A little birdie told me today that NASA has given up entirely on Internet Explorer. Now, if you are an employee of NASA, every time you go to a page using IE, you get up to three prompts telling you how risky it is to run scripts. The official line is that the newest IE vulnerability was the proverbial straw, and now NASA's standard internal browser is Firefox.
That NASA has taken this step isn't all that surprising - NASA has been odd man out for many years, encouraging innovation instead of pushing for standardization in their IT systems. But this is interesting because I don't know of another government agency that has recently standardized (internally) on any browser besides IE for...well, it's been a long time. Years. Time was Mozilla (Netscape) was standard at NCI, but even that holdout has given up the ghost. Maybe this will give them precedent so they can move to a good browser.
Update 9:24 AM 12/5/05: Perhaps this rumor is just that - a rumor. See one of the comments below, from someone with a .ru address but who says they're coming from NASA.
Update 10:24 AM 12/5/05: And another, below, from (apparently) NASA software contractor.
Update 4:27 PM 12/5/05: And a couple more, below, from more apparent NASA employees.
I think it's time to put this rumor to rest. There are three options:
- It's completely false and my NASA employee (aka "little birdie") was flat-out wrong.
- It's true for his part of NASA.
- It's true for all of NASA but a bunch of people haven't heard about the policy shift yet.
The only way to resolve it is for someone to corroborate my birdie's story, or for the furor to die down...
I work at NASA HQ in Washington DC. The kernel of truth in this rumor probably resides in the fact that NASA has a lot of Mac's, MSIE no longer comes with Mac OS X, and so NASA chose Firefox as the default browser for Macs from Tiger on. Why not Safari? I have no idea. While Firefox is being used on Windows by some, there has been no edict to ban MSIE that I'm aware of. A lot of internal apps (i.e. COTS server apps) still require it. Until the govt starts requiring COTS solutions to work with and use web standards, this probably won't change in my lifetime.
Posted by: Scott | December 05, 2005 at 12:09
Perhaps this little rumor is true but has not yet been implemented across the entire program. NASA is a large umbrella agency, so it's possible that a specific site (like JPL) may decided to default to Firefox.
I'd caution NASA employees to avoid discussing too many specifics regarding internal web architecture or applications, as it could be viewed as a violation of ethics and security training.
Posted by: Anon | December 05, 2005 at 12:55
This has to be nonsense. If anyone has ever been involved in a large-scale corporate software rollout, you know what a nightmare it is to do quality assurance, especially on out-of-date and internal software. Sometimes the former must be replaced, or the latter rewritten, which can delay rollouts for months or even, yes, years.
Government agencies are even stodgier than corps. They have myriad regulations to conform with, and engineering-oriented agencies like NASA probably have many legacy applications, and NASA has numerous military interfaces which would dictate orange book conformance. They don't just go changing the browser across the whole organization by fiat, because of one bug (no matter how major, alas). If anything like this were happening, it would be taking months of committee meetings just to make the decision, and rollout would take years.
That said, I can definitely believe that there may be internally-generated interstitials that prevent casual browsing or at least warn about scripts, as a security measure. That's not the same thing at all.
Posted by: Dan Hartung | December 05, 2005 at 13:07
Eh??? Doesn't matter what browser?!?
Someone's got their pipe full of the white stuff. I casually wrote a JavaScript interpreter over the weekend and it runs 5 times faster than Spidermonkey; and I didn't even touch assembler. Don't worry, it runs 4 times as fast as IE's JScript too.
Why is it I, an undergraduate, can write something that so vastly outperforms what is the most used interpreter in the world?
Posted by: Dan | December 05, 2005 at 19:56
Firefox is now in our internal pushes to our workstations so users can have the option to use Firefox if they haven't downloaded it already. End of story. At least, that's how it is at Johnson Space Center.
Posted by: Mitch | December 06, 2005 at 09:33
Why Firefox ? Well if they are anything ESA, then probably Netscape used to be their standard browser, so Firefox would partly be a return to the roots.
Posted by: Simon Kellett | December 07, 2005 at 06:52
re: Dan, clicking on your link I expected to see details of some actual realworld tests you did to back up what you said, nothing there yet. But also I can see that you are not *just* any undergraduate, given that you plan to write your own operating system.
Posted by: Mardeg | December 09, 2005 at 21:12
NASA can't afford any security risks, so it's possible they at least started to make the switch. They may recommend FF for external internet use, and IE for internal. Or they may just recommend it as an interim solution until IE 7 arrives.
The point is that IE 6 hasn't changed much since 1998 and has far too many vulnerabilities to be fixed. IE 7 will have great security but until then, it's important that high-security institutions like NASA use something else.
Posted by: Christian Montoya | December 10, 2005 at 12:07