Later in June when Firefox 5 was released, Firefox 4 users where prompted to update to the new version. I was so excited, I had to blog about that too.
Now Mozilla has decided to introduce silent updates to Firefox. From Mitchell Baker's blog we can learn that:
Before Mozilla instituted the rapid release process, we would sometimes have new capabilities ready for nearly a year before we could deliver them to people. Web developers would have to wait that year to be able to make their applications better.And why is that a problem?
A browser is the delivery vehicle for the Internet. And the Internet moves very, very quickly.
The key motivation for the change is the lack of agility required to meet new or changing demands in a timely manner. The internet evolves, which means that the requirements for browsers also change rapidly. If capabilities have to wait for a year, something is definetely wrong. Across the software industry there are made great efforts to change software development processes to reduce the time needed to put a new feature or bugfix into production. Many of these efforts push towards agile software development.
With Mozilla's rapid release process came concerns for enterprise deployments, add-on compatibility, and update fatigue for users. Mitchell Baker addresses these in her Rapid Release Follow-Up. One requirement mandated by more frequent releases is to silently take care of the update process for the user. Brian Bondy, a Mozilla developer, mentions the concrete features they're working on as part of the silent update on his blog. Check them out, they're all of the type "Get out of the user's way".
So why is this important for security? For one, there's a lot happening on the border line between browser security and web application security, e.g. the recently added security mechanisms: Strict Transport Security, X-Frames-Options, and Content Security Policy that are triggered by the web application but enforced by the browser. Web browser adoption of such mechanisms is key to their adoption in web application. Second, there's a lot going on with the internal security in the browsers, one interesting example being Chrome's plugin sandboxing initiative. There's only one way to keep users safe, keep them up-to-date.
The broader effect of this will be interesting. Firefox, Chrome, and Opera accounts for about half the browser market. If the major browsers are successful with their rapid releases, they've set an important standard. They've then shown that it can actually be done for widely deployed client software. We're witnessing a paradigm shift on the desktop, version numbers are soon irrelevant. How cool is that!?!
As a final note, how Mozilla organizes their rapid release cycle is explained in more detail on their blog, it will be interesting to see how it works out, and learn about their experiences.
So, why are we trusting other browser makers to be better at this than Microsoft? When MS first started pushing auto-update settings for Windows there was a huge outcry over how bad this was for security.
ReplyDeleteMozilla and Google are not getting nearly the same heat. How come?
Are newer update systems safer, or have our risk perception changed?
Deleteدانلود آهنگ touch it ریمیکس tik tok
I would argue that we've moved from "do I trust that they got this right", to "I just expect that this works".
ReplyDeleteOne of the reasons for that is that we're accustomed to the automatic Microsoft Update, as well as auto-updating anti-virus software. We expect that the world has learnt how to solve this. We've simply accepted the risk, and do not spend any more time contemplating about it.
Do you have any pointers to the huge outcry over Microsoft's auto-update feature? It would be interesting to see what the discussion was really about back then.
I haven't Googled for old articles, and I'm not sure how much we'll find online. This was, after all, pre Y2K. Some of the criticism is mentioned in the Wikipedia article on Windows Update. I think that pretty much sums up what I remember about it: How de we trust that they can keep this secure? Will someone be able to hijack the update process, or upload malicious updates etc.
ReplyDeleteOf course, when I say "huge outcry", that's still among those who would be caring about it: the admittedly narrow field of security practitioners.
To this date, we haven't had many significant incidents. I guess that means it works in practice, despite any theoretical fears of compromise.
But do you think our expectations are warranted?
As always, there are no guarantees. And the past can seldom tell us much about the future.
ReplyDeleteStill, I put my faith in the Microsoft/Google/Mozilla security teams. Don't you?
This comment has been removed by the author.
ReplyDeleteSafe? With silent updates? What? I hate this new feature! I want to control everything what's doing on with my things. I don't want to see anything to be installed without my permission. I've already lost few point of rating of Grabmyessay because of such 'wonderful' updates. No, this is not for me.
ReplyDeleteGreat Article
DeleteIEEE Projects on Information Security
Project Centers in Chennai
JavaScript Training in Chennai
JavaScript Training in Chennai
You would be safe with https://persuasivepapers.com/.This is the choice of the year!
ReplyDeleteSomething tells me that you also need to check out some good articles. Like this one. It ahas all you need to know about persuasive essay topics
ReplyDeleteYour website is very nice and interesting
ReplyDeleteDentista Italiano A Londra
ReplyDeletehttps://www.bfirstseo.com/ِشركة-مكافحة-حشرات-بينبع/
https://www.bfirstseo.com/شركة-تنظيف-بينبع/
\
https://www.bfirstseo.com/تنظيف-خزانات-بالمدينة-المنورة/
Great Article
ReplyDeleteIEEE Projects on Information Security
Project Centers in Chennai
JavaScript Training in Chennai
JavaScript Training in Chennai
The technic you describe here is simple and easy to carry out. At least it seems to be from my point of view. Do you think it will help to improve my blog https://bestwritingservice.com/? I want to attract more followers.
ReplyDeleteI'm used to the get all the best things in my life. I always choose the best quality food, clothes, shoes and the best service. So if I give any recommendations those are also the best. So this is a link to my blog successful essay writing and you decide if to follow it or not. We could also become the best friends, by the way.
ReplyDeleteThat's automatic. I can understand it pixel gun 3d
ReplyDeleteThis is extremely helpful info!! Very good work. Everything is very interesting to learn and easy to understand. Peaky Blinder Costumes
ReplyDeleteWe’ve successfully stepped in the digitized era where project management is growing rapidly. And to keep up with the fast growing methods, you need project time tracking app that comes really handy. The modern project time tracking app not only have built-in framework but they are designed to help project managers to perform their tasks proficiently
ReplyDeletebest rice cooker. ability to De-obfuscate the javascript code.
ReplyDeletesad shayari. in other words you get the columns
ReplyDeleteIf you are website owner, it is your duty to provide secure services to your customers, so that they can use your website without any fear. If you provide more facilities to your customers, you will get positive response. Dissertation proposal writing services.
ReplyDeleteI think that thanks for the valuabe information and insights you have so provided here. Check used cars for sale to buy a suitable car!
ReplyDeleteBest Assignment writer at assignment doer. University and College students offer best packages in assigment help.
ReplyDeleteEven if you don't want to child abduction prevention
ReplyDeletehire bodyguards for yourself, you can hire them for your guests, top officials, or high-ranking employees.
The world has luckily pushed ahead from that point forward Custom Homework so in this blog entry we'll view the default setup of ongoing Windows Server renditions considering the most recent suggestions
ReplyDeleteWeb upgrading is very important for all the developers.Every month google updated.Because it have included all the new features.If you are looking to buy an online business management research paper topics to help all the stduents of management at an affordable and reasonable price.
ReplyDeleteHello, I am looking for Thesis Help, If you are a professional writer or you know any professional writer that can provide affordable thesis writing service then let me know. I am in urgent need of a professional writer.
ReplyDeleteKontakt Crack is the standard sampler made by Native Instruments. The world’s most accurate and advanced sample-based instruments are created using its top-quality audio engine and advanced modular design. To create innovative sampling and sophisticated instrument design, KONTAKT provides a unique toolbox for sample manipulation and unbeatable creative possibilities.
ReplyDeleteHey guys are you looking for the UK essay writing cheap then you can visit our website: 4poundessay.co.uk
ReplyDelete"이용이유가생기는곳 먹튀검증 안전노리터 go"
ReplyDeletesecurity is so important for any important thing and if you have the web for your organization it is necessary to keep safe and for that reason your post is really great and helpful. but this is not important for me coz i am a student and i look for the help for my studies and for that i have known an educational site named best dissertation writing company service who helps very easily to students.
ReplyDeleteSuch a good blog. This browser makers to be better at this than Microsoft. I really like it. Thanks for sharing this blog and good information. Now it's time to avail african gowns for ladies for more information.
ReplyDeleteDid you know that WordPress can automatically update your website? In some cases, that can include plugins and themes too. Now its time to avail dispatch freightfor more details.
ReplyDeletedemo slot pg มอบประสบการณ์ความสนุกสนานร่าเริงกับการ เล่นเกมได้เงินจริง ให้คุณสามารถหารายได้เสริมเติมจากการเล่นเกม pg slot มีบริการเกมหลายแบบกว่า 1000 เกมให้ท่านได้เลือกดู
ReplyDeleteเล่น pgslot ให้ได้กำไร คือคำตอบที่คุณต้องการ ทำไมถึงเชื่อมั่นว่า PG SLOT พีจีน่าสนใจและเป็นที่นิยมของผู้เล่นสล็อต? เพราะว่า PG มีระบบการเล่นที่ง่าย และสะดวกสบายสำหรับผู้เล่นทุกระดับ
ReplyDeleteI completely agree that "Making the web even safer" is a vital undertaking in our digital age. It raises intriguing philosophical questions about ethics, privacy. When it comes to philosophy assignment uk, understanding the philosophical implications of technology is crucial. Online platforms providing philosophy assignment help in the UK can guide students in exploring these thought-provoking issues.
ReplyDelete