Pacific Connection(英語)

Lessons From Firefox. Open source developers can learn a lot from Mozilla's new browser

Firefox, the new browser from the Mozilla project, is on track to be the most popular open source application ever to run on a client. The browser is doing something many thought impossible: biting into the market share of one of the most established applications on the planet: Internet Explorer. In the first 10 days, Mozilla claimed more than 1 million downloads, support for multiple operating systems (Linux, various flavors of Windows, and OS X), and localization in 21 languages, (The Mozilla Foundation's Japanese affiliate is at

In the U.S., reviewers have fawned over Firefox. Columnists, colleges and at least one U.S. security agency are advising people to drop Internet Explorer and use Firefox. Internet Explorer still has the vast marketshare, not surprising given its intertwining with Windows. But Firefox has proven that even an entrenched product category is vulnerable if the entrenched product is neglected by its maker. This phenomenon has already occurred on the Macintosh, where Apple's Safari browser so eclipsed IE that Microsoft stopped building new versions for the Mac. While Microsoft is not going to give way to Firefox on Windows, it has its work cut out. Firefox is now the browser to beat.

"Firefox represents a collective step forward for the open source community by legitimizing the development model for millions of consumers," said Blake Ross, Firefox's co-creator, in an email exchange. Ross interned at Netscape at age 14, creating Firefox (originally called Phoenix) in 2002 with Dave Hyatt, and is now a sophomore at Stanford University. "Products like Apache have proven that advanced open source software can match or surpass the quality of its commercial counterparts, but never before has an open source product been so usable and so amenable to the average person. We have good reason to believe that Firefox is the most used open source consumer application in the world. The lesson learned is that open source developers need to focus on providing the same level of quality in the user interface as they do in the backend."

Ross said that open source developers were once "content to develop their products in a vacuum, not really concerning themselves with whether mom and pop are ever going to hear about the software. This grows out of the old 'by hackers for hackers' ethic, and indeed, if you want to develop software for yourself, that's your prerogative. But if you want to compete with commercial companies, you need to give mom and pop some attention."

Firefox's challenge to Microsoft is ironic given that its lineage dates back to Netscape, the browser IE eliminated. At the time, IE was in fact the better browser-more feature-rich, more stable. It was also free, a competitive edge that eventually doomed Netscape (the company), which was bought by AOL, then cast out as the Mozilla project. That's where Ross entered-as a ninth grade student-earning three consecutive summer internships at Mozilla. In 2002, Ross and Hyatt concluded that the Netscape code base was too cumbersome to work with and began largely from scratch-retaining Netscape's Gecko rendering engine. Hyatt went on to Apple, where he helped create the Safari browser. (Safari and Firefox on the Mac look as if they co-evolved.) Ben Goodyear, age 24, became Firefox's lead developer and Ross has stayed involved while attending Stanford.

"I personally believe Microsoft has its hands in too many projects and is unable to deliver focused, quality software," he says. "But in any case, Firefox has never been about 'taking down Internet Explorer.' It's always been about delivering a better web experience to people, wherever those people come from."

Here are some of the lessons learned from the Firefox project.

In an insecure age, security sells

The single biggest factor driving people away from Internet Explorer and toward Firefox is security-or rather, people's insecurity about the simple act of browsing. Firefox developers refused to implement ActiveX (it's only available as a plug-in) thereby avoiding the vulnerabilities that come with that Microsoft technology. If you advise people on good authority that Firefox is safer, they will jump ship in large numbers. And in the U.S., that's the advice from any quarters.

"I suggest dumping Microsoft's Internet Explorer Web browser, which has a history of security breaches," wrote Walt Mossberg, the Wall Street Journal's influential personal technology columnist. "I recommend instead Mozilla Firefox, which is free at It's not only more secure but also more modern and advanced, with tabbed browsing, which allows multiple pages to be open on one screen, and a better pop-up ad blocker than the belated one Microsoft recently added to IE."

The United States Computer Emergence Readiness Team also advocates dumping IE (though not recommending an alternative), noting that the Microsoft browser has a "number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented in operating system libraries that are used by IE and many other programs to provide web browser functionality. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system."

Put the user first

Firefox provides useful features and an instinctive interface without becoming bloatware. It is feature-rich, yet feels nimble. That balancing act can be tough to achieve, but users know it when they see it. "It's a browser built around user needs, not anyone else's agenda," says Nelson Pratt, spokesman for the Open Source Development Lab. "There's no commercial agenda, advertising agenda or operating system agenda." Pratt says that Firefox follows in the footsteps of Apache in focusing on a single need. "Apache serves up Web pages flawlessly. It's very task-specific. It's the same thing with Firefox: it's a small footprint, high-performance, elegantly coded software that delivers the functionality people need and nothing more. That's very much an open source philosophy."

Firefox features that are absent in IE include a lightweight implementation of RSS (Real Simple Syndication) called Live Bookmarks. Firefox's tab feature enable users to switch quickly between multiple Web pages. Users can search directly from the browser on Google, Yahoo, the Wikipedia encyclopedia, and Amazon, among others, and select from hundreds of other search plug-ins on the Mozilla development site, demonstrating that users, not marketing agreements, come first. Another feature long missing from the Windows version of IE: zooming.

In a New York Times column, author and historian Randall Stross blasted Microsoft for making the latest version of IE as part of XP's Service Pack 2-not as a standalone application. Users of earlier Windows versions must upgrade. And if your computer is too slow to run XP? Buy a new computer, advises Microsoft spokesman Gary Schare. "By the same reasoning, the security problems created by a car's broken door lock could be solved by buying an entirely new automobile," wrote Stross. "The analogy comes straight from Mr. Schare. ''It's like buying a car,'' he said. ''If you want to get the latest safety features, you have to buy the latest model.'"

Have the courage to fork

Bryce Harrington, a programmer with OSDL and an early Mozilla participant, argues that the "forking" of Firefox project from the Mozilla code base was a distinct open source advantage. Firefox took what it needed-most notably, the Gecko rendering engine first developed at Netscape-and set off on its own. "You potentially end up with two different development efforts that can explore different ideas and go in different directions. Maybe one will be successful than the other, and that's exactly what happened here-and yet Firefox is still part of the Mozilla project. That's good: sometimes, forks amount to a divorce."

Walt Scacchi, a senior researcher at the Institute for Software Research, says that Firefox is forking at its best. "Mozilla is still viable and ongoing. Yet with Firefox, forking has produced a more succinct, higher performance, more agile browsing capability. It has a much smaller footprint and can be downloaded more readily. It has that new car smell to it - it looks like it's new technology. There's lot of people who are excited to download what they think is the newest and best and coolest technology, and that's partly how they identify their experience in using it."

Develop a Windows version

Some Linux developers argue that if you port your best open source applications to Windows, you leave people no reason to port to Linux. "The counter-argument is that open source applications on Windows gives people a chance to experience them, so that if they do try out Linux, the applications are already familiar," says Harrington.

Administer the project with an iron fist

Blake Ross says that Firefox development was organized "in a vastly different way" than other Mozilla projects. "Basically, we drew a line in the sand and said 'Okay, we strongly value your input, but at the end of the day, these five people are going to make all the decisions about the product.' In the old model, pretty much anyone with an idea and the technical know-how to implement it could proceed without obstacle. That led to software bloat and an absurdly complicated interface that even advanced users couldn't understand. The best advice I can give to other open source teams-because I know this same problem plagues many other projects-is to use an iron fist and make decisions. There may be some backlash initially as your community reacts to the changes, but you'll quickly develop a thick skin, and your product will be better because of it."

Aggressive marketing pays

Mozilla Foundation may be a non-profit venture, but it has handled its marketing like a commercial vendor. Mozilla raised eyebrows especially high by soliciting funding to pay for a two-page advertisement in the New York Times. "Are you fed up with your Web browser?" a headline blared amidst the names of the contributors. "You're not alone. We want you to know that there is an alternative." The audacity of the ad brought Mozilla plenty of attention, as well as helping convince people who had never heard of Firefox that the browser was here to stay. The ad is now available on the Mozilla Website as a "commemorative poster, along with the t-shirts sporting the Firefox logo.

Indeed, one of most telling differences between FireFox and IE is that Firefox t-shirts are selling, while IE t-shirts don't exist. If you want a measure of Firefox's chances for future success, you need look no further than that.

A Conversation with Walt Scacchi

A senior research scientist at the University of California, Irvine's Institute for Software Research, Walt Scacchi has studied the inner workings of open source development: who does it, how do they work together, what processes succeed best. I spoke with him by phone from Honolulu, where he was attending a conference.

Firefox is best known as a secure browser. Is open source a better model for building secure products?
It certainly helps. A growing number of secure and trustworthy products are coming from open source projects in part because people have access to the code: both interested and disinterested parties can look at what's going on. By contrast, when a company does it in house, it's uncertain who gets access, how things are scheduled, what staffing level is dedicated to security versus future product development. So a growing number of software developers find many aspects of the open source software development process more trustworthy.
People talk about the reduced cycle between vulnerabilities and exploits. Is open source better at responding?
There's nothing that would prevent a company like Microsoft from putting together a support community that works exactly in the same way as open source. But it's a business decision that they haven't made so far. The open source community doesn't have the overhead and quarterly earnings accountability of a proprietary software developer. This difference may allow for certain innovations and user/producer relationships that other businesses don't afford.
What was the advantage for Firefox developers in starting largely from scratch?
Mozilla was part of a legacy going back to Netscape. But that code base was put together from a battered and bruised company, with lot of extraneous code put together quickly in order to get released. Firefox's approach started with a cleaner slate. While it does retain the Gecko layout engine, which is both central to Firefox and Mozilla, Firefox is largely a new generation technology that can now focus on today's problems.
Conventional wisdom says that you need usability studies and focus groups. Open source doesn't usually do either, yet Firefox is remarkably friendly.
One advantage for open source communities is the crossover between developers and users. The developers tend to be the users of the systems they built-much more so than in a closed system. So there is no intermediary representing the user. The developers understand usability first hand. That said, open source software projects do often suffer for a lack of attention to usability concerns, so it is encouraging that projects like Firefox make an effort to improve usability.
Is open source a better model for maintenance, as well?
The open source model doesn't really separate maintenance from development-both happen at the same time. Moreover, highly successful open source projects tend to grow exponentially, with later major releases often offering greater change than the early releases. By contrast, proprietary software firms strive to get to maintenance mode. If your company has a development project, you are spending money creating a product and so have a negative cash flow. Whereas once the product gets shipped and goes into maintenance, now you've turned it into a revenue stream because companies buy software products with maintenance or support contracts. So it seems for the last few years, Internet Explorer was only in maintenance mode and we were only seeing maintenance patches, rather than new significantly improved product releases.
Firefox "forked" off of Mozilla. How did that play out?
In general, the upside is that two teams can go forward separately. But momentum can be lost. After the fork, do the new teams each still have the critical mass to go forward? One of the biggest costs associated with free and open source software development is in trying to convince other developers of your way of doing things. The cost is in terms of time spent haggling, negotiating, developing articulate rationales, and staying in agreement. Working through all this takes time away from doing the development.
You've written that programmers who volunteered on Mozilla may find themselves in demand.
That's certainly true for the core developers, the people contributing the major share of functionality and code base. They often wind up commanding a higher salary in the job marketplace.
Is it a good apprenticeship for a young programmer?
Yes-and it is an apprenticeship open to anyone. You can begin just by reporting bugs, which already makes you an active user or project participant. You can then become a code contributor by offering snippets of code that add new features or repair known defects or extend the capability of the system. As your accomplishments are noticed by others, you might move a step closer to the inner circle and become a component developer or a module owner. Then you might move into being a core developer, taking charge of the architecture of the system and making the big decisions of where to go next.
One of the keys to the success of free and open source software development is the idea that the community is as important as the source code, and the source code is as important as the community.
We all know about Linux, Apache, Mozilla, and MySQL-but where will other successes come from.
We're starting to see successful open source implementations emerging in every application and product line in the commercial software world. As just one example, enterprise resource planning systems are notoriously expensive. Now there are a growing number of free ERP systems projects in development. One of them, Compiere, has more than 400,000 downloads. And there are industry-specific open source consortiums in areas like financial services, transportation, health care, and human resources.
I take it you're not predicting the end of commercial software, but a long term co-existence?
Yes, Open source is a new mode of development. Like other major technological innovations, they don't kill the predecessor, but expand the total market. Whereas proprietary vendors like Oracle and PeopleSoft tend to consolidate and reduce your choices, open source expands them.

Sidebar: A short list of promising open source desktop applications.

While Firefox has become the best known client-based open source applications, there are many others. Here is a short list of favorites from programmer OSDL's Bryce Harrington:

a combination word processor, spreadsheet, presentation software, equation editor and drawing program. That's almost everything Microsoft Office can do, with the exception of Outlook, Microsoft's personal information manager.
Mozilla's new mail program. As with Firefox, Thunderbird tackles an area that Microsoft supports (with Outlook Express), but is neglecting. Stay tuned.
a multi-protocol instant messenger program-allows IMing from multiple services. (I'm testing it: it works great.)
an audio editor that can record, play sounds, import and export sound files in a variety of formats.
a Unix-based media player, modeled after winamp for the Windows OS.
A music typesetting program
GIMP, Blender, POV-Ray, and Inkscape:
graphics programs