> Will Firefox now become a new attack vector for exploits?

That's a really good question.

From what I understood from the planning wiki, the MozillaMaintennce Service will only install binaries digitally signed with Mozilla's private key. You can't install arbitrary EXEs with this, so I'd say the risk of becoming a vector is small.

Of course, the service can perform privileged actions *and* be invoked by a non-privileged user, so a buffer-overflow type bug in the service could well be exploitable, so I'm hoping Mozilla have audited this thoroughly.

I agree. At the time of release, IE6 was probably the best browser out there. Netscape 6, based Mozilla 0.6, was released around the same time and was pretty slow and ugly. The problem with IE6 wasn't initially standards support (it supported XMLHttpRequest and a fair bit of dynamic HTML, including .eot embedded fonts), it was Microsoft's utterly contemptuous attitude towards users' safety on the web. Popups, drive-by downloads, rogue ActiveX controls, no adblock unless you used a filtering proxy like Proxomitron -- all of these combined to make web browsing a pretty hellish experience. Which is why, I suspected, a lot of people switched to Phoenix as soon as it was usable in late 2002 -- mainly for the popup blocking and the lack of drive-by downloads. The tabbed browsing was just a bonus.

Joel Spolsky said it best:

Microsoft took over the browser market fair and square by making a better product, but they were so afraid that Web-based applications would eliminate the need for Windows that they locked the IE team in a dark dungeon and they haven't allowed improvements to IE for several years now. Now Firefox is the better product and there's a glimmer of hope that one day DHTML will actually improve to the point where web-based applications are just as good as Windows-based applications

The misfits. The rebels. The troublemakers. The round pegs in the square holes.

The ones who see things differently. They're not fond of rules. And they have no respect for the status quo. You can quote them, disagree with them, glorify or vilify them.

About the only thing you can't do is ignore them. Because they change things. They invent. They imagine. They heal. They explore. They create. They inspire. They push the human race forward.

Maybe they have to be crazy.

How else can you stare at an empty canvas and see a work of art? Or sit in silence and hear a song that's never been written? Or gaze at a red planet and see a laboratory on wheels?

====

The reasonable man adapts himself to the world. The unreasonable man persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man. --George Bernard Shaw

====

Goodbye Steve, and thanks for everything. Even the stuff I hated.

MS Office has been capable of saving ODFs since Office 2007 - you needed an add-in. Since Office 2010, I _believe_ saving to ODF is available by default.

> you still can't zoom the font size, only the whole damn page as an image.

Indeed. That bug's been marked as WONTFIX for 2 years now.

and this is a deliberate action by Apple (and not a bug),

a) then it's official - Apple Is Evil(tm). Especially because you can't even install a proper alternative browser on iOS.

b) It's gonna be DOJ vs Microsoft all over again. Fun times.

> oracle is one of those business providing useless solution so they can charge you twice for the consultancy.

I thought that was IBM.

> Some of us haven't ruined their taste buds with bad beers and ketchup sauce, so we do care.

But would you be able to prove that you can detect geographic differences in a double-blind taste test?

I don't understand; how does theming your window manager help against this? I'm assuming the malware bit is *inside* the Google Chrome window, so even if you themed your windows with say a Pikachu theme, the *insides* of the Chrome window would still contain the rogue site, imitating Chrome's red and white-colored malware block UI.

The only way out of this is if crucial error pages are protected with some sort of "sign-in seal", like Yahoo uses for its login screens.

Don't know about NT4 (not used it since the 90s), but XP and up have SteadyState. Check out its disk protection feature, it's functionally chroot with a wipe after app exit.

> Release a hotfix to disable the hlp resource locator.. as you should have done as soon as you got the bug report.

There's one already, but it won't be delivered via Windows Update, users must opt in: On this page look for the Fixit Link ( http://go.microsoft.com/?linkid=9735564 ) The problem is that switching off a feature without fully testing repercussions -- which is what would happen if this was pushed out via Windows Update -- is not good and can cause other things to break.

Sort of off topic, but I've always wondered: Can I be on an Atkins diet and still be a pastafarian?

You must've not been check the stock markets lately, these days AAPL is almost as big as MSFT and gaining fast.

(via)