ThinkBlog

As you probably know if you keep up with the IT community much (well, or if you read the New York Times on a regular basis!), from the contributions of 10,000 users, the people at Mozilla.org were able to run a full two-page ad [PDF] in the New York Times on 16 December 2004. This is a huge step in the right direction as to getting the word out that, even on Windows-based platforms, you needn’t deal with Microsoft’s Internet Explorer. This is truly a milestone achievement by the good folks at Firefox’s development team, and I’m delighted for what this will mean for encouragement to develop this browser even more.

Interestingly, this probably is what spawned a recent article by Microsoft’s own Peter Torr, whose prime complaint was that all that money could have gone to getting Firefox signed with a valid security certificate (so that you know where you’re downloading this from). Now, despite protestations to the contrary, the guy may have a point, but how big of a deal is this in the scheme of things? He points out that trust isn’t transitive: just because you trust Mozilla.org doesn’t mean you trust a mirror to which it points. But is that true? Why wouldn’t you trust Bob if I trust Bob and you trust me? (Assuming Bob exists and I do in fact trust him. Just ride with it for a minute.) If you can trust my good word, then you can trust whomever I say you can trust, unless you purport to know something I don’t. And what is the end user going to know about a mirror for a program that the primary site doesn’t know? Not likely to be anything, if it’s Mozilla’s team behind it.

Thankfully, after being Slashdotted¹, he has posted a follow-up article answering many of the complaints (at which I left a comment). What do you think? Does not having signed software prevent you from downloading it and running it, assuming virus and adware protection?

[1] Slashdot. v. To have your site inundated with hits all at once in such a flurry that your web host is, at least momentarily, crippled in the same way as a DDoS attack.

[Edit: Linked to my comment at the guy’s blog. Thanks for all the hits!]

As you probably know if you keep up with the IT community much (well, or if you read the New York Times on a regular basis!), from the contributions of 10,000 users, the people at Mozilla.org were able to run a full two-page ad [PDF] in the New York Times on 16 December 2004. This is a huge step in the right direction as to getting the word out that, even on Windows-based platforms, you needn’t deal with Microsoft’s Internet Explorer. This is truly a milestone achievement by the good folks at Firefox’s development team, and I’m delighted for what this will mean for encouragement to develop this browser even more.

Interestingly, this probably is what spawned a recent article by Microsoft’s own Peter Torr, whose prime complaint was that all that money could have gone to getting Firefox signed with a valid security certificate (so that you know where you’re downloading this from). Now, despite protestations to the contrary, the guy may have a point, but how big of a deal is this in the scheme of things? He points out that trust isn’t transitive: just because you trust Mozilla.org doesn’t mean you trust a mirror to which it points. But is that true? Why wouldn’t you trust Bob if I trust Bob and you trust me? (Assuming Bob exists and I do in fact trust him. Just ride with it for a minute.) If you can trust my good word, then you can trust whomever I say you can trust, unless you purport to know something I don’t. And what is the end user going to know about a mirror for a program that the primary site doesn’t know? Not likely to be anything, if it’s Mozilla’s team behind it.

Thankfully, after being Slashdotted¹, he has posted a follow-up article answering many of the complaints (at which I left a comment). What do you think? Does not having signed software prevent you from downloading it and running it, assuming virus and adware protection?

[1] Slashdot. v. To have your site inundated with hits all at once in such a flurry that your web host is, at least momentarily, crippled in the same way as a DDoS attack.

[Edit: Linked to my comment at the guy’s blog. Thanks for all the hits!]