The Next Browser War

,----[ Quote ]
| A brand-new crop of browser betas gives us a glimpse of what Web surfing will
| be like when IE, Firefox, and Opera release new versions later this year.
| [...]
| Firefox 3
| The most mature of the betas here is that of Firefox, whose Firefox 3 beta 5
| gives a glimpse of hundreds of new features. Most of them are minor
| improvements, but some are significant enhancements to usability. Users will
| appreciate enhanced auto-completion in the address bar, so you can now type
| in a few letters from the middle of a Web address--not just the first few
| letters--and Firefox will display a list of addresses that match it. Standard
| features like downloading become easier to use through a new pause button and
| other enhancements to the download window.

Finally. Choice. And Microsoft faces more antitrust scrutiny/fines for
Silverlight and standards abuses (Opera complaint).

What the Flock - the Social Browser Revolution

,----[ Quote
| At first, Flock appealed to me in a purely superficial way. As you may have
| noticed, I’m a sucker for style, good design and pretty textures, and Flock
| certainly unites all of these features.
| Fortunately, that’s not all there is to tell. Flock is based on Mozilla
| Firefox and was first released in 2005. Back then it may have been a little
| bit ahead of its time since social web was only in its beginnings. Recently
| however, Flock has enjoyed very positive media coverage and its popularity
| virtually exploded in the beginning of this year, reaching close to three
| million downloads and increasing the number of active users by 135% [Source
| via Wikipedia].

about:mozilla - Firefox, Camino 1.6, Privacy policy, AMO, Security
metrics, and more

,----[ Quote
| Security metrics that matter
| Asa Dotzler, as part of the For the Record project, has written a detailed
| blog post discussing security metrics, and what security metrics actually
| matter. “A number of press articles…are offering the confusing and incorrect
| conclusion that the effective security and safety of web browsers can be
| measured by simply counting the number of vendor disclosed software flaws.
| This kind of measuring is flawed for several reasons, all related in that
| they make it more difficult for consumers to make informed decisions about
| their online safety.”

He refers to Microsoft's bald-faced lies, which ought to get some pro-consumer
groups to launch action against Microsoft (false advertising). More below.


Critical Vulnerability in Microsoft Metrics

,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update.

Web security report says known vulnerabilities fall because criminals pay to
hide them

,----[ Quote ]
| Some researchers fear software vendors are now buying information on the
| vulnerabilities so they can fix them without anyone noticing.
| In other words, Rouland fears, "it is profitable not to (publicly) report a
| vulnerability."

Vista SP1 will contain undocumented fixes

,----[ Quote ]
| Interesting email in today mailbag: *“Will SP1 contain undisclosed or
| undocumented security fixes?”
| For some people, counting the number of security flaws that one OS has
| compared to another is important because it offers a metric upon which to *
| determine which OS is the most secure (personally, I feel that it’s a bogus
| metric, but I’ll let it slide for now). *However, many claim that Microsoft
| stacks the deck in its favor by not disclosing a full list of vulnerabilities
| that have been patched by omitting to include those discovered and patched
| in-house. * * *

Skeletons in Microsoft’s Patch Day closet

,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions. *

Beware of undisclosed Microsoft patches

,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?

Microsoft is Counting Bugs Again

,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
| [...]
| The point: Don't count on security flaw counting. The real flaw is
| the counting.