uncurious george


George Ou over at ZDNet writes: "It's a mystery why Mozilla is operating in secrecy with Open Source code and one can only speculate about the motivations."

I've uncovered a few mysteries of my own:
1. It's a mystery why George's colleague, Joris Evers, as well as George's editor, Dan Farber, managed to find our complete disclosure.
2. It's a mystery why George didn't ask anyone at Mozilla if he was unable to find it.
3. It's a mystery why, when George was corrected on this point by his editor, he acknowledged this with nothing more than an "Update" at the bottom that says that Mozilla "seems to have" posted more details. Anyone skimming the ZDNet page still sees "Firefox 1.5 patches undisclosed security holes

With all these mysteries, one can only speculate about the motivations. George previously wrote an article asking "Is the Firefox honeymoon over?" George, what are your motivations? Are you in bed with Microsoft? Nevermind, these accusations are completely unfounded -- just like your article.

George goes on to write, "The problem is that we don't know what all but one of these security fixes are and that seems to fly in the face of the Open Source mantra." The real problem is that George didn't do any research before writing his article, and that seems to fly in the face of basic journalistic integrity.

And if those failings alone weren't enough to have his editors cringing, when George was was confronted about his mendacity, he lashed out at his commenters with all the charm and wit of a high-school student, calling them zealots and labeling their arguments "nonsense" and "double-speak."

There's only one final mystery in all of this for me, why on Earth does ZDNet give this guy a stump to stand on?

update: It looks like George has retracted his blog post, and like only the most responsible journalists, he's laying the blame squarely on someone else's shoulders. Good work, George. Real classy.


George Ou can't tell his ass from his elbow.

a troll needs to starve.

please don't send him any more page views.

I've read the article, and agree its rather daffy. You could always, after all, enforce your position through libel.

Mozilla seems to have made one of its conerstone 'selling points' Firefox's ability to stay secure when "other" browsers may not be... if you want such an idea to continue to hold ground, Mozilla will have to enforce its position when journalists don't do their research (either by accident or on purpose).

This isn't the first time this has happened, btw.

People write, and editors publish, stupid and inflammatory articles deliberately. It happens even in respected print media as well. People would rather read a raving screed than a well though out, if slightly boring, article. It's just entertainment, like reality TV, facts and arguments are merely garnish to the more important presentation.

Of course, it's terrible! And you should complain. What's the point of them ruining their own reputation and integrity, even if the're doing it on purpose? Their editors should at least acknowledge this.

People would rather read a raving screed than a well though out, if slightly boring, article.

That explains the level of political discourse in the US these days.

It also explains the level of web browser discourse. Not that one has to go far for any exaxmples, but here's one that ought to be neutral in the context of this site:

I posted a bug report on the IE Blog under their "Tell us if the beta breaks your website" thread. It was a definite bug, the correct behavior was applied by IE6, Firefox, Opera, etc. but not IE7, and it was obviously the kind of thing that they would want to fix before release. After I posted my testcase, I looked through the thread and someone else had found the same bug -- but instead of just saying "I found a bug, X does Y instead of Z," he railed about how he was going to have to tell people to stick with IE6 and not upgrade to an inferior browser.

Why? Maybe he was just rude -- or maybe he figured anything short of a rant wouldn't get any attention.

So we all keep shouting at each other, instead of talking to each other... and no one's doing any listening.

"There's only one final mystery in all of this for me, why on Earth does ZDNet give this guy a stump to stand on?"

ZDNet is in bed with Microsoft too :-)

Very nice.
Asa gets angry and upset about somebody's unprofessionalism, while being unprofessional for at least the last year.
How do you feel now when you face with the kind of people like you are?
Nothing personal actually, but, please, reply.

@ Burrito:

(or should that be *to* Burrito?)

Please care to elaborate, as your post is rather scarce when it comes to examples.

In addition, why, the, excessive, use, of, commas, in, your, last, sentence,?,

Does anyone read ZNET anymore?

Surely this blog gets more 'geek' visitors?


For what it's worth: I spend a full two minutes on finding out what security roblem was fixed in, and couldn't find it. I'm convinced I would have found it if I was really motivated and spend some more time on it. And that's remarkable, because in the past the release announcements would directly link to the advisories, available without need for searching for everyone.

I'll attribute this to the general attitude of "Firefox is the browser for the lowest common denominator user" who should not be given info that could worry or confuse him, not some (impossible) drive for secrecy. But it is remarkable the disclosure policy is changed right when there is a 'Highly critical' problem. (I spend one minute now to find it on Secunia.com)

Well at least he stays on-topic, unlike MOZILLAzine's resident astronomy fanboy.



Mozilla.org has a convenient search box at the top, entering security will present the link above as the first result. You can also click your way there from the front page by clicking on "security updates" and then on "known vulnerabilities by product". I don't see how they can make this much easier.

Obviously the 'journalist' didn't do his homework. Zdnet has a long tradition of allowing second rate journalists to publish their biased, uninformed views. I don't take any news on that site that serious anymore. They're too commercial to remove hit generating inflamatory material.

Jilles: If what Rijk said was right (and I don't know because I usually don't bother to look), then Mozilla used to link directly to the advisories from the release announcement page. And even if he's wrong, it's something they should do anyway.

Even better, do something similar to Windows Update: Just list the vulnerabilities patched right in the update window instead of rolling them up into one item. For a sub-sub-minor release like this one that should work fine. For sub-minors or minors the contents would have to be tweaked. But since that would probably all be done with XML anyway, it would be trivial to change what's shown there.

A search box is just a site's way of saying "we have failed to make our content discoverable, please forgive us."

If locating the Mozilla Security Center at www.mozilla.com/security (where it's been for every release for more than a year,) is just too hard, then how about reading the Firefox release notes?

- A


Theres a link right there in the release note to the security vulnerabilities. You can read the entire bugzilla issue. I don't know how mozilla could be more transparent about this.

Asa, you do realize that when the release notes were first put online, the link wasn't there, right?

Some people see ulterior motives in that. Me, I'm inclined to go with the possibility that whoever put the release notes online forgot to link the phrase, or waited for www.mozilla.com/security to be updated. I'm willing to give Mozilla the benefit of the doubt based on past experience.

Yeah, the security info is in a standard location, and yeah, you can find the info if you really look for it, but you know what, it's worth linking to in the announcments as soon as they go up.

Funny how Asa uses the word "integrity", which is exactly what he himself lacks, with his constant attacks against various people and companies.

Just the other day he, a Mozilla employee and spokesperson, and a public figure, encouraged his rabid band of Firefox fans to harrass a Firefox critic by e-mail.

Asa is known to lie and deceive, and he often, if not usually, twists the truth to make himself and his Mozilla Corporation sound better than it really is.

I used to be a Firefox fan, but because of Ass-a's behavior I gave up. I went back to IE, and IE7 is sure to kick Firefox's ass.

Microsoft might be 'evil', but at least they are honest about it. The Mozilla Corporation pretends that it is good and that it is on the moral high ground, when the fact is that they are liars who spread FUD and lies about competitors, and they verbally assault people who criticize Firefox.

Ass-A, two points:
1) Why go back to IE? Did you try Opera (I never can resist :P)
2) Asa *may* be evil, but, try as he might, he does not represent Mozilla as a whole.

WTF is wrong with some of you people? All this discussion about windows. Like it's the only OS on the block. Lift your heads from Bill's lap for a minute, IE will never catch up to the advances that other browsers have made.. its not in MS best interests. They don't need to be devoting resources to a product that plenty of other software companies are doing for them. IE 7 is just a response to cries of betrayal, once they come up with something that they deem relatively modern itll be another ten years before they do anything to really innovate again. MS just doesn't need to. So all these IE 7 is going to BLOW FIREFOX AWAY! will be laughable by the time it gets out.
Frickin fanbois... every single time, I swear.
If someone is being loud an annoying.. they generally just want attention, if you want to reward them by giving it to them, dont bitch when they do it over and over again - you've taught them it's the -right- way.

Voltaire said "Love truth, and pardon error" - George Ou, are you listening?

Firefox will succeed, thanks to passionate people such as Asa who are working hard to make browsing better for everyone. How many numbers do you guys need? What happened to incrementing the final number for security releases? This fixes many issues, so it should've been given something a bit more higher priority.

George Ou should check out this article by his peer before writing this piece in his blog:

New Firefox Kills Bugs

If he doesn't know how to do good research this is the chance he can learn something from others.

I went back to IE, and IE7 is sure to kick Firefox's ass.

You're joking, right?

IE7 has pretty much the same features Firefox has.

But the Fox has much better HTML and standard support.

It's also not tied into the OS.

I think I'll stick with the fox :D

I too was annoyed when I couldn't read the release notes for the few minutes I looked after updating to If Firefox is going to use the web to distribute that page, it should be updated upon release, for ALL releases, no matter how minor. George's article is still unfair though.

It's a mystery why so many bugs and vulnerabilities slip through QUALITY ASSURANCE. Or does that mean something different now? Perhaps it should be Propaganda Quality Assurance where you can care more about getting videos of people talking about Firefox than sorting out the problems with it.

How do you find Firefox in Windows Task Manager? Sort by memory usage, largest to smallest.

How often does Firefox crash? Enough to displease the real world, but not enough to annoy fanbois.

How did you hear about Firefox? Firefox users are asked to harass forums and blogs. It's not spam or harrassment though, it's Fixing The Web!

Why does Firefox crash? Must be the extensions. That must be it. Couldn't be the application that installs & runs the extension. Sandbox, anyone?

PS. Please comment out System.gc() in kungFuDeathGrip.

You're not a particularly popular person Asa, but it might be your holier-than-thou attitude about Firefox (and everything else).

This person doesn't seem to like you much either, "What exactly are the quality assurance team doing with their time? Judging by the unresolved issues as old as the browser, not much."

update: It looks like George has retracted his blog post, and like only the most responsible journalists, he's laying the blame squarely on someone else's shoulders. Good work, George. Real classy.

Given your post encouraging us to spam other people�s mailboxes calling them "scumbags", seems to me you are not in a position to give lessons about classy acts...

These knee-jerk reactions of yours are giving Mozilla and especially the community very bad press, why? because sadly you are the face of Mozilla and Spreadfirefox. I wish you could understand what�s going on out there; It�s quite hard to spread Firefox when people say: "I like the browser but I don�t agree with all this pseudo-religion crap and childish behaviour". Believe it or not, this has happened to me many times.

This is a very important moment for Firefox and I don�t like how the Spreadfirefox project is perceived by many as Spamfirefox. This problem is increasing and your unproffesional and inmature attitude doesn�t help at all.

Jan, I totally agree. Asa's immature attitude is hurting Firefox's image. I'm embarrassed that someone who I just converted to Firefox/someone I want to convert to firefox would read this blog, and be a bit put off by your childish, defensive posts. At risk of sounding too much like you, grow up, and get a life - try to act a little more professionally.

Rather bristly post, I must say.


I used to be a Firefox fan, but because of Ass-a's behavior I gave up. I went back to IE, and IE7 is sure to kick Firefox's ass.
Posted by: Ass-A

Propaganda - it's no different in the software world from the political world. The message above is a standard propaganda format usually used in astroturf campaigns.

In politics it would look like this:

"I used to be a anti-war Democrat, but the rudeness by Ted Kennedy at the senate hearing drove me away. Thanks to Senator Kennedy's rudeness, I am no longer a Demcrat and I support George Bush and the Iraq War!"

Probably, about 5 of the messages in this thread are from the same IP address. Maybe they outsource this job to someone in India who gets a nickel for every pro-Microsoft, anti-Firefox flame they post.

Maybe Mozilla should make some kind of wiki-style code that makes any mention of a specific bug automatically link to the security notice for that bug. That way you don't have to worry about forgetting to link.

Monthly Archives