It's out and out scary.
I doubt that there is a transgression that Mozilla Corp could commit, short of maybe dissing the GPL, that would cause some of the more ardent fans to even think critically about the situation.
Posted Apr 28, 2009 22:39 UTC (Tue) by njs (guest, #40338)
If that's "logically contorted", then so be it...
Actually that's not 100% true.
Posted Apr 29, 2009 6:29 UTC (Wed) by khim (subscriber, #9252)
Therefore, using reported vulnerabilities as an estimate of
relative exposure is systematically biased against Firefox.
I'm not convinced in that - only Microsoft practices this hiding
approach. Apple and Google are publishing internally-discovered
vulnerabilities. And there are less of them then in Firefox (8 vs 38 in
2009 so far), but is this difference enough to claim that Firefox is
disaster while WebKit is ideal? Statistic for full 2008 is 45 Safari vs 102
Firefox. Safari still wins but difference is moderate if you'll recall
that Firefox has more subsystems - Safari does does support Firefox-like
extensions and all this flexibility does not come free.
Posted Apr 29, 2009 6:16 UTC (Wed) by khim (subscriber, #9252)
If a project pushes out updates automatically then all the
security sites ignore any security advisories regarding that software, and
news sites like LWN.net decline to report on them. Is that *really* the
case that you want to argue?
No. Security sites don't ignore them, only news sites do. If you visit
database you'll find out that WebKit is vulnerable, Safari is
too and Chrome is far from ideal - but they don't issue
numbered releases to be downloaded from site so LWN does not issue articles
on subject too. Yes, 1/3 of bugs (159 for Safari vs 455 for Firefox) is
good achievment, but is it enough to say "WebKit doesn't seem to have this
You can not do apples-to-apples comparison between Gecko and
WebKit: for Gecko there are just 5 CVE and for WebKit 27, but I find it
hard to believe that out of 455 Firefox's vulnerabilities only 5 affect
Gecko and some 450 are in different subsystems...
The lengths to which some die-hard Firefox fans will go... the
logical contortions they are willing to accept... to "prove" that the
endless stream of security vulnerabilities in Firefox is really a good
thing is beyond just worrisome. It's out and out scary.
Yes, it's really scary. Only Firefox-haters are worse...
Posted Apr 29, 2009 7:46 UTC (Wed) by epa (subscriber, #39769)
A large number of security fixes being published is neither a 'good thing' nor a 'bad thing' in itself.
Posted Apr 29, 2009 8:28 UTC (Wed) by khim (subscriber, #9252)
Worthy of Firefox fanboy. It's know fact that Firefox has more
vulnerabilities than WebKit-based browsers. May be they are less severe,
may be not. That is not the point. The point is: number of
vulnerabilities in Firefox and WebKit-based browsers are of the same order.
It's not like OpenBSD vs Linux comparison: one side has hundreds of
potential vulnerabilities, the other one - just a handful ("ten over last
ten years" or something like that). Here both sides have sizable number and
these vulnerabilities were exploited in the wild and will surely be
exploited in the future. No reason for WebKit developers to feel smug and
not reason for Firefox developers to fret over statistic.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds