With all the design concepts and other dross floating around in my head, I’ve become completely paralyzed on what to do next.

On one hand, I want to do something and I want to do it right. On the other hand, I don’t know what this “right” is.

I want to use controllers, but I don’t really know what they are. Right now, I have a bunch of cobbled together pages. I *could* move them into classes, which would probably help factoring them into more controller oriented things, but I want to get it right the first time. And I know I can’t.

In this mentality, I think I have bitten off more than I can chew. Every small step means more steps when the final design comes into place, but without small steps I cannot get anywhere.

I need help.

Imran Hashmi
http://www.visionstudio.co.uk

Nach den Erfolgen des Firefox-Browsers (HNA berichtete) rüstet Microsoft nun zur Gegenoffensive, berichtet Spiegel Online. Während die Redmonder unplanmäßig ihren Internet Explorer in der Version 7 jetzt…

should be the top priority if this project is getting off task.”

I agree with this position. Hopefully, the project will employ an alternative management strategy in terms of delegating duties to others who may not have the greatest technical skills.

For example, someone like me with 1 year of C, C++ programming experience isn’t ready to contribute productive code, yet. However, I am able to write much of the technical documentation if this information is given to me. I was a Quality Manager for three years for a company of 150 employees and was responsible for all technical documentation (production & quality processes), sales analysis & projections. I would be more than happy to contribute my time. I could produce whatever user/developer/technical documentation you need while simultaneously learning more about the project. As I learn more about Firefox and enhance my programming skills, I could eventually start to contribute. Then, I would have to pass whatever skills assessment/test the Firefox folks want to give me in order to provide my first programming contributions to the project. Someone like me has a vital interest in this project because I sell pre-installed linux desktops. Firefox is one of the reasons people purchase a system from me. I would be willing to help however I can.

Chris

Well it would any Bill – reason enough?

If you are running FireFox, you aren’t running the Mozilla suite. They are retiring the Mozilla Suite, which is a single bloated application which contains the Mozilla Web Browser, the Mozilla Web Composer, Mozilla e-Mail and Chatzilla (I might be missing a component or two, it’s bloated and it’s hard to remember everything).

There are far better and far more popular web design tools, and in this XML, ASP and ASP.NET age, Composer needs a lot of work to be viable. On the other side of the coin, applications like OpenOffice.org or Microsoft Office save into XHTML or HTML format efficiently, and users seeking just basic web pages are typically far better off using one of those products.

I use FireFox, and have for a while, as my primary web browser. I was using The Bat, and am now using Thunderbird primarily for e-mail. I haven’t started the Mozilla Suite, although I have 1.7 installed, in over a year.

>>IBM, Sun or Google: open up your vaults and give some money to Firefox.

>What would IBM, Sun and Google gain by supporting FF?

IBM has contributed heavily to the development of Mozilla in the past. Go into BugZilla, search for IBM, and you will find many hits. They maintain commercial ports via Software Choice for OS/2 and for AIX.

Sun contributes sometimes, and in terms of Java, contributes a ton to the browser. Java is an important feature to many businesses, and is the only secure alternative to ActiveX/XPCOM based plugins Mozilla currently supports.

And Google, of course, pays the salaries of several key FireFox members, and has generally been very supportive of Mozilla.

The issue here isn’t money, or paid employees.

The issue, so people understand it, is that every code change that goes into a secure application like a Web Browser, an ATM machine, the telephone system, etc. has to undergo a review before it is comitted.

This is to look for blatant security breaches (if (stricmp(password,”letmein”)) goto success) and for less blatant problems (nsprintf(1024, buffer, “%10s”, string)). Problems like this last one are notorious, aren’t adressed well in college, and (most importantly) are easily overlooked even in a code review.

It’s also to look for blatant bugs, or things that “aren’t right.” Usually you review the prepatch code in parallel with the patched code, using a visual differencing tool, because seeing the changes out of context virtually guarauntees missing something important.

It’s probably lost here, but expecting one or two people who are programmers themselves to do this task, over months and months and months, is irresponsible of any organization or community.

Now people are going to chime in “why not let the community do it,” but the community has not proven itself effective at catching these sorts of problems in Linux. In Linux, there is a core of around twelve people catching these problems in the kernel. Individual packages security is rarely audited by anyone external to the package, and even distros such as Redhat Enterprise don’t necessarily audit a significant percentage of the code for security errors.

On the Microsoft side of things, the situation isn’t much different. You have a handful of people at Microsoft reviewing for security problems, and thousands of people contributing code to their operating system distributions. Just like Linux, they are divided into teams who predominantly work on their chosen package, and just like Linux, the quality of code from the various teams seems to vary considerably.

The issue is ultimately, you cannot train hundreds of thousands of programmers how to find and correct these errors overnight. And the single voice in the crowd calling out is difficult to find, and difficult to listen to, especially when they are stating things that are unpopular to hear.

XPCOM and Active-X, for example, work virtually identically. Everything from how components are installed to the level of access they have to the machine are identical. The amount of potential damage is identical. Someone familiar with Security understands that, and puts in controls to try to prevent malicious sites from installing XPCOM components, etc. The common contributor to Mozilla, however, has their head in the sand or puts their hands on their ears and chants lalalalala when people tell them it’s a security risk.

Simply hiring people blindly doesn’t help Mozilla, and simply adding more reviewers doesn’t help. The reviewers need to be familiar with large portions of the Mozilla code base, a truely formidable task, and the reviewers, likewise, have to be familiar with common security and stability problems, and on top of all this, have to be skilled programmers.

If you ask any skilled programmer if they would rather spend their days making sure everyone else is doing things right, reading other people’s code, and watching their own hard work get criticized again and again; or if they would rather be writing new code and cotnributing it and have the issue of review be someone else’s problem, I can promise you that the most typical response wouldn’t be wanting to review code for errors, security problems, etc.

What would IBM, Sun and Google gain by supporting FF?

Maintaining a project and keeping it alive is still much more difficult than starting a new one. Most of the great developers I know don’t like to maintain source code.

It’s really frustrating that an OSS project like Firefox that got so much media buzz now seems to suffer from these symptoms, too. Come on guys, you have some gold in your hands which took the world by storm. Stand up and face the thread of IE7.

IBM, Sun or Google: open up your vaults and give some money to Firefox. They can really tickle Big Bill

Segun menciona uno de los desarrolladores de Firefox en su blog, el navegador esta avanzando muy lento en su desarrollo comparado con su crecimiento, ya que a pes [...]