
Understanding the corporate impact (of upgrading Firefox) - Isofarro
http://mike.kaply.com/2011/06/23/understanding-the-corporate-impact/
======
billybob
Merits of the argument aside, I was surprised to see the tone that Asa Dotzler
took on that thread. To me, it sounded like "you enterprises are dumb and we
don't care about you."

If I were "Community Coordinator for Firefox marketing projects," I think I
would have tried to be more tactful.

I'm not trying to throw darts at him, but it may be instructional for those of
us who are geeks to consider how our words can come across online.

~~~
asadotzler
I didn't say anything that could be remotely construed as calling enterprises
dumb. I said that they have not, and in my opinion, should not, be Firefox's
target.

~~~
mindcrime
Well, you believe what you believe, and nobody can fault you for your beliefs,
in and of themselves. I happen to disagree with you, but that's not my issue
with your comment... my issue is that - regardless of what you intended - your
tone came off as very arrogant, dismissive and mean-spirited. And, like it or
not, there is a PR aspect to consider anytime someone - who is as visible and
well known as you are - says something that sparks controversy.

I think this whole thing has done some damage to the Firefox brand, and that
makes me sad, as I've been a Firefox (and before that, Mozilla... going back
as far as Mozilla M2, IIRC) supporter for a long time.

------
CWuestefeld
Staying at FF3.6 wouldn't make them the most out-of-date by a longshot. A
_majority_ of our site's corporate users are on IE6!

But it seems to me that part of this problem is that they're trying to
accomplish two things with the browser, that for their needs might be better
separated into two.

For internal corporate apps, there's probably little reason to upgrade. In
particular, the security risk posed by accessing _internal_ systems on a
backlevel browser is pretty minimal. They could retain FF3.6 for use in this
context.

For general web browsing (research, etc.), you really want to be as up-to-date
as possible, but there shouldn't be any repercussions to doing so. If you're
accessing the internal apps on your old FF3.6, then you can have a separate
"external browser" that's kept current.

So my suggestion is to stick where you are for the internal apps, and
separately install Chrome or IE or something for external access. Set up
configurations that restrict each browser to only be able to access its
intended sphere.

~~~
jrwoodruff
I can't imagine trying to get everyone in a large corporation to use the right
browser for the right thing. Most normal people barely understand that IE is
not the internet, let alone understanding the difference between websites, web
apps and internal and external servers.

In a very small company, maybe, but not in corpo-land.

~~~
rpearl
Wait... what IS the difference between a webapp and a website?

~~~
sukuriant
Buzzwords, Ajax, HTML 5

------
dlikhten
So here's my take on the matter. This is a Damned if you do, damned if you
don't problem.

a) Firefox must release frequently to keep up with competition. A firefox by
any other version is just the same set of changes, just labeled 4.1 vs 5. I
don't know why they changed their numbering system (to keep up with chrome i
guess) but it makes absolutely zero difference.

b) Any corporation cares about stability vs progress. They want to test now,
guarantee that it will work for say 10 years, and just stick with it.

And now of course

c) The web needs to progress. (ie6). IE6 is still being used. This has been
beaten long and hard for years. The problem is not IE6, the problem is
corporations. IE6 will die, it'll die soon (I hope) as I still have to support
that heap of crap. HOWEVER tomorrow firefox 3.6 will be it. FF 3.6 will have
some crap and work like shit 10 yrs from now and some corporation will want to
use it and nothing else just like IE7 and IE8 and actually anything.

\--

Anyone who embraces chrome is embracing a mindset, it will always be up-to-
date and our it must support the latest version, we'll force a restart of
chrome at some point to update that version. Our sites MUST WORK WITH LATEST
CHROME.

Here we have examples of companies complaining, and I guarantee if Mozilla
would state that 3.6 will be forever supported (7 yrs?) like IE6 was they
would get the same shit MS got for IE6, sure not today, but in a few yrs "omg
fucking ff 3.6 can't do shit like rounded corners right, it needs to die"
followed by the FF3.6 eulogy website etc. The only way to win this is for
companies to realize that the following will be true on the web:

a) security vulnerabilities in browsers will be discovered/patched, and
quickly. You must upgrade frequently to keep up.

b) The web is moving forward, even if you dislike that. Due to this rendering
engines must be updated constantly. Sorry. Adopt best practices and release
frequently. Its an unfortunate cold hard truth and its costly but its the
nature of dealing with the web.

c) Mozilla can't support an old browser forever. Pay them and they will.
However they are not Microsoft, and even MS can't do this effectively, so if
you want something for "free" (IE included here) be prepared for paying for
having to move in the direction they take. Otherwise contribute cash to them
to support what you want. I'm sure Mozilla will happily create a special FF3.5
branch back-porting fixes for years as long as you pay them to.

~~~
thaumaturgy
Let me put my flame-suit on ...

To further distill your points, there is fundamentally two problems:

1\. Maintaining backwards compatibility while providing support for new
features;

2\. Providing security updates without breaking compatibility.

I need my flame-suit because, if Mozilla can't solve those two problems, then
they seem to be ignorant of some very basic strategies in software
development.

In web-based application development lately, you see a lot of "MVC" talk. MVC
is far from a new concept, but more people are starting to see the wisdom of
keeping your business logic separate from your UI logic.

There's no reason why a web browser shouldn't be constructed the same way.
Internally, it should be separated into distinct parts -- the network
interface, the rendering engine, the user interface, etc. -- with those parts
communicating only through a largely static API. Each of those parts should
then endeavor to separate the security-related logic from the rest of the
application logic.

In other words, there is absolutely no reason why it should be impossible to
apply and maintain security fixes to multiple versions of the code base,
simultaneously.

Once upon a time, programmers saw the wisdom of maintaining separate versions
of their applications, and they helped their system administration brethren by
signaling the impact of changes in the version numbering:

major.minor.revision

Sysadmins running a specific major.minor of an application could always feel
comfortable blindly updating .revisions, which typically consisted of things
like security updates. If a .revision ever broke anything at all, the
developers were generally considered to have screwed up.

Sysadmins could more leisurely apply major.minor updates, after double-
checking that the .minor change didn't break any of the stuff that their
network relied on.

And, meanwhile, sysadmins could even more leisurely take their time in
developing comprehensive testing periods and update roadmaps for major
releases, so that nobody in the company would get caught with their pants
down.

So, not only is Mozilla committing an egregious error in not being able to
apply _just_ security updates without changing any other application
functionality, but they're committing a whole other sin of long-standing
software best practices by abandoning the most sensible version numbering
system that was ever developed, and developed for damn good reason.

I think it's clear that Mozilla simply doesn't give a shit about their users
at this point. They are either accidentally or intentionally ignorant of why
these practices were developed and what problems they were intended to solved,
not only in corporate markets but in home users as well. Mozilla is also
digging the graves of system administrators everywhere who pushed for
deployment of Mozilla applications in corporate environments and are now going
to be faced with nothing less than a huge fucking maintenance nightmare -- and
I promise you that nearly every corporate IT department has an administrative
overlord who is much less interested in why a particular software product is
_technically_ better than they are in what the _cost_ will be or how many
people are going to complain.

I'm beyond furious, personally. Way, way beyond furious. I've been making
similar comments in every single Mozilla-related thread since this was
announced. My company was _still_ switching our clients -- clients who work
with us because they _trust our judgement_ \-- to Firefox as of last week.
This new release strategy has just fucked us in the ass. As of now, we've
completely halted Firefox conversions, and I have to figure out what to do
next.

As far as website compatibility goes, would it really be so hard to support a
simple comment tag at the top of the page that listed the browser major
versions that the site had been built for, and then -- because the application
was designed well so as to be capable of such magic as this -- use the
appropriate rendering engine, dynamically loaded?

~~~
nradov
There is no way to separate out security from the other software layers. In a
web applications and user agents _everything_ is involved with security. I
agree it would be great if they provided security fixes for obsolete releases
but let's not pretend it would be cheap or easy. Someone would have to pay for
that, the open source community is unlikely to deal with that level of
configuration management drudgery for free.

~~~
Silhouette
> There is no way to separate out security from the other software layers.

Are you sure that's not the underlying cause of the problem?

Security is a lot like scalability and fault tolerance: you have to plan your
software architecture to support it systematically. You can't just bolt it on
later.

------
ratsbane
The corporate mindset is the problem. They've got to get away from the hubris
of thinking their software testing process is so special or better than the
community's.

Although it's a pretty cushy assignment. I'm sure plenty of bigcorp PMs would
rather do that than to manage something with more complicated deliverables.

~~~
Nitramp
I agree. The assumption here is that the corporate IT mindset is the constant
factor, and Mozilla, Chrome, or whatever, have to adapt to it.

I don't agree with that assumption. Corporate IT has to get better and faster,
or they will get marginalized by cloud hosted solutions that can move faster
and deliver superior experiences at better cost.

If your internal software is so crappy you can't upgrade your browser, maybe
you should try and fix your internal software.

~~~
Silhouette
> Corporate IT has to get better and faster, or they will get marginalized by
> cloud hosted solutions that can move faster and deliver superior experiences
> at better cost.

That's easy to say when you're not responsible for a system where an hour of
downtime comes with a seven-figure number in brackets on this quarter's
review.

Corporate IT guys get a lot of grief about imposing picky rules and making
life difficult, but the bottom line is that they are the guys who are going to
take the flak if stuff breaks. Most of these policies are not there because
someone at the head office wants to throw their weight around, they are there
because a lot of people on the corporate network really could cause serious
damage without even knowing how or why if left to do whatever they wanted.

If you want to blame someone for this cultural problem, blame the big software
and infrastructure providers, who haven't yet collectively invented a robust
global IT architecture where risk can reliably be localised to the user at
fault. Or step up and do something about it and get very rich, because it's a
real problem facing literally billions of staff every day.

Alternatively, you could take the view that cloud computing is the way
forward, releasing a new browser every three months will make these sorts of
problems go away, and everyone who develops in-house tools and operates a
conservative IT policy is a moron with no idea how to run a successful
business. Good luck with that. :-)

~~~
Nitramp
> That's easy to say when you're not responsible for a system where an hour of
> downtime comes with a seven-figure number in brackets on this quarter's
> review.

In particular if you have such a critical system, you should have a plan on
how to upgrade, test, and deploy it.

Releasing a browser every three months (or constantly, such as Chrome) does
make a lot of problems go away. And having reasonably-well written web apps
does help as well - just because you're developing in-house tools doesn't mean
they have to suck and only work on IE6.00.14.13 patch level 3 with the right
fonts and ActiveX version installed.

Corporate IT can learn a lot from how application development works on the
web, the web is the more robust IT architecture you're asking for.

~~~
Silhouette
> In particular if you have such a critical system, you should have a plan on
> how to upgrade, test, and deploy it.

Indeed, but wouldn't such a plan start with building on a firm foundation that
isn't going to get EOL'd and no longer support security updates after three
months?

The reality is that building on FF or Chrome now means trusting potentially
critical business functionality to an outside group you can't control with a
history of pushing breaking changes.

(If anyone is about to pipe up with how they only release useful changes and
the community testing is sufficient to prevent regressions, please keep in
mind that both Firefox and Chrome have each outright broken both cosmetic
rendering details and basic functionality recently, in minor/point releases
that you wouldn't normally expect to change user-observable behaviour at all,
plus of course there are many widely and less widely reported compatibility
issues.)

> And having reasonably-well written web apps does help as well

Don't tell that to anyone who uses Java applets and has spent significant time
over the past few months working around the repeated screw-ups made by major
browsers as they implemented new internal details.

(If anyone is about to pipe up with how Java applets are yesterday's
technology and browser vendors don't need to care about them any more,
congratulations, you are a walking example of my point.)

> Corporate IT can learn a lot from how application development works on the
> web,

Or web application developers could learn a lot from corporate IT, depending
on your point of view. Personally, I can't remember the last time I saw a
business critical corporate IT system completely fail or a major deployment of
old-fashioned desktop software block a whole company, while I see the trendy
style of rapid-development cause major errors with alarming frequency. That
applies to everything from Reddit falling over every ten minutes to Google
Docs' seeming inability to display even basic documents and spreadsheets
properly on all major browsers at any given time.

~~~
dpark
> Indeed, but wouldn't such a plan start with building on a firm foundation
> that isn't going to get EOL'd and no longer support security updates after
> three months?

Why? Why does it matter if 4 is EOL when 5 is available? Instead of obsessing
about having _security_ updates, why not just expect updates. If you're
willing and able to test and deploy a new browser every 3 months, what does it
matter if they call it 4.2 or 5.0? Test and deploy the new browser and stop
worrying so much about the version number.

> If anyone is about to pipe up with how they only release useful changes and
> the community testing is sufficient to prevent regressions, please keep in
> mind that both Firefox and Chrome have each outright broken both cosmetic
> rendering details and basic functionality recently, in minor/point releases
> that you wouldn't normally expect to change user-observable behaviour at
> all, plus of course there are many widely and less widely reported
> compatibility issues.

So don't deploy on day 0. Breaking changes can be, and sometimes are,
introduced in minor version increments. If you need to test, you need to do so
whether you're going from 5 to 6 or 5.1 to 5.2.

~~~
Silhouette
> If you're willing and able to test and deploy a new browser every 3 months

I'm not, and I don't think a lot of other people are either. The version
number is irrelevant. The frequency of releases is the problem here.

> So don't deploy on day 0. Breaking changes can be, and sometimes are,
> introduced in minor version increments.

OK, fine, but now _everything_ is effectively a minor version increment in
Firefox and Chrome, and anyone who doesn't update within 90 days is apparently
going to lose all security updates. That is not a viable combination for any
users who value a stable platform they can build on more than cutting edge
toys.

~~~
dpark
> I'm not, and I don't think a lot of other people are either. The version
> number is irrelevant. The frequency of releases is the problem here.

A lot of people very clearly _are_ willing to update every three months. A lot
of users update Firefox regularly. And for people using Chrome, they get
updates even more frequently. When the upgrading is painless, no one minds
doing it.

As for corporations, if they aren't willing to roll out a new browser every
three months, how often are they willing to do it? And how are they dealing
with browser exploits in between these long cycles?

> OK, fine, but now everything is effectively a minor version increment in
> Firefox and Chrome, and anyone who doesn't update within 90 days is
> apparently going to lose all security updates.

So how is this different? If you are not willing to update, you're not getting
security updates anyway.

> That is not a viable combination for any users who value a stable platform
> they can build on more than cutting edge toys.

This is either hyperbolic or delusional. You tell me which. I'm using the
latest version of Chrome. I also have Firefox 5 installed. They both work on
every site I've visited lately. The only exceptions are some internal corp
sites that only work with IE, and those clearly didn't work with FF 3.6 either
(also I think those were all recently upgraded or retired so they're no longer
an issue, but I'm not certain).

If you want to build stable apps, then use the stable pieces of
HTML/CSS/JS/whatever. No one says you have to use the latest feature that
Chrome/Firefox/IE/Safari added. You can choose to build on a stable platform
without running a 2-year-old browser.

~~~
thaumaturgy
> _A lot of people very clearly are willing to update every three months._

...and a lot of people very clearly are _not_. So now what? We say, "this
doesn't work for lots of people", you counter-point that it does work for a
lot of people ... both statements are true and nothing has been accomplished.

> _And for people using Chrome, they get updates even more frequently._

And for people using Internet Explorer, they get updates much less frequently.
Guess which browser still has the lion's share of the market? (Hint:
<http://getclicky.com/marketshare/global/web-browsers/>)

> _When the upgrading is painless, no one minds doing it._

Right, and that's the rub! Upgrading is _not_ painless! I think you, and I,
and Silhouette are in agreement here: if upgrading were painless, no one would
mind doing it. The problems seems to be that for you, "painless" means, "I
have to download and install it", and for us, "painless" means, "we have to
answer support calls about what happened to the bookmarks menu and why X page
is no longer working even though it was two weeks ago and by the way the back
button looks different and I don't think I like this new version..."

> _If you are not willing to update, you're not getting security updates
> anyway._

 _Nobody's objecting to security updates!_

This very statement is _so_ indicative of what the problem is here: that
security updates are being conflated with _application updates_. Security
updates are fine! Corporate IT will almost always roll out a revision change,
no problem!

Microsoft's Update Tuesdays? Usually OK!

Service Packs? Let's wait!

Now Mozilla's got a huge troll face on and is saying, effectively, "Hehehe,
here, have an update ... it might be a security update, it might be a service
pack! Enjoy!"

> _This is either hyperbolic or delusional. You tell me which._

See, now here's where I want to make this personal now.

Don't pull that shit. Just because you don't _understand_ someone else's
problem, doesn't mean their problem is insignificant. OK?

~~~
dpark
> ...and a lot of people very clearly are not. So now what? We say, "this
> doesn't work for lots of people", you counter-point that it does work for a
> lot of people ... both statements are true and nothing has been
> accomplished.

Now nothing. I never said there weren't a lot of people on the other side. I
was responding to Silhouette's comment: "I'm not, and I don't think a lot of
other people are either." He's not willing, and doesn't think many others are.
That's incorrect, because indeed many others are. "I don't think a lot are" is
not the same as "I think a lot are not". (Compare: "I don't think a lot of
people are fans of Justin Bieber." vs "I think a lot of people are not fans of
Justin Bieber." These are very different statements.)

> And for people using Internet Explorer, they get updates much less
> frequently. Guess which browser still has the lion's share of the market?

And? Are you advocating that Firefox should follow IEs lead? It looks like
IE's lead is dropping almost as quickly as Chrome's share is rising.

> Right, and that's the rub! Upgrading is not painless!

It would be a hell of a lot less painful if it didn't involve a massive
rollout of new software every 18 months. Chrome's always-updating model has
proven to be painless for a lot of people.

> for us, "painless" means, "we have to answer support calls about what
> happened to the bookmarks menu and why X page is no longer working even
> though it was two weeks ago and by the way the back button looks different
> and I don't think I like this new version..."

So use IE and be done with it, or maintain FF 3.6 indefinitely yourself. If
you want your browser to remain unchanged for very long periods of time, and
Mozilla won't help you with the goal, I don't see what your other options are.
I really don't see how Mozilla has an obligation here.

Also, if you upgraded frequently, the changes that arrived wouldn't be quite
so large. When you follow the "big bang" software rollout technique, it's a
lot of changes dumped on the user at once. If you roll out smaller changes,
users have less to adapt to any any given time. Maybe just send an email
telling them where the bookmarks moved to.

> Nobody's objecting to security updates!

My point was that you have to go through testing for security updates as well.
I concede that you're less likely to have users calling to ask about why the
bookmarks moved after a security update, though.

> Now Mozilla's got a huge troll face on and is saying, effectively, "Hehehe,
> here, have an update ... it might be a security update, it might be a
> service pack! Enjoy!"

That's hardly fair. What Mozilla is saying is more along the lines of "Here's
the latest and greatest." And "It's too much effort to maintain a bunch of old
branches indefinitely, so we're not doing that anymore."

> See, now here's where I want to make this personal now.

You want to make it personal because you took offense to something I said to
someone else? How thin-skinned are you?

> Don't pull that shit. Just because you don't understand someone else's
> problem, doesn't mean their problem is insignificant. OK?

I did not say his problems were insignificant, and you need to stop getting
your knickers in such a twist. I was responding to a specific statement: "OK,
fine, but now everything is effectively a minor version increment in Firefox
and Chrome, and anyone who doesn't update within 90 days is apparently going
to lose all security updates. That is not a viable combination for any users
who value a stable platform they can build on more than cutting edge toys."
This is indeed hyperbolic (or possibly delusional). Minor versions with new
functionality very clearly is a viable combination, because it's been working
for Chrome for some time now.

The idea that you need everyone on FF4 for a year so that you can have a
"stable platform" for development is ridiculous. If the move to FF5 is going
to break everything, then you're already screwed, and your best bet isn't to
dump a year into development for FF4, but to find a way to write apps that
won't break every time the browser is upgraded. You cannot stay on FF4 forever
(I hope), so at best you can postpone the problem and probably make it much
harder to resolve in a year.

------
m0nty
To counter a point that has been made several times here: it's not just
corporations which operate a "conservative" IT policy: many SMEs do so as
well. Innovations are great at home but at work, they confuse users, break
things which have worked _forever_ , and represent an unknown quantity in
support terms. I've already decided not to put FF4 in front of my users
because of the interface changes (I know I can restore the address bar, etc,
but I don't want to spend my time doing that for each user).

The Firefox team are solving problems most users don't know they have, i.e. I
rarely hear complaints that "the address bar is confusing", or "the status-bar
is in the way", but frequently "I went to Google Image search and it's trying
to install something on my computer". Time spent solving the second problem is
far more valuable to me than time spent on the first (non-) problem.

------
markokocic
So? Let's all get stuck with FF 3.6 like IE6?

Please no. Mozilla shouldn't slow down the release cycle just because big
corporations can't keep up with it.

Alternatively, what would help those big customers to keep up would be the
opposite of what they require. Instead of having infrequent "big" releases
every few months, having continuous updates ala Chrome where each increment in
almost compatible with the next one could help to mitigate the problem. There
will be no big breakages and everyone that wants will be able to keep up when
time comes.

~~~
Silhouette
> Mozilla shouldn't slow down the release cycle just because big corporations
> can't keep up with it.

 _No-one_ can keep up with it. Not big corporations. Not people who make web
sites and web apps. Not even people who make extensions for the browser
itself.

The only people who can keep up are users who ticked the "update me whenever
you feel like it" box. They only benefit in practice if the people providing
the content can take advantage of any new functionality. Otherwise, it's just
a no-win/lose proposition, a significant risk of breaking stuff that used to
work for no real benefit.

~~~
daleharvey
Its a vast improvement for web developers who have to develop for 1 version of
chrome versus 4 versions of ie, Its a vast improvement for web developers who
get to use new functionality to deliver better experiences to their users, Its
a vast improvement for users who get a faster, smoother, more featureful web
experience.

The only people it sucks for is large corporations who for some reason have
applications that are tied to 10 year old technology and for extension
developers, its a shame but certainly not worth holding back the web for

~~~
Silhouette
> Its a vast improvement for web developers who have to develop for 1 version
> of chrome versus 4 versions of ie, Its a vast improvement for web developers
> who get to use new functionality to deliver better experiences to their
> users, Its a vast improvement for users who get a faster, smoother, more
> featureful web experience.

It would be a vast improvement if any of those things were actually true, but
unfortunately none of them is.

Web developers aren't developing for one version of Chrome or Firefox now,
they're developing for one version every three months. That is far worse than
supporting, say, IE8 and IE9. (Please can we drop the IE6 nonsense now? The
remaining market share is negligible and the arguments are academic outside of
niche markets.)

Web developers can't use the new features if they can't keep up with them, and
in any case they are typically not portable, robust or future-proof enough for
production work when first released.

That means users don't get a more featureful experience. If anything, they get
less, because trendy web sites use trendy CSS3 features and the like to save
time, and those features don't work for a very substantial proportion of the
web-surfing public where the older but tried-and-tested techniques did.

~~~
daleharvey
The list of fatal regressions both chrome and firefox have introduced is
pretty close to 0, developing a new version of a web app every 3 months for
both browsers is beyond obtuse to the point of outright lying.

Web developers arent as utterly hopefully as you seem to think, my gmail
supports drag and drop attachments, my irc client supports websockets when
available, my task tracker works offline (and on a mobile), my maps support
geolocation.

And I personally dont support have to support ie6, but a lot of people still
have to. I havent heard of anyone that has to support Chrome v1.

~~~
Silhouette
> The list of fatal regressions both chrome and firefox have introduced is
> pretty close to 0

Well, if they've only introduced a few here and there, I suppose that's OK
then. </sarcasm>

> developing a new version of a web app every 3 months for both browsers is
> beyond obtuse to the point of outright lying.

It's a good thing that's not what I said then, I suppose.

> And I personally dont support have to support ie6, but a lot of people still
> have to.

A few people still have to, I'm sure, but the market share has dropped like a
stone over the past year or two. For most projects that aren't in-house jobs
in the organisations that haven't managed to leave it behind yet, it is no
longer relevant.

------
synnik
The problem I see with this complaint is what "End of Life" means in corporate
IT. What it boils down to in practical terms is that the vendor no longer is
available for support calls.

We continue to run many EOL apps because of these kinds of issues -- we know
the apps are stable for our usage of them, and it is a low risk that we would
have needed vendor support anyway. We make an explicit decision to accept that
risk

So this is technical impact, but really it is a risk management issue.

~~~
bradleyland
The FF4 EOL announcement has a bit more impact than that. It has been
announced that FF4 will not received security updates. This means that if you
deploy FF4 in your enterprise, you'll not only be committing to software
without support, you'll have internet-facing software that contains published
vulnerabilities (as they appear). That's just unacceptable.

Browser vendors would do well to adopt a release strategy that is similar to
Ubuntu's model. You have a churn of releases with a periodic LTS release that
will receive security patches for a longer term.

The key here is understanding that there is some middle ground. The "release
often, period" method of software development is attractive to a lot of us
individually, but it's nearly impossible to plan for when you manage hundreds
of PCs per tech support staff member. Providing a consistent LTS release
schedule would at least give corporations the ability to plan.

~~~
dpark
Corporations don't want LTS. They want RidiculouslyLTS. Ubuntu's LTS releases
are supported for 3 years. IE 6 is now almost _10 years old_. This is what
corporations want. They want to install software and forget about it for a
decade. This is not a realistic model for a browser. Even 3 years is not very
realistic. 3 years means running Firefox 3.0 now, in June 2011. Sure, some
people do it, but it's not a great idea for many reasons.

When you're looking at Microsoft Word, expecting long-term support makes
sense. It's shrink-wrapped software and upgrading is a big ordeal. You have to
upgrade everyone at once, or someone's going to (repeatedly and consistently)
send out docx files to coworkers who cannot open them. It can take a lot of
time and money to upgrade everyone. Browsers are (or should be) different. The
web is continually evolving. New exploits pop up fairly often. Regular
upgrades are necessity for security and functionality, so upgrading a browser
should be a minor, easy thing, and it should happen frequently. The problem is
not the lack of support from Mozilla, but the expectation from corporations
that browsers should be treated like Word processors.

~~~
bradleyland
"Corporations don't want LTS. They want RidiculouslyLTS."

Sure they do, but they also want 100% tax exemption, employees that will work
80 hours for 40 hours pay, and $0 fire and theft insurance. Companies want
lots of stuff they don't get :)

My point is that it's not black and white unless Mozilla chooses to make it
that way. Right now, it's white. For Mozilla to say: "Infinite incremental
release is the way forward" is to say, "We don't care about your ability to
plan releases in any way shape or form." That's pretty black & white. Any
commitment to a release schedule would, at least, give them the ability to
plan.

I agree that web browsers are not synonymous with word processing software,
but the expectation that large corporations will simultaneously adopt web
based technologies while throwing out decades of change-management process is
just naivety at it's finest.

Large organizations benefit from economies of scale. This means reduced costs.
This means one IT manager per five hundred PCs. This means you can't roll out
software willy-nilly and expect your organization to stand. Any in-roads
Mozilla gained with corporations will be quickly squandered if they stick to
this strategy.

Again, I agree that the old pattern is not what we need, but this is upheaval,
and that's not what works at corporations.

~~~
dpark
Exactly, companies want a lot of stuff, but that doesn't mean they should get
it.

> My point is that it's not black and white unless Mozilla chooses to make it
> that way. Right now, it's white. For Mozilla to say: "Infinite incremental
> release is the way forward" is to say, "We don't care about your ability to
> plan releases in any way shape or form." That's pretty black & white. Any
> commitment to a release schedule would, at least, give them the ability to
> plan.

Asking for a release timeline and asking for 3 years of support on a dead
branch are entirely separate things. It's not unreasonable to ask the Mozilla
keep users informed of the release schedule (don't they already do this?), but
asking them to support an old version for 3 years seems silly. It takes a lot
of manpower and there's no value in it for probably 95% of their customers.

> I agree that web browsers are not synonymous with word processing software,
> but the expectation that large corporations will simultaneously adopt web
> based technologies while throwing out decades of change-management process
> is just naivety at it's finest.

I would say it's practical, not naive. If you want a browser that allows you
to stagnate while enjoying long-term support, then either start paying someone
for support, or start using IE. You agree that web browsers and word
processors are different, so why should Mozilla bend over backwards to allow
corporations to try to treat them the same?

> Large organizations benefit from economies of scale. This means reduced
> costs. This means one IT manager per five hundred PCs. This means you can't
> roll out software willy-nilly and expect your organization to stand. Any in-
> roads Mozilla gained with corporations will be quickly squandered if they
> stick to this strategy.

Sure, so don't roll out willy-nilly. Test and then roll out, just as they do
now. But instead of rolling out 4.1, roll out 5.0. I don't understand what the
big issue is. I'm sure it's a bit more work if there's a breaking change, but
frankly you're going to have to deal with those breaking changes eventually
unless you're going to stick with the same browser for years (let's call this
the IE6 model). You just deal with them incrementally rather than in one
massive painful push. Frankly the incremental approach sounds less painful for
everyone involved.

We're talking about corporations demanding that a free product meet their
antiquated needs. There's no grounds for the demand. It reflects their broken
rollout policies, not a deficiency on the part of Mozilla. Maybe if it takes
you several months to approve a browser rollout, that's your real problem. And
let's be honest, a lot of this is just baseless fear. We're talking about a
change in the way version numbers are incremented. People are worrying because
it's called 5.0 instead of 4.1. The number attached doesn't really matter.

> Again, I agree that the old pattern is not what we need, but this is
> upheaval, and that's not what works at corporations.

What else would work? For Mozilla to dedicate a lot of extra resources to
maintaining dead branches for years? Not only does this not help move
corporations forward, it doesn't help Mozilla, and it doesn't help the web.

If the current change management models are not working, then they need to be
fixed. Test and rollout faster and more frequently. Roll out in stages, rather
than with the "big bang" model. Have a roll-back plan and system in place.
Really, the way people talk, it's as if every week the browser is going to
break half the web. I hardly think that's the case, and I frankly think
Mozilla's testing is probably more thorough than most any corporate IT
department.

~~~
bradleyland
I don't entirely disagree with most of what you said, but I think you
underestimate the challenges. I own a small start-up, so I know how nice it is
to operate at a small scale. I let my employees chose their own browser, but I
require that they keep it up to date. I can do that because I don't have to
worry about supporting 500 people.

I've also consulted for very large corporations. The same disruptive ideology
that applies to start-ups falls flat with large corporations. The biggest
mistake is to take a unilateral position with them. They _will_ fall back to
IE. They _will_ stagnate on old versions if we don't work with them. Is that
what you want?

Maybe your product can avoid the corporate space altogether, but there are a
lot of us who rely on them. I don't want to re-live IE6. I want browser makers
to acknowledge that changing the corporate world isn't the same as creating
Google or Facebook. It's far less glamorous and usually means doing shit in a
way that you don't like for longer than you like. Change is coming, but it's
coming slowly.

I hate line-item rebuttals, because they just turn in to pissing matches, but
I did want to offer some clarification on these two points.

> Asking for a release timeline and asking for 3 years of support on a dead
> branch are entirely separate things. It's not unreasonable to ask the
> Mozilla keep users informed of the release schedule (don't they already do
> this?), but asking them to support an old version for 3 years seems silly.
> It takes a lot of manpower and there's no value in it for probably 95% of
> their customers.

Let me clarify: I don't think 3 years is a viable LTS schedule for browsers. I
don't know what the time frame is, but I'm sure it's not 3 years, and I'm sure
it's not "We release continuously." I should have been more clear about what
"similar" means when referencing Ubuntu. By similar, I mean that they should
continue their march forward, but that there should be an occasional LTS
release that is maintained for a longer, more planned interval.

> I would say it's practical, not naive. If you want a browser that allows you
> to stagnate while enjoying long-term support, then either start paying
> someone for support, or start using IE. You agree that web browsers and word
> processors are different, so why should Mozilla bend over backwards to allow
> corporations to try to treat them the same?

I'm saying it's naive (showing a lack of experience, wisdom, or judgment) to
expect that this new development cycle won't have ramifications. Mozilla is
free to do what they wish with their product. What I'm claiming is that it
will come at the cost of market share in the corporate world. If they don't
care about the market share, then go ahead and walk on it.

~~~
dpark
> I've also consulted for very large corporations. The same disruptive
> ideology that applies to start-ups falls flat with large corporations. The
> biggest mistake is to take a unilateral position with them. They will fall
> back to IE. They will stagnate on old versions if we don't work with them.
> Is that what you want?

What I want is for corp IT departments to not pretend as if this is somehow an
insurmountable change. Yeah, corporations are slow and risk-averse. How risky
is it to upgrade the browser once per quarter? Are they not testing and
upgrading now for the sake of security fixes?

> Let me clarify: I don't think 3 years is a viable LTS schedule for browsers.
> I don't know what the time frame is, but I'm sure it's not 3 years, and I'm
> sure it's not "We release continuously." I should have been more clear about
> what "similar" means when referencing Ubuntu. By similar, I mean that they
> should continue their march forward, but that there should be an occasional
> LTS release that is maintained for a longer, more planned interval.

Okay, I can understand that. I can see the value in dropping a version every 9
months with a guarantee of 1 year of security fixes. Or maybe drops every 6
months that get 9 months of support.

I think if Mozilla is committed to backwards-compatibility moving forward,
though, this shouldn't be necessary. If they can't avoid breaking changes for
some reason, then it is an issue. (One exception would be breaking changes in
beta/bleeding-edge features. If you build your product on unstable CSS or
whatever, that's your burden. And if you built your product on features that
were only around for 3 months, then you should be able to fix your product
quickly.)

> I'm saying it's naive (showing a lack of experience, wisdom, or judgment) to
> expect that this new development cycle won't have ramifications. Mozilla is
> free to do what they wish with their product. What I'm claiming is that it
> will come at the cost of market share in the corporate world. If they don't
> care about the market share, then go ahead and walk on it.

Thanks for the definition of naive. :) I never said it wouldn't have
ramifications. I actually said the opposite. Corporate IT shops need to find a
way to move more quickly. They need to _change_. Running everything on a
multi-year upgrade cycle is ridiculous, and borderline incompetent (though the
incompetence might be coming from higher up than the IT guys).

~~~
thaumaturgy
> _Corporate IT shops need to find a way to move more quickly. They need to
> change._

That is easy to say, and difficult to do.

The simplest way I can think of to explain why is that every single move, or
change, comes with a nonzero cost-per-employee. While it may be possible to
reduce that cost, nobody has yet invented a way to eliminate it.

When you have 5 employees, a small change that costs X-per-employee is not a
big deal.

When you have a few thousand...

~~~
dpark
> That is easy to say, and difficult to do.

No doubt. That doesn't mean it shouldn't happen.

------
dsr_
If you don't learn from history, what are you planning on learning from?

Debian solved this sort of problem by forking Firefox to produce Iceweasel,
which is a stable FF version plus security patches.

There's nothing to prevent someone from doing the same for a Windows build of
Firefox. There might even be a plausible business plan in providing support
and updates. The releases would be free, but you can charge a fee for
integrating and writing new patches, plus .msi installer scripts, plus
answering questions. Cygnus was doing this for a bunch of GNU projects up
until their merger with Red Hat.

------
Tichy
"Education programs, documentation updates, communications all are planned."

Couldn't you just fire all employees who need education programs and
documentation updates for a browser update?

I know it sounds harsh and will get me downvotes, but think about it?

Maybe there are legit employees who are unable to grasp a new browser. But
maybe for them a full blown browser is the wrong solution anyway. Perhaps
somebody should step in and create dummy browsers that only have a couple of
buttons for the limited set of activities those users are capable of
performing. Seriously: the point of apps with nice UI is to make documentation
superfluous. So instead of creating documentation nobody wants to read, create
apps that make the docs superfluous.

It could be some kind of "browser generator".

~~~
pnathan
One indeed might wonder at the people who need education programs for a
browser.

seriously, the only major ui innovation since netscape 2.x? 3.x? was the
merging of url bar and search bar.

------
fleitz
What makes the web great is its constant change and innovation. How is it that
a 2 person startup can deal with it's users changing browsers whenever they
want, but a giant corporation can't? When your browser is beholden to a
corporate dev cycle what you get is Internet Explorer.

What exactly would be wrong with a test system that included support for a
variety of browsers? Perhaps they could _automate_ this test suite. Any
process that made your dev system more agile would be a step forward in this
turbulent economy. The current rate of change in the world is going to be
increasing exponentially for the foreseeable future. Those well adapted to
this environment will prosper those who aren't will perish.

Furthermore, "faced with deciding which is more important: security updates or
the critical production web application needed to manufacture your product is
not a happy place to be." if you're running the same browser to browse the web
and do process control you're asking for XSS/CSRF attacks against your process
control system, setup some special link on the desktop that launches a custom
browser, then you can keep that browser _stable_ and have an up to date
browser for the rest of the internet. Personally, if I was charged with
securing a process control system I would have it entirely disconnected from
the rest of the corporate network. Only systems that _need_ to access the
process control should be connected to that network. We live in the world of
stuxnet.

~~~
vogonj
> What makes the web great is its constant change and innovation. How is it
> that a 2 person startup can deal with it's users changing browsers whenever
> they want, but a giant corporation can't?

That two-person startup consists of two hackers who eat, sleep, and fucking
_breathe_ Web technologies. They have bookmarklets for six different sets of
Web documentation, and they can quote chapter and verse from any of them. They
work 18-hour days because they love their job.

The giant corporation's line-of-business app team consists of an IT guy, an
accountant who owns a couple of dogeared books on JavaScript, and maybe a
couple of contractors. They work 8-hour days, only half of which is actually
devoted to the application they're working on, and they don't _care_ about
standards as long as they can finish writing that Web app and get back to
their actual job.

I'm certainly exaggerating a bit, but the reason is because that giant
corporation's business is almost certainly _not_ writing Web apps for a
living.

------
biturd
It appears to me that corporate wants to repeat mistakes of past. Is it really
Microsofts fault that IE6 won't die?

Why is IE8 still around? Microsoft, of all companies, has tried to support
legacy software for as long as possible, and often longer than possible, by
reversing EOL'd announcements. The fact you can still run most 10+ year old
software on a modern OS from Microsoft illustrates this.

Look where Microsoft is today, I certainly don't wonder why that is.

Corporations define policies and procedures for software releases internally.
They find what is stable, slap a stamp of infinity approval on it, and forget
about it. If this is to continue, there will be an IE6 problem again in a few
years, only this time it will be FireFox that is being blamed.

Browsers need to be updated often, this is only going to become more important
as the web advances. If this breaks your stuff, if your intranet falls apart
as a result, more than likely, this is the fault of your intranet, not that of
the vendor software. If it is the vendor software, in a few days, a patch will
auto update.

As a corporation, you can chose to fix your intranet, put in the time and
money to repair your mistakes, or not. Doing so will benefit you moving
forward, and eventually, your intranet will be modern enough that these issues
will be no more than a small inconvenience. It is not the problem of a browser
vendor to stagnate their software because you want to allow your own software
to stagnate.

The source is available, you have options. You can fork your own, keep the
software where you want it, and patch it internally. If you don't like that
option, contribute back to the current version, and help move things along. If
you don't like that, write a check to someone to do this for you. I would bet
that Firefox will be more than happy to backport for the right price.

You don't get to have your cake and eat it too, especially at the expense of
the rest of the internet using world.

All the suggestions in the comments of the linked article lean on FireFox
developing different versions and augmented policies to somehow continue to
support an old version to aid in keeping crappy intranet's working. Why should
FireFox spend a moments thought on making a Corporate Legacy Infinity Support
Humping Along version just to appease the corporations inability to progress.

Sure, it is a lot of work to roll out 500,000 updates to FireFox. Move to
Chrome and that won't be an issue, you are always up to date. Or, maybe there
is an auto-update mechanism to FireFox for that scale. But doing that, removes
the need for a large staff to take months to years to plan a browser update.
That sentence is so insane, having a team to plan and document the upgrade of
a browser!

People will find small portions of their jobs are irrelevant. Progress is like
that. One day, many of our jobs will be replaced by robots. There must have
been resistance to the copy machine, and all those secretaries no longer had
to hand type a letter from the boss. Carbon copy paper may have had equal
resistance. Progress happens, sometimes at the expense of jobs. Stay on top of
your industry, and change with it, and your job should be secure. Don't get
comfortable with the fact that your job is hanging on by a thin thread of aged
policy in a corporate environment that changes slowly. That will be forced to
change, as we are seeing now.

Corporate IT workers are demanding to turn FireFox into the IE6 problem. This
has come at the expense of the entire internet using public in the past.
FireFox is not willing to allow that to happen.

Version numbers are going to stop mattering. When you check the version number
in the future, it will say "current" or "needs updating". Embrace this, and
your intranet will be modern and more bulletproof. Don't, and I hope you are
confident there are other aspects of your business that do not rely on
technology so you will still be relevant in some other field. Someone will
always need to put more paper in the copy machine, maybe you can create a
procedure for making sure that all the copy machines waste a page per print.
Your job is safe for at least your lifetime.

~~~
brudgers
> _"The fact you can still run most 10+ year old software on a modern OS from
> Microsoft illustrates this. Look where Microsoft is today."_

38th largest company in the US in terms of revenue.

$18 billion in profits puts them 4th behind Exon-Mobile, Chevron, and ATT.

[[http://money.cnn.com/magazines/fortune/fortune500/2011/full_...](http://money.cnn.com/magazines/fortune/fortune500/2011/full_list/)]

~~~
smackfu
And vast majority of corporate desktops.

------
jarin
I used to do IT in the Navy and participated in upgrade processes like this,
and this is exactly why I didn't go work at a government software contractor
like most of my shipmates did after we got out.

------
eli
I think this is a challenge especially for open source projects. I'd rather
_write documentation_ then have to maintain an old, deprecated codebase.

------
chrisjsmith
Stuff changes. Corporates need to get used to that.

Add to that the motivation for buying software is usually either a bonus for
completing a project or cash backhand from the vendor rather than on the
merits of a tool.

Also, I know a certain large company that used paper envelopes for asset
tracking. They bought in a fantastic electronic system to handle it and all
the staff sabotaged it because: A) it made them accountable ... B) it made
people visible of what they were doing.

TBH I think most corps are deranged as are any groups of humans with N > 5.

