Windows XP and Vista Long Term Support Plan

804 views
Skip to first unread message

Peter Dolanjski

unread,
Oct 14, 2016, 10:16:09 AM10/14/16
to firef...@mozilla.org
Hello All,

*tl;dr: Tentative plan is to move Windows XP/Vista users to ESR 52. Feel
free to comment/discuss.*

In this email, I will lay out a tentative long term plan for supporting
Windows XP and Vista users. The point of this email is to solicit feedback
about the plan from a broader audience. I am purposefully keeping the
email somewhat high level, but if you have specific questions about the
details, I'm sure various folks on the engineering/release engineering
teams can help answer them.

If you have relevant information to include in the bug you can find it
here: *Move Windows XP and Vista to Firefox ESR 52*
<https://bugzilla.mozilla.org/show_bug.cgi?id=1303827>.
I realize the discussion on this topic could get lively (which is
completely understandable) - I just ask that you keep in mind good intent.
We hope to finalize plans over the next few weeks.

*Goal*
Continue to provide an excellent browsing experience and ongoing security
updates to Windows XP and Vista users (inclusive of current Firefox users
and users on browsers which are no longer supported who want to switch).
At the same time, reduce the opportunity cost of supporting XP and Vista
(15 and 9 years since release, respectively).

*Tentative Plan*

- Move Windows XP and Vista users to an Extended Support Release
<https://www.mozilla.org/en-US/firefox/organizations/> when v52 branches
- Continue to provide security updates for the life of ESR 52 (well into
2018)
- Monitor user numbers as ESR 52 reaches end of life (2018), continue
security patches for XP/Vista users on ESR 52 branch if user numbers
justify it (exact threshold TBD)

*Background*
Firefox is the only major browser which still provides new releases to
Windows XP and Vista users. Currently these two audiences represent
slightly more than 10% of our user base (XP being about 5x larger than
Vista). By the end of 2017 the number is projected to decrease to about
half of that amount.
Microsoft ceased security updates for XP a few years ago and plans to do
the same
<https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet>
for Vista in early 2017. With users no longer getting operating system
updates, it becomes increasingly difficult for those users to stay safe
online. Further, continuing to include XP and Vista for new Firefox
releases comes at an opportunity cost (more on this below). We are
reaching the point where we feel it is better to direct our primary efforts
to where the majority of users are (Windows 7+).

All of that said, we don't feel right about the prospect of leaving users,
who in many instances may not have the option to purchase a new computer to
update their OS, completely vulnerable due to lack of security updates.
That's why we feel that continuing to provide updates via ESR 52 (and
possible extension afterwards) allows us to reduce the opportunity cost of
supporting these OS versions, while keeping users as safe as we can.

*Opportunity Cost of Supporting Windows XP/Vista*
Continuing to release on Windows XP/Vista comes at an opportunity cost and
is becoming increasingly difficult due to our inability to source older
hardware. By removing XP/Vista from new Firefox releases we can:

- Lower XP/Vista specific testing/operational costs
- Move to modern compilers
- Simplify the codebase by removing XP/Vista-specific code from mainline
- Avoid XP/Vista specific bugs/regressions

*What does this mean for XP/Vista users?*

- Windows XP and Vista users will continue to get the latest Firefox
versions up to and including v52
- v52 will be the last version of Firefox available to XP/Vista users
- XP/Vista users will continue to get security updates into 2018, with
the potential for the timeframe to be extended

*How will this plan be communicated?*
Subsequent to the collection of feedback from this email, I will be
drafting a blog post describing the finalized plan. In addition, we'll be
using some form of in-product messaging to inform users.

If you have questions/comments, please reply to the *firefox-dev* mailing
list.


Thanks,

*Peter Dolanjski*
*Product Manager, Firefox*
*Mozilla*

keithga...@gmail.com

unread,
Oct 15, 2016, 5:53:19 AM10/15/16
to
I'm just a Developer Edition/Beta user and I have a Windows 10 system. That said, you did ask for opinions from a 'broader audience', so I guess I count. Here are my thoughts such as they are.

1) Mozilla supported Windows 95 for 6 years (1.5.0.12 in 2007) after its last update (2001), Windows 98 SE for 2 years (2.0.0.20 in 2008) after its last update (2006), and Windows 2000 for 3 years (12.0/ESR 10.0.12 in 2013) after its last update (2010). Mozilla has a long history of extending support to operating systems well past their expiration date. This is the case even when it causes development problems just to keep in the spirit of the Mozilla Manifesto that the Internet remain accessible to as many people as possible.

2) Now with regard to Windows XP. XP SP2 had its last update in (2009) and XP SP3 had its last update in (2014). Firefox has been supporting XP SP2 for 7 years beyond its last update and XP SP3 for 2 years beyond its last update. Mozilla's support for XP SP3 is about normal for the extending support beyond the life cycle of an OS. Mozilla's support for XP SP2, on the other hand, is downright saintly. I mean if you do drop it on ESR 52, which ends in 2018, you will have supported XP SP2 for 9 years beyond its last update. Considering how ancient XP is and how different its code base and APIs are from any modern version of Windows, ESR 52 is probably a good place to end support. Windows XP had a good run and should now receive an honorary salute as it goes off into the horizon.

3) For Windows Vista, I don't see where the fire is. I realize that it has a vastly smaller user base, but it is close to Window 7 code base and API wise. Windows 2000 and Windows XP RTM/SP1 were also close like Windows Vista and Windows 7 are. I remember that Mozilla kept Windows 2000 on Tier-2 support next Windows XP RTM/SP1 on Tier-1 support until it discontinued support for Windows XP RTM/SP1 in 2013. I don't see why Mozilla can't continue to support Windows Vista with the Firefox 32 bit installer on Tier-2 support at least until ESR 66 if not the length of time that it supports Windows 7 SP1.

Anyway, those are my thoughts. Thank you for your time.

Peter Dolanjski

unread,
Oct 17, 2016, 2:33:06 AM10/17/16
to keithga...@gmail.com, dev-pl...@lists.mozilla.org
Thanks for taking the time to provide thorough feedback.

3) For Windows Vista, I don't see where the fire is. I realize that it has
> a vastly smaller user base, but it is close to Window 7 code base and API
> wise.


I'm sure the engineering team can probably provide a more detailed response
on this one, but as I understand it the main issue is that the sandboxing
effort [1] makes use of Chromium's sandbox [2] which now only supports
Windows 7+.
The challenge would come from maintaining a separate version for Vista
(which given the relatively low user numbers is hard to justify).

[1] https://wiki.mozilla.org/Security/Sandbox
[2] http://www.chromium.org/developers/design-documents/sandbox

Peter
> _______________________________________________
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>

keithga...@gmail.com

unread,
Oct 21, 2016, 6:05:57 AM10/21/16
to
On Monday, October 17, 2016 at 1:33:06 AM UTC-5, Peter Dolanjski wrote:
> Thanks for taking the time to provide thorough feedback.
>
> 3) For Windows Vista, I don't see where the fire is. I realize that it has
> > a vastly smaller user base, but it is close to Window 7 code base and API
> > wise.
>
>
> I'm sure the engineering team can probably provide a more detailed response
> on this one, but as I understand it the main issue is that the sandboxing
> effort [1] makes use of Chromium's sandbox [2] which now only supports
> Windows 7+.
> The challenge would come from maintaining a separate version for Vista
> (which given the relatively low user numbers is hard to justify).
>
> [1] https://wiki.mozilla.org/Security/Sandbox
> [2] http://www.chromium.org/developers/design-documents/sandbox
>
> Peter

Greetings again.

First, I didn't think about OS support as a problem for Vista, but it makes sense considering how Vista failed in the market. When Mozilla does the press release stating that it is dropping Vista and XP at the same time, the explanation for Vista's dropping should include information about the lack of tool and library support so that people don't think Mozilla is just copying Google again.

Over the past week, since I responded to your post, I had to use old laptop because it was storming (it's not good to have a computer on during a lightning storm I learned that the hard way). It was a Vista x32 that I upgraded to Windows 7 x64, but using it got me thinking. In your initial post, you basically laid out that Vista and XP would be left a ESR 52 and that ESR 52 would be feature frozen with only security updates. Said security updates past the first year would be on an 'as user base size justified' basis. My concern is about something else along the lines of security: what about TLS and digital certificates?

In 2014 arstechnica did a story "My coworkers made me use Mac OS 9 for their (and your) amusement" (http://arstechnica.com/apple/2014/09/my-coworkers-made-me-use-mac-os-9-for-their-and-your-amusement/). On page 2, the author talked about trying to do work and failing. He had found the last remaining modern OS 9 web browser, Classilla, and tried to log in to the server to do work only to find that the lack of modern encryption made working from an OS 9 machine impossible. Cameron Kaiser did update Classilla after that article ("And now for something completely different: Classilla is back", https://tenfourfox.blogspot.com/2014/10/and-now-for-something-completely_28.html). Reading through his blog post, he described needing to update NSS (Network Security Services) to recognize TLS 1.0 and SHA-2. Furthermore, the release notes (http://www.floodgap.com/software/classilla/releases/) describe the SSL root certificates having to be refreshed.

My point for the above paragraph is that even if Mozilla stops security updates for ESR 52, these computers will still need to get around on the Internet. These machines will still need to do log ins and banking. The world isn't the same as back in the day when Netscape 4 roamed the web or even in 2008 when Mozilla dropped support for Windows 98 SE with 2.0.0.20. Part of securing the web means making sure that every server has a digital certificate with Let's Encrypt. But that part only works if the browser has up to date TLS and digital certificates. What happens to Vista and XP on ESR 52 or even OSX 10.6-10.8 on ESR 45 when a POODLE style attack drives everyone from TLS 1.2 to TLS 1.3 with no fall back? What happens when older certificates are found to have been compromised by a third party like a crime syndicate or government intelligence agency? Do ESR 52 and ESR 45 get stuck with corrupted certificates while the latest versions of Firefox get their certificates refreshed?

I'm just wondering what your thoughts on if this is an issue or how to handle it if it is.

Kyle Huey

unread,
Oct 21, 2016, 2:11:16 PM10/21/16
to keithga...@gmail.com, dev-platform
On Fri, Oct 21, 2016 at 3:05 AM, <keithga...@gmail.com> wrote:
> My point for the above paragraph is that even if Mozilla stops security updates for ESR 52, these computers will still need to get around on the Internet. These machines will still need to do log ins and banking. The world isn't the same as back in the day when Netscape 4 roamed the web or even in 2008 when Mozilla dropped support for Windows 98 SE with 2.0.0.20. Part of securing the web means making sure that every server has a digital certificate with Let's Encrypt. But that part only works if the browser has up to date TLS and digital certificates. What happens to Vista and XP on ESR 52 or even OSX 10.6-10.8 on ESR 45 when a POODLE style attack drives everyone from TLS 1.2 to TLS 1.3 with no fall back? What happens when older certificates are found to have been compromised by a third party like a crime syndicate or government intelligence agency? Do ESR 52 and ESR 45 get stuck with corrupted certificates while the latest versions of Firefox get their certificates refreshed
> ?

No. These machines should not be on the Internet anymore. If the
operating system vendor is no longer supporting their product with
security releases an out of date TLS stack is a minor problem compared
to the remote code execution that's going to pwn the machine.

- Kyle

keithga...@gmail.com

unread,
Oct 22, 2016, 5:16:25 AM10/22/16
to
On Friday, October 21, 2016 at 1:11:16 PM UTC-5, Kyle Huey wrote:
> No. These machines should not be on the Internet anymore. If the
> operating system vendor is no longer supporting their product with
> security releases an out of date TLS stack is a minor problem compared
> to the remote code execution that's going to pwn the machine.
>
> - Kyle

Don't get me wrong, I agree with you completely. In theory, unsupported OS's should be taken off the Internet and hardware that no longer has support of current OS's should be scrapped and replaced. The reality is that this doesn't happen and this thread proves it. If taking older machines off the Internet was really happening, then why would Firefox still be supporting XP SP2 seven years after its last update?

My concern is that by killing digital certificate updates and TLS updates, still in use machines whose main purpose is Internet access are essentially bricked. Maybe that is the right thing to do. Maybe killing a machine's access to the Internet is the impetus to update an OS or buy a new machine. My fear is that this happening will cause confusion about what is wrong instead of clarity about the need for an upgrade or replacement even if the machine is still 'functional'. My other fear is that this machine is in use because it is the most affordable option even if that isn't the best option and an upgrade or replacement may not be an immediate option. Killing access to the Internet in that case could cause unintended problems.

Also, it's not like Vista is going away cleanly no matter how small its user base. The other day my mom received a Haband catalog and they were selling a Vista laptop with a 60+ game pack for $200.00 that I believe it was similar to the one listed here (http://haband.blair.com/p/for-the-home/electronics/laptops-tablets-e-readers/dell-32-ghz-duo-core-family-laptop/pc/3641/c/3647/sc/4765/110875.uts). I told my mom it wasn't a good deal.

I like the fact that Mozilla extends support to older, outdated, and unpopular machines. I also agree that dropping XP and Vista onto ESR 52 is a good solution to deal with two OS's that are either, in XP's case, too old to properly support or, in Vista's case, lack the tooling support that Windows 7 and above have access to. I just think that with encryption being a major part of the Internet now days both XP and Vista on ESR 52 and probably OS X 10.6-10.8 on ESR 45 need at the very least a little longer guaranteed access to digital certificates for TLS.


Martin Thomson

unread,
Oct 22, 2016, 5:27:32 AM10/22/16
to keithga...@gmail.com, dev-platform
On Sat, Oct 22, 2016 at 8:16 PM, <keithga...@gmail.com> wrote:
> My concern is that by killing digital certificate updates and TLS updates, still in use machines whose main purpose is Internet access are essentially bricked.

Yep, I just designated a relatives machine to recycling on that basis.
I could have updated the OS, but they had other better options, so
we're reclaiming the space. I know that neither option is that
pleasant, but it's not doing anyone a service to have these machines
on the internet.

Gervase Markham

unread,
Oct 24, 2016, 4:12:31 AM10/24/16
to keithga...@gmail.com
On 22/10/16 10:16, keithga...@gmail.com wrote:
> My concern is that by killing digital certificate updates and TLS
> updates, still in use machines whose main purpose is Internet access
> are essentially bricked.

This is a feature, not a bug. If those machines shouldn't be on the
Internet, and things happen which keep them off the Internet, then hooray.

Gerv

keithga...@gmail.com

unread,
Oct 24, 2016, 5:50:15 AM10/24/16
to
On Saturday, October 22, 2016 at 4:27:32 AM UTC-5, Martin Thomson wrote:
> Yep, I just designated a relatives machine to recycling on that basis.
> I could have updated the OS, but they had other better options, so
> we're reclaiming the space. I know that neither option is that
> pleasant, but it's not doing anyone a service to have these machines
> on the internet.


I'm free tech support for my family as well. My worry is those who don't have access to tech support of some form to help them with the next step. I know some tech stores specialize in helping customers with old machines, but that assumes that the type of person who needs that help knows where to find it.

keithga...@gmail.com

unread,
Oct 24, 2016, 6:35:20 AM10/24/16
to
Like I've said in previous messages on this thread, I agree that XP and Vista should be placed on ESR 52, but I'm worried about those people who don't have access to tech support at home (friends, family, a tech store, etc.) to help them with the next steps of replacing their old machine. It would be good if Mozilla had some kind of message at the start of the transfer to ESR 52 stating that they have X amount of time to upgrade.



I would feel less queasy about this process, if in the past Mozilla's efforts to gracefully wind down an old OS had been graceful. OS X 10.5 got decommissioned at Firefox 16.0.2 and never got put on ESR 17. Windows 2000, XP RTM, and XP SP1 got decommissioned at Firefox 12.0 and users had to downgrade to ESR 10 if they wanted support. Same story with OS X 10.6-10.8 as those OS's got decommissioned at Firefox 47.0.1 and users had to downgrade to ESR 45 for continued support. This is all further complicated by the fact that Mozilla doesn't like to have users cross channels (for obvious reasons like preventing bugs and messed up profiles). Mozilla has never to my knowledge moved a user base automatically from Release Channel to ESR Channel. Those who wanted continued support in the past had to downgrade on their own. Mozilla stores the ESR at the following non-obvious URL: https://www.mozilla.org/en-US/firefox/organizations/.



Also, Mozilla doesn't advertise the existence of the ESR Channel. I often feel that Mozilla treats its ESR like the red-headed stepchild of all its releases. Nightly, Developer Edition, Beta, and Release are all front and center and yet the ESR Channel is left in the background. I'm sure more people who want a slower release cycle would use the ESR if they knew it existed. Mozilla could even differentiate itself from other browser makers with the tag line "Firefox: Upgrades at Your Speed, Not the Internet's". Then again, Mozilla isn't the only one to pull that trick as apparently Microsoft won't let anyone but enterprise customers use Windows 10's slowest upgrade cycle.



Beyond that, I don't like the whole tentative nature of security updates beyond the first year. I think Mozilla should follow Microsoft's example and have a definitive cutoff date. If that means stating that XP and Vista on ESR 52 will be supported no later than the release of ESR 66.2.0. Mozilla should state up front that it will support ESR 52 for XP/Vista for 2 years up front so that people can plan for its depreciation instead of being left in suspense.

yuhong...@hotmail.com

unread,
Oct 24, 2016, 1:01:50 PM10/24/16
to
On Monday, October 24, 2016 at 3:35:20 AM UTC-7, keithga...@gmail.com wrote:
> On Monday, October 24, 2016 at 3:12:31 AM UTC-5, Gervase Markham wrote:
> > On 22/10/16 10:16, keithga...@gmail.com wrote:
> > > My concern is that by killing digital certificate updates and TLS
> > > updates, still in use machines whose main purpose is Internet access
> > > are essentially bricked.
> >
> > This is a feature, not a bug. If those machines shouldn't be on the
> > Internet, and things happen which keep them off the Internet, then hooray.
> >
> > Gerv
>
> Like I've said in previous messages on this thread, I agree that XP and Vista should be placed on ESR 52, but I'm worried about those people who don't have access to tech support at home (friends, family, a tech store, etc.) to help them with the next steps of replacing their old machine. It would be good if Mozilla had some kind of message at the start of the transfer to ESR 52 stating that they have X amount of time to upgrade.
>
Feel free to reopen https://bugzilla.mozilla.org/show_bug.cgi?id=1059840 when ready.

Eric Rescorla

unread,
Oct 24, 2016, 1:45:26 PM10/24/16
to Gervase Markham, dev-platform
This seems to assume facts not in evidence, namely that people will stop
using those
machines rather than just living with whatever the last version we updated
them to.

Do we have any data that shows that that's true?

-Ekr

Peter Dolanjski

unread,
Oct 24, 2016, 2:34:13 PM10/24/16
to Eric Rescorla, dev-platform, Gervase Markham
While this doesn't definitively answer your question, it may provide some
insight:
We ran a survey of Chrome XP users (N=819) after Chrome's end of life
message was shown in the product (English only). The results showed:

-

About half the sample plan to continue using Chrome on XP without
support/updates
-

Almost 40% say they will either update Windows, their computer, or
switch operating system (OS)
- About 14% overall open to switching browsers, more than half of those
interested in Firefox

Because this is self reported, it is hard to say how many users will
actually follow through. I can say that even though 7% said they'd switch
to Firefox, we saw zero evidence (in downloads or ADIs) that they actually
did.

The final data point I have is that NetMarketShare reports that Chrome's
proportion of users on XP users hovered around 13% for almost a year. Come
May, 2016 (month after Chrome XP EOL), they dropped to 11%. In the same
period, Firefox stayed relatively even. We'll likely need to keep tracking
the data to see where they go after a year, but I think it's safe to say
that most users won't seek out an alternative and will continue using the
product.


Peter


On Mon, Oct 24, 2016 at 1:44 PM, Eric Rescorla <e...@rtfm.com> wrote:

> This seems to assume facts not in evidence, namely that people will stop
> using those
> machines rather than just living with whatever the last version we updated
> them to.
>
> Do we have any data that shows that that's true?
>
> -Ekr
>
>
> On Mon, Oct 24, 2016 at 1:12 AM, Gervase Markham <ge...@mozilla.org> wrote:
>

Gervase Markham

unread,
Oct 25, 2016, 4:22:10 AM10/25/16
to Eric Rescorla
On 24/10/16 18:44, Eric Rescorla wrote:
> This seems to assume facts not in evidence, namely that people will stop
> using those
> machines rather than just living with whatever the last version we updated
> them to.

I think you've misread what I said. I said that if it turns out that
(for example) the entire web moves to require TLS 1.3 final and ESR 52
doesn't support it, and as a result these old machines can no longer
browse the secure web, and therefore people decide they can't use them
for web surfing any more - that's a feature, not a bug, and it's not
something we should worry about happening. Same goes for any other
TLS/cert-related requirement which "breaks" their browsing experience.

Gerv

keithga...@gmail.com

unread,
Oct 25, 2016, 6:28:44 AM10/25/16
to
I brought up my concern about TLS and digital certificates because I was worried about users going to access the secure web and suddenly finding it inaccessible. I was concerned about users being immediately cut off. After looking at the Wikipedia page on TLS (https://en.wikipedia.org/wiki/Transport_Layer_Security), I see that TLS 1.3 is a draft and probably years away from completion let alone implantation. XP and Vista users have plenty of time to get a new computer before TLS 1.3 is in use. As for digital certificates, if Mozilla gives enough security updates to ESR 52 for XP and Vista users (such as maybe an extra year of support), then that shouldn't be a problem.


What I would like to hear from Mozilla with regards to moving XP and Vista users on to ESR 52, is if Mozilla really is going to take this action this time? I've always thought that this was a great use of the ESR as a way to wind down an OS that is about to be unsupported. It's just that Mozilla has never done this plan specifically before.


What I think would be helpful if Mozilla does go with this plan, is that, first, Mozilla sets a definite end date up front for ESR 52 and, second, that Mozilla has puts out the message as to what and why this is happening. Setting an end date for support will give everyone a timeline to work with and kill any hope on those with older machines that they can just keep holding out one more month for updates that will never come. Having a clear message will be good for getting everyone on the same page with this policy. A solid press release to tech news sites to get out the message to those who provide tech support is a good start. A message on the startup page after every update stating how many updates are left with ESR 52 and maybe some helpful information about upgrading might be a good way to help XP and Vista users on ESR 52.

Peter Dolanjski

unread,
Oct 27, 2016, 9:48:13 AM10/27/16
to Keith Gallistel, dev-platform
>
> What I think would be helpful if Mozilla does go with this plan, is that,
> first, Mozilla sets a definite end date up front for ESR 52 and, second,
> that Mozilla has puts out the message as to what and why this is happening.
> Setting an end date for support will give everyone a timeline to work with
> and kill any hope on those with older machines that they can just keep
> holding out one more month for updates that will never come. Having a clear
> message will be good for getting everyone on the same page with this
> policy. A solid press release to tech news sites to get out the message to
> those who provide tech support is a good start. A message on the startup
> page after every update stating how many updates are left with ESR 52 and
> maybe some helpful information about upgrading might be a good way to help
> XP and Vista users on ESR 52.


This is good input. Thanks Keith.

I will be writing a blog post and I'll see how crisp we can get with the
end of life date as part of that messaging. From there, we do need to
figure out messaging to users in various other ways.

Peter

jua...@gmail.com

unread,
Oct 31, 2016, 5:54:03 PM10/31/16
to
Em quinta-feira, 27 de outubro de 2016 11:48:13 UTC-2, Peter Dolanjski escreveu:
> >
> > What I think would be helpful if Mozilla does go with this plan, is that,
> > first, Mozilla sets a definite end date up front for ESR 52 and, second,
> > that Mozilla has puts out the message as to what and why this is happening.
> > Setting an end date for support will give everyone a timeline to work with
> > and kill any hope on those with older machines that they can just keep
> > holding out one more month for updates that will never come.

Discontinuing support for 10% of users sounds like shrinking 10% of customers, lay off 10% of employees, reduce 10% of funds for investments.

- Is really necessary to abandon all XP users?
- Is possible to discontinue the most hard to support components? Somenthing like "Video conferencing will not work in XP" or like is planned for flash.
- Is possible restrict the user base affected? Like only XP SP2 and older...
- Someone has the statistics details of this "10% user base" for supporting this decision? What service pack? Where they are? What are the demographics numbers? How often the browse web?
- Someone has the numbers for what is the cost for this burden?

I see how Mozilla is important for open web and how firefox user base is shrinking. This worries me.

Maybe hiring one or two developers for supporting this user base is cheaper than loosing these users.

Aaron Klotz

unread,
Oct 31, 2016, 6:48:04 PM10/31/16
to dev-pl...@lists.mozilla.org
Disclaimer: I am not a decision maker on this, these are my personal
opinions, etc, etc

On 10/31/2016 3:54 PM, jua...@gmail.com wrote:
>
> Discontinuing support for 10% of users sounds like shrinking 10% of customers, lay off 10% of employees, reduce 10% of funds for investments.
>
> - Is really necessary to abandon all XP users?
Shifting XP users to ESR is different from "abandonment" FWIW, but IMHO
this move is necessary. As I pointed out earlier in this discussion, the
problems have become more complicated than simply disabling certain
pieces of code when XP does not support them.

> - Is possible to discontinue the most hard to support components? Somenthing like "Video conferencing will not work in XP" or like is planned for flash.
Again, that is not the problem. The problem is more like, "Sorry 90% of
users, we can't give you a better sandbox because of the 10% of users
running an obsolete and unsupported OS," or "This feature is going to be
delayed a release because it mysteriously fails on Windows XP."
Meanwhile, our competitors *do* deliver that better sandbox or *do*
release that new feature before we do. Now we're preserving that 10% of
users at the expense of the other 90%, and it's in the latter category
where the growth will be. That sounds like a pretty lousy growth
strategy to me.

> - Is possible restrict the user base affected? Like only XP SP2 and older...
Existing Firefox system requirements are for XP SP2, so we already
restrict older revisions, but that isn't really the issue here. The
issue is the gulf between all XP releases and newer versions.

As somebody who has first-hand experience with this, let me assure you:
Debugging XP-specific problems has become very unpleasant. Most
developers don't just have an XP machine sitting around to work with. We
can request a loaner from Release Engineering and debug it through
there, but that is very tedious and time consuming. Turnaround on try
builds for Windows XP is sometimes terribly slow. As XP continues to die
off, this will only get worse, not better.

> I see how Mozilla is important for open web and how firefox user base is shrinking. This worries me.
Do not confuse shrinking market share with shrinking user base. That is
only the case when the total number of users on the web remains
constant, which is not the case. Having said that, I don't want to see
shrinking market share either.

I do not believe that we can offer the highest quality experience to the
vast majority of our users by continuing to expend resources on the
past. One of our top-line goals for 2016 has been to build our core
strength. I don't know how we're supposed to do that by intentionally
tying one hand behind our back to support Windows XP.

Supporting XP might curb short-term market share losses but it will
hinder our ability to deliver long-term market share gains.

> Maybe hiring one or two developers for supporting this user base is cheaper than loosing these users.

Hopefully my other remarks in this post have made it clear that XP
support is not an issue of headcount.

Robert Strong

unread,
Oct 31, 2016, 7:52:54 PM10/31/16
to Aaron Klotz, dev-platform
Aaron, thank you for explaining the reasons for this decision so thoroughly!

On Mon, Oct 31, 2016 at 3:48 PM, Aaron Klotz <akl...@mozilla.com> wrote:

> Disclaimer: I am not a decision maker on this, these are my personal
> opinions, etc, etc
>
> On 10/31/2016 3:54 PM, jua...@gmail.com wrote:
>
>>
>> Discontinuing support for 10% of users sounds like shrinking 10% of
>> customers, lay off 10% of employees, reduce 10% of funds for investments.
>>
>> - Is really necessary to abandon all XP users?
>>
> Shifting XP users to ESR is different from "abandonment" FWIW, but IMHO
> this move is necessary. As I pointed out earlier in this discussion, the
> problems have become more complicated than simply disabling certain pieces
> of code when XP does not support them.
>
> - Is possible to discontinue the most hard to support components?
>> Somenthing like "Video conferencing will not work in XP" or like is planned
>> for flash.
>>
> Again, that is not the problem. The problem is more like, "Sorry 90% of
> users, we can't give you a better sandbox because of the 10% of users
> running an obsolete and unsupported OS," or "This feature is going to be
> delayed a release because it mysteriously fails on Windows XP." Meanwhile,
> our competitors *do* deliver that better sandbox or *do* release that new
> feature before we do. Now we're preserving that 10% of users at the expense
> of the other 90%, and it's in the latter category where the growth will be.
> That sounds like a pretty lousy growth strategy to me.
>
> - Is possible restrict the user base affected? Like only XP SP2 and
>> older...
>>
> Existing Firefox system requirements are for XP SP2, so we already
> restrict older revisions, but that isn't really the issue here. The issue
> is the gulf between all XP releases and newer versions.
>
> As somebody who has first-hand experience with this, let me assure you:
> Debugging XP-specific problems has become very unpleasant. Most developers
> don't just have an XP machine sitting around to work with. We can request a
> loaner from Release Engineering and debug it through there, but that is
> very tedious and time consuming. Turnaround on try builds for Windows XP is
> sometimes terribly slow. As XP continues to die off, this will only get
> worse, not better.
>
> I see how Mozilla is important for open web and how firefox user base is
>> shrinking. This worries me.
>>
> Do not confuse shrinking market share with shrinking user base. That is
> only the case when the total number of users on the web remains constant,
> which is not the case. Having said that, I don't want to see shrinking
> market share either.
>
> I do not believe that we can offer the highest quality experience to the
> vast majority of our users by continuing to expend resources on the past.
> One of our top-line goals for 2016 has been to build our core strength. I
> don't know how we're supposed to do that by intentionally tying one hand
> behind our back to support Windows XP.
>
> Supporting XP might curb short-term market share losses but it will hinder
> our ability to deliver long-term market share gains.
>
> Maybe hiring one or two developers for supporting this user base is
>> cheaper than loosing these users.
>>
>
> Hopefully my other remarks in this post have made it clear that XP support
> is not an issue of headcount.
>

Peter Dolanjski

unread,
Nov 1, 2016, 9:28:54 PM11/1/16
to Aaron Klotz, dev-platform
On 10/31/2016 3:54 PM, jua...@gmail.com wrote:

>
> Discontinuing support for 10% of users sounds like shrinking 10% of
> customers, lay off 10% of employees, reduce 10% of funds for investments.


I can tell you that the evidence we have does not support the notion that
end of life (or the approach we are proposing) will actually result in the
attrition of those users.
We examined the impact of Chrome's end of life on Windows XP users. The
majority of users planned to stick with Chrome even without security
updates. We also saw almost zero evidence of Chrome's end of life causing
an uptick in Firefox usage or downloads among XP users.

- Someone has the statistics details of this "10% user base" for supporting
> this decision? What service pack? Where they are? What are the demographics
> numbers? How often the browse web?


We did look through the data. Yes, there is a geographic skew in XP usage
towards countries like Russia and China. In addition, on average, XP users
search less and have lower engagement rates than non-XP users, but the
difference isn't massive.

Peter

On Tue, Nov 1, 2016 at 6:48 AM, Aaron Klotz <akl...@mozilla.com> wrote:

> Disclaimer: I am not a decision maker on this, these are my personal
> opinions, etc, etc
>
> On 10/31/2016 3:54 PM, jua...@gmail.com wrote:
>
>>
>> Discontinuing support for 10% of users sounds like shrinking 10% of
>> customers, lay off 10% of employees, reduce 10% of funds for investments.
>>
>> - Is really necessary to abandon all XP users?
>>
> Shifting XP users to ESR is different from "abandonment" FWIW, but IMHO
> this move is necessary. As I pointed out earlier in this discussion, the
> problems have become more complicated than simply disabling certain pieces
> of code when XP does not support them.
>
> - Is possible to discontinue the most hard to support components?
>> Somenthing like "Video conferencing will not work in XP" or like is planned
>> for flash.
>>
> Again, that is not the problem. The problem is more like, "Sorry 90% of
> users, we can't give you a better sandbox because of the 10% of users
> running an obsolete and unsupported OS," or "This feature is going to be
> delayed a release because it mysteriously fails on Windows XP." Meanwhile,
> our competitors *do* deliver that better sandbox or *do* release that new
> feature before we do. Now we're preserving that 10% of users at the expense
> of the other 90%, and it's in the latter category where the growth will be.
> That sounds like a pretty lousy growth strategy to me.
>
> - Is possible restrict the user base affected? Like only XP SP2 and
>> older...
>>
> Existing Firefox system requirements are for XP SP2, so we already
> restrict older revisions, but that isn't really the issue here. The issue
> is the gulf between all XP releases and newer versions.
>
> As somebody who has first-hand experience with this, let me assure you:
> Debugging XP-specific problems has become very unpleasant. Most developers
> don't just have an XP machine sitting around to work with. We can request a
> loaner from Release Engineering and debug it through there, but that is
> very tedious and time consuming. Turnaround on try builds for Windows XP is
> sometimes terribly slow. As XP continues to die off, this will only get
> worse, not better.
>
> I see how Mozilla is important for open web and how firefox user base is
>> shrinking. This worries me.
>>
> Do not confuse shrinking market share with shrinking user base. That is
> only the case when the total number of users on the web remains constant,
> which is not the case. Having said that, I don't want to see shrinking
> market share either.
>
> I do not believe that we can offer the highest quality experience to the
> vast majority of our users by continuing to expend resources on the past.
> One of our top-line goals for 2016 has been to build our core strength. I
> don't know how we're supposed to do that by intentionally tying one hand
> behind our back to support Windows XP.
>
> Supporting XP might curb short-term market share losses but it will hinder
> our ability to deliver long-term market share gains.
>
> Maybe hiring one or two developers for supporting this user base is
>> cheaper than loosing these users.
>>
>
> Hopefully my other remarks in this post have made it clear that XP support
> is not an issue of headcount.
>

Mike Hommey

unread,
Nov 1, 2016, 9:57:29 PM11/1/16
to Peter Dolanjski, Aaron Klotz, dev-platform
On Wed, Nov 02, 2016 at 09:28:40AM +0800, Peter Dolanjski wrote:
> On 10/31/2016 3:54 PM, jua...@gmail.com wrote:
>
> >
> > Discontinuing support for 10% of users sounds like shrinking 10% of
> > customers, lay off 10% of employees, reduce 10% of funds for
> > investments.
>
>
> I can tell you that the evidence we have does not support the notion
> that end of life (or the approach we are proposing) will actually
> result in the attrition of those users. We examined the impact of
> Chrome's end of life on Windows XP users. The majority of users
> planned to stick with Chrome even without security updates. We also
> saw almost zero evidence of Chrome's end of life causing an uptick in
> Firefox usage or downloads among XP users.

Chutten is not as categoric as you are:

It is also possible that we’ve seen some ex-Chrome users fleeing
Google’s drop of support from earlier this year.

Deseasonalized numbers for just WinXP users are hard to come by, so
this is fairly speculative. One thing that’s for certain is that the
diminishing Windows XP userbase trend I had previously observed (and
was counting on seeing continue) is no longer in evidence.

https://chuttenblog.wordpress.com/2016/10/28/firefox-windows-xp-exit-plan/

Mike

Peter Dolanjski

unread,
Nov 1, 2016, 11:08:46 PM11/1/16
to Mike Hommey, Chris H-C, Aaron Klotz, dev-platform
>
> Chutten is not as categoric as you are:
>
> It is also possible that we’ve seen some ex-Chrome users fleeing
> Google’s drop of support from earlier this year.
>
This is possible, but I'd still expect to see the biggest impact when
Chrome started including the scary persistent notification that the user
will no longer get updates.


> Deseasonalized numbers for just WinXP users are hard to come by, so
> this is fairly speculative. One thing that’s for certain is that the
> diminishing Windows XP userbase trend I had previously observed (and
> was counting on seeing continue) is no longer in evidence.


Chutten, if you have some other stats on this, I'd love to take a look.
The longitudinal data still shows the following trend:

*Changes to **Daily Active User proportion of WinXP to total Windows
population from previous month:*
Week of Jan. 20th, 2016: -4.3%
Week of Feb. 20th, 2016: -2.5%
Week of Mar. 20th, 2016: -2.6%
Week of Apr. 20th, 2016: -3.2%
Week of May 20th, 2016: -1.3%
Week of June 20th, 2016: -3.3%
Week of July 20th, 2016: -2.3%
Week of Aug. 20th, 2016: -4.9%
Week of Sept. 20th, 2016: -1.1%
Week of Oct. 20th, 2016: -1.2%

Sure, there were larger drops in the summer that seemed to have eased off
in Sept./Oct. but it's too early to tell if that's just some weirdness from
seasonality.

Peter





On Tue, Nov 1, 2016 at 9:56 PM, Mike Hommey <m...@glandium.org> wrote:

> On Wed, Nov 02, 2016 at 09:28:40AM +0800, Peter Dolanjski wrote:
> > On 10/31/2016 3:54 PM, jua...@gmail.com wrote:
> >
> > >
> > > Discontinuing support for 10% of users sounds like shrinking 10% of
> > > customers, lay off 10% of employees, reduce 10% of funds for
> > > investments.
> >
> >

Chris Hutten-Czapski

unread,
Nov 2, 2016, 10:48:14 AM11/2/16
to Peter Dolanjski, Mike Hommey, Aaron Klotz, dev-platform
Over the past two months there has been no absolute decline in number of
Windows XP installs. (Source: Tableau data, which is sadly not public so I
cannot link because it reveals more data from our users than we feel
comfortable sharing)

Over the past two months there has been an absolute increase in the number
of Windows 7 and Windows 10 installs. (Tableau)

Thus, as a percentage it is decreasing. As a number of users, it isn't.

It is important to be clear and precise, and I apologize that my blogpost
failed in those respects.

So, to recap: there are costs to supporting Windows XP and Windows Vista.
The userbase is shrinking as a percentage of the overall Firefox userbase.
There is a plan that will ensure support to April of 2018, two years after
Chrome dropped support and a full decade after SP3 was released.

In my opinion, this is an excellent and generous plan. I expect the Windows
XP userbase to continue to shrink as a proportion of Firefox users, and to
restart shrinking as an absolute value in the near term.

Once again I am sorry for any confusion I may have caused.

:chutten


On Tue, Nov 1, 2016 at 11:08 PM, Peter Dolanjski <pdola...@mozilla.com>
wrote:
>> > > Discontinuing support for 10% of users sounds like shrinking 10% of
>> > > customers, lay off 10% of employees, reduce 10% of funds for
>> > > investments.
>> >
>> >

Peter Dolanjski

unread,
Nov 2, 2016, 11:16:54 AM11/2/16
to Chris Hutten-Czapski, Mike Hommey, Aaron Klotz, dev-platform
Thanks for the clarifications.

Peter

On Wed, Nov 2, 2016 at 10:46 PM, Chris Hutten-Czapski <chu...@mozilla.com>
wrote:
>>> > > Discontinuing support for 10% of users sounds like shrinking 10% of
>>> > > customers, lay off 10% of employees, reduce 10% of funds for
>>> > > investments.
>>> >
>>> >
Reply all
Reply to author
Forward
0 new messages