Weekly Edition
Return to the Development pageRecent Features
| |||||||||||||
Thunderbird 3.1 Release Candidate 1 is Here
Mozilla has announced
the first release candidate of Thunderbird 3.1. "Thunderbird 3.1 Release Candidate 1 is our latest development milestone. While this release is considered to be stable, it is intended for developers and members of our testing community to use for early evaluation and feedback. Users of this latest released version of Thunderbird should not expect all of their add-ons to work properly with this milestone."
(Log in to post comments)
Forms still busted :( Posted May 29, 2010 13:23 UTC (Sat) by dskoll (subscriber, #1630) [Link] They still have not fixed bug 533545: Form submission from HTML mail is completely broken. *sigh*
Forms still busted :( Posted May 29, 2010 19:51 UTC (Sat) by NightMonkey (subscriber, #23051) [Link]
Looks like they are asking for help:
"Keywords: helpwanted, regression, testcase"
"Assigned To: Nobody; OK to take it and work on it"
Forms still busted :( Posted May 30, 2010 2:44 UTC (Sun) by welinder (guest, #4699) [Link]
Ok, it's a bug and should be fixed, but being loud and obnoxious
is not going to improve your chances of getting it fixed. Adding comments like "Any progress on this bug?" several times will make people actively avoid working on the issue. If there was any progress you could read about it in bugzilla.
(MHO. I have no affiliation with Thunderbird and certainly
Forms still busted :( Posted May 30, 2010 3:04 UTC (Sun) by dskoll (subscriber, #1630) [Link] I don't think I'm being loud and obnoxious. It's a very serious regression that is blocking TB3 from being usable in many corporate environments. It seems to me that fixing serious regressions should be higher in priority than it apparently is.
Forms still busted :( Posted May 30, 2010 5:20 UTC (Sun) by jrn (subscriber, #64214) [Link]
> It's a very serious regression that is blocking TB3 from being usable in many corporate environments. It seems to me that fixing serious regressions should be higher in priority than it apparently is.
Mozilla Corp does employ some programmers so there is room for complaint there. But it is perhaps more productive, not to mention helpful for the long-term future of Thunderbird, not to rely on them. Perhaps the IT staff in some of the corporate environments affected by this have enough expertise to fix it.
Forms still busted :( Posted May 30, 2010 10:26 UTC (Sun) by paulj (subscriber, #341) [Link]
Have these corporate environments considered contracting any TB programmers to fix the problem?
If you want Free Software to be sustainable, you need to put some of your resources into it (programming, documenting, etc.. or contracting to help to do so). People can't eat bug reports...
Forms still busted :( Posted May 30, 2010 11:48 UTC (Sun) by AlexHudson (subscriber, #41828) [Link]
I think it's a great point, but who would they contract with?
The obvious people are Mozilla Messaging, but they seem to be pretty much disinterested: they're chasing webmail-type features and not corporate features, and there's no corporate support offering.
Sure, you could look around to find some willing Xul/C++ programmer, but what a pain for a business, and would the work ever be upstreamable?
I think this is the real problem with Tbird as a corporate client.
Forms still busted :( Posted May 30, 2010 16:36 UTC (Sun) by tzafrir (subscriber, #11501) [Link]
Would the work be upstreamed? Why wouldn't it?
It's an open bug with a call for help, after all.
Forms still busted :( Posted May 30, 2010 17:46 UTC (Sun) by AlexHudson (subscriber, #41828) [Link]
Why wouldn't it? Because the client is looking for a solution, but the solution found by the contractor may not be accepted by upstream - pretty simple really.
If you think about how stuff usually gets up-streamed into big projects, you need a combination of a. a good patch and b. persistence.
If you're a business and you need a feature, you're probably willing to pay for it. It's a lot less likely you're willing to pay someone to do the donkey work in order for upstream to accept it, since that's essentially a blank cheque - you don't know how long it will take or if it is even achievable.
It's such a different ball-game from what regular businesses are capable of that it's no big surprise that it doesn't happen often.
Forms still busted :( Posted May 30, 2010 19:01 UTC (Sun) by tzafrir (subscriber, #11501) [Link]
If you need a feature and don't want to maintain it, you want it upstream.
In fact, I see this as a common condition in various bounties: In order to apply, your code needs to not only fix the problem, but also be accepted upstream (at least to HEAD/trunk/master/whatever).
Forms still busted :( Posted May 31, 2010 4:21 UTC (Mon) by lacostej (guest, #2760) [Link]
> Why wouldn't it? Because the client is looking for a solution, but the
> solution found by the contractor may not be accepted by upstream - pretty > simple really.
To avoid this issue, first thing is then to secure time with a developer upstream as soon as you've found someone willing to work on the fix. The developer upstream will be used to validate the solution found by the contractor.
Prominent projects, such as Linux, have such channels in which people can engage with upstream developers and discuss design decisions. Most acceptation issues come when solutions have been developed without talking with upstream first.
Are you able to raise a bit of cash for that ? How much ? When you see how much work students are able to achieve during Summer of Code events, have you considered paying a student a couple of months/weeks to solve that issue ? Or maybe put a bounty ?
I am pretty sure it's possible to find someone willing to fix this for a few hundred bucks.
Forms still busted :( Posted May 31, 2010 12:58 UTC (Mon) by paulj (subscriber, #341) [Link]
If you're not paying them, then they're free to develop whatever stuff they're interested in (or other people are paying them).
If they don't offer a suitable "pre-boxed" support option, then get in contact with whichever organisations or programmers who are involved with the project to see what can be done. I'm sure they'll each be able to tell you how much they would charge for either a custom support offering, or to do the development work under contract.
I don't see this as a problem for a corporate client. Indeed, it's something of an advantage to have multiple, independent orgs/inviduals available to hire for custom development. Could you imagine how much cash it would take to get Microsoft interested in contract Outlook development? I'm sure it's at least an order of magnitude higher than the amount of cash it takes to get individual programmers or small orgs interested.
This kind of thing is crucial to there being a sustainable, healthy ecosystem around free software. (I am somewhat biased here of course).
Forms still busted :( Posted May 30, 2010 13:58 UTC (Sun) by dskoll (subscriber, #1630) [Link] I haven't considered doing this because my small company lacks the resources. However, we do support the free software ecosystem with our free products like MIMEDefang, rp-pppoe and Remind. I know that as a matter of pride, I would never allow a serious regression in one of our free products to go unfixed for 6 months.
Forms still busted :( Posted May 30, 2010 16:11 UTC (Sun) by Los__D (guest, #15263) [Link]
Serious? Bah
Forms still busted :( Posted May 31, 2010 7:47 UTC (Mon) by nhippi (subscriber, #34640) [Link] I know that as a matter of pride, I would never allow a serious regression in one of our free products to go unfixed for 6 months.Your product then seems to have good balance between developers and users. Thunderbird on the other hand seems simply to have too few developers compared to the amount of features included. Thus bugs in rarely used features slip through the cracks. Evolution has the same problem, so I guess people seriously underestimate the work needed to create and mantain a decent a MUA.
Forms still busted :( Posted May 30, 2010 16:11 UTC (Sun) by exadon (guest, #5324) [Link]
This argument of yours is one of the reasons why corporations, and probably quite a few people as well, don't like free software. It is not sufficient to just obey the license, which may be acceptable in the case, but you also want them to not complain loudly, and even ask them to take care about the bugs themselves. This kind of argument is rude and arrogant, as compared typical responses from commercial software companies, where you typically get "We wont fix this for one reason or another" or "We fix this if you pay us". Even if this comparision might seem unfair, this is what happens.
Forms still busted :( Posted May 30, 2010 18:33 UTC (Sun) by dskoll (subscriber, #1630) [Link] This kind of argument is rude and arrogant, as compared typical responses from commercial software companies, where you typically get "We wont fix this for one reason or another" or "We fix this if you pay us". Even if this comparision might seem unfair, this is what happens. I happen to own a commercial software company that produces both traditional proprietary software and open-source (specifically, GPL) software. I fully understand the difficulty of dealing with customers, some of whom can be unreasonable. Nevertheless: In this case, TB has had a serious regression that (IMO) is not being taken seriously by the developers. We have had many customer complaints about this regression; we've had to explain patiently that it's not our software, but TB3. We would not allow a regression of this type to linger in any of our software for six months, proprietary or GPL.
Forms still busted :( Posted May 30, 2010 20:44 UTC (Sun) by oak (guest, #2786) [Link]
> This kind of argument is rude and arrogant, as compared typical responses from commercial software companies, where you typically get "We wont fix this for one reason or another"
If your try to fix it and upstream then says wontfix (for a reason or another), would you still consider them rude or arrogant?
The bugs are open so that others can help with them, if they want to. Only in commercial settings bugs are closed to improve "error metrics".
Forms still busted :( Posted May 31, 2010 1:23 UTC (Mon) by foom (subscriber, #14868) [Link]
When I file bugs against commercial software, in *my* experience, the bug reports usually just go into limbo for a long time, before the bug report gets closed as a duplicate (and thus I lose what limited visibility into the status I had), or closed wontfix without further comment. Or sometimes of course it just stays in limbo forever. Because, when it comes down to it, I'm just an insignificant user, one of millions. Even though I pay, I don't pay enough to actually matter.
At least with open source, I can see at what stage of being ignored/fixed the bug is in. And if I really do care, I can fix it myself.
Anyways, I think the mistake here is in thinking that form posting being broken is a "serious" regression that anybody else cares about. It's quite clearly a niche feature, not in use by very many people, which probably will get fixed someday when one of the volunteer developers gets around to it.
If Thunderbird was not open source, this bug would almost certainly be prioritized way down on the list of bugs to work on, unless a customer with a large number of licenses ($$$) had it as their #1 priority bug/feature request...
Forms still busted :( Posted May 31, 2010 13:12 UTC (Mon) by paulj (subscriber, #341) [Link]
I didn't say they couldn't complain. Everyone is free to complain. I didn't say there was anything bad at all about dskoll's complaint. However, Thunderbird programmers are just as free to ignore those complaints, unless you put one or more of them in your debt. My *only* point is that it should be *encouraged* for corporate free software users to put free software programmers in their debt monetarily, if free software is to be sustainable.
There is nothing rude or arrogant about that argument, I think.
Forms still busted :( Posted May 30, 2010 13:00 UTC (Sun) by zonker (subscriber, #7867) [Link]
You're being loud and obnoxious. Posting "this bug is still not fixed" to announcements on other sites is loud and obnoxious. Sorry, but it is.
Forms still busted :( Posted May 31, 2010 6:49 UTC (Mon) by SecretEuroPatentAgentMan (guest, #66656) [Link]
> Posting "this bug is still not fixed" to announcements on other sites is loud and obnoxious.
Is that so?
Checking the Release notes, clicking on the Known Issues I do not find this issue mentioned. Knowing about a regression and not informing unsuspecting would-be users is an interesting practice. Bringing up this issue is in my view not obnoxious, it is important information.
Forms still busted :( Posted May 31, 2010 14:02 UTC (Mon) by zonker (subscriber, #7867) [Link]
By that logic, you would fill the comment section of any announcement with the entire bug database to "provide information." Everyone has a pet bug, it isn't necessary to spam the world with it.
Forms still busted :( Posted May 31, 2010 14:10 UTC (Mon) by SecretEuroPatentAgentMan (guest, #66656) [Link]
I was explicitly referring to a regression. If the entire bug database is full of regressions I would suggest considering a different line of work.
Is it really that hard to put yourself in the mind of the users? Old well known bugs you have a chance to avoid, new features that are somewhat short of polished does not have to be the end of the world. But a regression that changes established workings in a negative manner is more serious. Trying to sweep it under the carpet does not invite confidence in the product.
Forms still busted :( Posted May 31, 2010 14:58 UTC (Mon) by pboddie (subscriber, #50784) [Link] Trying to sweep it under the carpet does not invite confidence in the product. For heaven's sake, it's not as if they've covered this up. And I can imagine that it's not a high priority to re-enable this functionality, anyway, given the hard enough task of persuading users not to follow links in e-mails and type in their credentials on the Web site that pops up, let alone having a form in an e-mail which in all likelihood has "username" and "password" fields, presumably not a signed e-mail either, and all the "fun" that brings to the party. In spite of all this, is there a use-case for not just providing a link in the mail, anyway? Not opening a separate browser window, perhaps? I can see why people are frustrated - Thunderbird is supposed to use the same technology as Firefox, more or less - but complaining about "confidence in the product" is taking it a bit far. It starts to sound like the only role the oh-so-important corporate users are supposed to play after pressing the "download" button is to perhaps offer suggestions on where the red carpet is supposed to go.
Forms still busted :( Posted Jun 8, 2010 14:24 UTC (Tue) by jschrod (subscriber, #1646) [Link]
In my 15+ years of work as an IT consultant I have yet to see a "corporate environment" that relies on HTML forms in emails. Hell, most of them simply use Exchange/Outlook; TB usage is extremely rare.
OK, that breaks your company's product. But it doesn't make it a "serious regression" for anybody else than you.
Btw: My work is often requirement engineering and tender evaluation. I would always recommend any customer to turn off a feature like your product has that relies on HTML forms in emails. First of all, it produces bad behaviour of users security wise. It might be more convenient, but so is clicking on all links that appear in any email. Users -- especially in a corporate environment -- must learn that they cannot have any convenience they want due to security concerns. We are not in the 80s or early 90s any more. That you, as a developer of an anti-spam software solution, don't see this, is very sad.
Forms still busted :( Posted May 31, 2010 12:52 UTC (Mon) by avtechmjc (subscriber, #50477) [Link]
Have you read the bug report?
dskoll (someone with serious open source credibility) correctly reported a serious bug and provided a valid use case.
The developers are taking months to respond, and need help cutting and pasting text.
It's really lame, especially when Mozilla has such deep pockets.
Forms still busted :( Posted May 30, 2010 17:34 UTC (Sun) by rsidd (subscriber, #2582) [Link]
If Thunderbird claims to support HTML forms in e-mails, and doesn't, that is certainly a bug. But I am more worried about people who consider that sort of bug a deal-breaker.
I've never seen a HTML form in an e-mail and it seems to me that that is dangerous in itself (how do you know where the data is going? Does hovering on the "submit" button tell you? In how much detail? Is thunderbird expected also to warn you about malware sites?) I'd mistrust a corporation that depends on such e-mails.
I'd much larger be given a URL that I can (a) inspect and, in some cases, vet (say, I want http://www.citibank.com/ and not http://www.citibank.somethingelse.ru/); and (b) open in firefox (or another browser) which is likely to warn me of malware sites.
Forms still busted :( Posted May 30, 2010 18:29 UTC (Sun) by dskoll (subscriber, #1630) [Link] Here's the specific use-case: Our anti-spam software sends out a digest of quarantined messages. One option for the digest is to send out an HTML form that allows you to release messages right from within the MUA. (It uses magical cookies in the form for authentication.) This worked great in TB2. It worked somewhat in Outlook because you expect Outlook to suck. It worked quite well in most MUAs that supported HTML mail. Then TB3 broke it. And then we got a whole bunch of customer complaints saying that our software was broken. I just point those customers to the TB bug report, but it's still very annoying.
Forms still busted :( Posted May 31, 2010 0:59 UTC (Mon) by rsidd (subscriber, #2582) [Link]
If only internal users (only admins?) see the mail with the form, it may look 'safe', but in my opinion it encourages unsafe behaviour. Especially if the admins are not local and not themselves all that clueful.
Enough people already fall for 'please change your password' mails that link to bogus sites, that browser makers now take all sorts of pains to alert the dumbest users. I assume phishing emails don't already include forms because most email clients don't suppose them. And that's a good thing.
How hard would it be to change your software to supply a browser link rather than include a form in the e-mail? Easier, I would think, than haranguing the Thunderbird people about this 'bug'.
Forms still busted :( Posted May 31, 2010 1:04 UTC (Mon) by rsidd (subscriber, #2582) [Link]
Ps : and, you know, when it has been broken for many customers for months and you haven't applied this simple fix of providing a link, instead telling them to change their e-mail client... why do you claim above that you wouldn't leave your software unfixed for months? It's just what you are doing, by your own account.
Forms still busted :( Posted May 31, 2010 2:22 UTC (Mon) by dskoll (subscriber, #1630) [Link] We've included links since well before TB3. So users with Thunderbird now get the same (degraded) experience that Outlook users get, instead of the superior experience TB2 users get.
Forms still busted :( Posted May 31, 2010 2:21 UTC (Mon) by dskoll (subscriber, #1630) [Link] How hard would it be to change your software to supply a browser link rather than include a form in the e-mail? We already do that. However, a link can only accept or reject a single message at a time. It was very handy to be able to dispose of them all with a single form click. We used to tell Outlook customers: "Yes, forms are broken in Outlook, but if you switch to Thunderbird, you'll have a much better experience." We can't say that any more. :(
Forms still busted :( Posted May 31, 2010 3:12 UTC (Mon) by rsidd (subscriber, #2582) [Link]
So have the link go to a web interface that handles multiple messages (ie, does the same thing the email form does!) Why is that hard?
Forms still busted :( Posted May 31, 2010 16:06 UTC (Mon) by dskoll (subscriber, #1630) [Link] It's not hard, but our users overwhelmingly prefer doing it from within the MUA, and having it work the way TB2 used to.
Forms still busted :( Posted May 31, 2010 2:23 UTC (Mon) by dskoll (subscriber, #1630) [Link] Oh, and BTW, links are no safer than form submissions. So dropping support for forms purportedly to increase security is ridiculous unless you also drop support for clickable links.
Forms still busted :( Posted May 31, 2010 3:19 UTC (Mon) by rsidd (subscriber, #2582) [Link]
Yes, links are unsafe, so browsers take all sorts of steps to safeguard the user. You want email programs to duplicate all that effort too, just so that you can have users submit forms from e-mail -- something that e-mail was never intended for?
Secondly, links can be inspected easily and the user can beware of unfamiliar domains. So they are safer than forms, which don't tell you where the data is going.
Forms still busted :( Posted May 31, 2010 16:07 UTC (Mon) by dskoll (subscriber, #1630) [Link] No, I do not want email programs to duplicate browser functionality. Our form uses the GET action, and TB2 would simply pass it to the browser (with the GET values filled in correctly.) This means that all of the browser safeguards are available to users. TB3 submits the form, but does not pass any of the GET parameters. If TB3 were doing this out of concern for anti-phishing, it wouldn't pass anything at all.
Forms still busted :( Posted May 31, 2010 16:39 UTC (Mon) by rsidd (subscriber, #2582) [Link]
The most obvious one is not. Namely, if you supply a link, the user can inspect it BEFORE submitting any data. If you require the e-mail form to be filled, the user only sees where the data has gone AFTER already submitting the data. Again, this may not be a problem in your application. My point was the undesirability of getting users used to such actions (which are uncommon for, I think, good reason). Again(2), this is certainly a bug in thunderbird, not a clever way to foil phishing. The question is whether the bug is worth worrying so much about. I'd say the fix to the bug is to disable forms in e-mail altogether.
Forms still busted :( Posted May 31, 2010 21:48 UTC (Mon) by dskoll (subscriber, #1630) [Link] That's true. So if you don't trust the form, you use the link instead. Or you hit Ctrl-U to look at the email. The form did provide a way of doing things that many of our customers found convenient. The lack of this way bothers many of our customers.
|
|||||||||||||