Hacker News new | past | comments | ask | show | jobs | submit login
Mozilla WebThings (hacks.mozilla.org)
621 points by sohkamyung 33 days ago | hide | past | web | favorite | 153 comments

This is the Mozilla I love. I wish they did more projects like this, it's a shame Firefox OS went away, especially in this world of PWAs.

I do love that this dashboard can even be ran on your router. Also the web UI looks really clean.

Firefox OS has been rebranded as KaiOS, and its eating marketshare with $5 LTE bar and flip phones. Said devices are pretty minimally specced with a Qualcomm 205 and 128MB of Ram, but Mozilla did a great job optimizing for low end devices.

To be clear, KaiOS was not rebranded; it was forked, closed sourced and further developed -- mostly to work with touch-less, feature phones. Mozilla is neither maintaining nor associated with it in any way.

How could an MPL & GPL licensed project be closed sourced? Mozilla didn't relicense Firefox iirc.

You are correct. The parent is mistaken, or at least exaggerating and at worst libelous.

“KaiOS is based on the Firefox OS open-source project and we are committed to abide by the rules of the applicable open source licenses.” https://support.kaiostech.com/support/solutions/articles/350...

Frankly, that doesn't mean much; the MPL allows one to freely mix open and proprietary files on the same project. Sure, they can't literally close Mozilla's code, but they can still make their forked project mostly proprietary.

In other words, Android is "open source" too. But I still don't have control over my phone.

You can install a plain AOSP and have (almost[1]) full control over your phone though.

[1] almost, because every smartphone needs proprietary drivers to run …

> every smartphone needs proprietary drivers

Free phones are slowly popping up https://puri.sm/products/librem-5/

The librem looks nice but if I'm not misunderstanding, it's still pretty much vaporware at this point. I sincerely hope it reaches its goals though.

No, you can't. Not when more and more phones ship with locked bootloaders and a smaller and smaller percentage of phones actually work well with some AOSP spin and none of the apps you use work without an unrooted, closed-source-Google-API-infested phone.

Next version of AOSP will have a smaller userspace.

It means exactly what the license allows. Mostly proprietary seems a lot better than totally proprietary in the absence of open source alternatives.

It’s bizarre to me when people complain about things like “tivoization” or “open core”. These are by design or they are solved problems if the creators care for the trade offs.

That is the Mozilla community’s issue. They chose the licensing. They have revised the strategy a number of times. I remember when code was tri-licensed.

Or it’s also a consumers issue. Money talks.

But you cannot ever the source code of kaiOS. Despite several enquiries, they told me that ask the device manufacturer as we are NOT legally needed to provide you source. KaiOS is kind of open but not totally!

This actually respects the license. The person who provided you the binary (the phone vendor, not KaiOS) must provide you the source that corresponds to your program (not the git history). KaiOS must provide the source to the phone vendor on request off course.

That being said, this is the minimalist interpretation of the license, and not what is commonly understood as open source (where the repo is available somewhere, at the very least).

I wonder how difficult it is to get the source from the manufacturers. If it was trivial you'd think they'd avoid playing these games and just dump it as a tarball at the very least.

You just have to fill out the form in the disused lavatory next to the door marked "Beware of the leopard".

So the repo is available! Thanks, I took @omnifischer at face value.

Looking at the commit history, they keep on referencing bugs in a private tracker though (I know I'm moving the goal posts :-).

How macOS can be proprietary, while Darwin is open source?

By being mostly proprietary in new and important parts, built on top of an open foundation which itself is not the most valuable part for customers.

I suspect that key parts of Kai OS are proprietary, and the foundation left from Firefox OS is very basic. Important, but totally insufficient.

Actually, there's not been much change from the original fork of FirefoxOS besides the UI changes to be better for non-touch devices.

GerdaOS (LineageOS for KaiOS) allows people to import and run FirefoxOS packages without modification, though many apps will need some changes to allow it to work without a touchscreen.

The unofficial rumour mill says that with the extra investment from Google, KaiOS will probably shift to Chrome(ium) at some point in the future, but that's just a rumour and remains to be seen.

I doubt KaiOS would switch to Chromium, the focus seems to be using near zero resources while remaining somewhat fast.

Mozilla spent years with dozens to hundreds of devs working on getting it to be snappier than every other low end phone, short of Google paying for this type of dev work on KaiOS, there will likely be nothing more than security patches and cosmetic changes to KaiOS.

I only know of one flip phone sold in the U.S with KaiOS. I had one. It was a terrible flip phone. And I know flip phones. Like, the flip phone of 10 years ago did not give you a delay every time you pressed a button. The KaiOS one did. It also did not have installable 'apps' as was the original promise of KaiOS. It's UX was generally very confusing (yes, flip phones have a UX; you notice especially when it's a bad one).

I don't know if it's doing better in non-US markets. But I don't think so; someone else _did_ take the Firefox OS source code which of course had an open source license, and adopt it and rebrand it as KaiOS. I am not sure what their aspirations for it are. Currently, I do not think it is the promise of what people hoped FirefoxOS would be (and may or may not ever have been).

I dont consider KaiOS a positive development. To me the biggest thing missing in Android that Mozilla could bring to the table is user privacy and the expectation of putting the user's welfare first (above data collection and monetization). Similar to Firefox vs Chrome.

I trust KaiOS less than Android in that regard.

Source for the supposed "eating" of global marketshare? I can't find any marketshare report that even mentions such an OS.

KaiOS is relatively successful in India, with 15% market share for mobile devices in 2018 (second place).


How exactly is that "eating up global market share"?

The actual quote was "eating marketshare with $5 LTE bar and flip phones".

Aren't Nokia/hmd featurephones all running kaios?

The only Nokia phone running KaiOS so far is the Nokia 8110 4G (https://en.wikipedia.org/wiki/Nokia_8110_4G).

There seem to be Series 30 phones still: https://en.wikipedia.org/wiki/Series_30%2B#Made_by_HMD

A failed OS is being paired with a failing Mobile manufacturer. Good riddance.

Check out Mozilla Labs: https://labs.mozilla.org/. They’re working on all kinds of things.

It would be cool to see a reboot of Firefox OS with Rust and WASM some day.

This is amazing. Finally Mozilla is sticking its nose into a growing market that REALLY needs their help!

I wonder how much of this will be Rust? :)

Everytime i see a Mozilla product announcement, i feel hope.

The hope for a better Internet.

It's opposite feeling with Google.

Google has done a fairly amount of work to help the world wide web survive while more and more gated mobile platforms are created, because their revenue still depends on it.

Whoa, at the end of the article there's an announcement about "WebThings Gateway for Wireless Routers". Is this the beginning of apps for routers? I've talked about the idea before:


I'm excited to hear more.

What exactly differentiates "apps" here from regular programs you can install on routers? If your router runs a hosted system such as Linux and isn't locked down (e.g. OpenWRT), you can install/compile for any existing program that supports the architecture and system. Installing tor as you in linked post is just "opkg install tor". A lot of packages have webgui frontends, too.

Edit: I've read the article and Mozilla even mentions reskinning/basing off of OpenWRT. Which only puzzles me even more given you write "the beginning of apps for routers" as if OpenWRT/pfSense/etc doesn't exist.

Grandma can't compile and install OpenWRT packages. The idea is to let developers create apps (server apps) that anyone, especially Grandma, can install on their router. The experience should be similar to installing apps on iOS or Android phones.

NAS apps sound interesting, but not what I'm looking for. Router apps have untapped potential because routers are relatively inexpensive, always on, and have a real Internet address, unlike the rest of the home/office network.

What kind of apps would developers create? All kinds! Some would succeed and some would fail, just like phone apps. The point is to unleash developer creativity. Today, nearly all Internet traffic is routed to Netflix, Google, Amazon, and Facebook. Over the next few years, consumers will buy millions upon millions of upgraded routers. I think they would like to buy routers that do more for them than send all their traffic to a tiny number of huge companies.

Several good points. Only one aspect made me laugh. Even if I can "opkg install <pkg_name>" to run the Mozilla WebThings Gateway, I'm lazy. I'd rather buy a box that maintains my privacy and is updated periodically with security and feature enhancements. What made me laugh is that I don't fit your stereotype. I first used ddwrt around 2003 then switched to OpenWrt and convinced QCA to adopt it as the basis for QSDK when 11ac routers came out. And if all goes well with my daughter-in-law, I'll become a Grandma in 2-3 weeks. But I am looking forward to easily installing apps, especially those that respect my privacy. :)

Congratulations on becoming a grandmother! Sorry I didn't think of a better example of the kind of user I'm thinking of. "Bob the accountant", mentioned by someone else, is probably a better example.

I've also run several generations of OpenWRT and I've decided it doesn't make sense for me to spend time maintaining it. For example, I'm interested in installing something like Zulip (an open source team chat service) on my router, but I know from experience that anything special I install in OpenWRT requires custom configuration and will need regular manual maintenance and upgrades. It's a big time commitment and I have to be careful with my time.

In a better world, I would tap to install Zulip on my router, automatic upgrades would be enabled by default, and I would be prompted to also sign up for a Zulip-oriented encrypted backup subscription service. Having spent only a minute or two to install Zulip, I would gladly pay for the backup service since the developers proved that they respect my time. I would no longer feel the need to sign up for another cloud service. Privacy would win!

Your desire not to have to admininster OpenWrt yourself is legit. I don't either. The Mozilla WebThings Gateway integration work is being done by Mozilla so that they can offer the result to OEMs who would sell a product with it already installed, and the Mozilla team would maintain the sw. So consumers at any tech skill levels won't have to be sysadmins in order to achieve the privacy and security protections they deserve.

”The experience should be similar to installing apps on iOS or Android phones.


What kind of apps would developers create? All kinds!”

Give what we know of applications on smartphones, I fear “all kinds” will include many, many that claim to be anti-virus/anti-hacking/pro-security, but steal data instead, and that grandma, grandpa and zillions of others will happily install them, possibly even pay for them.

Using https prevents your router from reading most of what you send, but that also prevents software in your router from doing much, so I fear the router’s software would have to MITM your https connections to do anything useful.

> Grandma can't compile and install OpenWRT packages. The idea is to let developers create apps (server apps) that anyone, especially Grandma, can install on their router. The experience should be similar to installing apps on iOS or Android phones.

Does grandma even _want_ to install packages on their router (which is likely a modem combo provided by the cable company), let alone know what a router is? Grandma wouldn't even be able to get her shows if she messed with the MoCa for FiOS, for example.

Maybe not grandma, but Bob the accountant could install pihole or tor. If only a small fraction of non technical people start using privacy focused software, it would be a big win for the open internet.

While I agree in principle, unless people are becoming unchained from their ISP-provided router/modems, I just don't see this gaining much traction. I really hope this succeeds (or something like it), I just feel that the current ISP environment is not conducive to such disruption, especially when 98% of users are running vendor-provided modems with the default configuration.

When you do opkg install tor, opkg might very well install other services, libraries, executables, config files, caches, etc. If tor is not what you actually wanted or you want to remove it, you now have to worry about how to do that best. How often do you want to go messing with your router to try to straighten out exactly wtf the various pre and post install scripts did? The nice thing about containers is that when you want to remove one you just remove it.

Yes, by design, it's a package manager. Rather than bundle dependencies such as libraries, they're pulled in system-wide and dynamically linked. This preserves both flash and memory space on embedded systems, which with consumer routers are fairly constrained. My router has 16MiB of flash and 128MiB of RAM, and that is more or less typical for consumer non-x86 routers.

Likewise, uninstalling via a package manager handles orphaned dependencies automatically for you.

> How often do you want to go messing with your router

That's the thing when you're running what is essentially Linux (in the case of OpenWRT): it's not a router, it's an OS and you can manage just like you do any other OS. Your description of "apps" as containers seems to abstract away the OS level and leave you with just some frontend (which is probably running Linux/*BSD underneath) and no control.

> Likewise, uninstalling via a package manager handles orphaned dependencies automatically for you.

Yes, and fairies are real, and so is Santa. I wish things were this way, but the reality is that most package managers aren't 100% perfect when it comes to install/uninstall and cleaning up of stuff. opkg is especially bad at it. If you look at how it actually works, the core files of the package are handled by the package manager, which usually (though not always works). But most packages aren't just binary blobs to be moved around. Take something like mysql-server for example. Not only will it install the MySQL binaries, it will also create /var/lib/mysql for all the data, and a few cache dirs as well. It'll also add files to /etc/, /etc/defaults/ and so on. Oh, and after it is installed, it will start the mysqld process. When you try to uninstall this stuff, but default the /var/lib/mysql directory won't be removed. Who knows, you might want the data that's there. Oh and that config file? That's staying too. So if you uninstall and reinstall mysql-server because something went bad, you'll just get the same config and data. Is that what you really wanted? You can of course do something like `apt autoremove --purge mysql-server` and that'll mostly work, assuming that mysqld isn't frozen, at which point the pre-remove script fails to kill it and you suddenly are left with a system with an inconsistent state. Last I checked, opkg didn't even have a purge option. And it doesn't stop there. The pre/post install/uninstall scripts can do whatever they want, and if they error out, you again are left with a mess you will be cleaning up by hand. I have done this on many distros many times and it is always a mess. apt/dpkg are one of the better systems out there. The rest? They will make you want to nuke whatever device you are working on from orbit.

I am not on the "containers for everything" bandwagon, but the idea that opkg is somehow comparable in this case is laughable.

Docker for NAS devices is the de facto App Store. The most compelling applications are for media consumption / piracy.

I'm using Unraid for my NAS currently. It hosts pihole, a local nginx proxy, and a unifi controller in addition to other containers. I can also throw on some docker containers to build chromium and other large projects in their target environments.

Your setup looks interesting. Would be great if you could write a blog about your setup.

I’ve been looking into this lately for mine. Definitely need to invest more time. What NAS are you running?

I'm not who you asked but Synology is pretty nice. Runs Docker nicely and lots of applications available for it. Recommend an Intel CPU based vs the ARM based Synology NAS systems. I use it to run various software for my home network.

I second Synology. Runs my ArchiveTeam docker container, any docker container really without issue. Also accepts TimeMachine backups from my Macs and backs everything up to Backblaze B2.

Why do you recommend Intel over ARM?

I wouldn't say this is a universal "ARM vs Intel" claim, just a specific heuristic for this company's products.

Synology's ARM line is generally underpowered compared to their Intel offerings, in terms of clock speed, memory capacity, and core count. They also tend to gate additional features (e.g. hardware-accelerated encryption) behind their Intel offerings.

edit: We're mostly talking Atoms / Celerons here, so not exactly screaming performance either way.

Unless something has changed in the past year, Docker and Virtual Machines are only supported on their Intel devices and not the ARM ones.

There are third-party package managers for the ARM devices but there are a lot of broken packages so I wouldn't recommend using it.

That was what I found most interesting too. But then I’m a hardware geek!

This looks like a competitor to homeassistant/Hass?

Yes, it looks this way to me too. Interesting that they didn't join forces.

I'm glad they didn't. HASS isn't very user friendly to setup and very unstable in use.

I spent far too much time trying to maintain a setup of HASS. It's schizophrenic with it's MQTT support and the two paths don't play well. It "supports" SSL through Let's Encrypt but it was problematic with MQTT. It's kind of awful to configure with files being scattered all over the filesystem. It frequent updates and frequently breaks configurations. It also has weird limitations with certain Smarthome integrations (e.g. Insteon) that make it unusable.

Thanks it took me way too long to figure out “what” this thing was.

I expected to see MQTT as an integral part of the WebThings Gateway but haven't found it so far

MQTT is kind of crap so I'm not surprised.

What's the problem with MQTT? It's basically the interconnecting standard for all things IoT. I mix and match IoT devices, and everything is fed into Home Assistant through MQTT, plus logging to InfluxDB. I'm familiar with the protocol and haven't found any wart; the biggest problem is how to run it with redundancy and at a scale.

I cannot stand debugging MQTT devices. From establishing a connection to sending data, it is consistently difficult to pinpoint where the failure in a system is occuring.

Contrast this with HTTP and WebSockets that are extremely simplistic to use. Largely by virtue of bigger communities using them, but so it is.

Where's the benefit of MQTT? The code is just as large and more opaque by being an uncommon standard (compared to HTTP). Everyone says bandwidth, but that's hardly a concern often and when it is...I can never seem to find the numbers of how much data usage MQTT would save for a given application.

Some issues that come to my mind with MQTT:

1. Most implementations are quite weak. E.g. the Paho implementation for C can't send and receive at the same time, can't publish multiple messages concurrently, and will block it's only execution thread for lots of seconds until the server might response. That might be ok for very low-throughput devices, but in general it's neither performant nor resilient. Libraries like these also don't track whether subscriptions already have been performed or not, don't perform retries, etc.

2. The specification has a few warts, that imho make things like QoS1 and above impossible to implement correctly. E.g. if a message is sent with a certain messageId and the server doesn't respond within a timeframe, the client can't really time-out only this publication. If the client forgets the messageId, continues to work and later on publishes a new message with the same Id (there are only 64k of those), then any ACK for that is ambiguous and the client couldn't tell for sure which delivery was ACKd. That basically voids the at least once delivery property. I don't any implementation out there blacklists the IDs in order to avoid the ambiguity (which would also not work long term anyway, due to the low address space).

3. Most applications want some kind of transactional or request/response semantics. Of course that can be implemented on top of MQTT in the application layer, but it's more tedious and error-prone than using a protocol which already enables it.

4. Lots of applications also want to stream bigger amounts of data for some use-cases. Implementing a multi-megabyte upload or download with MQTT requires to build a custom flow-control, retransmissions, buffering for out-of-order messages, etc. Or in other words: They are required to implement the equivalent of TCP on top of UDP.

Overall my opinion is that it can be used for certain applications, but it's actually a far weaker option than assumed. Due to the issue 1) and 2) I would recommend to mainly use QoS0 if talking to a MQTT broker is a requirement - and to move all reliability concerns into the application layer instead of relying on MQTT doing it right.

AFAIK there is no IoT data exchange format standard over MQTT. Every vendors has its own data format. It is not simple to normalize the data to match other standards like Zigbee profiles. You should manually code for every MQTT devices.

> We’re also excited to share that we’ve been working on a new OpenWrt-based build of WebThings Gateway, aimed at consumer wireless routers.

I’m impressed. Almost sold, even.

All I’m left wondering about is device-support.

How does this compare to (for instance) Home Assistant?

I've been using Things gateway for probably a year or so now (I'm just using z-wave devices, but Things supports lots of other types as well). The main thing I see missing that most home automators will want is support for locks/garage door openers/etc. The interior stuff like lights/alarms/plugs/sensors/etc. is all great.

A lot of emphasis is on their Web of Things protocol that looks really cool and would be fun to play around with if you wanted to add your own home-made device (or hopefully more vendors will be adopting that protocol soon).

Took a quick breeze though the intro and maybe missed it...

Where's the love for IoT DIY/tinkerer gadgets though? i.e. Arduino, Beagle bone, ESP8266/32?

Check the "Arduino" tabs on the WebThings Framework homepage [0]. See also the Supported Hardware list [1], which includes ESP8266, ESP32, and Raspberry Pi (among many others).

[0] https://iot.mozilla.org/framework/

[1] https://github.com/mozilla-iot/wiki/wiki/Supported-Hardware

Ok, so if I would like to have a motion sensor (and maybe a camera) attached to a server on a rasperry pi which sends alerts to my smartphone ... how much work and tinkering can I expect at the current state, if I am very good in javascript, node and linux, but not at "low level" things?

Try either the e-mail sender add-on or the twilio add-on, then create rules that notify you via one of those methods. Camera integration is tricky, mostly due to the lack of standards around data streams and extra sensors/actuators, dealt with in different ways by different vendors. Other binary sensors or variable sensors can be triggered easily with rules to notify you of things you care about.

What products support WebThings right now?

Here is the maintained list of supported hardware:


A competitor, Samsung SmartThings has sandboxed-app system. It enables users to operate IoT machines with groovy based programming language.

Things Gateway also can control IoT machines, but its simple rule-based system. It is currently losing point and improvable feature.

I'm very excited with Things Gateway philosophy, so I can't wait for its next evolving.

Are there docs for setting this up on a pi without flashing it? I want to run this alongside a few other things on my pi.

Would this be compatible with Turris Omnia?

That's one of the targets for OpenWrt support, yes.

Any particularly good tutorials exploring it? How well does it integrate with existing tech, both closed and open? (E.g. in open-source Home Automation, MQTT seems to be the glue of choice)

Sorry for the aside but what CMS does Mozilla use for these publications? Just out of curiosity

Looking at the source, it looks like they're just using WordPress.

The Hacks blog is powered by WordPress.

Does it use multicast discovery?

yes mDNS

C'mon Mozilla, please. Less projects that will end up like Firefox OS, more work on _Firefox_.

Seriously? IoT is a quickly growing, potentially massive and ubiquitous field. Given the shit state of security and technical implementation of its initial era, in very glad that a well-resourced non-profit is helping to create an open standard.

And six years ago, mobile was a quick-growing massive and ubiquitous field. How did that pan out for Mozilla? A failed operating system and the beginning of a huge decline in both marketshare and performance for Firefox.

Last I checked, Mozilla was still a functioning, funded company pushing out regular updates to Firefox, among other projects. Mobile still is a massive and ubiquitous field, and Firefox Mobile is one of Mozilla's ongoing projects. You believe that a failed project means a company should stop innovating and entering emerging fields?

maybe if they'd actually ENTER it'd matter. partner up with a chinese manufacturer and make mozilla branded IoT stuff. providing a platform without associating a manufacturer is doomed to failure imo. Especially in the saturated hyper competitive markets mozilla chooses to enter.

I do expect them to be attempting to partner, so hopefully we'll see some announcements in the future.

If we stopped doing things because they might fail we'd be nowhere.

And if Mozilla keeps making the same mistakes it will go nowhere.

They develeoped and pushed WebStandards nonstop.

It did not lead to widespread Firefox mobiles, but it was not wasted work.

With Chrome of all things now, lets see how it pans out.

Honestly this looks like a reasonable platform but who is really going to set up an OpenWRT or raspberry pi gateway? Almost nobody.

The real thing that kills this is that there's no native support from Google Home or Alexa. They're easily the best way to control IoT devices.

I'd do. I appreciate having my data on my local server(s).

But since you pointed out a necessity, and for every necessity there is a customer, one can start a SaaS for (Mozilla) gateways, charging for traffic/storage.

There are others IoT providers, but I think there is none for Mozilla's (?).

The phone OS market was already pretty entrenched when they started on Firefox OS. They're focusing on IoT now exactly to prevent it from ending up like Firefox OS, and to prevent them from ending up in a Firefox Desktop-like situation, where its relevancy keeps declining both because the relevance of desktop is declining, and because people do not use Firefox on mobile and thus cannot sync.

Firefox OS has been rebranded as KaiOS since Mozilla stopped working on it, and it has been gaining significant market share since then. A $5 LTE bar or flip phone based on a Qualcomm 205 with 128MB of ram isn't able to run Android (especially not in a fast manner), but it will run KaiOS just fine.

Can you link to a $5 flip phone with Firefox OS I can buy today?

The JioPhone is effectively offered for free, with a ₹1,500 ($21.60) deposit that is refunded after 3 years. To be precise, it's a candybar phone that runs on KaiOS (forked from Firefox OS, closed source).


You cant get the source code. Reliance telco does not care - nor does KaiOS people.

I was looking for an unlocked option that would work in the US.

afaik there are no unlocked phones that exist that run KaiOS(outside of tinkerers in shenzhen)

So you're encouraging Mozilla to create more abandonware?

If it has a reasonable chance of not becoming abandonware, sure. I'm sick of people being so pessimistic. Imagine if Google stuck to search and never released new products. Maybe some people would prefer that but personally I can't live without Google Maps for instance.

And how much money do you donate to Mozilla to fund their abandonware habbit?

Why are you being so anti innovation? I could pass it off as opinion for a few comments, but this comment section is now littered with your comments that all seem to say that mozilla shouldn't bother developing anything new. Do you have skin in this game? Did you get personally burnt by mozilla somewhere along the line?

If you somehow feel that firefox is moving too slowly (check the vcs history its very active) you can always contribute yourself, it's OSS :)

No he can't always contribute himself because most people myself included can't contribute to whatever project just because it is open source. You need to have an intimate knowledge of the technology and the experience and since you suggesting that he "can always contribute" I'd ask you: can you?

An up front cost in learning doesn't mean you can't contribute.

I guess there's no sense in ever complaining about politics and laws since you can just run for office yourself. Didn't realize upfront costs don't matter :shrug:

Exactly. Theres plenty of documentation to be written and translating to be done

Because developers are interchangeable gears that can work on any kind of project without any bump, and can be stacked into any number on a shared project without any issue.

What kind of work on Firefox are you referring to?

it seems to be mostly for domotics right? what about IOT for other things like medical devices for instance that would be a good area to open source

the W3C Web of Things framework is agnostic to use cases and devices. Mozilla's WebThings framework can work in medical, industrial, etc. It's just that Mozilla's focus is to put people first. (Plus it's easiest to invite makers and community dev when contributors can use it themselves at home). All the code is open source -- I've already seen some industrial companies pick it up and customize for their needs.

this thread further illustrates the dumpster fire of self importance that is HN

Are there any Mozilla projects that have any sort of market share and make money or are they mostly just living off that sweet Google cash for their ~10% Firefox market share?

Any chance Google stops funding them soon?

(Wow, a question was asked. Better censor it Mozillans!)

This is a fair question, albeit off topic.

You can see Mozilla's latest annual report report at https://www.mozilla.org/en-US/foundation/annualreport/2017/

And the latest public financial statement at https://assets.mozilla.net/annualreport/2017/mozilla-fdn-201...

(Disclosure: I work for Mozilla, but not on WebThings or producing those reports)

You also asked a question with a lot of editorializing in it. I wouldn't call downvotes censorship.

Exactly what part of it was editorialized?

Is getting $500 million dollars a year from Google not a sweet deal?

> Are there any Mozilla projects that have any sort of market share and make money or are they mostly just living off that sweet Google cash for their ~10% Firefox market share?

Is that a relevant question considering that Mozilla Foundation is a non-profit organization?

> Any chance Google stops funding them soon?

Probably, but that won't stop them from doing what they're currently doing. Also, Google doesn't "fund" them so much as pay them for search integration.

> (Wow, a question was asked. Better censor it Mozillans!)

The question was not presented in good faith. In fact, it's clear that you weren't actually asking a question at all. You were stating your opinions sarcastically in the form of a question.

> Is that a relevant question considering that Mozilla Foundation is a non-profit organization?

Yes. Absolutely.

> Probably, but that won't stop them from doing what they're currently doing. Also, Google doesn't "fund" them so much as pay them for search integration.

It's 97% of their income. I think things would change a lot.

> The question was not presented in good faith.

Yes it was.

> In fact, it's clear that you weren't actually asking a question at all. You were stating your opinions sarcastically in the form of a question

Nope. I'm actually wondering if anyone has some insight as to whether Google intends to stop funding them.

> Yes. Absolutely.

You claim it's a relevant yet provide no reasoning as to why.

> It's 97% of their income. I think things would change a lot.

Sure, one major thing would change: the default search provider. People are quick to forget that Mozilla received no funding from google between 2014 and 2017. The only reason they signed a new contract with google in 2017/18 was because Yahoo went under. Without Google they would need to find a new search partner, and there are definitely other companies chomping at the bit.

> Nope. I'm actually wondering if anyone has some insight as to whether Google intends to stop funding them.

As far as I am aware, no, Google has no intention to end their contract with Mozilla. Also, you keep using the word "fund". That's not really what's happening here. The default search agreement is a business contract. It's in Google's business interests to be the default search provider on every possible platform; that includes Firefox. In fact, Mozilla actually holds most of the cards in this agreement. That's why google had to offer such a lucrative deal.

That said, I have no doubt in my mind that google would kill Mozilla without hesitation if they had the option. Luckily, they do not have that option.

My first reaction is "wtf? What about WebBluetooth?" That is an open standard that supports tinkering, integrates with Permissions api, etc. And it's been withering on the vine with no help from Moz... this looks like a poor alternative, tbh, unless I'm missing something.

What does Web Bluetooth have to do with IoT? Bluetooth is a short range, low-bandwidth protocol for 1:1 pairing of devices, isn't it?

That aside, Google's approach to introducing experimental APIs like Web Audio, Web USB, Web Bluetooth etc has been... less than ideal. Having been involved in it, I don't think it's surprising that other vendors are not interested in helping.

I'm making an IoT device that connects through web bt. Web bt allows us to circumvent having to publish mobile apps, at least for Android and desktop OSes.

Sounds like a cool use case, it just sounds nothing like what WebThings does.

It pretty much covers the same use case, except my device doesn't use wifi directly to access the interwebs.

Bluetooth can be used to connect to wireless speakers etc. There exist many cheap Bluetooth speakers which are perfect for iot.

My first thought seeing this headline: Let me guess, another move from Mozilla to start gathering more personal data. I wish they’d proven me wrong.

Have you played with it at all? Mozilla isn't acting as a data broker, they're providing software and a framework. The world of iot doesn't have that many great offerings for private systems. Mozilla is taking their years of software experience and building something decent. I'm glad to see this hasn't been shuttered yet. I've been wanting to move more of my home automation away from cloud based services and this has a lot of potential. (The current best offering I know of is hass)

Even things Mozilla did pull support from and attempt to shutter, like Thunderbird and Firefox OS (now KaiOS) had vibrant communities that stepped up and kept these projects alive.

Mozilla does know how to build a community around the projects they work on.

Right, IIUC, the stated goal is to reach some standardization (https://www.w3.org/WoT/) for IoT communication. Which, in my opinion would be great for users if it panned out. It is not an ideal situation that people that prefer to control their IoT devices themselves need to rely on a myriad of integration plugins for hass. But I'm not hopeful that this will gain the required industry traction

How is Mozilla gathering personal data from people using WebThings? When I tried WebThings Gateway a few months back, it did not seem to collect/send personal data off site. It allows you to create a public endpoint as a subdomain of mozilla-iot.org for easy off site access (https://github.com/mozilla-iot/wiki/wiki/Gateway-Remote-Acce...) which would allow some tracking I assume, but in general I have noticed no hidden data collection as your comment implies.

>It allows you to create a public endpoint as a subdomain of mozilla-iot.org for easy off site access (https://github.com/mozilla-iot/wiki/wiki/Gateway-Remote-Acce...) which would allow some tracking I assume, but in general I have noticed no hidden data collection as your comment implies.

This is exactly what I'm talking about. It's not about keylogging your passwords or getting into your bank accounts. It's about the subtle metadata they'll be able to skim to start fingerprinting you for advertising profiles, and integrating into learning models. It just disgusts me that this has become the defacto behavior for every tech company now rather than "we want nothing to do with any of your analytics". Data is the new oil times 10, and this is Mozilla doing some exploration.

> for easy off site access Exactly. The WebThings Gateway on an RPi is behind a firewall. How to access it? Mozilla makes it easy for users to securely access their gateway when remote, by setting up a tunneling service for the .mozilla-iot.org subdomains that users configure during the setup process. Mozilla has to pay* for running the https tunneling services that allow this security. Mozilla wants to protect your security; they do not want your data. The subdomain enables Mozilla's setup process to download and install the cert for the subdomain you create (from LetsEncrypt) onto the gateway, so you don't have to figure it out on your own. If you have your own registered domain name and know how to install its cert and then expose and port forward 443 from your router to the WebThings gateway, Mozilla would be happy because that reduces their tunneling expense. The goal was to make it easy for users to run a secure gateway by default. But with an OpenWrt router approach, appropriate firewall rules and dynamic dns can help reduce the need for the tunneling service, yet keep things secure. Maybe eventually ordering your own complete domain could be part of the setup process, but you'd be paying some 3rd party to make that happen, whereas the subdomain approach keeps it free.

> Have you ever wanted to know how many times the door was opened and closed while you were out? Are you curious about energy consumption of appliances plugged into your smart plugs? With the new logs features you can _privately_ log data from all your smart home devices and visualise that data using interactive graphs.

> Note: If booting WebThings Gateway from an SD card on a Raspberry Pi, please be aware that logging large amounts of data to the SD card may make the card wear out more quickly!

I thought Mozilla was pro-privacy with all the features they have added to the browser. Have I been missing something? I recently came back to Firefox for their stance on privacy.

No, you're right on Mozilla's stance on privacy. I think Mozilla keeps making things that are good for collecting customer data because those are the things that most need an open alternative.

the WebThings gateway is an opportunity for Mozilla to help protect privacy and security, not copy the approach of industry silo's where devices connect to the cloud. your gateway data stays local.

yes, This is what I call privacy by design:


ps: I am a contributor of it ;)

"another move from Mozilla to start gathering"

What do you mean by "another move" here? Mozilla isn't gathering anything!

Not exactly correct. There was a lot of movement in Mozilla to become a services provider rather than just a software vendor. Firefox Account is the manifestation of that.

I can't tell what exactly their management is thinking, but from my sofa it looks like that just as everyone else, Mozilla wants you to be a part of their proprietary[1] ecosystem.


[1] Proprietary as in "unique to the company, not compatible with anything else and in full control of that company", not as in "closed source" or "non-free/non-libre software".

I work for Mozilla. But I have absolutely no clue what you're going on about here. Our whole reason for existence is to support a standards-based web and avoid proprietary lock-in. Yes, you can use Mozilla services. But you don't have to. I imagine that if there were a privacy-preserving service that got popular, and allowed storing and syncing the sorts of profile data that FxAccounts is used for, then Mozilla might be interested in making an adapter (or defining an API layer.) But these things tend to be tightly integrated, so I'm not sure if it would be worth the trouble. (I'm not saying it wouldn't be cool to share open tabs across different browsers...)

What about keybase?

First of all, that's not what proprietary means. Second of all, you have no idea what you're talking about.

Mozilla is a registered non-profit. This means they are legally required to uphold their mission statement: https://www.mozilla.org/en-US/about/manifesto/ . Mozilla Corp. (the for profit arm of Mozilla) simply exists as a funnel for money into The non-profit.

It is not in Mozilla's best interest to create any sort of walled garden. In fact, Mozilla has a long history of fighting against the concept of walled gardens on every front.

It's reasonable to be worried about Mozilla turning to the dark side, but claiming that they already have is simply false. What we need to do as people concerned with the well being of the internet and the people that use it is support Mozilla financially and politically to keep them on the right path.

Just as an example, if people were more willing to donate to Mozilla, do you think it would be necessary for them to take on search partnerships?

Mozilla put in a lot of effort to let you run your own Firefox Accounts server if you really want to. https://mozilla-services.readthedocs.io/en/latest/howtos/run...

So pretty much the opposite of what you're afraid of.

Looks like this has improved a lot since I used it a few years ago. That documentation even seems a bit outdated -- the new monorepo is here: https://github.com/mozilla/fxa.

I eventually abandoned it when I was cutting back on things I had to manage, but maybe I'll take another look soon...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact