1. 4

    Sandboxing and locking out access to the filesystem is why I, as a user, run screaming from Android. Sacrificing usefuless on the alter of security and correctness. A terrifying future.

    1. 3

      It can be done properly. Suppose the file picker dialog is a separate process with a different set of capabilities. An application such as a webbrowser can then save files anywhere, without having the capabilities to do so, just by using a capability to a file handed over by the file picker dialog.

      1. 4

        That’s more or less exactly how it works in macOS for sandboxed (App Store) apps. The file picker runs out of process and when a file is chosen by the user the application is granted access to it. Prior to that it had no access.

      2. 2

        I agree that locking things away from the user in the name of security is a terrible choice that unfortunately seems to often be the default in today’s systems (such as iOS, Android, macOS, etc). (In some cases, it’s done more to preserve app store monopolies than for actual security…)

        In the case of this article, it is not described explicitly, but my impression is the author mainly wants to isolate program state and configuration by default, not to prevent user access, but so that programs can’t easily trample on one another.

        I strongly agree there should always be a path to modify anything on the system as a user.

        1. 2

          It doesn’t need to sacrifice usability. The less a random program can do without my consent, the more likely I am to be willing to run it. That’s a big win for usability. Most programs don’t need to have access to every file that I own, I am completely happy with a sandboxing policy that requires an external process (e.g. a file picker or a shell) to explicitly authorise access to specific files. Even if I trust the author of a particular program to be non-malicious, I still might use it to access a file or network service that exploits a bug and compromises it. I’d much prefer that such a compromise only gives an attacker access to the files that I’ve opened with the program that invocation, rather than my entire home directory.

        1. 1

          Looks like an interesting effort, thanks for sharing this! 😄

          I guess this might be a draft version, since some of the links seem to be missing… For anyone else curious to see more of the implementation, these repos seem to be related:

          1. 18

            I like to think about these things, but don’t have much hope. Here are my points:

            • Networking shouldn’t be an afterthought. Distributed computing should not be as difficult as it is. Transparently interacting or using resources from other systems should be something you don’t have to think about. I don’t care about hardware. I don’t care about CPU architectures. I don’t care about GPUs. I don’t care about drivers. All computers form an transnational turing machine.
            • Object capabilities should be a primitive concept. Imagine sharing a screen: That shouldn’t be the hassle it is, you should just be able to give someone read access to a segment or the whole display. The same applies to Files (but we probably shouldn’t have files), Hardware access, etc.
            • Hypertext should be a everywhere. The web has shown how attractive the idea is, but browsers are cursed to contain it, which is getting harder and harder. Project Xandu had good ideas about this, and HTTP is a shallow copy. We need complex links that can point to miscelanious parts of the system, and ideally also have back-references. You probably want a lof of cryptography for something like thise, to avoid the centralisation of power.
            • Logic and UI should be separate. Unix programms regard the standard output and input as the default UI, everything else is a side effect. Instead we should have the ability for a program (or procedure, algorithm, …) to produce complex data, that doesn’t only mean something in a specific environment (Powershell), but is universally understood. A terminal-like environment could display the results line-by-line, but it should be transformed into a graphical representation using a table, or a graph (or whatever one might come up with later).
            • Programming should not be a specialist’s affair. We have two classes of people, those who are at the mercy of computers, and those who can use them. This shouldn’t be the case, because the former are in a much weeker position, getting lost, getting overwhelmed, and sometimes even abused by those who know better. A proper operating system cannot be based on the lie, that you don’t need to know anything to use a computer: To be a responsible user, you need to know some basics. A simple programming language (I would like something like Scheme, but that’s just be) should be integrated into the system, and the user shouldn’t fear it. It’s a direct link to the raw computational power that can be used.

            In some sense, I like to think of it like Plan 9, without the Unix legacy, but that seems to simplistic. The interesting thing about Unix, is that despite it’s limitations, it creates the fantasy of something better. Inbetween it’s ideal power and it’s practical shortcomings, one can imagine what could have been.

            1. 14

              Programming should not be a specialist’s affair. We have two classes of people, those who are at the mercy of computers, and those who can use them. This shouldn’t be the case, because the former are in a much weeker position, getting lost, getting overwhelmed, and sometimes even abused by those who know better. A proper operating system cannot be based on the lie, that you don’t need to know anything to use a computer: To be a responsible user, you need to know some basics. A simple programming language (I would like something like Scheme, but that’s just be) should be integrated into the system, and the user shouldn’t fear it. It’s a direct link to the raw computational power that can be used.

              I think the ultimate problem is that most people don’t want to program. They want to accomplish a task, and for the most part, someone else has programmed the tool to accomplish the task. They don’t want to build the tool. Us freaks who want to write tools are few and far. It’s trhe same reason cars have mechanics.

              1. 5

                I don’t think that programming has to be the same as “building the tool”, but more along the lines of what @spc476 mentions with Excel. Especially when you take “Logic and UI should be separate”, one can imagine that programming doesn’t even have to mean “writing text in a text editor”, but could be a GUI afair, where you work on connection tools in a graphical representation, trivially connecting components of your system, without depending on another tool.

                Yes, not everyone want’s to be a car mechanic, nor do I, but to drive a car you need to get a drivers license, and that is the reason we can assume people can take some basic responsibility. We don’t have that for computers, and that’s why the responsibility has to be delegated to Microsoft or Apple. If we want to think of a computer as a tool, not a toy, I argue that a basic understanding for computational thinking should be assumable, and would help everyone.

                1. 3

                  I sincerely believe enso (née Luna) has a serious fighting chance to fill this gap. Though they’re taking their time :)

              2. 11
                • Networking: QNX was network transparent. It was wild running a command on computer 1, referencing a file from computer 2, piping the output to a program on computer 3 which sent the output to a device on computer 4. All from the command line. The IPC was fast [1] and network transparent, and used for just about everything.
                • Hypertext: The only operating system I know of that uses extensive form of hypertext is TempleOS (I don’t think it’s HTML but it is a form of hypertext) that extends pervasively throughout the system.
                • Logic and UI: There are bits and pieces of this in existence. AmigaOS has Rexx, which allows one to script GUI programs. Apple has (had?) something similar. Given that most GUI based programs are based around an event loop, it should be possible to pump events to get programs to do stuff.
                • Programming: True, but there is Excel, which is a programming language that doesn’t feel like one. Given an easy way to automate a GUI (similar to expect on the command line), and teaching people that computers excel (heh) at repeated actions could go a long way in giving non-programmers power.

                [1] In the early-to-mid 90s, I had friends that worked at a local software company that wrote and sold custom X Window servers. Their fastest X Window server ran on QNX.

                1. 3

                  Programming: True, but there is Excel, which is a programming language that doesn’t feel like one. Given an easy way to automate a GUI (similar to expect on the command line), and teaching people that computers excel (heh) at repeated actions could go a long way in giving non-programmers power.

                  One program idea I’ve had was a spreadsheet that users could “compile” into a simple gui. Analysts already use it as an adhoc RAD tool. Why not give them an actual custom GUI for their efforts?

                  1. 3

                    There was something like that in KDE, it was called krusader or something like that.

                2. 8

                  Transparently interacting or using resources from other systems should be something you don’t have to think about.

                  Then everyone will run headlong into the fallacies of distributed computing, unfortunately. This is why things like CORBA and DistriibutedObjects failed. Networking is not transparent, much as we would like it to be.

                  At least not in a normal imperative programming paradigm, like RPC. You can get a lot of transparency at a higher level through things like async replication, e.g. Dropbox or [plug] Couchbase Mobile. But even then you have to be aware & tolerant of things like partitions and conflicts.

                  1. 4

                    Your first point is pretty much what Barrelfish is designed for, go check it out!

                    1. 4

                      Programming should not be a specialist’s affair. We have two classes of people, those who are at the mercy of computers, and those who can use them.

                      Indeed, the power dynamics are way out of control in software today. On the orange site, @akkartik describes this well via an analogy to food production: nearly all software today is restaurant-style, while almost none of it is home-cooked.

                      For anyone interested in this topic, I would suggest looking into the Malleable Systems Collective (the Matrix room is most active) and Future of Coding communities, as it comes up in those places regularly.

                      1. 3

                        Programming should not be a specialist’s affair.

                        Jonathan Edwards has been working on this problem for a long time. It goes well beyond the OS.

                        1. 2

                          The same applies to Files (but we probably shouldn’t have files)

                          Could you elaborate on this? Why no files?

                          Logic and UI should be separate. Unix programms regard the standard output and input as the default UI, everything else is a side effect. Instead we should have the ability for a program (or procedure, algorithm, …) to produce complex data, that doesn’t only mean something in a specific environment (Powershell), but is universally understood. A terminal-like environment could display the results line-by-line, but it should be transformed into a graphical representation using a table, or a graph (or whatever one might come up with later).

                          There was an interesting newsletter post about emacs being interface independent. I’m not too familiar with emacs, but it struck me as an intriguing and beautiful idea.

                          1. 5

                            Could you elaborate on this? Why no files?

                            Maybe it’s clearer, if I say file system. It might be too much to throw out the concept of a digital document, but I have come to think that file systems, as we know them on POSIX systems, are too low level. Pure text, without hyperlinks would be a wierd thing in an operating system where everything is interconnected, and why directories shoudln’t have to be a simple tree (because tools like find(1) couldn’t do proper DFS in the 70’s), but instead could be any graph structure of sets, or even computed.

                        1. 3

                          This is some exciting technology, I wonder why they are not highlighting why it doesn’t work in Private Mode (I guess because WebRTC is disabled there). Also seeing an sqlite database with a go-sqlite-js through WASM in your browser definitively gives some living in the future vibe.

                          1. 2

                            Firefox currently blocks access to IndexedDB in private browsing mode, and the P2P client uses this for storage as it runs. Looks like there’s a recent effort to fix this on the Firefox side.

                            1. 2

                              Thank you for this information, very much appreciated.

                            2. 1

                              Or past if we consider websql(ite).

                            1. 2

                              I was plotting a course to build an experience like this into Firefox a while back. I hope it will eventually come to pass as part of the browser some day, as I believe that’s the best way to make it feel like an integrated experience with the other tools already in the browser.

                              For now, it’s nice to see tools like Polypane, Sizzy, and others experiment with similar ideas as separate tools. It’s quite nice to see at least 2 views at the same time when working on a responsive site.

                              1. 1

                                For anyone curious who may not want to watch the video, here are some related links:

                                1. 2

                                  Thanks for sharing this! :) There have been many articles about Hypercard’s place in history, but even with that, I enjoyed this perspective.

                                  It nicely summarises the ethos of Hypercard that I think is sorely lacking from today’s computing landscape.

                                  1. 1

                                    been many articles about Hypercard’s place in history, but even with that, I enjoyed this perspective.

                                    It nicely summarises the ethos of Hyper

                                    you’re welcome! glad you liked it

                                  1. 1

                                    An updated version presented at PLDI 2019 is also available. (Yes, it’s ACM, but it’s an open access article.)

                                      1. 8

                                        They could have responsibly disclosed instead of being an asshat, stealing information and posting a ton of github issues from a fresh account.

                                        1. 3

                                          stealing… information?

                                          1. 2

                                            I’m both supportive of and we participate in the responsible disclosure process for Xen, even those times we don’t make the cut for pre-disclosure. I’m sad someone would go to the effort they have here in a criminal manner when there is more [market] demand for the skillset on display here than I have ever seen before.

                                          2. 7

                                            Why the hell did github allow people to remove issues? This is annoying.

                                            1. 4

                                              It appears the issues were removed by GitHub when a third party reported the user that posted the issues.

                                              1. 2

                                                Unfortunate that GitHub was powerless to prevent nuking their account after being reported.

                                            2. 4

                                              I was telling a coworker about this and similar writeups and it turns out he wasn’t aware of the Hacking Team writeup from 2016. It’s detailled and very interesting. I would advise anyone to read it: https://pastebin.com/0SNSvyjJ .

                                              1. 1

                                                A 0day in an embedded device seemed like the easiest option, and after two weeks of work reverse engineering, I got a remote root exploit.

                                                thanks a lot, the whole walkthrough is quite amazing and insighful with a wide variety of tools used

                                              2. 3

                                                Did you get a copy of them? They’re deleted now :(

                                                1. 10

                                                  They’ve been reposted here: https://github.com/matrix-org/matrix.org/issues/371 (and this site has been archived here)

                                                  1. 2

                                                    Thanks!

                                                  2. 1

                                                    I think web archive has some of them. Maybe not every comments.

                                                  3. 1

                                                    Concerning #358, what is “Flywheel” in this context?

                                                    Side-note: I hate locked threads on free software projects.

                                                    Update: I think it’s a hostname of one of their machines?

                                                    1. 1
                                                      1. 1

                                                        Seems like it’s the hostname of their jenkins build slave

                                                        1. 2

                                                          yup, it was the hostname of the jenkins build slave.

                                                    1. 3

                                                      Now that Firefox 66 has been released, Nightly has been bumped to 68, but it seems to have introduced two bugs that annoy me:

                                                      1. 3

                                                        Ugh! They seem fixable fortunately. Thanks for using nightly!

                                                        1. 8

                                                          In the few hours since I made that comment, both tickets have been triaged, confirmed, and the commit that caused each regression isolated. I’m quite impressed, I hope the fixes are equally fast!

                                                          1. 2

                                                            Well, that was the easiest part :-) do you have bug numbers handy for everyone reading along?

                                                            1. 2

                                                              I, uh, linked them in my original post. :)

                                                              Both bugs now have patches attached!

                                                        2. 1

                                                          Can you comment on how well TST works for you? I found that it wasn’t really worth using anymore after the move to web extensions.

                                                          1. 4

                                                            The original, pre-WebExtension version of TST physically moved the tab-strip from the top to the left, and that’s just not possible with WebExtensions. Some people have gone to extraordinary lengths to recreate the original TST appearance, and while I agree that would be nice I haven’t bothered - as long as I have a scrollable, collapsible list of tabs with a big ol’ new-tab button in the lower-left corner, I’m quite happy.

                                                            Earlier versions of TST were a bit weird with the tab context menu, because sidebar extensions can’t draw anything outside the sidebar, so the context menu had to be faked up in HTML, which meant it didn’t include any context menu items from other extensions. However, TST’s author collaborated with Mozilla to add a “tab context menu” API, so an extension can ask Firefox to pop up the real context menu for any particular tab, so now it all works as expected.

                                                            The one wart I can think of with the current implementation is that if you drag a tab out of the sidebar, you might drag it onto the bookmarks bar to file it as a bookmark, or you might be dragging it out to create a new window, and WebExtensions can’t detect drop targets like that. Instead, there’s a little menu that appears when you hover over the left-hand end of the tab that presents the two options. It’s nice that it’s possible, but it’s definitely a bit clunky and I can imagine it would be annoying if you did either of those things on a regular basis. However, I don’t, so I don’t mind.

                                                            1. 2

                                                              Interesting to hear!

                                                              I really tried to accept the brokenness of vertical tabs in Firefox, but considering the sorry state I don’t feel to bad about switching to another browser.

                                                              For me to switch back to Firefox, would require Chrome to add vertical tabs.

                                                              Chrome doing something seems to be the only way any non-beginner problem gets recognized by Mozilla these days.

                                                            2. 1

                                                              TST works great for me. I use it every day and depend on it as a key part of my browsing experience. I find the WebExtension build quite good. The add-on author has even added quite a lot of features beyond what it had before the rewrite to WebExtensions.

                                                              I basically can’t use other browsers for an extended period at this point because I am quite dependent on TST.

                                                              1. 1

                                                                Thanks for the note. Vertical tabs are also a key part of my browsing experience, but since web extensions were introduced Firefox just didn’t cut it anymore for at least two reasons:

                                                                • That you can’t get rid of neither the horizontal tab nor the sidebar header feels like a cruel joke to me.

                                                                • The visual hierarchy (nav bar -> tab bar) is just wrong, it should be the other way around. I’m too tired to fight this fight again (remember how long it took to get the tab bar placed above the nav bar, instead of under it?).

                                                                So it’s interesting to hear that TST is still useful for some set of the original users of TST/Firefox.

                                                                1. 1

                                                                  That you can’t get rid of neither the horizontal tab nor the sidebar header

                                                                  You can in fact get rid of both, though it’s with a UI style override and thus somewhat inelegant. My chrome/userChrome.css file has the following to hide the default tabbar and the sidebar header for TST:

                                                                  /* Hide top tab bar */
                                                                  #main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar {
                                                                    opacity: 0;
                                                                    pointer-events: none;
                                                                  }
                                                                  #main-window:not([tabsintitlebar="true"]) #TabsToolbar {
                                                                    visibility: collapse !important;
                                                                  }
                                                                  /* Hide sidebar header */
                                                                  #sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header {
                                                                    display: none;
                                                                  }
                                                                  
                                                                  1. 1

                                                                    Yep, I’m using some CSS hacks in Vivaldi on top of its existing native support for vertical tabs, but I simply have not enough trust left in Mozilla to believe they aren’t itching to lock down the user chrome in the future.

                                                                    Nevertheless, I’ll give your CSS a go and report back! Thanks!

                                                                    Edit: I just did the comparison!

                                                                    How it needs to look (Vivaldi).

                                                                    How it looks (Firefox).

                                                                    I don’t think Firefox will ever be able to cross this gap, not even taking into account the lack of tab-previews, the lack of built-in mouse gestures, and the many other things that put Vivaldi ahead UX-wise for anyone who is using a browser for more than 5 minutes a day.

                                                                    1. 2

                                                                      anyone who is using a browser for more than 5 minutes a day

                                                                      I think it would help to clarify that all of these features are very opinionated, so I don’t think it’s helpful to generalize and assume “anyone” or even “most people” using a browser want these things… (IIRC a high number of browsing sessions never have more than a few tabs open, for example.)

                                                                      For myself, TST / a tree of tabs is important, but at the same time I don’t need mouse gestures or these other things you mention. It sounds like we are both quite set in our own way of using a browser, but I don’t think we should assume anyone else actually wants or should want the same. That’s the point of customizing: to find what works best for you.

                                                                      1. 1

                                                                        I think the core problem is that Firefox has become increasingly hostile to customization over the years – it’s either Firefox devs’ sacred idea of how the average user has to use their browser, or the highway.

                                                                        Nothing has changed much on my side in the last 15 years I used Firefox, except that Firefox has decided I’m not part of their target demographic anymore. That’s sad, but I think it’s best for me to move on.

                                                                  2. 1

                                                                    I am not bothered by the sidebar header or horizontal tab bar still being present. As mentioned by @whbboyd, you can customize userChrome.css if they bother you, but I don’t see a need to do so for my own use.

                                                                    The precise feature set and customization options of TST are more important to me, so as long as I can view the tree of tabs on the side with TST features, I find that good enough.

                                                              1. 2

                                                                I would be okay with email notifications, but in the case of GitHub, there are many events that don’t trigger an email, so it doesn’t feel sufficiently “complete” to me. Until more email control is available, a specialized view built on the GH APIs (such as this tool) feels like a better way if you really want to stay on top of every event.

                                                              1. 2

                                                                Wow, this is exactly what I’ve been looking for! I had even started to make notes of how I’d build something like this myself. Very impressed!

                                                                1. 1

                                                                  @andrewnez, are there any plans to also track events that don’t come through the GH notifications API? For example, when an issue is cross-referenced elsewhere, when CI status updates, etc. I’d like to know when these events have happened as well.

                                                                  1. 1

                                                                    We’re already getting those extra events via the GitHub App webhook at the moment, fancy opening an issue with more details of how you’d like them displayed? https://github.com/octobox/octobox/issues/new

                                                                1. 9

                                                                  I used RSS to find this post, just like I do for (almost) every other article I read… so it is very much alive for me. (Usually it is an evolved form like Atom these days, but the concept is the same.)

                                                                  1. 1

                                                                    The technology in upcoming Firefox versions looks increasingly great.

                                                                    I would switch back in a heart beat if it wasn’t for the lack of vertical tabs. But it seems like Chrome is working on them, so Firefox might add them too.

                                                                    1. 5

                                                                      There are several add-ons for vertical tabs in Firefox, including Tab Center Redux and Tree Style Tab.

                                                                      1. 2

                                                                        Yes, I left Firefox after more than 15 years of usage after seeing these abominations. If these are the best option Mozilla allows, I’ll look elsewhere for a browser.

                                                                        1. 1

                                                                          Which browser have you found that has vertical tabs done better?

                                                                          1. 1

                                                                            I’m pretty happy with Vivaldi (it’s one of the first questions they ask on first startup – where the tabs should be placed). Here is how it looks: https://i.imgur.com/DzoJ8d9.png

                                                                          2. 1

                                                                            Haha, well, to each their own… I happily use Tree Style Tab everyday myself. I am not sure how to browse the web without it anymore… (All of these add-ons have been (re)implemented to use WebExtension APIs that isolate the browser and add-ons from each other in the last year or so… perhaps they are quite different from the last time you checked them, depending on when that was.)

                                                                            1. 1

                                                                              Yeah, I used Tree Style Tabs, too. Since Mozilla broke the old APIs without replacement, all the reimplemented extensions are an utter disappointment.

                                                                              I looked at different extensions right now, and I love how all extension authors carefully crop their screenshots to hide the fact that they can’t get rid of

                                                                              • the horizontal tab bar
                                                                              • the sidebar header

                                                                              thanks to Mozilla’s “mom knows best!” approach, which makes their extensions rather pointless.

                                                                              I’m so glad Mozilla isn’t in charge of an IDE/editor, because otherwise we all could start preparing to develop without syntax highlighting, because “Mozilla UX team decided it’s unnecessary”.

                                                                        2. 1

                                                                          Every time I see something like this quoted as a reason to switch browsers I’m amazed how deep control-freakery is rooted in all of us :-)

                                                                          1. 1

                                                                            Stuff like mass-market browsers are designed for the lowest common denominator of user behavior.

                                                                            It shouldn’t be surprising that more and more people fall outside Mozilla’s supported use cases, as Mozilla keeps pushing “our way or the highway” on how their users have to use their browser.

                                                                          2. 1

                                                                            I have been using tree tabs which works wonderfully. Even better than what I had before the web extensions migration.

                                                                            1. 1

                                                                              Just tried it, it’s rather embarrassing due to missing APIs Mozilla removed without replacement. It is pretty much the state when I left Firefox, no improvements visible.

                                                                          1. 1

                                                                            This seems like it would fit better at Barnacles instead of Lobsters.

                                                                            1. 1

                                                                              As another person that uses many tabs (308 tabs across 20 windows at the moment), I am quite happy to see these improvements.

                                                                              1. 12

                                                                                I am not surprised, since Firefox’ current mission seems to copy Chrome, throwing away all advantages that they had (like extensibility) to become a worse Chrome. Might as well switch to Chrome then.

                                                                                1. 13

                                                                                  Throwing away XUL is necessary, being a technical dead end preventing them from doing necessary refactors for e10s and such.

                                                                                  I agree it hurts a lot. They need to work a lot on WebExtensions to make it viable.

                                                                                  1. 7

                                                                                    XUL was an incredible piece of technology. Ten years ago I developed a cross-platform application with native look-and-feel and embedded data-visualizations in a couple of weeks. I don’t think there was anything else that would have allowed me to do that back then… and even now, that would be a challenge. I wish XUL had been blessed by W3C standardization.

                                                                                    1. 3

                                                                                      Maybe it was incredible technology, but I always wished for a firefox build using native widgets. Back in the day, just wiggling my mouse back and forth over the title bar (not over the page) in firefox used to nearly max out my cpu.

                                                                                      1. 1

                                                                                        There was Camino for Mac, and Galleon on Linux, but those are dead. There’s K-Meleon on Windows, but I’m unsure of its development state.

                                                                                    2. 0

                                                                                      Is electrolysis worth losing a ton of extensions and developers over?

                                                                                      Is electrolysis even a good thing? If I open facebook, twitter and youtube at the same time I can expect firefox to grind to a halt. With electrolysis, my whole PC will grind to a halt? I don’t buy better the security argument either - firefox is a reverse shell with or without electrolysis.

                                                                                      1. 12

                                                                                        E10S is required for shipping a sandbox for Firefox. I’m a bit biased, since I work on Firefox sandboxing, but I believe this is probably the single most important security project we have.

                                                                                        I’m not sure what you mean by “firefox is a reverse shell with or without electrolysis” - enabling the sandbox makes it so that any random memory corruption in the content process isn’t game over for security, which is a huge win.

                                                                                        1. 3

                                                                                          You don’t buy the “security argument” of process isolation and sandboxing? It’s fairly easy not to see the benefits of something if you deny the reality of the benefits it does provide.

                                                                                        2. 1

                                                                                          That’s my concern though - I don’t think they recognize how much people depend on their favorite extensions to make using Firefox a pleasant expeiernce. The impression I get is they’re basically gonna draw a line in the sand and switch whether or not the extension ecosystem comes with them.

                                                                                          I agree that it needs to happen, but were I them I’d be looking at the most popular extensions and ensuring that a transition plan exists. Their market share depends on it.

                                                                                          1. 4

                                                                                            I agree that it needs to happen, but were I them I’d be looking at the most popular extensions and ensuring that a transition plan exists. Their market share depends on it.

                                                                                            They are doing exactly that… they have many bugs filed that are “enable to be written as webext”. The core webext team is extremely smart and capable.

                                                                                            1. 1

                                                                                              That’s really fantastic to hear. I should get tuned into that effort to see if my favorite extensions are being represented :)

                                                                                          2. 1

                                                                                            So, I don’t doubt it, but why exactly? I’ve heard security cited, is that something inherent to XUL itself or merely an artifact of that particular subsystem being left to wither on the vine?

                                                                                          3. 4

                                                                                            Agreed. Throwing away XUIL extensions is going to totally cripple them. I don’t know what I’ll do at that point. IMO they’re what make Firefox a usable alternative, and there are a bunch of things you simply can’t do with the proposed Javascript extension standard (can’t think of the name).

                                                                                            It’s All Text comes to mind.

                                                                                            1. 3

                                                                                              I don’t know what I’ll do at that point.

                                                                                              Palemoon perchance?

                                                                                              1. 2

                                                                                                Palemoon

                                                                                                Maybe? No Mac support right now, which is a deal breaker for me. As I’ve posted about here before, Linux desktops have yet to come close to the accessibility features OSX provides. I’m partially blind, and ‘living’ on the Linux desktop was sheer agony.

                                                                                            2. 3

                                                                                              Might as well switch to Chrome then.

                                                                                              Look at the linked Mozilla blog post — they already did!

                                                                                              The head of Firefox marketing admits to using Chrome every day, for leisure.

                                                                                              1. 2

                                                                                                Yeah, I guess it has to get a lot worse before it gets better. As long as they are (so) dependent on income from advertisers (Yahoo?), they will not put the user first regarding privacy and security. For example why are the Tor Browser’s Firefox settings not the default in Firefox? Why is Privacy Badger or something similar not a default extension? Why are third party cookies still enabled by default?

                                                                                                I guess over time more and more stuff will break again with Firefox as also mentioned in the article, that making it a bit worse now by enabling the Tor settings and Privacy Badger won’t make much of a difference. At least you’d know Mozilla has your back, and Firefox may even gain some users by being privacy friendly by default. That is, for as long as it is relevant and “the web” is used by the average user.

                                                                                                1. 4

                                                                                                  Mozilla is actively working with the Tor project to upstream their Tor Browser patches and improve privacy defaults.

                                                                                                  1. 2

                                                                                                    Ah, I missed that it was also about changing the defaults! I thought it was just to get the (code) changes upstream, but not (necessarily) the defaults. If so, that is great news!

                                                                                                  2. 3

                                                                                                    Maybe it will get a lot worse before it gets even worse.

                                                                                                1. 4

                                                                                                  So this drives me nuts because if your Node project depends on dependency A, but dependency A lists a version range for dependency B, npm will update B to the latest version available when you rerun “npm install”, even if you have an exact version listed for A. You can solve this with shrinkwrap but in some cases you want to check you can blow away your shrinkwrap and reinstall and get the same file back out.

                                                                                                  We usually worked around this by forking A and locking down its dependencies.

                                                                                                  1. 4

                                                                                                    My understanding is that yarn and its lock file do a better job with this than npm shrinkwrap.

                                                                                                    1. 1

                                                                                                      That is actually the most compelling reason to use yarn, that it produces a sane lock file.

                                                                                                  1. 1
                                                                                                    1. 3

                                                                                                      I believe the main reason so many Firefox users run a 32 bit version is because of legacy browser plugins, some of which may never have been released in a 64 bit version. Since they are binary blobs, the browser ABI has to match the plugin’s ABI for the plugin to work.

                                                                                                      At any rate, many users should be able to switch these days. There is work scheduled to migrate Windows users with 32 bit Firefox to 64 bit Firefox (assuming they’re on 64 bit OS, of course).

                                                                                                    1. 2

                                                                                                      I have the 60" rectangular Jarvis that your coworker mentioned with the bamboo top. It’s a great choice all around. I’ve had it for about a year so far. I also agree with twelvebravo that the programmable controls are a key feature, so you don’t have to fiddle each time.

                                                                                                      1. 1

                                                                                                        Coworker just got it, so I’ve been hesitant about it. But it’s good to hear someone with it over a year. I might have to buy one.