Mozilla + Firefox über-release cycle = #FAIL! The long tail of costs and risks associated with fast release cycles.

Dear Mozilla Foundation, according to your web site you promote openness, innovation and participation. So, I feel strongly enough to write you about a problem. You are pushing for too many major releases in too short of time. If it wasn’t for firebug and httpfox developer tools, I’d dump Firefox as my browser of choice right now. In my humble opinion they are still the best web developer tools around…for now. But back to my point, and note that this isn’t a rash or knee jerk response: Firefox 7 appears to be the least stable browser I’ve used in a long time, Period. I’ve had a dozen lock-ups, problems on startup and various slow page load problems.  

I haven’t added any new plug-ins that might de-stabilize it. In fact, I’ve been using the same set of plug-ins since Firefox 3.x. And, I haven’t had any similar widespread problems with the latest versions of Internet Explorer or Chrome. You might ask “What if it’s just your machine?” To that I say I’ve experienced this on four different machines, and many of my colleagues share the same opinion. So Mozilla, I’m hanging on by my fingertips and you are stomping on them.

The Heart of the Problem

Maybe I’m the exception, but I believe that getting cool new browser features every few months at the expense of stability is the wrong choice. I’ve said this before in another post and I’ll say it again. I’ve read countless articles saying this is what Mozilla has to do to stay competitive. I say you couldn’t be more wrong and that there needs to be a more balanced approach to major releases. Now, I’m not implying that you, Mozilla, are intentionally leaving stability or scalability behind. I’m saying that the massive rush to stay abreast of new features being released by your competitors has to come at a cost, and I believe the cost for Firefox, at this point in time, is stability.

So, in response to an outcry over this and other related problems, and in order to counteract some of the side-effects of your über -release cycle, you will begin offering Extended Support Release, or ESR, sometime in the next year. I interpret this as an attempt to mitigate the über -release cycle’s short-term and long-term risks and costs on Enterprise customers by offering an extending support cycle for a limited number of releases and time. But…readers of this post must read the fine print under the Caveats and Risks sections; for example, ESR’s won’t apply to Firefox Mobile at a time when mobile usage is exploding. And, the ESR makes note of the security risks of staying on an “older” release. Fair enough. However one possible conclusion is, on the surface, ESRs seem like a mere concession to a looming problem, and perhaps it is a stop gap measure at best. Perhaps I’m wrong?

Driving Factors

I want to ask Mozilla the following questions:

  • What’s coming up in your next release?
  • Are the changes really so fundamental that the next release has to be a major numbered version?
  • What metrics are you using to make your decisions?
  • How fast are your users upgrading to new versions world-wide?
  • Is the new version adoption rate trending upward or downward?
  • Who are your largest supporters? Large organizations or the millions of individual users?
  • Have you taken a public survey from your largest supporters of what they would like to see?

Now, of course, this post is just my opinion, and I’m willing to admit that I may be seeing this problem in the wrong light or a different context. But, I and a lot of others want to know what you are thinking.

Hypothetical Scenario

Here’s a hypothetical scenario on how an organization might interpret the ESR, and I speak for myself on this one and am simply presenting one outcome of possibly many. Mozilla will continue to blast along having thirteen more major releases between now and March of 2013*. In response, CIO’s of major organizations will start to choose a pattern of leap frogging across swaths of major releases. In response, their development and IT teams will focus on building web apps, along with a full test suite and certification for Firefox 7. Then their next fully tested and certified release will be targeted at Firefox 9 sometime next year. These organizations may choose to not even support Firefox 8 because it’s between their development and certification cycles. There’s also a long-tail of cost associated with maintaining numerous previous releases across a multitude of browser versions from all the major vendors. In effect, these CIOs will weigh the security risks, costs and other issues over the costs of deploying an army of IT folks and developers to keep up with the über -release cycle.

Concluding Remarks

Mozilla I hope you are listening. You should take the following steps to reduce the possibility of failing as a leading browser vendor:

Focus on stability – IMHO, Firefox appears to be paying the price in the rush to add new and supposedly better features. I’m not even sure what those are because your release process isn’t transparent. As your consumer, first and foremost I would like my browser to be rock solid, followed by speed, followed by snazzy features. Rock solid to me also means that it’s as secure as possible. “Dot” releases are okay and in general they ease the support-related fears from both developers and IT teams.

Slow down the release cycles – Mozilla, you already acknowledged there’s a problem when you proposed the ESRs, but you need to go further than acknowledgement and a pat on the back which is what I consider ESRs to be. Seriously.

Now, I know I didn’t address these above, but I’m throwing these into the mix because I think they are strongly related:

Provide guidance on browser certification and best practices – if documentation for this exists today I can’t find it. Building apps on browsers, today in the year 2012, is still like the Wild West in that everyone does what they think is right, but there’s really no word from the Vendor(s) themselves. Most people point to the W3C. But, everyone agrees that what’s agreed upon in the standard is not what’s officially interpreted and implemented by browser vendors in each and every release.

It’s been speculated by others that having browser vendors offer guidelines would crush innovation, and I strongly disagree. It’s your platform we are building on and you know how to do that in the best possible way. Believe it or not, you are also a key caretaker of the internet in that the web, in its current state, wouldn’t exist without the browser. And, I think it’s your responsibility to step up to the plate and help take leadership role, not just a feature-ship role and simply hope that everything turns out okay.

Provide official tools for browser certification – please don’t leave this entirely up to third parties with different goals and objectives. Based on your vast experience in this process, it would benefit everyone if you were to publicly share your tools, patterns, knowledge and guidance. Or, maybe you already do share this with key partners. Yes, you are open source, but not open process. Browsing through your partner sites doesn’t give any indication of publicly available tools.

I believe that the combination of these four goals would help propell Firefox on more successful trajectory than the one us users see today. Without the inclusion of my last two suggestions, as an application developer I’m hoping my code will work as best as possible, without truly knowing what that means. Is what we are doing simply good enough, or could we all do better? What are your recommendations on patterns for best performance or even unit testing for various languages? I can’t help but believe that you hold the key to that level of knowledge, as well as methodologies and tools that can help Firefox help us deliver on the next generation of web applications.

References

*Mozilla release schedule

Mozilla rapid-release schedule

Mozilla Defends Rapid Release of FireFox Versions (CIO Magazine, August 2011)

Yes, you need Flash Player 10.3 now! Better control over Flash Cookies.

There some really important changes in Adobe’s Flash Player 10.3 that you should know about. Even though it’s been out since the end of June, I’ve run into several situations recently where the developer or user hadn’t installed the latest update yet. The primary change to know about it is the new Flash Player Settings Manager which is accessible through the Windows Control Panel and acts as Flash Player’s global content manager. Just ignore the fact that the information page links to the old Macromedia domain name and read about how you can control SWF and FLV content. To me, this brings Flash Player one giant step closer to being on par with the cookies controls in all modern browsers.

Change the Default Security Setting. The very first thing you should do when installing 10.3 is consider whether or not to change the default local storage from “Allow sites to save information on this computer” to either “Ask me before…” or “Block all sites…”. You can see these settings under the Storage tab. Depending on which exact version of 10.3.x you have the wording may vary slightly. My recommendation is to choose any setting but the current default. Yes, it can be a bit annoying but it’s much more secure. Eventually I would guess that Adobe will add a finer level of control of this, similar to the zones of control most browsers allow. On Windows I was able to access these settings via Start > Control Panel > Flash Player (32-bit).

What’s a Flash Cookie? Mainstream literature universally refers Flash cookies as any data that is stored in Flash Player by a 3rd party web site. To developers, this so called Flash cookie is any data stored in the Flash Player local store. To access the local store you can use flash.net.SharedObject ActionScript class. SharedObject has been around for a while and it’s nothing new. However, in this era of ever increasing web security awareness, Adobe has now made huge strides in expanded our control over how 3rd parties can use this local store.  

Fine Tuning Your Local Store. A few other important things to know when fine tuning your local store:

  • What sites are already using my local store? Under Storage > Local Storage Settings by Site, you may be surprised to see that sites are already using your local store. You can adjust the settings by each site here. For example if you are debugging and testing using the local store you don’t want to be pestered every time you run a new build then you change the permissions for your machine to “allow”. You can also remove the information stored using the remove button.
  • How can I delete the local store in my browser? Go to Storage > Delete All. Enough said!
  • How can I delete ALL local storage on all my browsers? Go to Advanced > Delete All. Booyah!
  • Can I control trusted local content? Yes, go to Advanced > Trusted Location Settings.
  • Do the local store settings work across all browsers? Yes. The Flash Player Settings Manager now acts as a global control center with one caveat: You can have different versions of Flash Player in your different browsers, so be careful.  Go to Advanced > [Under Updates] Check Now to make sure you have the latest version installed on all browsers.

A Few Handy Links

Find my Flash Player Version (Note: Check with all your browsers)

Flash Player Debugger Version

Flash Player Settings Manager

Browser updates…too many too fast?

We’ve finally reached the point where the number of browser updates is out of control. There’s an all-out war between the various browser companies to see who can push out the most updates and improvements in the shortest period of time.

All these updates are causing a ripple effect on everything else that is dependent on the browser; for example, plug-in vendors, IT support staff, computer and smart phone vendors, application developers, any company that has a website, and your average consumer.  I’m guessing that on average the pace of updates is starting to outpacing business and consumer’s ability to keep up…and it seems to be accelerating.

Yes, I wholeheartedly agree we benefit from the advancements. No argument there. However that is balanced by reality. And, reality is architecting our products to support the latest and greatest. There is also the fact that most of us also have to maintain support for older versions of browsers and there is a cost associated with backward compatibility. And, there is a cost to upgrading. Not everyone is able to update all the time.

As a case in point, let’s take a look at Firefox since it’s fairly easy to find an archive of their older releases. We are only seven months into the year 2011 and Firefox has had two major releases: Firefox 4 and Firefox 5. However, if you include releases candidates, betas and updates to Firefox 3.x the total number climbs to around twenty-two releases so far this year. Yikes!

Sure, most consumers only saw the two major updates: Firefox 4 and Firefox 5. But, they also experience a plethora of plug-in updates. For example, Flash Player has had eight updates so far this year. Silverlight has had three general distribution releases this year and one beta release of Silverlight 5. And, I wasn’t counting but it seems like I’ve had a bunch of Adobe Reader updates in the last few months.

My concern is that the speed of browser innovation is starting to cause businesses and consumers to get fatigued. It begs the question: how long can the ecosystem of browser consumers maintain this pace? Or, at what point do people just start jumping off the bandwagon and simply starting skipping releases? Do most consumers really care if their browser is now 100ms faster in parsing JavaScript? How many new ways can we create tabs?

In summary, I think browser vendors should slow down and become better custodians of their systems. How about also focusing on innovation in security, memory leaks and best practices documentation and vendor-provided validation engines? Indeed, they have sparked tremendous innovation across the entire world wide web since Mosaic released in 1993. But, depending on how many websites you visit, you can still experience slow web pages, in-consistent cross-browser support and browser crashes. I know there are no easy answers because competition breeds creativity. Perhaps we’ll all go back to just looking at basic text, pictures and videos in the future. And, there will just be specific widgets with very focused functionality for other things.

References:

Flash Player Archive

Firefox Archive

Silverlight Release History