This + moving SSL certificate details dialog hidden away into devtools + no way to disable NaCl + chrome 56 auto-re-enabling flash and widevine on every launch (which shows a click-to-enable-flash everywhere chrome55 would just use a html5 video player) + the upcoming background tab throttling means I'll be seriously reconsidering firefox or safari before the next Chrome release :-/
I have actually started using firefox again recently, chrome has lost me due to how hard they (and Google as a company) are trying to push things on to people.
Anyways, I am in love with the nightly build of ff and everyone should honestly give it atleast a week of their time to try it.
The developer edition and the nightly build have some really interesting features for development out of the box and honestly helps make work easier. You do run in to the occasional error or two but for pre-release versions they are seriously stable.
Just wanted to tell you that a lot of people working on Firefox are here and we really appreciate your word of mouth support and feedback.
This year is going to be huge for us as we're wrapping up the part about reducing technical debt and start gearing toward using our new superpowers to innovate.
We need your help to stay relevant (market share), improve quality (report bugs, write test cases), and improve (lots of code in Firefox is easy to hack on as we move a lot of UI to HTML/JS - like devtools).
This is great to read/hear. I'll put my vote in for two things. 1) Performance, performance, performance; this is what originally caused me to use Chrome a lot more, the perception of quick-to-open tabs and snappy responsiveness. 2) Privacy; this is something Google almost by definition can't compete on, because their business model depends on providing something free in exchange for user data (the opposite of privacy). A third important consideration of course is "not crashing" or at least if there is a crash, containing it to the offending tab - this is why I'm very happy to read about the progress of multi-process Firefox! Keep up the great work guys.
I finally switched to Firefox when it dawned on me why Chrome for Android has no plugins, and why they went silent about the reading mode. With Firefox, I can install uBlock Origin, and it's had a reading mode for a while. Google wants to force me to look at ads that make the page slow to load, bouncy, and hard to scroll through.
Google is where Microsoft was not long ago: engaging in self-destructive user-hostile behavior to protect their profit center. It can't work forever.
I also switched to Firefox Mobile on Android over a year ago. Couldn't be happier with the extension support. I've got uBlock Origin and my password manager installed.
Chrome is definitely smoother on mobile but using extensions is worth it for me. Does Firefox Mobile's codebase closely match that of the desktop browser? Are their release schedules similar? Wondering if we should see it speed up with Firefox's latest improvements.
Yes. Firefox for Android uses the same Gecko engine and release schedule as Firefox for Windows, Mac, and Linux desktop. They all share most of the same code in the same source code repository [1]. Most of Mozilla's "Quantum" project to start importing Servo code into Gecko will also run on Android. Firefox for iOS has its own release schedule and shares only a little code (e.g. Firefox Accounts sync for browser history/bookmarks) with the other Firefoxes.
Firefox for Android is the exact same codebase as desktop Firefox. Many Gecko features are turned on for Firefox for Android at the same time as desktop. In other cases either Firefox for Android or desktop will have features before the other. For example Firefox for Android had HTML date/time picker support years before desktop because the OS provided widgets. In the other direction EME has been on desktop for a while and is in the works for Firefox for Android.
But it's not my experience that Chrome is smoother on mobile; it doesn't work very well and crashes often.
On desktop however (Windows) I still use Chrome, and I don't know why. Every time I launch FF I then come back to Chrome. I'm kind of ashamed of myself for it but can't quite pinpoint the real reason. Maybe FF looks a litle more "fragile", I don't know.
why not use AdAway or NetGuard if you are not rooted? only reason i don't use chrome on Android is bad performance (Firefox has even worse), other chromium browsers like Yu or Tuga run much faster, you can see difference with naked eye when loading pages, no need any benchmark
chrome or Firefox are both extremely slow on Android compared to Tuga or Yubrowser, not talking about some synthetic benchmarks but noticeable difference when loading (nonAMP) pages
While I'm sure this may be true, the browser sees everything privacy related. I trust Mozilla and even though Google harvests data, I trust them to keep it safe.
We are aware of the importance of those three things. They're all not-trivial problems to solve, but we're working on all three:
1) Performance is an insanely complex problem. We can't easily measure the "real" performance, in a scientific way. We can measure performance of so called "microbenchmarks" which can tell you that, for example, our JavaScript engine can perform X million regular expression computations per second. The X may be higher or lower than what Chakra or V8 can, but how it translates to real world experience is insanely complicated.
What we know by now is that JS engine performance is not the problem. At this point all modern engines are fast.
What we need to advance are things like performance of DOM, CSS, layout, painting and prioritization (ability to ensure that UI performance cannot be blocked by website's JS computations).
We're working hard on several projects this year, under the umbrella of codename "quantum" that is aiming at making Firefox blazingly fast. We're taking lessons and code from Servo and applying it in Firefox.
The end result, if we succeed, is that we'll have ability to perform DOM, layout, CSS and painting orders of magnitude faster (even if it's 2x it's still huge!).
The other piece of performance, is what's called perceived performance. That one is even more tricky because it's all about what your brain tells you. In cognitive psychology and HCI there are tons of studies that prove that depending on how we use tricks like animation, colors, shapes and gimmicks like focus, we can trick your eye to think that things are faster or slower.
Chrome is really good at that and kudos to them! I love watching their UI painting order in 120fps slow-mo just to see all the things they employed.
Together with Quantum we're going to look into ways to improve the perceived performance of Firefox. I hope we'll get it right :)
2) On the privacy front we're working with Tor browser and we're also working on several projects aiming at disrupting the current way of browsing the Internet. Read about Firefox+Tor browser and Activity Streams if you're interested.
3) On the QA front, we've made major progress over the last year. That's a huge part of the technical debt that we had to remodel in 2016. We now have much better fuzzers, tests and APIs that makes it easier to write code that will not break. On top of that, multi-process helps us make sure that painting crash doesn't crash your browser, that plugins can't crash your browser and finally that content can't crash your browser.
We also designed a whole new language that is significantly better suited to write security critical code than C++ is. It's called Rust and we just started moving pieces of our engine to it. If we can succeed with this, we should end up with a codebase of the unprecedented stability for a project this size and facing third-party code. If you're interested, read about Mozilla Oxidation project.
It is a major bet. We're betting on JS, we're betting on Rust. We're betting on Gecko and our ability to "change the engine mid-flight".
I'm excited about the opportunity, but it's going to be a huge effort to pull it off.
If any of this is interesting for you, help us! We're a small team (compared to all other browser engines), but we have a culture that fosters community participation and I believe that we can compete and shape the Web together: https://whatcanidoformozilla.org/
All of these things have been working fine for me, and unlike many people, my experience is consistently that Chrome has significantly worse performance than Firefox. That said, I cannot remotely condone the removal of Xul without a firm commitment to either replicate functionality or a firm commitment that it will never happen, publicly. I love pentadactyl and Vimperator, and the idea that they may get killed permanently is infuriating, but not as much as the fact that the wiki page on that functionality has gone dormant.
I've been a happy Netscape/MAS/Seamonkey/Firefox user since forever, and am delighted that it still has a healthy development pulse.
Performance hasn't really been an issue for me, even on an ancient (6-year-old) laptop. Anything on shadertoy reliably kills it, but other than that it's been fine.
If I had to pick one thing that really needs improvement, it'd be the intersection of extensions and security. FF has always leaned heavily on extensions to avoid feature bloat in the core product, but I've never really been comfortable installing them because pretty much all of them seem to demand full access to page content on all sites, and that's a very uncomfortable ask for things like primary webmail or banking sites.
Now, you could imagine a honking great siteXextension matrix for this, bikeshed refinements until the cows come home and then bikeshed the cows, but I think you could get 95% of the way there with a way to persistently flag domains as "paranoid", and have all extensions disabled on those domains. Maybe something like this already exists, but if so I haven't been able to find it. The best advice seems to be "use a separate profile", but that's pretty inconvenient for heavily-used things like webmail.
This all sounds really encouraging. I've become a vocal supporter of Firefox again since switching back a year ago. On that note, it may seem trivial to the average user, however it would be great if the powers that be could consider not forcing UI animation on the user without any possibility to disable it. IMHO one of Firefox's greatest assets is it's rich legacy in user choice and customization. Many users (myself included) reluctantly switched away for performance and security reasons back in the day. With that said and while sensitive people are a minority group, we do exist and UI animation can cause elevated stress and fatigue.
great point. I haven't read about this experience, but I believe you.
I know that there are different kind of animations that trigger different reactions (like, fade in text is different from things shifting on the screen).
Please, track Mozilla progress over the next months if you have the time. We're drafting a workforce to start the UX updates and I hope we'll get voices like yours well represented. I'll make sure to post about it on HN once we begin.
On desktop firefox for linux I notice that chrome makes vastly better use of gpu acceleration given nvidia card + official nvidia drivers are there plans for improvements on this front. This is literally the only reason to run anything but firefox on any device I have and would love to see improvements on that front. Without tweaking in about config my wifes computer which is anything but blazing fast with a dual core 3 ghz full screen 1080p video was like a slide show. Even after its noticably laggy to the point where I've had to install chrome.
I'm not sure if it makes any difference whether its flash or html5 video.
This all sounds AWESOME. I can't wait to try it all out.
Another out there idea would be a protocol handler for the IPFS protocol.
I also have some JS benchmarks from a real world app involving encryption and erasure coding in JS where Chrome significantly outperforms Firefox if you're interested (I'm talking 3.3X faster).
What do I do if as a normal user I find what appear to be Javascript issues? e.g. the Deluge and SabNZBd interfaces can cause massive slowdown in Firefox where Chrome seems unaffected. Often these pages are behind logins and contain sensitive information.
Filing bugs on bugzilla.mozilla.org in the "Core::JavaScript Engine" component for performance problems should get the problems in front of the right Firefox developers. However, many site performance problems are related to DOM or animations and not necessarily JavaScript. For slow sites behind logins, there's not much that can be done other than someone creating a standalone test case or working with the site owner to get a temporary test account.
Worst thing is that a site does not work with Firefox, so that one is forced to use Chrome.
Happens for the map at Google Flights (https://www.google.de/flights/) that is the No 1 search result when googling for Flights (that's of course a clever move by Google to create a top site that only works fine with Chrome, I wonder how long it will take that YouTube or GMail only work "optimal" with Chrome)
Anyway, I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1329141 but this is only P3 priority (that is, marked a "valid" bug but nobody is working on it). Which I found really "strange" because website not working in Firefox and being force to temporally switching to Chrome (and maybe staying) are the worst that can happen. Eventually, when booking a flight I even had to tell other family members that they should use Chrome for it (who were surprised because normally I tell them to use Firefox ;)
P3 is not that bad tbh. I understand that for each one of us the bug that affects us is the most important one, but working with bugzilla is a bit like data mining. We have 1.3 million bugs reported and we track our respective components, cluster similar bugs and solutions and prioritize what is affecting most people in most crucial ways.
The fact that your bug got triaged and [gfx-noted] is a good sign. It's on their triageboard now and may soon get clustered with other Google website related graphics bugs.
You'll get an email when it happens.
If you don't, you can always contact the website author and inform him about performance problems and ask him to get in touch with us. He does have access to the whole website and could help us get a temporary account for us to investigate.
If you have more knowledge and curiosity, you can even use our performance devtools to generate a profile. It's actually fairly easy - just start recording in the performance tab and do what you would normally do that is slow.
Then file a bug and attach the profile.
This will give us an insight into what takes so much time. It may not be enough, but sometimes it is, and in those cases we are able to "peak" into what your Firefox is spending so much CPU cycles on.
You know, I haven't used Firefox in many years - I switched to Chrome because I liked the Google account integration and preferred the UI - but reading your comment made me realise how foolish I've been not to at least check it out once in a while.
You guys clearly care deeply about the web, and while I'm sure Google cares too I feel like their primary motivation is becoming more to do with maintaining their ad revenue sources than advancing the state of the art.
Thank you so much! It means a lot to me to read so many positive comments.
I've been a volunteer for Mozilla since 2000 and got hired in 2010. I've been through thick and thin, and I deeply believe in Mozilla Manifesto and care about the role we serve in making the Internet a public resource.
My only serious problem with firefox is that a single tab can lock up the entire application. Otherwise, the performance _and_ memory usage is fantastic. But that one issue is enough to keep me away from it most of the time.
Multiple tab processes (aka "e10s-multi") should be shipping in Firefox 54 (now in the Firefox Nightly channel). The initial rollout of multi-process Firefox ("e10s") had one process for the browser UI and one process for all tabs (and a separate process for sandboxing Flash), so one bad tab could lock up all your tabs but your browser UI would still be responsive so you could close the bad tab. e10s-multi will increase the number of shared tab processes to two or more, balancing tab isolation vs memory overhead.
In the meantime, you can test more tab processes by increasing the "dom.ipc.processCount" pref in about:config. I set my process count limit to 999. :)
I've heard a lot of people say that, but I'm still having problems with a single tab locking up the whole browser for 5-40 seconds on FF 53.0a2 Dev Edition with e10 and process count at 999.
While that's theoretically true, I've never switched from Firefox as my daily driver and crashes are very rare in my experience (more common on mobile, but I leave a bunch of stuff open there as well). Furthermore, when it does crash the session restore does a pretty solid job of restoring and letting me easily exclude tabs from being restored.
If I could cast my vote it would be 1) perception of quick-to-open tabs and snappy responsiveness, 2) everything else. I just could not stand how unresponsive Firefox used to be.
I'll never be switching back to Chrome. I've gone back and forth over the years and have made Firefox my home base.
You folks have made a lifelong supporter out of me the hard way, by earning my respect over the years.
besides that, I support the project in general, the developers and the competition.
when I installed Firefox on a friends phone with uBlock Origin added on, he loved it.
p.s. that reminds me, when I was a teenager I installed Firefox for the first time. My mother insisted it was a virus and would yell at me to "remove that mozzerella fox virus IMMEDIATELY and quit installing your mIRC virus!"
You should make Firefox feel native to each platform and follow its conventions, instead of trying to have a sort of unifying 'Firefox look' that feels out of place everywhere. Using platform-specific enhancements (like VideoToolBox on macOS for example) also would go a long way.
Edit: most important of all is battery life though. Your browser can be super smooth, have all the nice extensions in the world and be FOSS, but if it cuts battery life in half everyone will hate it.
Thanks for working in Firefox. It is so much better than where it was whe Chrome first shipped and I switched to Firefox (and also to DDG thanks to AMP). There are two issue that bug me a lot and I use FF on Mac. The back swipe behavior is not so great and enabling browser.snapshots.limit is buggy. I feel it is also slower rendering and scrolling.
i switched to firefox about two years ago after having been on chrome since 2008 (The very first release). At first i was really impressed with chrome and its speed and stability and UI. But firefox has much improved and is now the privacy candidate. I've also switched to duckduckgo. I'm jumping right off the google hype train because i feel that their business is to mine mine.
Thank you for your great work. For me, security is by far the most important selling point. Firefox is a bit late to the party but not that far behind Chrome, as we can see on the competitions and bug bounties (a Chrome 0day is worth more than a Firefox 0day). Please continue to improve the sandboxing, the website permission model for APIs, the security of extensions (auto reviews, permission model), the binary hardening via compilation options, etc. etc.
Privacy is good but if any website/ISP/government can compromise your browser, what good is it to not send the URLs you visit to Google? Performance for sure is important but that's not a criteria for me. Again, different user profile I guess!
It hasn't been smooth. Chrome is faster and has better dev tools. Ads have caused significant lock ups, to the point where I was forced to install uBlock against my wishes.
Nevertheless I've persisted.
But the thing that continually pushes me towards switching back to Chrome is this bug[1]. It affects every single Mac user I've met, is trivially easy to confirm and yet sits there.
On the positive side, the Firefox syncing works well across machines, so that is nice.
I recently switched from Firefox to Vivaldi due to the upcoming dependency on PulseAudio. Depending on what happens, I may end up switching back; but if I do, I expect support for ALSA either by default, a run-time option or a compile-time switch.
I still prefer Firefox over Chrome or Safari, and push it to everyone I can. Thanks for all the good work! Sometimes it looks like Chrome takes over the web like IE did ten years ago. I hope you can withstand this trend.
Can you make a paid version of Firefox (identical to the free one)? I'd buy if it were for $25, or even give you $50/year subscription to keep you afloat.
Someone on the Firefox subreddit mentioned that one of the ideas which is being considered is offering a privacy-centric VPN service for people who donate. I think that would be a great benefit for subscribers, and a neat way for Mozilla to set Firefox apart from other browsers.
Donations don't replace paying options, that's a grave error. Companies can't "donate" (or it's super difficult) because their accountant will yell at them.
Offer something that can be bought and written down on a proforma.
That's interesting because I've seen plenty of articles over the years stating that they get a ton of money via the search agreements - not to mention the people who donate code. Shouldn't they be self sustaining?
Yahoo! is going belly up so not sure they can rely on search agreements for much longer. It's better if they have some direct small individual customers I think.
"According to the change-of-control term, 9.1 in the agreement, Mozilla has the right to leave the partnership if — under its sole discretion and in a certain time period — it did not deem the new partner acceptable. And if it did that, even if it struck another search deal, Yahoo is still obligated to pay out annual revenue guarantees of $375 million."
That's correct. When you say "self-sustaining", do you mean from direct user donations or paid services (like the built-in VPN example), instead of "selling eyeballs" to Google or Yahoo? There is discussion about creating a Mozilla membership program and what benefits could be offered.
Every time I try to use Firefox, I feel driven away by the web developer tools. I can't exactly pinpoint what makes me unease, I don't think that's only about habits, it feels like the FF dark background makes them harder to read or the font is too big. I'm talking about quite simple usecases: Browsing the DOM and CSS, reading warnings in the JS console, reading Ajax requests. Have you ever tried to compare the ergonomics of the dev tools between Chrome and FF? Do most people like FF's current dev tools?
I like Firebug much more than the native dev tools, I think it has a better UI/UX. They are merging now. Firebug was one of the reasons I was using Firefox so I hope they keep the best parts of the two tools.
I don't use Chrome much so I can't really tell how good it is for developers. If its dev tools are similar to the ones in Opera (same engine) they look closer to Firebug than to FF dev tools.
I also decided to use Firefox again recently. There are some slight annoyances, but this time instead of complaining about it I decided to get the source code and tinker with it. Building Firefox from source is surprisingly very easy. I think Mozilla did a great job making the source code and the build process accessible for developers not familiar with Firefox internals like me.
I'm in the same boat. I got sick of chrome's annoying scaling problems and switched back to firefox after many years. I like that firefox actually gives you a choice about everything, unlike chrome (flash will never touch my system ever again). Additionally, nightly is smoother than chrome for me. Once the nightly improvements hit stable, I'm going to start recommending Firefox to my non tech savy family members again.
If you're going to start recommending software and hardware to your friends and family then please support them when they run into problems and help them revert to their original choice when they decide to switch back.
One thing to note - Nightly is compiled with certain debugging flags enabled, whereas Developer Edition is not. There is a slight performance hit, which is not always noticeable, but I mention it in case anybody tries Nightly and finds it slow.
please explain how they sell personal information, as far as I know.. they allow companies to target attributes in aggregate and you may see an ad based on your behaviors. No company actually receives your personal information
If an advertiser sets up a campaign targeting people of a certain age range, location, sexual orientation, and earnings bracket, then when you click on the ad, the advertiser knows all these things about you.
Yes they are, they are offering the information they have about their users to their advertisers. If its bad or good is a debate for another time. But the fact is you are the product, your information is the product they are selling.
Citation from Google: "We try to show you useful ads by using data collected from your devices, including your searches and location, websites and apps you have used, videos and ads you have seen, and personal information you have given us, such as your age range, gender, and topics of interest."
You made me reinstall FF Nightly after some years of using Chrome. Must say, the speed is so much better than it used to be. I think I will try switch to FF entirely.
But I gave up after trying repeatedly, and unsuccessfully, to force-enable hardware acceleration and bypass their 'video card blacklist'.
From what I understand they check driver versions in a couple places on Windows, and disable hw acc. if the version is lower than X, or the versions they get, say from registry and dll's, are different, mismatch. Thing is, the matter is quite complicated on dual-gpu laptops (intel+dedicated) since manufacturers give us all kinds of custom drivers. Firefox will try to find a driver version, it won't find anything from Intel or AMD/NVidia, and it will default to software rendering.
As a user I don't have the luxury to simply 'Update my graphics drivers', I have to live with whatever custom software I got from the manufacturer.
I'm curious why you'd be opposed to throttling background tabs. I could see it being a problem if it interfered with, for example, playback from things like soundcloud, but I'd also consider that a bug. Other than that, it seems like it would be a win in battery life for people on laptops. Maybe there's some use case I'm not thinking of or not aware of though.
Hasn't Safari been doing something like throttling background tabs for a while? I don't really know the details of how Safari and Chrome's new feature compares, but you may be equally unhappy with Safari in that respect.
I'm with you on the other stuff though, I always disable Flash, NaCl and DRM plugins. I also hate the forced Material Design UI. Having a Mac native app look like Android is visually jarring.
I tried switching to Safari, Firefox, and Brave a few months ago because I was unhappy with the direction Chrome was going, but ultimately ended up coming back to Chrome. The big things that brought me back: Safari isn't supported by Privacy Badger. With Brave, it was that if you open a new window and start typing immediately, it would lose the first few keystrokes... though I just downloaded the latest, and that seems to be fixed now. I don't remember off hand what stopped me from using Firefox
That was a bad Brave bug, but we fixed it. Please feel free to try us again and give feedback (I have open DM on twitter). Thanks, and sorry about that bug!
This bug is about Chrome 57, not Chromium. Have you actually been manually disabling widevine all along? Because I use Chromium on Arch and I have to manually enable widevine to play Netflix. If you don't like Google's vision of how Chromium should be configured by default, why not just use Chromium in the first place?
Yes I have been disabling widevine, nacl and flash in chrome:plugins since chrome was in its teens. At that time there used to be even more crap there, stuff like adobe and picasa and whatnot.
I'm considering Chromium too, but if I'm going to migrate, I might as well migrate to something like Safari which has the added benefit of cross device integration (ios-macos). Sticking with chromium likely signals a vote for chrome in browser stats that I would rather not do. Firefox would have been the ideal pick had it not been for multiple very dubious choices in their history like bundling hello and pocket.
Just switch to Firefox. This kind of stuff is why we need plurality in the browser space, and Mozilla is one of the few companies that takes - or has to take - a pro-user stance on many issues.
I'm curious about your train of thought, how is Firefox and Mozilla are pro-user? And let's not take their PR into account, just facts of what they actually did so differently from Google to make them noticeably pro-user in your opinion.
It's easy to disable the little bit of surveillance they do to make money. Whereas, Google keeps surveilling people in more ways over time in their various platforms. The difference probably comes from whether users or advertisers are primary focus.
What made you think Firefox and Mozilla are so anti-user? I didn't get many claims along those lines back when I was evaluating them.
Maybe it's just me being silly, over-critical and nitpickng minor things, but... Various design decisions didn't feel right to me.
Few examples that come to mind:
- Sync is just terrible. It's insecure, awfully overengineered, poorly documented proprietary mess.
- Mandatory addon signing was understandable, but still didn't felt exactly right. Probably because I'm a luddite don't fancy those walled garden app stores, and that somehow resembled those.
- Moving to WebExtensions-only is going to hurt badly. AFAIK it was announced they'll soon stop signing new non-WE addons for Firefox 53 (which is quite real soon). I don't want a Chromium clone with another rendering engine and Firefox Account instead of Google.
- DRM support. Browser market share, user requests, etc, but still - thanks for helping that cancer spread more freely.
- Test Pilot instead of just publishing an experimental addons on AMO feels weird. Especially the fact that those addons self-uninstall after someone says the experiment's over. Well, it's Mozilla work and it's their decision how they want things to be, but it just doesn't feel right to me. FLOSS used to be somehow... different in days back there.
- Pocket integration was sort of controversial. I've used Pocket's extension, but it surely didn't belong to the browser core.
- Some UIs were dumbed down to the extent of being barely usable. Some comments blame Chrome hiding TLS info here, but Mozilla had pioneered that (although to a lesser extent).
I'm about to self host sync myself so I'm interested in your claim about it being insecure. I won't sync passwords or form fields, because I don't store them in the browser. Only browsing history and maybe tabs, but for sure I don't want to send all my desktop tabs to my phone. Most of them won't make any sense there.
In short, the crypto itself looks okay (I'm not a cryptographer!), but the auth form you see is served over the network. It doesn't send password back - just passes it to browser runtime, so it would run KDFs on it - but you won't know what you'll get served next time.
As for the protocol - there is WebDAV. Seriously. It's functionally equivalent to what their blob storage does, except simpler, vendor independent, and doesn't mandate any particular auth schemes. Oh, and their auth protocols are total mess (BrowserID, HAWK _and_ OAuth - three different protocols are necessary to just talk to the damn system!). I get it, three teams were working on different pieces (accounts, tokenserver and the actual sync blob storage), but they could've at least tried to not invent that up, but use something standard. Or, at the very least, settle on a single protocol.
I'm saying this as someone who had spend some time reading docs and reversed engineering the rest, and had implemented almost-working (sans some undocumented oddities and a few lazy omissions leading to glitches, but it mostly works-for-me) standalone sync1.5 server - same functionality could've been done in a much more saner and simpler way.
There's a Chromium bug that goes into more details, but the basic idea was that they didn't want the cert details button to be in the Page Info pop up, but didn't have a new place to put it. In Chrome 56, the SSL icon now shows "Secure" or "Not Secure", so more users will be clicking on Page Info, and they didn't like technical details in that pane. There's a new bug to find a better place for certificate details in Chrome 57.
>I noticed that Chrome had moved the SSL details dialog away from the lock dropdown too.
I have no idea about the rationale but here's where SSL details reside now... it's insane what they have done:
>First, get into Developer tools. You can do this via Chrome’s upper-right three vertical dots, then click “More tools” — then “Developer tools” — or on many systems you can just press the F12 button.
>But wait, there’s still more (yeah, Google took a simple click in an intuitive place and replaced it with a bunch of clicks scattered around).
>Once the panel opens, look up at its top. If you don’t see the word “Security” already, click on the “>>” to the right of “Console” — then look down the list that appears and click on “Security” — which will open the Security panel with all of the certificate-related goodies. When you’re done there, click the big “X” in the upper right of the panel to return to normal browser operations.
Safari has done tab throttling for years. Things like that are why Chrome used to cut battery life in half compared to Safari. I don't understand people who complain about something that's essentially a feature, not a problem.
Chrome's proposed throttling is very aggressive (something like 10 milliseconds of processing allowed per second). I'm sure with some tuning it could be less controversial.
Eh, maybe off of all google services, but the barrier from switching of the consumer version of chrome is frictionless. Uprooting you're whole life and moving to canada is a non-trivial commitment that it would be difficult to get the numbers neccesaary to have an impact. Moving to something like Brave not only limits googles potential developers & information flow, but harms there cash cow:ad revenue.
That said, I like Canada a lot and have spent a lot of time there. It is quite nice
I'm hoping some of the new crazy changes won't be implemented, because switching is a lot of hassle (bookmarks, saved passwords, saved per-site preferences, extensions, cookies and localstorage data are all things I'd like to keep).
It's hard to reconsider firefox or safari because they are also very much anti-user. Maybe a fork of firefox/chromium without all that anti-user stuff would be better, with plugins only click-to-play, with no autoplay for animations, with a quick way to toggle javascript in a tab, etc. But there is no such fork.
Could you elaborate on some anti-user stuff that Firefox and Safari do? I'd like to know. I do consider Firefox comparatively more open than Chrome though, so I may have my biases.
I'm Firefox user, but I consider it the 'lesser evil', not the only good guy. The anti-user stuff in Firefox is:
- forced bundling of pocket/readability,
- forced bundling of hello,
- forced and heavyweight extension signing (I understand them wanting to sign extensions in user profiles; but the extensions installed by root should not need that - this killed the config extension for FreeIPA, for example),
- I understand their desire to change their extension model, but killing many popular extensions is not a way. How it was communicated was a great example of hubris,
- DRM support should not have been the default choice,
- but MSE WebM with VP8 and VP9 still doesn't work,
- the Australis redesign was controversial.
(And from personal interest standpoint: still no Web Components support? still no WebP?)
Those are really great points you brought up. They went to the back of my head after all these years.
I think they dropped Hello altogether.
Extension signing is not forced though, can be toggled from about:config.
In my opinion WebExtensions is a last ditch attempt to gain users and devs. If FF abandons XUL, WebExtensions will be the ONLY STANDARD way to write extensions. But in their defense there are active discussions about adding new APIs to enable more powerful integrations.
DRM is off by default on fresh installs, AFAIK and is user toggleable in Preferences unlike being hardcoded in Chrome and Edge.
Firefox no longer includes Hello. Hello only used standard WebRTC APIs, so anyone could create a comparable service as a regular website, such as Talky.io.
Extension signing can be disabled in about:config, but I think the pref ("xpinstall.signatures.required") only works in the Firefox Nightly and Developer Edition channels.
EME DRM is enabled by default in Firefox, but it won't work until the DRM blob (Google's Widevine CDM DLL) is automatically downloaded about one minute after Firefox launches. Here are instructions for disabling EME DRM and uninstalling the Widevine CDM:
> Extension signing is not forced though, can be toggled from about:config.
Unfortunately that is no longer true. Their argument was that users could be tricked to disable it, or run extensions that disable it. So to cater to the lowest common denominator user they completely removed the option for all users of Firefox.
The alternatives are the non-Firefox (unbranded) Firefox builds or using an alpha version of Firefox (developer version).
Thanks for the information. I've been running only Nightly for over a year now and hence my misinformation. That logic does seem sound though but would be better implemented if any change to any preference that's not visible in the Preferences section raised a notification about it. I think I'll add this to Bugzilla.
Not OP, but I tried both FF and Safari recently hoping they would reduce the footprint. FF ended up being way too slow. I stopped using Safari after a few minutes because they decided to not show favicons on tabs anymore and you can't enable it at all. How is anybody supposed to find the right one of the 15-20 tabs that are open. Insanity!
i agree; no tab favicons is upsetting. they do come back if you pin tabs (so only the icon is visible), and i'd say apple wants you to do the "zoom out beyond maximum" gesture to show all pages for navigation. i don't really use tabs when i have many open any more, because they go off the edge of the screen pretty quickly anyway.
safari is also incredibly fast compared to chrome and ff. i love ff, but since starting to use safari i honestly don't think i could switch back
It's simple, really, all of them prioritize the ability to show ads over user experience, privacy and security. For example, animations hurt user experience pretty much all the time, and yet they are not click-to-play.
Vivaldi is worth taking a look at. It's headed up by the former Opera CEO and is targeted at the more savvy, developer-type user. I think their tagline is "a browser for our friends".
It's not perfect, but I've found myself having to open up Chrome as a backup less and less often. At this point I think it's been about a month since I've needed Chrome.
I just tried Vivaldi for the second time (migrating from Chrome).
This was my experience...
Hmm, a WebGL application I'm developing isn't receiving my right-click gestures. I guess that's the mouse gesture functionality I remember from Opera. No worries, I'll just change the bindings...
I opened the settings and found the mouse gesture settings easily. Hmm, okay there's this bind to Alt checkbox, I'll enable that.
Back in my WebGL app... Hrm, still not working. On closer inspection I see the Alt binding only works for trackpads. Okay, fair enough... I guess. I'll just change from right-click to middle mouse, or something... Wait, no options for that. Okay, fine I'll just disable the darn thing.
Now my WebGL app works great. Yay!
Hmmm, but I feel like I'm not getting the proper Vivaldi experience without those gestures. I know! Vivaldi is open source, I'll just implement some configuration options myself...
Wait, they only offer tarballs? How the heck do I submit pull requests? Presumably I can't. Alright, I’ll email them asking if they plan to accept pull requests any time in the near future.
Hmm, their contact form keeps failing with cryptic error messages, but never explaining what I did wrong.
Alright, I’ll go to their bug tracker. Okay, I need to sign up. Wait... what? Their bug tracker registration form is also failing but not explaining why.
Okay, to be fair, by this point I'm guessing it's because I'm using an addition (plus) character in my email address. Not supporting that is poor, but not informing me that the email address field is the issue is totally unacceptable.
Alright, I'm far too annoyed at this point. If Vivaldi can't manage an open source project, can't write a working contact form and can't write a working sign-up form then I have very little evidence to suggest they can write a decent browser.
>Hmm, their contact form keeps failing with cryptic error messages, but never explaining what I did wrong.
it used to barf helpful error messages (including info it should give like internal network details), I reported it and got a thank you email ... and immediately got banned from their forums :)
I'm actually trying Brave now and am quite impressed. It's certainly got some problems (viewing SSL certificate is broken - https://github.com/brave/browser-laptop/issues/2611). However, it's pretty slick and the fact it's a real open source browser is quite promising.
I second this choice. So far Vivaldi has had very frequent updates and the navigational GUI aspect of the browser have the swiss army knife feel to it (not quite up to the par of Opera 12.x days but getting there quickly).
Vivaldi's native tab management far surpasses both Chrome and Firefox. Likewise native mouse gestures work in every place including the speed dial (unlike plugins which attempt to do so on other browsers).
The only thing I miss is tab synchronisation across mobile and desktop devices.
Do you have a source for that?
I know source tarballs are available at https://vivaldi.com/source/ but I was under the impression that these consist only of the open source parts from upstream (Chromium).
Have you or someone looked through them to confirm they contain all of Vivaldi? Do they state this somewhere? Can you compile Vivaldi from them?
I'm not that concerned with not being able to distribute modified versions (freedom 3) since I am unlikely to have the time to contribute quality code unlike Benjamin above ( https://news.ycombinator.com/item?id=13514415#13517798 )
But I do want to be able to compile it myself and tweak & hack it as I like (freedom 1). (We already have freedom 0 and 2).
Of course I would prefer to have freedom 3 too, so that in case I have the time to do more than hacks I could actually contribute.
Chrome 56 is supposed to make Flash click-to-play on sites that the user doesn't frequent ("site engagement"). The engagement threshold will ramp up through 2017 until Flash is click-to-play by default on all sites.
I used to disable flash in chrome://plugins/ but starting in Chrome 56 it keeps re-enabling it there (and all the other plugins) on every launch. I still have "click-to-play-flash" set, but the result is that instead of being served a html5 player, I'm being served a blocked "click-to-play" flash player.
That, plus the "(and all the other plugins)" really signals that this is unintended. Something probably isn't reading or writing the setting to the right place, and it's just being enabled by default.
I just updated from Chrome 55 to 56 and saw the same thing in chrome://plugins. I guess Google's position is that click-to-play Flash is the same as disabled Flash because the plugin doesn't run without user action.
I've found edge to just be an auto-updated version of IE. Microsoft still thinks they're special, so they don't have to implement some functionality all other browsers do. I would highly prefer all of my users to be on Firefox or Chrome, or else I still end up writing special code for 'Internet Edge'.
> "or else I still end up writing special code for 'Internet Edge'"
I really haven't experienced this at all. Up until about a month ago when they pushed a big update, Safari has been my problem child browser. IE Edge has been really solid with conformance. Looking at compliance to the html5 spec, edge is neck and neck with firefox: https://html5test.com/results/desktop.html
Disclaimer: I used to work for ms, but not on edge.
As far as I know, Edge is a little slow to adopt new stuff, perhaps because they're afraid of implementing something and having everyone scream "Embrace, Extend, Extinguish!" at them.
The specific cases I've had are with how SVG's are rendered and that manipulating them with css does not work in-document like it does in Chrome or Firefox.
The bugs page itself isn't very insightful, but if you look at the issues posted, you'l see that there is significantly less conversation or involvement of people into the problems. By itself, Edge not being open source should make it unfit for usage, but they also don't involve themselves nearly as much in the web community. This is one big factor why chrome gets more vulnerability reports than Edge.
For Flash there is actually a solution. On chrome://flags you can look for chrome://flags/#prefer-html-over-flash and set it to Enabled. Afterwards it is like that Flash is disabled. No idea for Widevine except of course using Chromium instead of Chrome.
What if Firefox or Safari also follow, as they did with a lot of previously unwanted changes?
"I'll be seriously reconsidering IE before the next Firefox/Safari release"?
Browser "choice" has always been more an illusion than anything else. One or another may be a little further ahead than the others but they all appear to be heading down the locked-down, unconfigurable, opaque, user-hostile "consume and don't oppose" path.
If you want to get away from all that, then I suggest looking into the more obscure alternative browsers like Dillo, NetSurf, etc.
I'd argue that companies don't care about anything as they are not sentient. The culture and morals of a company is an aggregate of the morals of the people that operate and make up these companies, so this "companies care for shareholders" being a free ticket to doing immoral things does not get anyone off the hook (morally speaking). Of course life is complex, things aren't black and white, etc. etc. but I still believe business can be successful without being evil (whether it was originally intended as marketing message or not)
I keep trying to go back to Firefox but it's so slow and janky compared to chrome (even with electrolysis enabled) I switch back within a day. Will probably see if there are any good chromium builds out there though.
I've switched to Safari a few months ago already. Looks like I won't be switching back any time soon.
Thinks I like: improved battery life, fast, was able to disable video autoplay in Debug menu, no Flash at all, great integration with iOS, dev tools are actually good (I heard they would be bad, but nope, they're good).
Thinks I don't like: no favicons on tabs, Safari does not have profiles (I used a separate one for Facebook), Chrome has more extensions (but happy with Ghostery and Adguard so far).
Normal Firefox builds also provide a checkbox under the Content settings to disable it. As far as I recall, I've never touched the setting, but it's disabled here.
You can technically re-enable EME in the "EME-free" Firefox builds by setting the "media.eme.enabled" pref in about:config. The term "EME-free" is a bit of misnomer. The "EME-free" builds have two differences from regular Firefox builds: the Widevine CDM downloader is disabled and the "Play DRM content" setting checkbox is hidden.
It supports usage of EME related API which sits around the blob. Having no such support altogether (cut out at build time), would make the blob irrelevant to begin with.
Honestly? It makes sense and I see nothing wrong with it.
Chrome is Google's opinionated version of Chromium, with the average user in mind.
Everyone else should be using Chromium. There's nothing wrong or lacking in it now that the PDF module has been open sourced. If one wants Flash or Widevine, those can be installed separately.
The average user doesn't need to nor doesn't want to know about the existence of Widevine. And if he's told about it, he wouldn't care about it, he just wants to watch Netflix.
Talking about use cases when it comes to widely used software is a null argument in most contexts. It was previously disablable, preventing that now is just taking features away without a benefit. Its automatically enabled for all the people that don't know about it, but need it anyway.
Users who don't understand it, disable it either accidentally, or based in bad advice, then don't know why Netflix doesn't work, probably in 2 years time when they long since forgot editing it.
As the years go by, I learn every config option is going to lead to some set of users getting confused and upset.
So some parties pushing hard for DRM has nothing to do with it, whatsoever? It's all about preemptively avoiding horrible user pain and incredible customer support costs, correct? Then explain the million options left over in chrome://flags/ ?
Oh, snap. Looks like that explanation doesn't even begin to make sense, and it's hilarious how the "average user", in their absence, gets used as an excuse to implement outright hostile things, but only then. When Google Reader shuts down or other things are done nobody likes, which not one person welcomes, that doesn't matter, it's only when it's about things no user wants but companies want to push when they suddenly do.
The bug report mentions real problems caused by this change. Are there similar reports about problems that were caused by that option being available, or is that all just theoretical?
> As the years go by, I learn every config option is going to lead to some set of users getting confused and upset.
So? Remove all config options, or simply do good work and let the remaining complainers complain? Why not take the person who filed the bug report and is "confused and upset" for very good reasons they can argue for more seriously than some random hypothetical person?
Then you put it somewhere that it can't be easily accessed by the unknowing. Which, IIRC, was already the case--there's no menu option for "chrome://plugins".
Making idiot-proofing your top design priority "for the user's own good" is a really bad idea that invariably results in a less functional product for no substantial benefit. If people are getting confused and messing with things they didn't mean to, the solution is better interface design, not axing useful features.
Just tell me where in Chromium to disable resetting user profile when it detects tampering - so I am able to migrate a profile just by copying and I will move to Chromium in a second.
The not being able to copy your profile between machines is terrible terrible decision. It detects "tampering" and nukes everything :(
(note that the 'roaming location' could still just be a folder on your local drive.)
> If you enable this setting, the settings stored in Google Chrome profiles like bookmarks, autofill data, passwords, etc. will also be written to a file stored in the Roaming user profile folder or a location specified by the Administrator through the Google Chrome policy.
Seeing you get downvoted for asking genuine questions to a technical community reminds me that I need to find a new one. Stack Overflow 2.0, here we come.
No question now what has happened to the faces of the pigs. The creatures outside looked from pig to man, and from man to pig, and from pig to man again: but already it was impossible to say which was which.
Well I don't know about 0.5%, but a small minority? Absolutely. Most people who interact with computers don't know how to use them. And out of the people who do know how to use it, an even smaller percentage would care about using Chromium over Chrome.
That's interesting, because Brave has Widevine off by default and includes this notice in the preference UX for enabling it:
---
Google Widevine Support
Google Widevine is a piece of Digital Rights Management (DRM) code that we at Brave Software do not own and cannot inspect. The Google Widevine code is loaded from Google servers, not from our servers. It is loaded only when you enable this option. We discourage the use of DRM, but we respect user choice and acknowledge that some Brave users would like to use services that require it. [info link to https://www.eff.org/issues/drm]
By installing this extension, you are agreeing to the Google Widevine Terms of Use. You agree that Brave is not responsible for any damages or losses in connection with your use of Google Widevine. [info link to https://www.google.com/policies/terms/]
Enable Google Widevine support [button label]
---
You can view this as a DRM mandate canary if you like. It's still in Brave 0.13.0. That's all I have to say for now.
While I understand the content producers / owners stance on DRM, I've never once found a widevine or any other DRM'd show or movie that hasn't been available via piracy. All it seems to do is things like this - degrade the legal users' experience. Even though I have amazon prime and netflix accounts, I still download all of my shows. It's just a better experience.
One question I have is this: are there any examples of cases where DRM on widely distributed media has actually worked?
Every drm implementation has successfully sold engineering hours to big media.
But no, if anything, annecdotally it drives me to piracy after being unable to use my purchase on my projector.
You think DRM hasn't worked, but it has worked perfectly fine for its intended purpose. The purpose of DRM is not to control the content, it's to control the channel. DRM on DVD's, even though trivially to break and broken since the beginning, has been used quite effectively to control DVD players. Anyone who makes a DVD player without a license can and will be sued, meaning you still can't skip ads on most DVD players. Similarly, DRM in browsers is a means to control browsers, so that they don't become any more piracy-friendly, and in time it may be used as a weapon to lock them down.
The main reason for DRM is old people in positions of power who don't get computers. Locking your door helps against physical theft, so why not do "the same" for digital goods? DRM is a cargo cult.
Firefox also uses Google's Widevine CDM. I'm curious if the HDMI monitor flashes are an issue with Chrome's integration with Widevine or in Widevine itself (and thus also affecting Firefox).
We are all that boiling frog [1]. Google, and others, introduced a new business tactic that is even been followed by Microsoft (in reverse mode). They push all kind of open source and free stuff and slowly, very slowly, they move to old monopolies tactics. Most locked people will not change to another browser just because they added a new "tiny" portion of code which is not political correct.
Firefox' non-developer version is also getting more locked down. I had to change to it from the regular version when I couldn't use the extension I have written for myself anymore, because Mozilla removed the option to install unsigned extensions.
Is there something like an "overlay" FUSE fs which pretend to write what you give it but then just discards what you give it and returns the actual file when you attempt to read?
To defeat checks right after writes it could return what you wrote once( or a configurable number of times) but after that just give you the original file when you read it.
Is there a technical reason that this can't simply be disabled with a feature flag like many of Chrome's other features? It would avoid the whole issue.
Also reading this bug report makes me realize this is probably what was going on when I had similar strange issues happen with chrome and tabs and running stuff through HDMI splitters for KVM etc.
There isn't a technical reason it shouldn't be able to be implemented. Mostly it's a matter of getting the UI preference hooked up; it looks like they've already done something similar with the Flash plugin for users which wish to disable Flash, and this is a similar case.
The reality of the Flash situation is quite messy, with a ton of websites relying on nonstandard behavior and checks to see if Flash is even installed, and Google seems to have missed the use case for disabling the plugin entirely, rather than just blocking it. This seems like a similar oversight.
I'm torn here, as I see what Google is trying to accomplish with their settings spread. Mostly, the browser has chosen quite sensible defaults for the bulk of its users that needs the web to JustWork(tm) and they're hesitant to add extra checkboxes to avoid confusing folks. But with the politically charged nature of DRM, as well as the technical issues presented here (HDMI / HDCP is notoriously finnicky and the user should have more control over when it's enabled) I think a checkbox to disable the plugin entirely, similar to Flash, is the best solution.
It's really a question of whether flexibility or UI performance is a higher priority for you. If you want incredible customization options, go to Firefox. If you want Chrome's UI performance, stick to Chromium.
Surprised that this is the straw and it wasn't the hotwording binary that was pulled in to listen for "ok, google" without anyone's knowledge or permission.
I'd be OK with Edge except that in Win10, Edge gets subsumed into "System" in the volume mixer. You can't lower the volume on the Edge program, like you can on Firefox, Chrome, or on previous versions of IE.
In short, when ads or background music start blasting, you can either mute your entire system, or you're stuck with them - can't mute Edge specifically.
Edge is getting pretty good, it's UI performance is as good or better than Chrome now. BUT, if you're leaving Chrome because they include proprietary binaries, moving to Edge isn't an improvement there.
Most technical people are vocally opposed to it and don't want to leave a single trace in a single server log contributing to the idea that it is widely accepted and available.
A browser not only implementing DRM, but leaving you no way to disable it is seriously anti-user.
HTML has always been an open standard. Every part has been open. Just by reading the spec, you could implement a fully functional web-browser. There were no secrets bits or black boxes.
So people went ahead did just that. They made new and exciting web-browsers, with new and novel features, on lots and lots of platforms. And that's why the web was a success: It was open to use by people. It was open for new clients. Nothing was locked down.
With DRM in the HTML spec comes a big, black box: You can no longer implement a fully compliant web browser from the spec alone. You'll need closed-source blobs from DRM vendors, if they are willing to provide them to you, and if they bother about compatibility with your browser, your OS, not to mention your HW architecture.
The web used to be 100% open and 100% cross-platform. The single move of adding DRM instead makes it a platform which now will only be 100% "compliant" in browsers blessed by DRM vendors, on OSes blessed by DRM vendors, on HW architectures which the DRM-vendors has bothered to implement DRM for.
It's a complete turn-around. A 100% FOSS web-browser can no longer be made.
It basically has put the 3 top DRM-vendors (Apple, Google, MS) in 100% control of which people, and on which operating systems, can get to have a full web experience.
I guess I don't need to argue why this is bad. You can take it from here, right?
From a technical and standards point of view, indeed it's not worse than NPAPI.You could argue that without Flash and other plugins you could not get the full web experience in the past. And therefore, in terms of browsers, OS's and HW platforms were at the mercy of Adobe, Microsoft, etc. .
But as I argued in my other response, EMEs are worse because they send the wrong message about DRM.
Ever since HTML5 you can embed media in HTML pages without using plugins(Flash/Silverlight/etc.). EME refers to DRM for that media content.
By definition, this can only be implemented with a user hostile blob.
For all those who do not use Netflix and other similar services the point of disabling EME is to:
1.prevent the very presence of that blob on the computer (There is no way of knowing what that blob does. For all we know it may keep tabs on what you watch for advertising/spying purposes or even unmask your Tor traffic) and
2.to report to servers that "this browser does not support media with DRM. Require DRM for your content and you will loose this user."
It is mostly so that places like YouTube/Dailymotion/etc. don't get any ideas about requiring DRM for their content.
Of course, by disabling it you will not be able to use platforms that require.
EMEs are both better and worse than than previous alternative plugins.
They are better because they are sand boxed and their capabilities limited. So less chances of 3'rd party security issues (of course the blob can itself be malicious).
On the other hand by being pre-enabled it sends the wrong message. It sends the message that DRM is ok. It sends the message that browser makers are ok with DRM. It sends the message that people are ok with DRM without them ever being asked about it. With plugins, the content distributor was on his own when trying to convince users to install DRM on their computers.
DRM is wrong for many reasons I will not expand upon here.
Mozilla at least is not ok with DRM but they succumbed to market pressure (browser that does not support Netflix bleeds users). There is a conspiracy theory that they sold out and are ok with DRM but I find it hard to believe. It is more likely they are vary bad at communicating.
And people are not ok with it as demonstrated by the failure of DRM in the audio industry.
If you do not want platforms like Youtube to decide for you what screen or projector you can use to watch the content they host, one of the signals you can send is to disable EMEs in your browser. Chrome now makes that impossible.
Replace this sentence with your preferred profanities addressed towards Google.
I strongly stand behind the complain vs DRM/forcing HDCP/etc, but:
What's the big deal with background throttling? On a day to day basis, how many scenarios are there where you need a background tab using CPU and doing page updates?
IMHO, it makes sense for background tabs to get throttled to save power, since 99.9% of the times, you don't need the updates (I'd say 100%, but I'm sure there'll be at least ONE counter-example).
I currently use Firefox with JS disabled, for casual browsing, and Min for anything with video or JS https://minbrowser.github.io/min/ - finally, after years, I can use a system with less than 8G of RAM.
This browser is based on Electron - does Electron also bundle this abomination of DRM plugin?
I designate a separate memory control group for the browser, and set both `memory.limit_in_bytes` and `memory.memsw.limit_in_bytes` to 1.5 GB. Then the browser is launched within that group.
The tools are the standard cgcreate and cgexec.
When the browser depletes all its memory allowance, I use killall to kill the tab processes leaving only the chrome running. I refresh the tab I want and carry on.
Might seem convoluted, but works extremely well in practice.
edit: It should be noted that I currently use chromium. I intend to switch to firefox as soon as I can port this workflow to it or otherwise achieve a similar result.
I need images, tabs, tabgroups. The developer tools are nice to have. And I'm just used to it. It sits just below 500M of RAM, with about a hundred tabs. I can deal with that.
I don't think that works. As per https://bugs.chromium.org/p/chromium/issues/detail?id=624128... Widevine is bundled and setting this policy just disables the updates. Also it seems that this setting disables updates for all components, most notably Flash. While I don't want Widevine (enabled) on my machine at all, I do want Flash updated automatically for the rare times I have to use it.
Funny enough in Firefox Widevine was default set to Always Activate on my machine. Not sure how long it's been that way. There was no "ask to activate" option. I was however able to set to "never activate". Let's see how long before this becomes annoying.
thanks... thinking about this more, I don't even recall installing Widevine at any point in the past. Perhaps bundled with FF? Fortunately, I never stream Netflix / AP to my computers.
Sorry but can someone explain the problem. I'm very familiar with widevine, hls / hlse, and other various DRM type solutions. To me it appears a lot of uninformed answers or something that's completely blown out of proportion. So looking for someone to explain ?
I wrote the bug report that this thread is about. I think my reasons for arguing there should be a way to disable Widevine are very clear.
To sum it up again:
- Widevine DRM has usability issues (mostly because of HDCP) ad well as stability issues, as outlined in the bug report.
- I am politically opposed to HTML EME and I don't want it enabled in my browser. I would like it better if it was unavailable to begin with.
- From a security perspective, allowing every web site that I allow Javascript on to talk to some dubious blob behind my back is the last thing I want.
Chrome similarly used to honor the /etc/hosts file, first by default, then via setting. Now it always uses Google's DNS, no workarounds. I cant create localhost aliases for dev VMs nor can I block distracting sites. I've switched back to firefox.
Ironically, this "feature" prevented me from getting good access to Google's own services. I was only getting routed to a saturated Google datacenter (the NUQ range, e.g. nuq04s01-in-f1.1e100.net). When I just blocked all those servers, it detected that and sent me to another range of servers (LAX) that worked much faster... but I used Firefox every time I wanted to open Google Maps because that trick didn't work from Chrome!
Robert O'Callahan said that, but then he left. I wish he had not said it, and so do many other heavy hitters who are or were at Mozilla.
It makes Firefox sound like a pity-f$#k, or a sin tax. At worst, a feel-good gesture that has unintended consequences.
If you like Firefox, use it! If you like Brave, either for the speed and safety of our 3rd party ad/tracker blocking that's on by default; or for the post-browser, user-data-sovereignty economics we're building to sustain; then use Brave. If you like Vivaldi, use it. And so on.
But don't make a cult out of one particular browser. Open source is not an issue. FYI, Brave is all open source.
Sadly, I think it's popular demand that is changing the nature of the Web. Google is just taking advantage of the situation in ways that benefit themselves, as is almost everyone else in the modern Web ecosystem.
There is no such thing as popular demand, only what major web companies think will benefit their bottom line. They just supply what they want to supply and invent demand to justify it post facto.
Nobody outside of the MAFIAA demanded a flickering, crashy, proprietary DRM module for the web. But since that's what Google can supply at this time, they would like all of us to pretend that there's some sort of popular demand for it.
All these players add so many layers of deliberately misleading interpretation and assumptions on top of what ordinary users might actually want, it's impossible to figure out which "demands" are authentic and which ones are mere illusions anymore.
The popular demand isn't for DRM, it's for being able to watch movies and TV shows through online streaming instead of going out to the cinema or waiting for something to be on TV.
The people making those movies and TV shows are only willing to let services put them online if those services offer certain safeguards to prevent flagrant abuse.
Hence, we get DRM in online streaming systems. People who object for some reason can either disable it or use a different browser, but the price is that they don't get to stream the content. Meanwhile, most people don't know or care what DRM is or how it works, as long as they can binge-watch their favourite drama or enjoy a new movie with their family on a Saturday night.
Of course it does. DRM obviously doesn't prevent every abuse, but the idea that a modern DRM system doesn't prevent any casual copying at all is as absurd as the idea that every copy is a lost sale when calculating damages.
Casual copying has become pretty much irrelevant, though. This isn't the 90s any more; now one person releases a torrent and thousands of people end up downloading it. When was the last time you copied some media or a piece of software from someone, even for things with no copy protection that are legal to copy? I don't even bother to copy stuff between my own computers, instead I just download it again...
To prevent piracy you'd need to stop the people who are experts at breaking copy protection (which has been a spectacular failure so far) because everyone else is just downloading their stuff and completely avoiding copy protection.
Casual copying has become pretty much irrelevant, though.
This misconception seems to fuel a lot of the anti-DRM arguments, but I'm afraid it's a misconception all the same.
For one thing, modern online and hardware-based copy protection systems can actually be quite effective. Contrary to popular wisdom among geeks, they don't all get cracked automatically within five minutes. Illegal rips of films or TV shows mostly originate from other sources, not the online streaming services.
As for software, take a look at what is actually being copied in terms of, say, the latest games. If the copy protection even takes a few days to crack, for a new AAA title that is going to be the big thing for a month or two, that could be a huge win for the publisher. Remember, we're talking about a target market who are irrational enough to pre-order big name titles, even though there is little if anything in it for them to commit their money before the game is even finished or reviewed. As far as these people are concerned, they must have their new shiny on day one or the world will end, and if they can't get it with a quick crack, a lot of them are going to pay for it.
Another factor that is often overlooked is that most creative content isn't Hollywood blockbusters or AAA games. A lot of creative content is aimed at much smaller, niche markets. There's far less incentive for crackers to spend a lot of time breaking any protections on that content, but the damage done through infringement can be worse because a lot of this stuff is created by individuals or small teams and usually it isn't super-profitable in the first place.
A second factor that often gets overlooked is that a lot of people simply don't realise when copying and sharing content is not permitted or legal. Most people aren't computer experts or IP lawyers. If you don't provide some sort of technical barrier, even if it's just a token effort that makes it clear that they're doing something they shouldn't be, plenty of people will copy and share and not even realise they're doing anything wrong. I've even seen messages sent to some of my businesses from people who literally told us (after being kicked for blatantly violating our terms) that if we didn't want that to happen we shouldn't offer content in the standard, DRM-free formats.
To prevent piracy...
Most of the time, trying to prevent 100% of piracy is a futile gesture. But like any other form of security in technology, it's a sliding scale, and some is still better than none.
Copy protection on software like games can be useful. On Netflix? Not at all. It's easy to bypass, and even if it worked perfectly, you just need a cheap HDMI splitter and a capture card. The reason you don't see a lot of rips off Netflix is because Netflix doesn't get a lot of things first, not because the DRM is effective.
As far as technical barriers, recording a stream is tricky enough in the first place. You can't right click save on Netflix, even in the absence of DRM.
I know a lot of people who don't know or care about DRM - just because both Netflix and Amazon aren't really available here (Netflix has maybe 10% of titles, not even House of Cards). However, all these people can and do binge-watch their favorite shows and movies by visiting certain websies that offer convenient HTML5 players, unencrypted downloads and apps for mobile devices and TV boxes. Region-locked content that requires special decoders and hardware still has to compete with relentless piracy.
Google, unlike "everyone else", has the necessary power, market share and resources to make Web a better place (and still make tons of cash), but they chose to become just another "evil" big corp, so yes, in my book, they are to be blamed.
so, it's kind of worrying. I hope this kind of change won't be common among browsers. I'd rather a killswitch and a moment of "ah crap, I have to enable that" than a slew of third-party code enabled at all times.