Victims of Awesomeness

Phishing protection for Firefox 2 is going away. I recently spoke to one user who had seen a “please upgrade” notice in their Firefox 2 but was worried about doing so because everything just worked, and he didn’t want to risk it breaking. “I will still keep all my bookmarks, won’t I?”

Are we victims of our own awesomeness?

And is Victims of Awesomeness not a great name for a band?

12 thoughts on “Victims of Awesomeness

  1. Speaking of being a victim of awesomeness, the Awesome Bar is a reason not to upgrade for some. I tried to assist remotely a user who was concerned about the Awesome Bar popping up in the office in front of other people, and it wasn’t at all clear how to not make it pop up ever.

  2. Henri: Suggest he use a separate browser for these other activities, such as Google Chrome with its “Incognito” mode, at least until Firefox 3.1 comes out with Private Browsing mode.

  3. The user is smart to be worried. Lots of times upgrades do break things. Upgrading from Firefox 2 to 3 broke things for me — I have a high DPI display and Firefox 3 is by default broken (from my perspective) in how it scales the user interface on windows for other than 96 DPI. After much futzing I figured out how to override the brokenness and now use Firefox 3 happily. But still the fact remains that updating broke my user experience.

  4. The user is smart to be worried. Lots of times upgrades do break things. Upgrading from Firefox 2 to 3 broke things for me — I have a high DPI display and Firefox 3 is by default broken (from my perspective) in how it scales the user interface on windows for other than 96 DPI. After much futzing I figured out how to override the brokenness and now use Firefox 3 happily. But still the fact remains that updating broke my user experience.

  5. I don’t get the issue with the Awesome Bar popping up. Is it because the letters in it are bigger and as such easier to see from a distance? Because that’s really the only issue I can imagine and it has a simple fix: the oldbar extension – same functionality but old look.

  6. I think “Victims of Our Own Awesomeness” could be a good name for an album, depending on the band. Coming from some bands it could come off as too arrogant, of course. A group that has a reputation for humility could probably get away with it tongue-in-cheek, but I think it would work best for a group that normally uses surreal or bizarre album titles.

    Personally, I don’t consider phishing protection to be a particularly important feature of Firefox, so this is neither here nor there as far as I’m concerned, but I *am* getting pretty tired of hearing about the need to upgrade to Ff 3, and a little peaved with the Mozilla people for harping on it so ridiculously much. It’s been a broken record for, what, a year now? Okay, we get it already, you’re not happy that we’re still using Firefox 2. We heard you the first 21984984987 times.

    A lot of people just don’t want to be on a constant upgrade treadmill. A piece of software, once installed, is generally expected to work without upgrade for as long as we keep the computer around that we installed it on, which can be several years. Upgrading means relearning parts of how you do things, to accommodate the changes in the new version. People don’t want to be doing that all the time. It’s annoying, and it’s going to get put off. I am NOT looking forward to trying to explain the Firefox 3 address bar to my dad, who relies *heavily* on the exact details of the traditional behavior (to the point where he gets upset if somebody visits a different site than usual, because it throws off the positions of things in the list). Am I supposed to explain to him that he needs to completely relearn how he uses the web because the people who make the browser told us we shouldn’t be using the old version any more? Meh, it can wait. Some day we’ll replace that computer, and we’ll put new software on the new one. The old one is fine for now as it stands.

    There’s also the fact that Firefox 3 is not available at all for certain operating systems that people are still using, including at least one that’s very popular (Windows 98) and another that’s actually current (Debian, latest stable release). In my household these systems between them account for 100% of the computers, so Firefox 3 is, as far as we’re concerned, not available to us at all. Upgrade? How, exactly, would we do that?

    My understanding of the licensing of Firefox is that I have the right to keep using version 2 for as long as I choose. If I want to use it until 2042, it’s none of the Mozilla organization’s business. (I doubt if it will be able to render the web very well by 2042, but for now it still does fine, better than the latest versions of some browsers I could name.) If you wanted to prevent people from using the old version, you would have to adopt the kind of egregious proprietary licensing that would cause the open-source community to abandon you entirely. If you want to go with permissive licensing that the open-source community will accept, it means people can use your software pretty much whenever and however they like. You can’t have it both ways.

  7. A piece of software, once installed, is generally expected to work without upgrade for as long as we keep the computer around that we installed it on, which can be several years.

    That’s true only if that piece of software is never exposed to untrusted input.

    Anyone still using Windows 98 to browse the web is asking to have their computer turned into a spam-spouting zombie. The person may like Windows 98, and I have no objection to them carrying on using it as long as they don’t take it anywhere near the internet. Same as with Word, or OpenOffice, or Windows Media Player, or anything.

    In the case of Firefox, of course, carrying on using Firefox 2 while never going on the internet is a ridiculous idea. Which is why we do our best to insist on people upgrading.

    You have the right to carry on using Firefox 2 in exactly the same way that you have the right to fart in a lift. It’s not illegal, but it is antisocial.

    As for Debian stable, you’ll need to take that up with the Debian guys. They may well be planning to continue to support Firefox 2 – in which case, do go on using it if you don’t need any of the new features (including better rendering, in-browser audio and video support, etc. etc.) And Debian’s version almost certainly doesn’t nag you anyway.

  8. That’s the same reason I stopped using Windows a while back. Not because Linux is better – it definitely wasn’t back in 2003 – but because my PC got a worm even when I thought being clever enough not to click random exes would keep me safe.

    After that… well I can’t use any piece of software like that with a clear conscience, knowing it could be spreading malware behind my back.

  9. > Anyone still using Windows 98 to browse the web is asking
    > to have their computer turned into a spam-spouting zombie.

    All operating systems have issues, and some are worse than others, but, honestly, Windows 98 is not worse, security-wise, than Windows XP (unless by secuirty you mean protecting the users from each other, but this computer only has one user account anyway, so that’s irrelevant). Okay, it doesn’t have a built-in firewall, but it also doesn’t run a veritable trainload of unnecessary services, and we have an external firewall in any case.

    As for Firefox, version 1.5, much less 2.0.0.18, is *easily* better (security-wise) than the latest fully updated IE. I would update to Firefox 3 if it were available, but it’s not.

    I don’t consider the phishing protection to be particularly meaningful in our case, partly because we don’t use the computer for the stuff phishers target (nobody in the household does online banking, or has an ebay account, or anything of that nature) and partly because we don’t use a stupidly insecure mailreader. (My family uses Pegasus Mail. I myself use Gnus, on the Debian system. Neither provides any mechanism whereby the sender could disguise the destination address of a link.)

    The computer in question did get infected with malware a couple of times, and I had to clean it up, but it’s been years (long enough that I’ve since had to completely rebuild the system twice since, due to hardware issues; actually, I currently need to do that a third time now, and just haven’t gotten around to it yet). Windows ’98 was still receiving security updates at the time. The incident I remember particularly was when my youngest sister (a teenager at the time) deliberately tried to install KaZaA Media Desktop. Another time my dad tried to install a “smilies” package; he was careless about where he got it from, and it came with Gator.

    But note what these incidents both had in common: the user was installing software *on purpose*. These things could have occurred just as easily on Windows XP, or Vista for that matter, and if it couldn’t happen on Debian or OpenBSD, that’s only because nobody’s bothered to port the malware in question over. That kind of malware (a trojan) has no need at all for admin/root privileges; as long as it got installed in the account of the user who’s logged in most of the time, it’d be happy. And I’m not aware of anything the browser can do, even theoretically, to prevent it (short of preventing the user from saving downloaded content).

    An OS could be architected in a way that would mitigate or prevent this risk, but the user would have to be denied the ability to mark files as executable, which would limit the system’s overall usefulness.

    And yes, I’m aware that there are other security risks with Windows 98 besides trojans. But they are not nearly as bad as you make out.