Raise the minimum requirements for Gecko 1.9.2 (and any versions of
Firefox built on 1.9.2) for Windows builds to require Windows XP
Service Pack 3 or higher.
Background:
Supporting multiple OS versions is not zero cost, in terms of testing,
code complexity and developer sanity. We have previously raised the
minimum requirement to Windows 2000 for Firefox 3. We have also
raised the minimum requirements for Linux and Mac builds in that same
timeframe. While we have not formalized a policy by which we drop
support for OS versions, in general the main concerns have been how
recently the OS versions have been available and sold (in some cases)
as well as the ability and costs involved for users to upgrade.
Additionally, the continued availability of security updates for the
OS level is important, as users on unsupported of operating systems,
especially Windows, are highly vulnerable no matter what we do, so
there is a strong argument against giving those users a reason to stay
on that platform.
On July 13, 2010, Microsoft will end all support for Windows 2000 (all
service packs) and Windows XP Service Pack 2 (XP SP1 and the original
XP have already passed their end of support). This means that after
this date, these OS versions will not get any security updates and
will not receive any support from Microsoft. Service Pack 3 is a free
upgrade for all XP users. Windows 2000 has no free upgrade path, but
has not been available at retail since March 2004, and was last
legally sold as a preloaded OS in March 2005, which is over four years
ago, and will be more than five years from when we ship the last
supported version of Firefox. Users should be able to successfully
migrate to XP or Linux if they intend to keep using their old hardware.
Affected Users:
All users still running either Windows 2000 or Windows XP Service Pack
2 (or lower). As Service Pack 3 is a free upgrade for XP users, only
Windows 2000 users will be forced to change their OS to use the next
version of Firefox.
As we intend to ship the next version of Firefox in early 2010,
Firefox 3.5 will continue to be supported under our current support
policy (six months after the next version) until after those OS
versions are no longer supported, so users will continue to be
supported by Mozilla as least as long as their OS is supported.
Relevant Links:
General Microsoft Support Lifecycle Policy:
http://support.microsoft.com/lifecycle/
Windows Service Pack Support End Dates:
http://support.microsoft.com/gp/lifesupsps#Windows
Windows 2000 Support Lifecycle
http://support.microsoft.com/lifecycle/?p1=3071
Windows Life-Cycle Policy (licensing availability)
http://www.microsoft.com/windows/lifecycle/default.mspx
-R
> Proposal:
>
> Raise the minimum requirements for Gecko 1.9.2 (and any versions of
> Firefox built on 1.9.2) for Windows builds to require Windows XP
> Service Pack 3 or higher.
Is there a reason for specifying SP3 here, in terms of development
demand to keep Gecko compatible? Put another way, have the Windows
libraries changed sufficiently between SP1 and SP3 that it's likely
that we'll produce a version of Gecko that would be compatible with
Windows XP SP3+ but not with SP2 or SP1?
Right now the majority of our Windows users are still on XP, but I'm
not sure it's clear how many of those users have upgraded, or intend
to upgrade (or in some cases are able to upgrade) and while I
understand that the platform itself isn't supported by Microsoft, I do
think that keeping those XP users from being able to use Firefox will
end up doing more harm (to them) than good, no matter what the intent.
cheers,
mike
> On 13-Apr-09, at 10:33 PM, Michael Connor wrote:
>
> Proposal:
>>
>> Raise the minimum requirements for Gecko 1.9.2 (and any versions of
>> Firefox built on 1.9.2) for Windows builds to require Windows XP Service
>> Pack 3 or higher.
>>
>
> Is there a reason for specifying SP3 here, in terms of development demand
> to keep Gecko compatible? Put another way, have the Windows libraries
> changed sufficiently between SP1 and SP3 that it's likely that we'll produce
> a version of Gecko that would be compatible with Windows XP SP3+ but not
> with SP2 or SP1?
There are new features in SP2 (mostly security related) such as the
IAttachmentExecute interface which the download scanner uses. We could
eliminate the old IOfficeAntiVirus code if we drop support for Win2k and XP
SP<2. The APIs are mostly the same however. We can also drop the theme
hackery that currently exists entirely due to supporting Windows 2000 (since
it lacks the uxtheme api).
> Right now the majority of our Windows users are still on XP, but I'm not
> sure it's clear how many of those users have upgraded, or intend to upgrade
> (or in some cases are able to upgrade) and while I understand that the
> platform itself isn't supported by Microsoft, I do think that keeping those
> XP users from being able to use Firefox will end up doing more harm (to
> them) than good, no matter what the intent.
We can justify dropping 2k/XP entirely better than setting the minimum to XP
SP3 because there are many more new features in Vista that we could take
advantage of (native condition variables, graphics changes, integrity
levels, etc...).
I think we should see how Windows 7 pans out. If the result is good and
users migrate from XP, then we should consider dropping XP. Of course, there
will always be people who cling to old systems like Win2k and XP and they
will be vocal.
It should be pretty safe to drop support for Win2k but I cannot think of any
reasons besides the theme APIs.
-Rob
> There are new features in SP2 (mostly security related) such as the
> IAttachmentExecute interface which the download scanner uses. We could
> eliminate the old IOfficeAntiVirus code if we drop support for Win2k
> and XP
> SP<2. The APIs are mostly the same however. We can also drop the theme
> hackery that currently exists entirely due to supporting Windows
> 2000 (since
> it lacks the uxtheme api).
Yes, I understand the case for dropping W2K support (though we should
get our approximate user counts there and do that with our eyes open)
and think it's virtuous. It was the SP1/2 bit that I didn't quite get.
Aside from the IOfficeAntiVirus API, any other wins that anyone knows
of?
> I think we should see how Windows 7 pans out. If the result is good
> and
> users migrate from XP, then we should consider dropping XP. Of
> course, there
> will always be people who cling to old systems like Win2k and XP and
> they
> will be vocal.
Indeed, I think it will be a function of schedule (when will Gecko
1.9.2 drop?) and market function. From what I hear in the latest
rumour mills, though, Windows 7 may not be as early as originally
expected, meaning that the XP market share is likely to stick around.
cheers,
mike
> Is there a reason for specifying SP3 here, in terms of development
> demand to keep Gecko compatible?
I suppose one minor point is that we don't have tinderboxes testing the
3 different SP flavors of XP. [AFAIK they're all the same SP, though I'm
not sure exactly which one.] It would be nice to raise requirements to
what we actually test (which should become SP3, if it's not already).
Justin
> On 13-Apr-09, at 11:25 PM, Rob Arnold wrote:
>
>> There are new features in SP2 (mostly security related) such as the
>> IAttachmentExecute interface which the download scanner uses. We
>> could
>> eliminate the old IOfficeAntiVirus code if we drop support for
>> Win2k and XP
>> SP<2. The APIs are mostly the same however. We can also drop the
>> theme
>> hackery that currently exists entirely due to supporting Windows
>> 2000 (since
>> it lacks the uxtheme api).
>
> Yes, I understand the case for dropping W2K support (though we
> should get our approximate user counts there and do that with our
> eyes open) and think it's virtuous. It was the SP1/2 bit that I
> didn't quite get. Aside from the IOfficeAntiVirus API, any other
> wins that anyone knows of?
There's a number of other places this occurs. There's also been bugs
that were SP1-only (i.e. bug 366643, which turned up from an mxr
search). There were significant architectural changes with Service
Pack 2 around security, which benefits users if it doesn't impact
compatibility. (Someone on IRC described it as the "Internet is
Scary" service pack.)
Put another way, XP (no SP) and XP SP1 have been unsupported and
unpatched for years now. Users on those OSes are almost certainly
vulnerable, if they're not already owned. Any effort expended in
supporting those users is the technical equivalent of throwing good
money after bad. I don't know of any software that would require
SP1. Other than slow-to-upgrade corporate environments (which will
_surely_ migrate by SP2 EOL), I am unaware of anyone choosing to
remain on lower service packs past the support date for any reason
other than being unaware of the very real risk involved. IE7/IE8/
Chrome already require XP SP2 or higher (I can't find data on whether
Safari has any Service Pack-level requirements) so I don't think we
lose anything by catching up.
>> I think we should see how Windows 7 pans out. If the result is good
>> and
>> users migrate from XP, then we should consider dropping XP. Of
>> course, there
>> will always be people who cling to old systems like Win2k and XP
>> and they
>> will be vocal.
>
> Indeed, I think it will be a function of schedule (when will Gecko
> 1.9.2 drop?) and market function. From what I hear in the latest
> rumour mills, though, Windows 7 may not be as early as originally
> expected, meaning that the XP market share is likely to stick around.
I don't think completely dropping XP is feasible for 1.9.2 unless it
ships in 2012, given that many machines (notably netbooks) are still
shipping with XP Home right now.
-- Mike
...
> On July 13, 2010, Microsoft will end all support for Windows 2000 (all
> service packs) and Windows XP Service Pack 2 (XP SP1 and the original XP
> have already passed their end of support). This means that after this
> date, these OS versions will not get any security updates and will not
> receive any support from Microsoft. Service Pack 3 is a free upgrade
> for all XP users.
I wonder if this is true. I would believe "free upgrade for all XP
licensees". Anyone with a corporate install Windows computer from a
former employer or other circumstance may not have access SP3. I wonder
how many of us there are? Betcha a lot more than you'd think. It's not
like SP3 is important (or Vista for that matter).
I could switch this machine to Linux, but I would be very reluctant to
break what works.
Seems like July 13, 2010 would make 1.9.3 more appropriate.
>
> Relevant Links:
>
Microsoft policy is not so important as what the installed base actually
contains. Is there info on that?
jjb
Sort of depends on what you mean by "test" - according to wikimo, the
Talos XP boxes are SP2, but afair unit tests have always been Server
2k3, and even back to Fx2 builds are 2k3 (though I think they might have
started out as 2k, and Thunderbird 2 is apparently still chugging along
on a 2k tinderbox).
If you break perf on SP3 but not on SP2, you won't know it, but if you
break something unit tested on XP-anything but not 2k3 (or Vista but not
2k3), you'll only know it if someone finally says "you know, I haven't
been able to get a test run on my XP VM to pass since..." or when
someone reports the real-world breakage.
>> On July 13, 2010, Microsoft will end all support for Windows 2000
>> (all service packs) and Windows XP Service Pack 2 (XP SP1 and the
>> original XP have already passed their end of support). This means
>> that after this date, these OS versions will not get any security
>> updates and will not receive any support from Microsoft. Service
>> Pack 3 is a free upgrade for all XP users.
>
> I wonder if this is true. I would believe "free upgrade for all XP
> licensees". Anyone with a corporate install Windows computer from a
> former employer or other circumstance may not have access SP3. I
> wonder how many of us there are? Betcha a lot more than you'd think.
> It's not like SP3 is important (or Vista for that matter).
If you don't have the license (i.e. if it was part of a corporate site
license, and you left the company with the machine) then technically
you aren't using the software legally. I suppose there's some number
of people using software without actually having a license to that
software. I don't believe we should make a decision based on users
who can't upgrade their OS because they aren't using it legally.
> > Relevant Links:
> >
> Microsoft policy is not so important as what the installed base
> actually contains. Is there info on that?
Microsoft policy is completely important, if that's when security
updates stop happening. I don't think we want to put time and
resources into operating systems which will rapidly be exploited. https://isc.sans.org/survivaltime.html
has a fun graph which shows average time to exploit an unpatched
system exposed to the Internet.
If the installed base wants to be zombies, that's fine, but that
doesn't mean we should invest in giving them one more reason to expose
themselves.
-- Mike
> software. I don't believe we should make a decision based on users who
> can't upgrade their OS because they aren't using it legally.
Ok, I guess we disagree. I think mozilla should make decisions based on
the needs of their users.
jjb
I don't want spend my time debugging or trying to reproduce an issue for an
operating system that isn't up to date when it could easily be. If users are
illegally using their OS and cannot upgrade due to that, I do not want to
have to bend over backwards to recreate their environment to reproduce the
bug and test a fix (in addition, there are moral issues with helping these
users). I would argue that supporting those systems doesn't help the needs
of the vast majority of users who are using their OS legally and properly
maintaining it.
We have users who use the server editions of Windows and Firefox works
mostly correctly there, but it is technically unsupported and I have had to
deal with bugs resulting from the subtle differences. The fewer platforms we
have to support, the more productive my time can be spent working on bug
that address issues for a much larger set of people.
-Rob
I would ask for some kind of '--disable-xp-requirements' if that's possible.
If it's not (= probaly unwanted), then too bad for me...
Those are excellent reasons for dropping support for XP/noSP and XP/SP1.
But why drop support for XP/SP2?
Rob
> Proposal:
>
> Raise the minimum requirements for Gecko 1.9.2 (and any versions of
> Firefox built on 1.9.2) for Windows builds to require Windows XP
> Service Pack 3 or higher.
I am a little bit concerned about dropping Windows 2000 given that
Gecko 1.9.2 will be released when W2K will still be supported by
Microsoft for a few months.
On the other hand, its global market share is steadily declining and
already very low according to the market share reports from Gemius,
StatCounter and Net Applications.
Do we have any reliable numbers from our own download and AMO
statistics on the percentage of users, which are still using W2K?
I think this discussion would benefit from those numbers.
Simon
--
Thunderbird/Calendar Localisation (L10n) Coordinator
Thunderbird l10n blog: http://thunderbird-l10n.blogspot.com
Calendar website maintainer: http://www.mozilla.org/projects/calendar
Calendar developer blog: http://weblogs.mozillazine.org/calendar
Yes, all of our Fx 3.5 builds and unit tests are done in windows 2003.
Talos testing is done under XP and Vista.
We're really trying as hard as possible to piss off as many users as we
can, right?
Robert Kaiser
Wait, you seriously believe one single user would upgrade their OS just
because there's no new Firefox available for them? Int he contrary, they
will either switch to a different browser or continue to use an old,
more insecure Firefox. That's already the case with a good number of
people on Win9x and Firefox 2 (still millions of people, last I heard)
and I haven't yet heard of anyone who thrashed Win9x because Firefox 2
was EOLed and Firefox 3 is not available for them.
It sounds like some people here have a strange view of how people decide
to use what system. Firefox is not the driving force for people to buy
new computers (which is bad for nature anyways) or buy and install new
operating systems.
And dropping Win2k support will be a very good argument for business not
using Firefox ;-)
Robert Kaiser
Yes, that is our goal. It has nothing to do with trying to apply our
limited resources to where they can affect the most people.
On the bright side, SeaMonkey will be able to continue to support XP
SP1 and Win 2k, and thereby gain all those users, since per your other
message they'll just switch to another browser -- sounds like a real
opportunity for you.
Mike
I don't see that position stated in the quote -- why do you think that
Mike believes that they would upgrade only to get Firefox? (Though "a
single user" is a pretty low bar, so I'd probably be willing to make a
wager.)
> And dropping Win2k support will be a very good argument for business not
> using Firefox ;-)
They'll have to stick with IE6 if they want to keep Win2K on desktops,
I think, since IE7 isn't supported there AFAIK. That's not really an
addressable market for us regardless, I'm pretty sure, so we should
again focus on getting the most result for our investment.
Mike
> Do we have any reliable numbers from our own download and AMO
> statistics on the percentage of users, which are still using W2K?
> I think this discussion would benefit from those numbers.
I, too, would like to see some actual numbers from our user-base
(downloads, hits on mozilla.com, ADUs, etc) before making a
determination on what we should do about Windows 2000.
-Sam
Wrong. We can't go with different requirements than the Geck we base
upon - well, unless, of course, we go and switch to WebKit and rewrite
our UI on some sucky native UI library. Though, before the latter
happens, I'd move to either be a Firefox or KDE dev. ;-)
Robert Kaiser
> Microsoft policy is completely important, if that's when security
> updates stop happening. I don't think we want to put time and
> resources into operating systems which will rapidly be exploited. https://isc.sans.org/survivaltime.html
> has a fun graph which shows average time to exploit an unpatched
> system exposed to the Internet.
This is slightly off-topic, but do we know if those exploits are from
just attaching the Windows network stack to a port or if they're from
browsing with IE? If it's mostly the latter, then by preserving
Firefox support for those users we're actually helping to protect them.
cheers,
mike
I believe those stats are based on the default set of
applications/services that can be remotely tickled for the various
operating systems, based on the list of ports they provide. They
would likely respond promptly to an inquiry on the topic, if asked.
Mike
Sure, but the SeaMonkey team could maintain the alternate code paths
and compensations required for XP SP1 and Win2K, and drive the testing
on those platforms, right?
Or is that not a good use of your limited resources either? :)
Mike
Erm, to be serious, we have good reasons to reduce the amount of code we
maintain and use toolkit instead of xpfe - I guess that should answer
your question ;-)
And yes, I know, that's all tough calls, but I wonder why we support
MacOS or Linux at all when it looks so easy to probably abandon more
users than we have on both of those together (has anyone stats that
would back or disprove that assumption?)
Robert Kaiser
We would lose a lot of our developers, and valuable tools (shark,
valgrind), if we didn't support those operating systems, to say
nothing of Linux being one of our major mobile platforms. Are you
just trolling, or do you really not know that?
Mike
But as I pointed out, updating is not always easy. Many, many users
avoid Windows updates if at all possible because historically they know
updates break things and rarely offer significant improvements.
> illegally using their OS and cannot upgrade due to that, I do not want to
> have to bend over backwards to recreate their environment to reproduce the
> bug and test a fix (in addition, there are moral issues with helping these
I think there is a large gap between "continue to support XP SP3 on
1.9.2" and "bend over backwards". Of course maybe I should try yoga.
> users). I would argue that supporting those systems doesn't help the needs
> of the vast majority of users who are using their OS legally and properly
> maintaining it.
But do you really want to base decisions on morality? Shall we ask users
to certify that their machine is being used legally and has been dusted
regularly? They never surf to sites on a mozilla-do-not-visit list?
Always properly shutdown at night?
I don't think any of this is mozilla's business. The only issue is the
number of users of XP SP2.
jjb
Actually, I wanted to point out (somewhat in a somewhat tongue-in-cheek
way) that the number of users we're dropping with this decision might
outweigh the number of users we have on those other platforms which we
apparently value significantly. Of course, there's a lot of guessing
involved, as I'm not someone who has access to that shrine that keeps
all the actual number to back or counter that assumption.
There are a quite significant number of business users out there who are
still on Win2k (I don't care so much about XP < SP2) and it's not even
unheard that Microsoft itself prolongs support times for versions
heavily used in businesses (they even did so for Win98).
We once had that plan that our releases after 1.9.0 would be smaller in
scale and happen more often - I think 6 months was the target then, and
yes, 1.9.1 missed that by far. I for one moment assume that this is
still the plan - we don't have dates yet but you might know more than
me, even this open community shows that early-stage information is still
closed to smaller groups often enough. With all that in mind, the
6-month post-1.9.2.0 maintenance period of 1.9.1 would suggest that the
last version that supports Win2k might even be out before the current
official EOL of Microsoft support for Win2k, even if they don't prolong
this due to significant business usage.
Unsupporting a Windows version before even Microsoft drops it would be
very much unprecedented, and given that the primary argument seems to be
limited manpower and our manpower has nothing else than significantly
increased over the last years, sound like something not that easy to buy
in for someone watching this.
Of course, we are becoming more and more like big companies regarding
the decisions made, and while that might be good from some points of
view, it's not so easy to sell to those parts of our community that
expect us to think differently.
Robert Kaiser
> And yes, I know, that's all tough calls, but I wonder why we support
> MacOS or Linux at all when it looks so easy to probably abandon more
> users than we have on both of those together (has anyone stats that
> would back or disprove that assumption?)
According to Net Applications, both OS X 10.5 and 10.4 are more popular
than Windows 2000 (6.00% and 2.66% vs. 1.24%).
Windows 2000 is more popular than Linux (0.90%) and all major mobile
platforms that we currently support or intend to support (Symbian 0,06%
and Windows CE 0.05%) combined.
Mike makes a good point however on the importance of Linux as a dev
platform (although based on my experience at the summit, pretty much
every techie in the US now runs a Mac).
But based solely on marketshare, we should not abandon W2K yet.
I couldn't find any data on Windows XP service pack allocation.
My "guess" would be that many people have at least updated to SP2,
since it was really a major update with many security and feature
enhancements that were widely discussed in tech *and* general media.
But I don't have any hard numbers on that. My "guess" for the update
to SP3 however is that not nearly as many people have made that step,
since it was mostly just a bundling of past security patches.
For example my company (Big4 professional services/auditing company
with roughly 120.000 Windows installations worldwide) is still
running Windows XP SP2, but Microsoft security updates are regularly
installed.
Cya
> Wait, you seriously believe one single user would upgrade their OS just
> because there's no new Firefox available for them?
(One not-typical user story:)
Not just because of Gecko, and only after a long time with v1.8.1,
but I did eventually replace my W98SE with W2Ksp4.
That was after Microsoft and everyone else stopped providing
softwares/updates for W98.
The only interesting point was I could run W98 without a need for
firewall nor antivirus.
Now, while WXP has some improvements I miss somewhat in W2K,
I'm certainly not interested in some other new features of WXP and beyond.
...
My goal would be to move to Linux, but that looks like a "big" task, and
I know beforehand some of the softwares I use are still available on
Windows only :-/
(Anyway.)
Thanks,
Aakash
-Sam
_______________________________________________
dev-planning mailing list
dev-pl...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-planning
> According to Net Applications, both OS X 10.5 and 10.4 are more
> popular
> than Windows 2000 (6.00% and 2.66% vs. 1.24%).
>
> Windows 2000 is more popular than Linux (0.90%) and all major mobile
> platforms that we currently support or intend to support (Symbian
> 0,06%
> and Windows CE 0.05%) combined.
cheers,
mike
-- Aakash
Because SP2 will reach end of life before 3.5 reaches end of life.
Supporting SP2 for 1.9.2 would mean supporting a "dead man walking" OS
for at least a year, if not longer.
-- Mike
And? If our users are there, I don't think we should simply drop
support because Microsoft has.
I already know the answer, but, uh, have you read through the dropping
10.4 discussion? And the dropping 10.3 discussion before it? I know
you have, yet a lot of your statements here are basically what Josh
was saying before.
Frankly, without actual data to back the discussion, I don't know why
we're even having it now. I saw a couple of things that we'd like to
do in SP2 and later. That's fine. Where's the list of things we want
to do that are only available in SP3 and later? Where's the data
saying 90% of users have upgraded from SP2 to SP3? I'm not sure why
we're talking about dropping support for XP SP2 at all yet, especially
without strong reasons why.
-Sam
My parents were on rural dial-up for years. 56K modems running at
about 5K because of the old phone lines. Auto-updating their OS to SP2
or SP3 was practically impossible, and ordering an upgrade CD... well
they didn't even know such a thing existed. They had Firefox installed
because I put it on a flash drive one weekend and installed it for
them. The cost of upgrading in terms of time/effort was fairly high
for them, and I'm guessing there's 2 or 3 million like them in the US
alone. But I think they would have taken offense to someone refusing
to fix bugs purely as an argument against their OS. It comes off as a
"We know better than you" sorta situation. If the cost in Mozilla's
time in terms of bug fixes/implementing features is high though (how
high is it again?), that doesn't seem nearly as harsh.
Taking the problem with a different angle, most of the third world and
emerging countries use pirated software, all numbers I have seen about
China were saying that +90% software used was pirated and I suspect that
XP SP1 is the easiest one to pirate since it didn't include the "genuine
advantage" software in it.
Given that security on the net seems to be a low priority concern for
users in Asia and the fact that most people use a pirated version of
Windows, I think we should evaluate if stopping support for older
versions of Windows is not going to hinder our growth in emerging
markets and specifically China (basically asking Mozilla China if they
have some insight on the matter).
Regards,
Pascal
> On Apr 14, 2009, at 5:19 AM, Simon Paquet wrote:
>
>> Do we have any reliable numbers from our own download and AMO
>> statistics on the percentage of users, which are still using W2K?
>> I think this discussion would benefit from those numbers.
>
> I, too, would like to see some actual numbers from our user-base
> (downloads, hits on mozilla.com, ADUs, etc) before making a
> determination on what we should do about Windows 2000.
What you really want is the trend data, I would think, since what
we're making a decision on is based on how many users will still be
using that OS version when 3.5 hits EOL. If we ship .next sometime
next spring, we're talking late 2010 before those users lack a
supported browser version. Right now, we're at similar numbers to the
Net Applications numbers. Between now and then we'll see Windows 7
ship, which always spurs a new round of hardware upgrades and trickle-
down, plus a year or more of the natural trend for hardware to die and
be replaced (again, remember that we're dealing with 2004-era hardware
at best, so a lot of computers are reaching end of natural life). I
don't doubt that some people will be left behind, but we gave up 4% of
our users who were on Win98 when we dropped Win9x support for 3.0, so
Win2k is already way under that threshold.
-- Mike
> On Apr 14, 2009, at 9:54 AM, Michael Connor wrote:
>> On 14-Apr-09, at 5:39 AM, Robert O'Callahan wrote:
>>> On 14/4/09 4:37 PM, Michael Connor wrote:
>>>> Put another way, XP (no SP) and XP SP1 have been unsupported and
>>>> unpatched for years now.
>>>
>>> Those are excellent reasons for dropping support for XP/noSP and
>>> XP/SP1. But why drop support for XP/SP2?
>>
>> Because SP2 will reach end of life before 3.5 reaches end of life.
>> Supporting SP2 for 1.9.2 would mean supporting a "dead man walking"
>> OS for at least a year, if not longer.
>
> And? If our users are there, I don't think we should simply drop
> support because Microsoft has.
If our users are happy running an insecure OS with no updates, they
can run the last version of 3.5 as well. If we do have users there,
it is in their best interests to upgrade to SP3 and continue to
receive security updates for their systems. Unless they really really
like spyware and being used as a spam gateway.
> I already know the answer, but, uh, have you read through the
> dropping 10.4 discussion? And the dropping 10.3 discussion before
> it? I know you have, yet a lot of your statements here are basically
> what Josh was saying before.
I was the one who made the final call on 10.3, of course. For 10.4,
of course, there's some significant differences. Win2k is a lot fewer
users than 10.4 (10.4 has 3x the number of users as Win2k), the
timeframe is a lot longer (10 year old OS, replaced 8.5 years before
EOL, last widely sold on PCs around 2002, though some could be as new
as five years old), and Microsoft provides a finite date for the end
of actual patch support, instead of requiring guessing on our part.
We know that after that date, users will be vulnerable and
unprotected, and we know that even a current OS without patches is
vulnerable when connected to the internet. All of these things are
real data points.
> Frankly, without actual data to back the discussion, I don't know
> why we're even having it now. I saw a couple of things that we'd
> like to do in SP2 and later. That's fine. Where's the list of things
> we want to do that are only available in SP3 and later? Where's the
> data saying 90% of users have upgraded from SP2 to SP3? I'm not sure
> why we're talking about dropping support for XP SP2 at all yet,
> especially without strong reasons why.
There's plenty of data. Predicting the state of OS versions for when
3.5 reaches EOL is going to be fairly imprecise, but win2k's share
after July 2010 is likely to be tiny, declining, and heavily zombified.
SP2 vs. SP3 isn't especially interesting, but I would rather have a
policy around ensuring that we support OS versions through their EOL,
but not beyond. That's the best tradeoff between resources and users
I can think of.
-- Mike
I think what people are missing -- including myself -- is what the
resource cost _is_ for supporting SP3. I don't think we gain anything
by being doctrinaire about OS support, though I'm fully in favour of
making economic choices to ensure that we don't bear costs out of
proportion with their returns.
It seems like moving to SP3 is just for the sake of moving to SP3, and
not because it actually gains us anything on the development or
support side. The < SP2 and Win2K cases are much clearer, so it may
well be that there's just something about supporting SP3 that I'm
missing.
Mike
I think it's entirely possible that it will hinder our growth in those
areas. I am not at all convinced that we want to target pirated
software to succeed in our mission. I think it's a bad position to
take for mozilla.org, and I have moral and ethical issues around
effectively supporting piracy by making decisions to ensure that users
of illegal software can use our product.
-- Mike
It's actually pretty likely that supporting SP2 is not much different
from SP3. That's the current baseline for IE7/8 and Chrome, so I'm
fine with that, at least for now, and we can watch to see whether they
change their baselines once SP2 reaches end of life. Of course,
getting a working SP2 install after next July will be more
complicated, but that's why we have MSDN subscriptions, I guess!
-- Mike
That's a fine discussion to have, but we should have it before we
decide how to use or not use such data in deciding operating system
support. Especially when the vendor of the operating system itself
has taken varying stances on how or whether to support unlicensed
copies with security updates. The security of those users running
pirated software is not just an issue for them, but has pretty
wide-ranging effects on the security of other internet users as well.
Mike
>
> illegally using their OS and cannot upgrade due to that, I do not want to
>> have to bend over backwards to recreate their environment to reproduce the
>> bug and test a fix (in addition, there are moral issues with helping these
>>
>
> I think there is a large gap between "continue to support XP SP3 on 1.9.2"
> and "bend over backwards". Of course maybe I should try yoga.
I wasn't suggesting that we drop XP entirely for 1.9.2 (in more than a few
years, we probably will). Supporting XP < SP2 (or worse, systems where
people "remove IE") is bending over backwards because it is almost like a
different OS (APIs and behaviors are different).
> of the vast majority of users who are using their OS legally and properly
>> maintaining it.
>>
> users). I would argue that supporting those systems doesn't help the needs
>
> But do you really want to base decisions on morality? Shall we ask users to
> certify that their machine is being used legally and has been dusted
> regularly? They never surf to sites on a mozilla-do-not-visit list? Always
> properly shutdown at night?
Morality is not the only factor in making a decision and I never said it was
the base for all of mine or should be for everyone. In fact, I never said or
implied any of those things you listed there.
I don't think any of this is mozilla's business. The only issue is the
> number of users of XP SP2.
It is if they have put their machine in a state that is unsupported or
unstable due to these activities. We don't fix the bugs in the download
scanner that resulted from people "uninstalling IE" and I don't think you
will find many people who disagree with that policy.
-Rob
SP3 is two things, a chunk of updates that you probably already got from
Windows Update, but could have declined:
* MMC 3.0, nothing to do with us
* MSXML 6, nothing to do with us (I hope)
* Windows Installer 3.1, nothing to do with us the way things seem to be
going
* BITS 2.5, I'd be surprised if we decided to use it instead of rolling
our own
* IPSec Simple Policy Update, nothing to do with us
* Digital Identity Management Service, nothing to do with us
* Peer Name Resolution Protocol, nothing to do with us
* RDP 6.1, nothing to do with us
* WPA2, a stretch to claim it's to do with us
and a chunk of new things:
* better black hole router detection, nothing to do with us
* Network Access Protection, nothing to do with us
* CredSSP, nothing to do with us
So unless I'm misunderstanding one of the things which sound like they
are only about interactions with Windows servers on your Window LAN,
requiring SP3 would be an entirely non-technical choice unless we plan
on doing an .msi *and* using a feature that was in the 3.1 update, or
using BITS for background downloads.
I think it would be helpful if someone can enumerate the reasons why XP
SP2 is unsupportable or unstable for 1.9.2. Mike Connor's proposal cited
Microsoft's EOL policy at the reason. I don't think this is enough of a
reason, because Microsoft updates beyond SP2 are not easy nor valuable.
But perhaps there are other reasons?
jjb
Did you see Mike's reply to my later in this thread, agreeing that SP2
was an OK baseline?
Mike
-- Mike
Yes! And if the trend data shows that XP SP2 is not significant its a
reasonable thing to ditch supporting it.
jjb
i personally thin dropping support for windows 2000 and all pre xp sp2
os would be a good idea
i dont think dropping support for xp sp2 is good idea because
maintaing support for it would not be much harder then maintaining
support for sp3
My XP SP2 system has not been exploited in the almost 5 years since SP2.
How rapid are we talking ;-)
I think we might have a different view of the value of Windows security
updates for individuals.
From what I understand, the probability of a machine being exploited is
primarily determined by the type of Internet connection and the
frequency of dubious software installs. Since, as you have pointed out,
the number of attackers is very high, and since the OS is not fully
protected, any machine be exploited sooner or later. In this reality,
security updates and anti-virus software delay attacks but don't prevent
them. Would you be willing to run a fully updated Windows box on the
open Internet? If so my information is just out of date.
I agree with the general principle of encouraging better security. I
just don't think that it should be the primary issue for support
decisions because it has higher cost and lower benefit than one would hope.
jjb
> Mike Connor wrote:
>> On 4/14/2009 2:39 PM, John J Barton wrote:
>>> Rob Arnold wrote:
>>>>
>>>> I don't think any of this is mozilla's business. The only issue
>>>> is the
>>>>> number of users of XP SP2.
>>>>
>>>>
>>>> It is if they have put their machine in a state that is
>>>> unsupported or
>>>> unstable due to these activities.
>>>
>>> I think it would be helpful if someone can enumerate the reasons
>>> why XP SP2 is unsupportable or unstable for 1.9.2. Mike Connor's
>>> proposal cited Microsoft's EOL policy at the reason. I don't think
>>> this is enough of a reason, because Microsoft updates beyond SP2
>>> are not easy nor valuable. But perhaps there are other reasons?
>> It's not about being "unsupportable" so much as "a platform which
>> will rapidly be exploited" given that it won't get security updates.
>
> My XP SP2 system has not been exploited in the almost 5 years since
> SP2. How rapid are we talking ;-)
>
> I think we might have a different view of the value of Windows
> security updates for individuals.
Your SP2 system is still getting security updates though. After July
2010, it won't, so it's largely a factor of how soon a new exploit is
discovered that is left unpatched by Microsoft, and of course whatever
other mitigations you have in place.
Firewalls/security software do help as well, but I'd be curious how
many people will ensure they use those but not upgrade to SP3 to keep
getting updates and be as protected as possible. It's basically like
choosing to stop locking your doors and letting your alarm system be
your protection, it's not the best thing you can do, and your odds of
your stuff getting stolen go up. By how much isn't really my domain,
but from the research on the subject, it's pretty much critical.
-- Mike
One thing we have to keep in mind is the possibility that Microsoft will
extend the support cycle for products in response to customer demand,
especially enterprise demand. They've done it before.
I think it makes sense to drop support for a platform when the vendor
does, but not before. As long as there's a possibility 1.9.2 will ship
while XP SP2 is supported by Microsoft, we should support it too.
Rob
Or is this minimum requirements as in "Developers are not required to
ensure that code compiles with VC7.1 and runs on Windows 2000 but we
accept contributed patches"?
What is the cost on our side to actually supporting these? Being one
of the few people who has done a lot of Windows development over the
last few cycles, I can tell you that keeping things working on 2K
isn't really very hard.
stuart
If somebody cares about security, he has upgraded to SP3. (or at least
he has installed the patches manually)
> Michael Connor wrote:
>> Raise the minimum requirements for Gecko 1.9.2 (and any versions of
>> Firefox built on 1.9.2) for Windows builds to require Windows XP
>> Service Pack 3 or higher.
> Firefox has only just dropped support for Windows 98/NT4 (i.e. no
> more Gecko 1.8 branch releases), while Thunderbird and SeaMonkey's
> official (as of time of writing) current releases still run on
> Windows 95 (and MinGW SeaMonkey seems to run fine on my Windows NT
> 3.51 tinderbox, although someone complained that release builds
> crash on startup). So dropping Windows 2000 would seem to be a
> little premature.
3.5 (Gecko 1.9.1) will continue to run on Windows 2000. That means
that we'll be running on a ten year old OS, which is five years better
than Linux or Mac versions we support. The real issue is that when
Gecko 1.9.1 reaches EOL in fall 2010 (likely at the earliest) then we
won't have support for Windows 2000. I think that's acceptable,
overall.
> Or is this minimum requirements as in "Developers are not required
> to ensure that code compiles with VC7.1 and runs on Windows 2000 but
> we accept contributed patches"?
I don't think that we want to continue to maintain code for 10 year
old operating systems, unless it's build-time defines (i.e. OS/2) that
we explicitly don't care about at all. It's still a drain on
reviewers, it's still more code surface to maintain, and it's likely
pulling resources away from more critical tasks. The point is to
focus effort where it is best leveraged, and code writing is just one
facet of that cost.
-- Mike
* I haven't heard of any plans to raise the Chromium support baseline
from XP SP2 to XP SP3 once SP2 is EOLed. Most of our discussions are
based around cost/benefit, and the SP2->SP3 change doesn't really
affect either of those much for Chromium.
* Dropping W2K support does not eliminate the need to support non-
uxtheme codepaths, as those same paths are used in Classic Mode on the
later OSes (you don't get uxtheme there either).
* Even without theme gains, I can image a lot of other gains from
dropping 2K support, such as greater ability to sandbox processes if
you guys decide to go that route, tons of UI bugs fixed, etc. Plus,
Firefox [>3.5] usage on 2K is presumably likely to be low since at
this point the majority of 2K users are corporations for whom
installing new software is somewhere between "not a priority" and "not
an option". Thus the actual number of users affected would be
noticeably lower than the global fraction of W2K users.
Best wishes,
PK
I agree. As far as the APIs that we use, there is nothing besides the themes
that 2K "hinders" (just some slightly awkward dynamic loading of uxtheme;
every Windows OS supports Classic so there is no large code removal). Even
with XP pre SP2 there is not much there that we have had to work around (The
IOfficeAntiVirus implementation came before the newer IAttachmentExecute
IIRC). I would like to see an argument made on the basis of API or UI
features that we would like to take advantage of where support for 2k and XP
would hinder a clean implementation for the Windows platform. It may very
well be that future work with process/plugin isolation (sandboxing) will
motivate this but until that work is committed to a release, I am hesitant
to support dropping our support for these operating systems.
That said, I still think that support XP with SP1 or no service pack is
harder due to the changes in SP2. If you think about the number of Windows
machines that developers have to test on, supporting those two editions is
still too much. At current count, we have 5 supported editions of windows:
2000, XP SP2+, Windows Server 2003 (there are tinderboxes for this), Windows
Vista, and Windows 7 (if not now, then when it releases this year) versus 3
for OSX and 2(?) for Linux.
What about bumping XP < SP2 down a tier? It would be nice if we had a policy
on free major OS updates (this applies only to systems that cost money such
as Windows and OSX). Does mozilla-central run on a clean install of the
original Windows 2000 release? I suspect there is a hidden requirement for a
service pack level for it but no one has complained about it yet.
-Rob
> On Tue, Apr 14, 2009 at 7:33 PM, Stuart Parmenter
> <stu...@gmail.com> wrote:
>
> I agree. As far as the APIs that we use, there is nothing besides
> the themes
> that 2K "hinders" (just some slightly awkward dynamic loading of
> uxtheme;
> every Windows OS supports Classic so there is no large code
> removal). Even
> with XP pre SP2 there is not much there that we have had to work
> around (The
> IOfficeAntiVirus implementation came before the newer
> IAttachmentExecute
> IIRC). I would like to see an argument made on the basis of API or UI
> features that we would like to take advantage of where support for
> 2k and XP
> would hinder a clean implementation for the Windows platform. It may
> very
> well be that future work with process/plugin isolation (sandboxing)
> will
> motivate this but until that work is committed to a release, I am
> hesitant
> to support dropping our support for these operating systems.
Again, I think this is developer-centric, when the burden of "support"
comes in a bunch of situations. Are we okay with not having unit
tests/performance tests/etc on operating systems we count as
supported? Are we okay with not actually having QA test these
operating systems before releases? If not, the cost is considerable.
If we are, then we should really call out the idea that those OS
versions are really at a lower-tier "might work, but no promises"
level. Whether they continue to work or not is probably dependent on
some things (i.e. process separation) that we're exploring, but
there's no good reason to argue that Windows 2000 and Windows Vista
should be equally supported..
(I'm surprised we haven't had more bugs that target older systems
without the security protections added in SP2, but I suppose those
targets aren't especially interesting to security researchers.)
> That said, I still think that support XP with SP1 or no service pack
> is
> harder due to the changes in SP2. If you think about the number of
> Windows
> machines that developers have to test on, supporting those two
> editions is
> still too much. At current count, we have 5 supported editions of
> windows:
> 2000, XP SP2+, Windows Server 2003 (there are tinderboxes for this),
> Windows
> Vista, and Windows 7 (if not now, then when it releases this year)
> versus 3
> for OSX and 2(?) for Linux.
Except we do support XP SP1 now, technically, and we've had to dig up
machines to test (tricky without MSDN).
> What about bumping XP < SP2 down a tier? It would be nice if we had
> a policy
> on free major OS updates (this applies only to systems that cost
> money such
> as Windows and OSX). Does mozilla-central run on a clean install of
> the
> original Windows 2000 release? I suspect there is a hidden
> requirement for a
> service pack level for it but no one has complained about it yet.
I think it might be okay to have it be similar to Windows 95, which
wasn't actually supported, but until Firefox 3 would run fine. What I
don't want to see is us spending dev/releng/QA cycles on OS versions
that aren't widely used, and will continue to decline over time.
Similar to tier-2, we won't actively break it, unless we have to. But
I don't think anyone can argue that win2k would be more important than
process separation.
-- Mike
I would 100% support bumping Win2k to tier 2.
I'd probably even support bumping XP vanilla and XP SP1 there.
-Boris
I have SP2. I access the Internet through a dial-up connection.
Downloading SP3 would take about 6 hours! And all it would do is
consolidate most of the SP2 patches I have already downloaded
individually. Yes, I have rejected some SP2 patches; most of them
relate to capabilities I don't use (e.g., ActiveX, Outlook Express).
Is this proposal to block me from using Gecko 1.9.2 just because I don't
have a flag saying SP3? If so, this is either craziness or arrogance.
--
David E. Ross
<http://www.rossde.com/>
Go to Mozdev at <http://www.mozdev.org/> for quick access to
extensions for Firefox, Thunderbird, SeaMonkey, and other
Mozilla-related applications. You can access Mozdev much
more quickly than you can Mozilla Add-Ons.
> I have SP2. I access the Internet through a dial-up connection.
> Downloading SP3 would take about 6 hours! And all it would do is
> consolidate most of the SP2 patches I have already downloaded
> individually. Yes, I have rejected some SP2 patches; most of them
> relate to capabilities I don't use (e.g., ActiveX, Outlook Express).
>
> Is this proposal to block me from using Gecko 1.9.2 just because I don't
> have a flag saying SP3? If so, this is either craziness or arrogance.
Block? No not at all. I don't think Firefox checks the service pack level at
all (I have not exhaustively check all the code). I don't think Firefox
checks the OS version for anything other than turning certain features on or
off (theming comes to mind). In some cases, it checks for features rather
than versions (the download scanner is an example of this).
-Rob
My school runs almost ENTIRELY Windows 98 (mostly SE, some FE), and
Windows 2000 SP4. I last counted 40 machines in the entire school that
run Windows XP, out of the couple hundred that are there. Our main
computer lab runs Windows 98 SE, one classroom is a Windows XP SP2
computer lab, and the library has mostly Windows 2000 SP4 machines. A
classroom also has a set of computers (but isn't a computer lab, go
figure...) that run mostly Windows 2000 SP4, I think just a little
more than half of them run Windows 2000 SP4. I really don't want to
see our school drop Firefox because you guys are dropping Win2k SP4
support. My school has zero intentions of upgrading the machines. They
won't even consider Linux, because they believe that all their EULA
and site licensing agreements would be voided if they even ran one
machine with Linux on it officially. And no, SeaMonkey is not an
option, simply because it provides email & newsgroup support. Now, if
I could get those people at the school to put Linux on the Win 98
machines AT LEAST, then I would be happier, because it is a pain to
work around. Still... several schools in our area run primarily
Windows 98 and Windows 2000. There is no way you should drop Windows
2000 support.
SP1, IIRC.
Perhaps not. But supporting new Firefox on an unsupported OS is
endorsing their decision to stick with that OS. So if they get pwned via
an OS hole, we are in some way responsible for lulling them into a false
sense of security.
IMO, anyway.
Gerv
If those machines are connected to the Internet, then your admins are
being very antisocial. Other people suffer when your unsupported OS
machines get recruited as spambot zombies.
Gerv
Well, it depends if Mike is talking about dropping XP SP2 for technical
reasons (we want to use a new API) or testing reasons (supporting more
versions increases the size of the testing matrix.
One possible conclusion to this discussion might be "we'll keep using
SP2-compatible APIs etc. but not test on it". At which point, SeaMonkey
could take up that mantle.
Gerv
What we have here is a thinly disguised request to let Microsoft
decide which systems Firefox will work on.
Apparently the gentleman making the 'proposal' has not actually gone
through the 'free upgrade' to XP Service Pack 3. If it cannot be
installed without the Genuine Advantage service, SP3 goes on the Vista
trash heap.
That 'upgrade' is free...as in DRM.
We could be purists and refuse to support closed-source systems,
especially the ones that keep checking to see if the user is obeying
the programmers' ideas of the copyright laws -- but this is a proposal
to make things worse and take away support from a couple of operating
systems that allow users to determine what is fair use and do not
enforce the idea that what Microsoft thinks is fair is fair and what
the users think does not count.
By the way, before one makes such a proposal in software development,
one should conduct a requirements analysis. The comments in the
thread make it clear that the idea is one of dropping support for a
major if not majority proportion of the user base. What's next, a
request for a 20 billion dollar bailout from the U.S. government?
On Apr 13, 10:33 pm, Michael Connor <mcon...@mozilla.com> wrote:
> Proposal:
>
> Raise the minimum requirements for Gecko 1.9.2 (and any versions of
> Firefox built on 1.9.2) for Windows builds to require Windows XP
> Service Pack 3 or higher.
>
> Background:
>
> Supporting multiple OS versions is not zero cost, in terms of testing,
>[...]
> Additionally, the continued availability of security updates for the
> OS level is important, as users on unsupported of operating systems,
> especially Windows, are highly vulnerable no matter what we do, so
> there is a strong argument against giving those users a reason to stay
> on that platform.
>
> On July 13, 2010, Microsoft will end all support for Windows 2000 (all
> service packs) and Windows XP Service Pack 2 (XP SP1 and the original
> XP have already passed their end of support). This means that after
> this date, these OS versions will not get any security updates and
> will not receive any support from Microsoft. Service Pack 3 is a free
> upgrade for all XP users. Windows 2000 has no free upgrade path, but
> has not been available at retail since March 2004, and was last
> legally sold as a preloaded OS in March 2005, which is over four years
> ago, and will be more than five years from when we ship the last
> supported version of Firefox. Users should be able to successfully
> migrate to XP or Linux if they intend to keep using their old hardware.
>
> Affected Users:
>
> All users still running either Windows 2000 or Windows XP Service Pack
> 2 (or lower). As Service Pack 3 is a free upgrade for XP users, only
> Windows 2000 users will be forced to change their OS to use the next
> version of Firefox.
>
>[...]
> Relevant Links:
>
> General Microsoft Support Lifecycle Policy:http://support.microsoft.com/lifecycle/
>
> Windows Service Pack Support End Dates:http://support.microsoft.com/gp/lifesupsps#Windows
>
> Windows 2000 Support Lifecyclehttp://support.microsoft.com/lifecycle/?p1=3071
Windows 2000 has been released in early 2000, that means it will be 10
years old when Firefox.next is released. At this point Windows 7 will be
released. IMHO a good point in time to upgrade to Windows 7.
Of course such a upgrade is not cheap, but IMHO necessary because of the
security aspects.
Further this means we can drop support (mostly companies still use
Windows 2000)..
An other question: What about the costs of dropping and still
supporting? That would be interesting.
The machines might be firewalled. Or not. But in any case, the school
situation is a tough one because they typically simply do not have the
money to upgrade machines until they die (and I include getting new OS
licenses in that). And 2000-ish corresponds to the big push to get
computers in every classroom and such nonsense... :(
Which is not to say that this should dictate our decision, but I doubt
the admins in question (assuming there are any; it wasn't uncommon to
dump computers into schools in job lots without bothering to hire anyone
who could administer them; one of the teachers would be tasked with the
administration duties) are out to get you. They're just trying to do
the job with no money and likely little experience.
-Boris
I'd suggest you actually talk to school principals and school board administrators about this situation and I'll bet that they'll come right back at you and tell you that there's much more important things (i.e. broken ceiling panels, lighting fixtures, 20 year-old textbooks, TEACHER'S SALARIES, etc.) that are much higher in the priority list than upgrading their non-broken machines over to Win XP SP3 (that they still can't afford to pay for). This isn't just the US either as it's all over the world and affects a ton, if not all, of public schools that just don't have the funds to pay for this. To be honest, this is striking a chord for me as I'm a product of a public high school system and I can tell you right now, this decision will do a lot more harm than good toward spreading the browser as well as the idea of Firefox to the next generation of internet users.
There needs to be a lot more perspective displayed in this discussion than is being messaged out here.
Apologies for the Semi-Rant,
Aakash
Gerv
(Of course, the student with half of the machines running Win98 is
already limited to Firefox 2.x in those situations, and yet he doesn't
seem to have a complaint there.)
Put another way: no other major browser runs on Windows 2000. Why is
it Mozilla's responsibility to use our limited resources to support
these users? How does that help us achieve our overall goals? Keep
in mind we're talking about 1% (and continuing to decline) of our user
base, and of the overall OS market share.
What's the case for continuing to invest in Windows 2000 and pre-SP2
versions of Windows XP? Why are those important to our mission (more
than Win98 was when we dropped it for 1.9)? This needs to be a
rational decision, not an emotional one. We have limited resources,
and my goal is to make sure we pick our battles wisely. TANSTAAFL.
That said, I think it's clear that we can just drop these OSes to
tier-2 and not promise anything, but not actually block users unless
we run up against something that requires us to do so. I'll post a
wrap-up later this week with a clarified proposal.
-- Mike
For the people using dialup - USB keys exist.
The school - even in these economic times, there are companies
disposing of machines with WinXP that aren't worthwhile keeping for
various reasons, not to mention private owners and bankruptcy
auctions. Kids should turn up enough machines certified for XP to
replace every Win2K/98 machine over the timeframe before 1.9.2/3, if
motivated to do so by places like getfirefox.com and social networking
- no harm in a bit of good PR for mozilla either. What's the
educational value in persisting with a 10+ year old OS - there's a lot
of educational value in volunteering to get school equipment and
helping to upgrade and configure it, and a lot of environmental value
too.
As for XP2 or XP3 - in my shop I have not seen any great difference in
migrating to SP3 bar a reduction in the number of required updates -
certainly no regressions of note. SP2 did valuable stuff like turning
on Windows Firewall by default as well as the API changes noted above,
and Windows Installer 3.1 is available and indeed required for some
existing apps. BITS 2.5 is XPSP2-available too.
Mark Dowling
I would beg to differ here...
My employer is a sizeable semiconductor company (10000+ employees)
The company sticks to win2K as desktops and 2003 as servers.
The end-of-life for personal users is not going to influence them in
any way
(they have a customised support agreement anyway)
Now, coming to the Firefox: althogh its use is not 'recommended', it
is also not forbidden
But this is likely to change, if (when?) a next serious security issue
is discovered, with 2K fix not available...
In such case, enjoying, as I do, using Firefox, I will be forced to
switch to IE :(
And there are quite a few other guys in a similar position...
(and, yes, for company clients, IE7 on w2k IS supported, but it is of
no consolation whatsoever for me)
Cheers,
Pawel
Usually what you should learn in school does not always need the best
hardware and an up-to-date OS. Also it's probably easier for
administration when you have 50 identical PCs with Win2K on it than 20
PCs from one company and 30 PCs from another company with possibly very
different hardware configuration. But I think this discussion is rather
off-topic here.
Frank
/sdwilsh
Or more precisely you won't be supported if you try to do it. That's
not the same as "won't be able to".
-Boris
That said, I think it's clear that we can just drop these OSes to
tier-2 and not promise anything, but not actually block users unless
we run up against something that requires us to do so. I'll post a
wrap-up later this week with a clarified proposal. >>
It's pretty clear here that this discussion is just talk. Connor will
"post a wrap-up later this week with a clarified proposal." And that
will be the end of it.
My company runs W2000 and we'll be using IE7 soon enough. At home I
run a Thinkpad with XP SP2 and there have been enough problems
documented about moving to SP3 that when I tried and the install
failed, I went back to downloading individual patches. Why SP3 caused
so many problems when SP2 did not? Don't really know, but it did and
the statistics bear this out. SP3 was not as well received as SP2.
N
> It's pretty clear here that this discussion is just talk. Connor will
> "post a wrap-up later this week with a clarified proposal." And that
> will be the end of it.
http://groups.google.com/group/mozilla.dev.planning/browse_thread/thread/2107a6702524cdbb
> My company runs W2000 and we'll be using IE7 soon enough. At home I
> run a Thinkpad with XP SP2 and there have been enough problems
> documented about moving to SP3 that when I tried and the install
> failed, I went back to downloading individual patches. Why SP3 caused
> so many problems when SP2 did not? Don't really know, but it did and
> the statistics bear this out. SP3 was not as well received as SP2.
Is your company still going to be running Windows 2000 after fall 2010?
-- Mike
Don't know. Vista was bypassed. Too early to tell if Windows 7 is any
better. I have no say in the matter. If you want a guess, I'd say
they'll stay with W2000 instead of investing scare resources in this
economic climate.
Don't know. Vista was bypassed. Too early to tell if Windows 7 is any
Additionally, they do not want to have to move to Vista, which is the
recommended move, but Windows7 won't be out before MS ends support for
W2000. Do they invest twice in a 2 year period? I don't think so. I
think they'll go with Windows7, down the road a bit. If that means
forcing FF off of the corporate desktop, they'll do it.
>>
>> Is your company still going to be running Windows 2000 after fall
>> 2010?
>>
>
> Don't know. Vista was bypassed. Too early to tell if Windows 7 is any
> better. I have no say in the matter. If you want a guess, I'd say
> they'll stay with W2000 instead of investing scare resources in this
> economic climate.
Well, if they're staying on Win2k past then, either they're playing a
dangerous game with unpatched systems, or paying Microsoft for a
custom support agreement (big bucks). Given that you mentioned IE7 is
coming, and other comments about IE7 being available to customers with
paid support contracts with Microsoft, I imagine your company is
paying a non-trivial amount of money to stay on Windows 2000. I'm
sure if they wanted to run Firefox, they could also pay someone to fix
Win2k specific issues, just like they're paying Microsoft to continue
to fix issues. Like I said, TANSTAAFL.
-- Mike
I don't think this is accurate. The schedule is for early 2010, and all
indications are of the launch only being earlier (late 2009 or so).
First, I should write that I concede many of your concerns are valid,
that inevitably all things must come to an end eventually, but at the
same time it seems as though you are deliberately trying to take a
stance then expect others to argue against it instead of starting out
weighing both sides and then only focusing on the strongest points for
each, which has basically strung out this topic longer than it needed
to be.
> Supporting multiple OS versions is not zero cost, in terms of testing,
> code complexity and developer sanity. We have previously raised the
> minimum requirement to Windows 2000 for Firefox 3. We have also
> raised the minimum requirements for Linux and Mac builds in that same
> timeframe.
Fair enough, but doing something once is not a direct justification
for doing it again. There were far stronger reasons for people to
move on from legacy OS versions in years prior to Win2k, it is
somewhat of a cliff in modern PC usability in the fact that it
supports multicore CPUs, Gigs of memory, 48bit LBA hard drives, USB2,
etc. These things are universal needs as they are specs of any semi-
modern system, but beyond these things further OS features are quite
subjective, and in fact, not actually used frequently by most PC
users.
>While we have not formalized a policy by which we drop
> support for OS versions, in general the main concerns have been how
> recently the OS versions have been available and sold (in some cases)
> as well as the ability and costs involved for users to upgrade.
There should never be a factor of the ability of users to upgrade.
You could argue users have the ability to travel to Tibet to acquire a
CD with the browser on it, but this is even more unreasonable. The
goal of a browser seeking to be ubiquitous and gain market share
should be to support the most OS possible. Already many lament the
former days of Firefox becoming bloated, slow. It seems the wrong
path to spend time on future OS issues instead of as universal an OS
support as possible.
> Additionally, the continued availability of security updates for the
> OS level is important, as users on unsupported of operating systems,
> especially Windows, are highly vulnerable no matter what we do, so
> there is a strong argument against giving those users a reason to stay
> on that platform.
I completely disagree. This is an extremely weak argument. With zero
patches, the most vulnerability to an unpatched Win2k, not even SP1,
is the browser. Continued availability of security updates also has
to be weighed against features newly introduced into newer OS, where
there is no flaw there need not be a patch. It is invalid to claim
"giving those users a reason to stay" as if you are judging and
deciding what they should do to run YOUR choice of browser, and a bit
backwards. A user does know what their needs are, if they find
benefits of a newer OS they will upgrade without someone else second-
guessing them, the only argument to upgrade is when someone decides to
abandon millions of users. More likely, the users abandon the
application because they don't want to face the same situation again
in the future before they chose to.
>
> On July 13, 2010, Microsoft will end all support for Windows 2000 (all
> service packs) and Windows XP Service Pack 2 (XP SP1 and the original
> XP have already passed their end of support). This means that after
> this date, these OS versions will not get any security updates and
> will not receive any support from Microsoft. Service Pack 3 is a free
> upgrade for all XP users.
> Windows 2000 has no free upgrade path, but
> has not been available at retail since March 2004, and was last
> legally sold as a preloaded OS in March 2005, which is over four years
> ago, and will be more than five years from when we ship the last
> supported version of Firefox. Users should be able to successfully
> migrate to XP or Linux if they intend to keep using their old hardware.
I do appreciate the issue this poses to software development and
testing, but the reasoning to stop should not include the factors
mentioned.
It is not relevant how many years ago it was, only what the goals of
the browser are and where the time is best spent. What users should
be able to successfully do, is within a context of their time and
money too, and it is incorrect to thing a user must be using "old
hardware" if they are not running the OS with SP level you would
like. XP is a prime example of this, but the same can be said for
Win2k especially in smaller businesses.
>
> Affected Users:
>
> All users still running either Windows 2000 or Windows XP Service Pack
> 2 (or lower). As Service Pack 3 is a free upgrade for XP users, only
> Windows 2000 users will be forced to change their OS to use the next
> version of Firefox.
With all due respect, that is a bit backwards. People pick their OS
with more preference than their browser. A choice to drop support
might be validated in some ways but not with the arguments posed
except for the initial one about time/cost from a development and
testing standpoint. That is the issue and the rest are just excuses.
Be that as it may, there is no charge to use this software so it is
entirely fair to plan support around time and cost.
> As we intend to ship the next version of Firefox in early 2010,
> Firefox 3.5 will continue to be supported under our current support
> policy (six months after the next version) until after those OS
> versions are no longer supported, so users will continue to be
> supported by Mozilla as least as long as their OS is supported.
>
As another person already wrote, "support" really means nothing.
Typical users are not calling in to MS for support, not hanging on the
edge of their seat for the latest OS patches. Their risks, if you are
truely concerned, are only the applications that pose point-of-entry
risks, namely the browser, email client, and windows networking. The
latter isn't much of an issue on a properly secured lan. The former
two, especially the first, is where security starts and almost ends
for over 90% of users.
The point is, we are reaching the point in history where there should
not be a need to perpetually change to a newer OS to do the same
tasks. To take the age old phrase, "if it ain't broke don't fix it".
There is little sanity in changing an OS if it does what is required
and it does for those who stuck with older OS. They are not stupid,
they better than anyone else know if a machine is doing what they need
done, is as patched, as secure, as trendy, or whatever other attribute
we'd like to consider, as required. Many people who aren't
particularly techinically inclinded, which may be the majority of
society, use the originally shipping OS on their PC and only end up
changing when hardware failure forces them to buy a new PC. Through
technology mankind has a hope, and a green one at that, that our
progress allows a system to run for it's useful lifespan which with
today's performance levels (even those of 5 years ago) comes close to
predating Win2k for the most common tasks people do on a pc.
The prior paragraph seems quite on target because of the topic, a
discussion of a browser which is at the heart of the most common tasks
people do on a PC.
What a stupid idea (written by Rob Arnold) from the end of full
support for Windows XP. Vista is a system for the idiots who fell
victim to Microsoft's or people who want to have a "sweet" design /
interface. Windows XP is the best operating system on those days,
change my mind if Windows 7 will work just as efficiently as XP on old
computers. Why improve something that works well (Win XP)? Vista is
only 14% percent of the market. If Firefox will end support for Win
XP, leaving to the opera (and I know that many users will do the
same).
Polish:
Co za idiotyczny pomysł (autorstwa Rob Arnold) z zakończeniem wsparcia
całkowicie dla Windows XP. Vista to system dla idiotów którzy padli
ofiarą Microsoftu lub osoby które chcą mieć "cukierkową" szatę
graficzną/interfejs. Windows XP jest to najlepszy system operacyjny na
te czasy, zmienię zdanie jeżeli Windows 7 będzie działał równie
wydajnie jak XP na starszych komputerach. Po co ulepszać coś co dobrze
funkcjonuje (Win XP)? Vista to tylko 14% procent rynku. Jeżeli Firefox
zakończy wsparcie dla Win XP, odchodzę do Opery (i wiem, że wielu
użytkowników zrobi to samo).
and opera still suport win95 :)
You should support win2k:
For Older System Should Be Information as obligatory homepage message
"Your Operating System is vulnerable, you surf/use at your own risk"
with some funny picture (Linux/MacOS/newer Windows) or something
else :)
You were sounding fairly reasonable until right here. If you connect an
unpatched Win2k system to the internet with no firewall, it'll be owned
in a matter of minutes with no browser involved.
> It is not relevant how many years ago it was, only what the goals of
> the browser are and where the time is best spent.
The "years ago" thing is relevant in terms of the browser goals, and in
particular as a rough proxy for user numbers. If we can get better user
numbers, of course, that's even better. But it's hard to do better for
user numbers a year or year and a half from now, really. Do you have a
time machine?
> The point is, we are reaching the point in history where there should
> not be a need to perpetually change to a newer OS to do the same
> tasks.
While true, we also want to do new tasks
> To take the age old phrase, "if it ain't broke don't fix it".
All OSes are broke, pretty much. We've had to work around bugs in every
singe OS we support. As we add new code for new low-level features
(including silly things like process separation, accelerated graphics,
out-of-process plug-ins), we will run into more and more things we need
to work around, especially on the older OSes in the Windows case
(because the newer ones tend to have more APIs that do the same thing,
so more chance that one of them will happen to work for us).
If those features (and whatever else is being worked on) happen to work
on Win2k, then there won't be a problem: Firefox will just run on it.
If not... which of the above three features would you propose dropping
if we can't make it work on Win2k?
> There is little sanity in changing an OS if it does what is required
Fully agreed, but if it can't do what Firefox wants it to do and you
want to run Firefox, then it's in fact not doing what is required. The
job of an OS is to let you run applications.
> They are not stupid,
Agreed.
> they better than anyone else know if a machine is doing what they need
> done
More or less; see above.
> is as patched, as secure
Generally speaking, no. Heck, _I_ won't claim to know whether my
machine is as secure as it could be or should be, and I work on this
stuff for a living and for fun.
> Many people who aren't
> particularly techinically inclinded, which may be the majority of
> society, use the originally shipping OS on their PC and only end up
> changing when hardware failure forces them to buy a new PC.
Very true, but that doesn't square with the claim that they know
anything about how secure their setup is.
> Through technology mankind has a hope, and a green one at that, that our
> progress allows a system to run for it's useful lifespan which with
> today's performance levels (even those of 5 years ago) comes close to
> predating Win2k for the most common tasks people do on a pc.
Note that hardware lifetimes for typical consumer hardware are < 5 years
nowadays, especially for laptops. This brings us back to the age
question, because if the last hardware that came with win2k was bought 5
years ago and people upgrade OS when they get new hardware (not all, but
most, as you say), what will the user base of Win2k be in Q3 2010?
In any case, the point is that no one is proposing breaking things on
win2k for the sake of breaking them. The proposal is just to not spend
core QA and developer time fixing things if they do break due to new
feature work. Anyone who cares to do said fixing is welcome to do it
and contribute patches: the source is open.
-Boris
> Google Translate (English):
>
> What a stupid idea (written by Rob Arnold) from the end of full
> support for Windows XP. Vista is a system for the idiots who fell
> victim to Microsoft's or people who want to have a "sweet" design /
> interface. Windows XP is the best operating system on those days,
> change my mind if Windows 7 will work just as efficiently as XP on old
> computers. Why improve something that works well (Win XP)? Vista is
> only 14% percent of the market. If Firefox will end support for Win
> XP, leaving to the opera (and I know that many users will do the
> same).
I suspect your translation of my post may have left out a subtle difference:
"We *can justify* dropping 2k/XP entirely better than setting the minimum to
XP SP3"
I worded it this way because I recognized that it is far to early to
consider dropping XP entirely. My point (though not clearly expressed) is
that we gain the ability to use many newer features that Windows has sadly
lacked either in comparison to other operating systems or some reasonably
clearly improved design. If we move the minimum to Vista, we gain many more
such features than if we moved it to XP SP3. Maybe you should read my later
posts in this discussion where I argue against dropping XP and 2000 support
entirely.
My arguments in this discussion are made from the perspective of a
developer, often a systems or platform developer. I rely on others to bring
a non-developer perspective and they have. We proposed (and effectively
decided based on the comments in that thread so far) to set the minimum
supported platform to XP SP2 and move everything below down a tier (this was
my suggestion too).
-Rob
> SeaMonkey is not an
> option, simply because it provides email & newsgroup support.
Fwiw, SeaMonkey allows you to install the browser part only.
I can only ensure you that, most people with win XP will jump on
others browsers like chrome or opera.
Take this for consider while you will be planning new functions for
win Vista...
I'm not an expert but I thin that you should take for consider others
platforms like linux. =>> On Vista OK, on linux it should works as
well...
Take care Rob
It's not clear to me how good the "these computers are owned
anyway" argument is.
AFAIK the "minutes" figures are for a computer with an IP address
on the internet but no firewall.
Old operating systems should be behind a firewall, and I suspect
many of their users are in this situation, even if it is just the
network address translation provided by their modem. This doesn't
eliminate the security risk; it only reduces the exposure;
the low-level network stack is still exposed.
Is it still a reasonable assumption that unsupported OS's are
owned?
I still haven't seen the compelling arguments of how much of an
investment supporting Win2k is. What functionality that we want to be
using is missing in Win2k? How much work do we usually spend on ensuring
Win2k works? Or is it a political matter in terms of what we feel our
users should be using? In that case, would that counter the part of the
Mozilla mission that is about choice and opportunity more or less than
it would foster the openness, innovation and personal security parts?
I think those are the kinds of questions we actually need to think about
here.
Robert Kaiser