Subject: General Tech | March 18, 2016 - 09:26 PM | Scott Michaud
Tagged: mozilla, servo, Rust
Mozilla, the open-source creators of Firefox and Thunderbird, have announced that their Servo project will reach public alpha in June. Nightly builds will be available, presumably around that time, for Linux, OSX, Windows, and Android. Servo is a browser engine that is built in Rust, which emphasizes security and high performance (especially in multi-threaded scenarios).
The technology is really interesting, although it is still quite early. Web browsers are massively single-threaded by design, which limits their potential performance as CPUs widen in core count but stagnate in per-thread performance. This is especially true in mobile, which is why Samsung has been collaborating on Servo for almost all of its life.
Rust, being so strict about memory access, also has the advantage of security and memory management. It is designed in such a way that it's easier for the compiler to know, at compile time, whether you will be trying to access data that is no longer available. The trade-off is that it's harder to program, because if your code isn't robust enough, the compiler just won't accept it. This is beneficial for web browsers, though, because basically everything they access is untrusted, third-party data. It's better to fight your compiler than to fight people trying to exploit your users.
Again, it's still a way off, though. It might be good for web developers to keep an eye on, though, in case any of their optimizations implement standards either correctly, but differently from other browsers and highlights a bug in your website, or incorrectly, which exposes a bug in Servo. Making a web browser is immensely difficult.
Subject: General Tech | December 31, 2015 - 10:25 PM | Scott Michaud
Tagged: webgl2, webgl, mozilla, firefox
The next step is WebGL2. OpenGL ES 3.0 adds a bunch of new features that are sorely needed for modern games and applications. For instance, it allows drawing to multiple render targets, which is very useful for virtual cameras in video games (although the original WebGL software could access this as an optional extension when supported). The addition of “Uniform Buffer Objects” is a better example. This allows you to store a bunch of data, like view transformation matrices, as a single buffer that can be bound to multiple applications, rather than binding them one at a time to every draw that needs them.
It's hard to describe, but demos speak a thousand words.
The news today is that Mozilla Nightly now ships with WebGL2 enabled by default. It was previously hidden, disabled by default, behind an option in the browser. This doesn't seem like a big deal, but one of the largest hurdles to WebGL2 is how the browsers actually implement it. The shading language in WebGL was simple enough that most browsers convert it to DirectX HLSL on Windows. This is said to have the added advantage of obfuscating the ability to write malicious code, since developers never directly writes what's executed. GLSL in OpenGL ES 3.0 is much more difficult. I'm not sure whether the browsers will begin to trust OpenGL ES 3.0 drivers directly, or if they finally updated the GLSL translator, but supported implementations means that something was fixed.
Unfortunately, OpenGL compute shaders are not supported in WebGL2. That said, the biggest hurdle is, again, to get WebGL2 working at all. From my talks with browser vendors over the last year or so, it sounds like features (including compute shaders) should start flying in easily once this hurdle is cleared. From there, GPGPU in a website should be much more straightforward.
Subject: Editorial, Mobile, Shows and Expos | December 9, 2015 - 07:04 AM | Scott Michaud
Tagged: yahoo, mozilla, google, Firefox OS, Android
Author's Disclosure: I volunteer for Mozilla, unpaid. I've been to one of their events in 2013, but otherwise have no financial ties with them. They actually weren't aware that I was a journalist. Still, our readers should know my background when reading my editorial.
Mozilla has announced that, while Firefox OS will still be developed for “many connected devices,” the organization will stop developing and selling smartphones through carriers. Mozilla claims that the reason is because they “weren't able to offer the best user experience possible.” While the statement is generic enough to apply in a lot of contexts, I'm not sure how close to the center of that region it is.
This all occurred at the “Mozlando” conference in Florida.
Firefox OS was born when stakeholders asked Mozilla to get involved in the iOS and Android duopoly. Unlike Windows, Blackberry, and other competitors, Mozilla has a history of leveraging Web standards to topple industry giants. Rather than trying to fight the industry leaders with a better platform, and hoping that developers create enough apps to draw users over, they expanded what Web could do to dig the ground out of their competitors.
The issue is that being able to achieve high performance is different from actually achieving it. The Web, as a platform, is getting panned as slow and “memory hungry” (even though free memory doesn't make a system faster -- it's all about the overhead required to manage it). Likewise, the first few phones landed at the low end, due in part to Mozilla, the non-profit organization remember, wanting to use Firefox OS to bring computing to new areas of the world. A few hiccups here and there added another coat of paint to the Web's perception of low performance.
Granted, they couldn't compete on the high end without a successful app ecosystem if they tried. Only the most hardcore of fans would purchase a several-hundred dollar smartphone, and intend to put up with just Web apps. Likewise, when I've told people that phones run on the Web, they didn't realize we mean “primarily localhost” until it's explicitly stated. People are afraid for their data caps, even though offline experiences are actually offline and stored locally.
The Dinosaur in the Room
Then there's the last question that I have. I am a bit concerned about the organization as a whole. They seem to be trying to shed several products lately, and narrow their focus. Granted, all of these announcements occur because of the event, so there's plenty of room for coincidence. They have announced that they will drop ad tiles, which I've heard praised.
The problem is, why would they do that? Was it for good will, aligning with their non-profit values? (Update: Fixed double-negative typo) Or was it bringing in much less money than projected? If it's the latter, then how far do they need to shrink their influence, and how? Did they already over-extend, and will they need to compensate for that? Looking at their other decisions, they've downsized Firefox OS, they are thinking about spinning out Thunderbird again, and they have quietly shuttered several internal projects, like their division for skunkworks projects, called “Mozilla Labs.” Mozilla also has a division called "Mozilla Research," although that is going strong. They are continually hiring for projects like "Servo," a potential new browser engine, and "Rust," a programming language that is used for Servo and other projects.
While Mozilla is definitely stable enough, financially, to thrive in their core products, I'm concerned about how much they can do beyond that. I'm genuinely concerned that Mozilla is trying to restructure while looking like a warrior for both human rights and platforms of free expression. We will not see the books until a few months from now, so we can only speculate until then. The organization is pulling inward, though. I don't know how much of this is refocusing on the problems they can solve, or the problems they can afford. We will see.
Subject: General Tech | May 13, 2015 - 05:06 PM | Scott Michaud
Tagged: mozilla, firefox, DRM
Mozilla has just released Firefox 38. With it comes the controversial Adobe Primetime DRM implementation through the W3C's Encrypted Media Extensions (EME). Or, maybe not. If you upgrade the browser through one of the default channels, the Adobe Primetime Content Decryption Module will appear in the Plugins tab of your Add-ons manager on Windows Vista or later (but it might take a few minutes after the upgrade).
Alternatively, you can use Mozilla's EME-free installer for Firefox and avoid it altogether.
I have mentioned my concerns about DRM in the past. EME does not particularly bother me, because it is just a plugin architecture, but the fundamental concept does. Simply put, copy protection does very little good and a whole lot of bad. If your movie is leaked before it is legally available in consumer's hands, as it regularly does, then what do you expect to accomplish after the fact? It takes one instance to be copied infinitely, and that often comes from the film company's own supply chain, not their customers. Moreover, it is found to reduce sales and hurt customer experience (above and beyond the valid ideological concerns).
Beyond the DRM inclusion, several new features were added. One of the more interesting ones is BroadcastChannel API. This standard allows a web application to share data between “contexts” that have the same “user agent and origin”. In other words, it must be on the same browser and using the same app (even secondary instances of it). This will allow sites to do multi-monitor split screen, which is useful for games and utilities.
WebRTC has also been upgraded with multistream and renegotiation. Even though the general public thinks of WebRTC as a webcam and voice chat standard, it actually allows arbitrary data channels. For example, “BananaBread” is a first person shooter that used WebRTC to synchronize multiplayer state. Character and projectile position is very much not webcam or audio data, but WebRTC doesn't care.
Subject: General Tech | April 14, 2015 - 08:08 PM | Scott Michaud
Tagged: mozilla, http, https, firefox
On the Mozilla Dev-Platform Newsgroup, hosted at Google Groups, a proposal to deprecate insecure HTTP is being discussed. The idea is that HTTPS needs to be adopted and organizations will not do it without being pushed. The plan is to get browser vendors to refuse activating new features, and eventually disable old features, unless the site is loaded as a “privileged context”.
This has sparked a debate, which was the whole point of course, about how secure do we want the Web to be. What features should we retroactively disable unless it is done through HTTPS? Things that access your webcam and microphone? Things that write to your hard drive? Then there is the question of how to handle self-signed certificates to get encryption without verification, and so forth.
Note: Websites cannot access or create files on your hard drive, but standards like localStorage and IndexedDB allow websites to have their own spaces for persistence. This is to allow, for instance, a 3D game to cache textures (and so forth) so you don't need to download them every time.
Personally, this concerns me greatly. I started helping Mozilla a couple of years ago, a few weeks after I saw Microsoft's Windows 8 developer certification program. I do not like the thought of someone being able to stifle creation and expression, and the web was looking like it might be the last bastion of unrestricted development for the general public.
In the original Windows Store requirements, no browser could exist unless it was a skin of Trident. This meant that, if a site didn't work in Internet Explorer, it didn't exist. If you didn't want to play by their rules? Your app didn't get signed and your developer certificate could even be revoked by Microsoft, or someone with authority over them. You could imagine the problems a LGBT-focused developer might have in certain countries, even if Microsoft likes their creations.
This is obviously not as bad as that. In the Windows Store case, there was one authority whereas HTTPS can be authenticated by numerous providers. Also, if self-signed certificates are deemed “secure enough”, it would likely avoid the problem. You would not need to ask one of a list of authorities permission to exist; you could secure the connection yourself. Of course, that is a barrier of skill for many, and that is its own concern.
So we'll see, but I hope that Mozilla will take these concerns as a top priority in their decisions.
Subject: General Tech | February 23, 2015 - 01:35 PM | Jeremy Hellstrom
Tagged: superfish, mozilla, komodia, security
Firefox can remove any threat that Superfish presents with a simple step and 24 hours; indeed they could prevent any similar issue using a questionable or downright poisonous SSL Certificate simply by blacklisting them. They specifically quote the ability of OneCRL to block even obfuscated certs before the Network Security Services level if the certs are properly recorded on the blacklist in this Register article. This would lead to a much more secure web, requiring attackers to invest significantly more effort when attempting to create fake or dangerous SSL certs. There is a flip side to this, for there are those who may attempt to have valid certs added to the Blacklist and so there must be a way of policing the list and a way to remove certs which should not be on the list due to being placed there in error or because of a change in the software associated with that certificate. It is also likely that there will be court cases attempting to have the blacklist removed if it does come into being as Superfish is not the only business out there whose business model requires phishing or at least a way around proper SSL certification and best practices which will no longer be viable if we are allowed to block their mutant SSL certs.
"Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops."
Here is some more Tech News from around the web:
- Hackers now popping Cisco VPN portals @ The Register
- Pandora Pays Artists $0.001 Per Stream, Thinks This Is "Very Fair" @ Slashdot
- iOS 8.3 to be made available as public beta as Apple aims for bug-free releases @ The Inquirer
- Portable USB Wall Charger Roundup @ eTeknix
- Tech ARP 2015 Mega Giveaway
Subject: General Tech | November 27, 2014 - 09:29 PM | Scott Michaud
Tagged: apple, safari, google, yahoo, bing, microsoft, mozilla
After Mozilla inked the deal with Yahoo, the eyes turned to Apple and its Safari browser. Currently, the default search engine is Google on both iOS and OSX, although Bing is the primary engine used for other functions, like Siri and Spotlight. Until early 2015, they are tied into a contract with Google for those two browsers, but who will get the new contract?
Apparently Yahoo and Microsoft have both approached the company for the position, and Apple is not ruling any of the three out. Probably the most interesting part is how Yahoo is genuinely taking the search business seriously. The deal with Mozilla is fairly long-term, and with Yahoo approaching Apple as well, it probably was not just charity on Mozilla's part because no-one else wanted to be Firefox's default. Yahoo would probably need some significant monetary backing for an Apple deal, which suggests the same for their deal with Mozilla.
If both Mozilla and Apple leave Google, it will take a significant chunk out of the search engine. Power users, like those who read this site, will likely be unaffected if they care, because of how low the barrier is to change the default search engine. On the other hand, even the most experienced user will often accept default settings until there is a reason to change. The winning party will need to have a good enough product to overcome that initial shock.
But the money will at least give them a chance when the decision comes into effect. That is, unless the barrier to changing default search engines is less than the barrier to changing default web browsers.
Google will always be default on Google Chrome.
Subject: General Tech | November 20, 2014 - 10:10 PM | Scott Michaud
Tagged: yahoo, mozilla, google, firefox
Mozilla, developer of the Firefox web browser, has been mostly funded by Google for the last decade. Between 2005 and 2011, the search giant slowly ramped up its contributions from around $50 million USD for a single year to just over $100 million for the last year. All of this money was to keep the default search engine set to Google for the location and search bar. At that time, journalists were voicing their concerns that Mozilla would be cut off after the success Google saw with their Chrome browser.
In December 2011, Google and Mozilla surprised the world with a different announcement, $300 million dollars per year until November 2014, or almost three times their previous annual contributions. I could not help but feel it was like a light bulb that flares before it extinguishes, although later rumors claimed that Microsoft and Yahoo drove up Google's bid with high counter-offers. Of course, that deal ends this month and Google is no longer the winning bid, if they even proposed a deal at all.
This time, Yahoo won for the next five years (in the US) with a currently undisclosed sum. Yandex will be the default for Russia, and Baidu has been renewed as the default in China.
Yahoo also committed to supporting the Do Not Track (DNT) header for Firefox browsers. If your settings have DNT enabled, the search engine will adjust its behavior to acknowledge your request for privacy. One thing that has not been mentioned is how they will react to your request. This could be anything from treating you as completely anonymous, to personalizing your search results but not your ads, to personalizing your ads but not your search results, to only looking at the geographic location of your IP address, and so forth.
The search experience is not what you will get by going to the Yahoo homepage today; the new site was developed in collaboration with Mozilla and will launch for Firefox users in December. It will go live for every other Yahoo user in 2015.
Subject: General Tech | November 12, 2014 - 04:54 PM | Jeremy Hellstrom
Tagged: mozilla, oculus rift, MozVR
You have been able to browse the web on your Oculus Rift since the first dev kit, but not with a UI designed specifically for the VR device. MozVR is in development along with a specific version of Firefox or Chromium to allow Oculus users to browse the web in a new way. It will work with both Mac and Windows, though as of yet there is no mention of Linux support which should change in the near future. You need to get your hands on an Oculus to try out the new browser, it simply is not going to translate to the desktop. The software is open sourced and available on Github so you can contribute to the overall design of the new way to surf the web as well as optimizing your own site for VR. Check out more on MozVR and Oculus over at The Inquirer.
"MOZILLA IS CONTINUING its 10th birthday celebrations with the launch of a virtual reality (VR) website."
Here is some more Tech News from around the web:
- Elon Musk and ex-Google man mull flinging 700 internet satellites into orbit @ The Register
- Samsung slams door on OLED TVs, makes QUANTUM dot LEAP @ The Register
- Intro to Systemd Runlevels and Service Management Commands @ Linux.com
- TSMC 16FinFET Plus process achieves risk production milestone @ DigiTimes
- Iranian contractor named as Stuxnet 'patient zero' @ The Register
- Hardware Asylum Podcast - MOA 2014 Final and Surprise Lightning
Subject: General Tech | October 6, 2014 - 03:45 AM | Scott Michaud
Tagged: windows, mozilla, firefox, 64-bit
If you had a reason, Mozilla has been compiling Firefox Nightly as a 64-bit application for Windows over the last several months. It is not a build that is designed for the general public; in fact, I believe it is basically only available to make sure that they did not horribly break anything during some arbitrary commit. That might change relatively soon, though.
According to Mozilla's "internal", albeit completely public wiki, the non-profit organization is currently planning to release an official, 64-bit version of Firefox 37. Of course, all targets in Firefox are flexible and, ultimately, it is only done when it is done. If everything goes to schedule, that should be March 31st.
The main advantage is for high-performance applications (although there are some arguments for security, too). One example is if you open numerous tabs, to get Firefox's memory usage up, then attempt to load a Web applications like BananaBread. Last I tried, it will simply not load (unless you clean up memory usage somehow, like restarting the browser). It will run out of memory and just give up. You can see how this would be difficult for higher-end games, video editing utilities, and so forth. This will not be the case when 64-bit comes around.
If you are looking to develop a web app, be sure to check out the 64-bit Firefox Nightly builds. Unless plans change, it looks like you will have even more customers soon. This is unless, of course, you are targeting Mac OSX and Linux, which already have 64-bit binaries available. Also, why are you targeting specific operating systems with a website?