Hacker News new | past | comments | ask | show | jobs | submit login
Porting Firefox to Apple Silicon (hacks.mozilla.org)
644 points by sylvestre on Jan 20, 2021 | hide | past | favorite | 236 comments



We talk often on this forum of how innaccessible giants like Google and Amazon are for the little guy. I thus found this point particularly interesting:

>"Attempts to contact the vendor through regular support channels were unsuccessful so we ended up searching LinkedIn and managed to find an engineer working on the core antivirus detection. They immediately understood the seriousness of the problem and took prompt action to get a fix shipped, thus preventing quite the disaster for the users of this product. It’s notable that without this last-ditch effort we would have been effectively blocked from releasing a native Apple Silicon version for an indefinite period."


I was a back channel route to engineering at a company I worked for a while. A few of the engineers trusted me and a couple select customers / sales guys knew they could come to me to run a bug by me 'in theory' and if we had enough information I could unofficially run it by engineering without going through the song and dance of the typical support channels.

I could get a quick ya or nay form them on some things and it was so much faster for everyone involved.

If it was a ya, I knew we had something, still more work to do but the case would skyrocket through the usual channels and engineering was engaged and ready.

If it was a nay, the usual channels it went and everyone was ok with that.

The engineers would give me a few minutes knowing I wasn't going to bring them poorly thought out garbage, I would limit the rate of these special situations, and special customers / sales guys could get the job done way faster.

It was a well known process by those who knew about it... but not everyone knew.


This exists in almost every company by design. Engineering teams wouldn't make any progress towards their mission if they are constantly dealing with outside interruptions, but at the same time there are things which should be qualified.

Customer support is a cost center and the focus is on mitigating the cost of providing that support. If you fail to do this you can burn through a lot of cash quickly. What management needs to realize is that this is also an important interface point which requires attention. This doesn't happen at all, or is inconsistent.

It's important for at least the following to happen:

1. Bad issues that engineering will fix don't get stuck in support.

2. Product management review and respond to feature requests, or enable support to respond to customers.

3. Support have a reasonable level of technical and communication skill, and are empowered to answer for the company.

4. The organization works through rather than around support.

What I've always found interesting, is that all of these are often failing in some way at the same time in an organization of any size.

Your role as the back channel is helping to provide some coherence here. However, things can go bad if you left. Inevitably, this is the fault of the company, but when I've found myself in this position I've tried to "promote" people in support to take the lead on this role. Further, formalizing the special request process to be minimally tracked helps visibility with my manager and others. Eventually managers ask why you have become a gopher.

Improving the workflow often involves helping support build relationships with engineering. Management can buy in if support attrition is high (it often is if there is a limited career ladder for support) and it can also improve their perception when people are focused on trimming support cost.


The binary distinction between "cost centers" and "profit centers" has always seemed arbitrary to me (especially since, as an engineer, I've been in both without my work being substantially different).

To be frank, it seems like an organizational way to say "we don't find this work to be valuable or interesting, and we'd like to do the bare minimum of it - in fact, we'd like to unleash smart people to explore new frontiers of just how minimal the bare minimum could possibly be."

It seems like this leads to incredibly predictable problems: brain drain, demoralized workers, the bare minimum being aimed for and not actually being achieved, etc.

I feel like a better organization has no "cost centers" - every single role at the company contributes to the mission and to the bottom line. If they didn't, that position wouldn't exist.

What am I missing?


There are parts of the business that cannot boost revenue. “Investing” in them doesn’t really make sense beyond nominal amounts because the max return they can provide is eliminating themselves.

Unless you’re into fraud, “accounting” and “accounts payable” are examples of cost centers. You don’t hire a bunch of innovative people to boost it because it’s not going to ever increase your revenue.

The distinction is made from a strategic perspective because scaling up “cost centers” should be avoided at all costs and scaling up “profit centers” is something you want to do as much as you can.

It has no overlap with “interesting work”. Very often the boring parts of an industry are the profit centers (e.g. in academia the profit comes from packing students into classrooms, not research).


I also disagree with the “cost centre” view, I think it’s often used too simplistically and doesn’t account for the fact that all areas should add value (otherwise you wouldn’t have them by design).

Some examples (that I have seen in reality):

Finance departments are cost centres, until you give them enough resource and they find you a more efficient tax structure. Cut finance departments start to struggle with things like credit control which affects your revenue.

Distribution Centres are usually seen as a cost centre, until you drop spend and it impacts COGS or customer lead times, or inventory in shops raises because of less frequent deliveries and you get out of stocks.

IT is a cost centre, but when funding is reduced change across the whole business slows and other areas are impacted (eg the customer web experience).

In reality the distinction of “some areas generate profit” and “some areas just cost” isn’t true in the end. All areas contribute to profit - some just do so indirectly.

I think the idea of Michael Porters “value chain” is better, where everything contributes to customer value (including indirect functions). The argument this makes is if you see some areas as just cost centres (e.g. fulfilment centres) then you can miss your ability to maximise customer value (e.g. offering faster delivery options).

Even sales people don’t usually generate profit on their own because without the other business areas they would be selling hot air.


I think this is exactly right. However, the question still stands: how does a large tech-focused corporation encourage engineers to pay attention to such requests?

Expecting enough of them to just volunteer their time doesn't appear to be a sustainable answer.


Oh, I agree with that - I just disagree with the cost centre view (most of my career has been in logistics which is traditionally a 'cost centre' while at the same time people complain about the service they get! In logistics there is a relationship between service and cost).

I spent a few years in IT as a Product Manager (or a similar role), and I viewed my primary role as protecting my team from the barrage of shit that I got, so that they could focus. This involved making sure I was politically the first point of contact and reducing back-channels (some are fine, but not ones that change functionality, involve significant work or are too distracting), placating the people requesting functionality or fixes by understanding how serious the dependency/issue was, triaging it and either placing it on the roadmap or saying no. We also had an engineering manager that could be the contact for specific bugs who could then triage and pass it on.


They are still cost centers. Being a “cost center” does not mean money can be cut from the department and the business won’t suffer. It means that pouring extra money and scaling up the department does not generate more revenue.


> Unless you’re into fraud, “accounting” and “accounts payable” are examples of cost centers. You don’t hire a bunch of innovative people to boost it because it’s not going to ever increase your revenue.

You're so, so spectacularly wrong on this, I am honestly gasping for air.

Accountants are the only people who know if your company is alive or a walking dead. How do you expect to run a company if you don't know reliably and with precision how much money it actually has/makes/spends? Money is the lifeblood of a company! Don't you want to be constantly improving the way you make, spend, and report it to investors and the public?

The biggest companies in the world typically end up with CEOs that come either from sales or from accounting. That is not an accident. Business is about money, and you want smart and innovative people to look after it. Conservative CFOs can be the death knell of a company, among other things.


> You're so, so spectacularly wrong on this, I am honestly gasping for air.

Calm the fuck down. It’s a conversation.

> Accountants are the only people who know if your company is alive or a walking dead. How do you expect to run a company if you don't know reliably and with precision how much money it actually has/makes/spends? Money is the lifeblood of a company! Don't you want to be constantly improving the way you make, spend, and report it to investors and the public?

You entirely missed the point. At no point did I say accounting was not important. I pointed out though that investing more and more into accounting does not boost returns. If that were true, every company could just hire thousands of accountants to boost their profits. This is what separates a cost center from a profit center. Your department provides value in the same way that running water does. It’s critical and you don’t want to skimp on it, but it’s just a part of the business that isn’t helping grow the total market capture.

> The biggest companies in the world typically end up with CEOs that come either from sales or from accounting.

Why would you include sales together with accounting? Sales is precisely the opposite of accounting in this regard because it’s very easy to tie sales directly to revenue. So easy their compensation is literally based on it.

Not so hot take: CEOs that come from accounting and not a customer-oriented profit center are the worst. They know what the numbers look like but are fundamentally disconnected from why customers give money to the business. Seeing the minutiae of the ins and outs of money gives a super false sense of understanding the business. Accounting CEOs are terrible in any industry that requires innovation or getting ahead of trends.


I generally agree with you about not dismissing the value of accounting.

However this:

“Accountants are the only people who know if your company is alive or a walking dead.“

I disagree with.

A walking dead company is only walking dead until one of its initiatives pays off.

The accountants will only know this after the fact, whereas numerous other functions may know it to varying degrees of confidence before the fact.


> The accountants will only know this after the fact

The accountants know when your debits have to be repaid, how likely they are to be repaid or refinanced by then, and what the penalty for not doing so will be. I'd argue that, in most cases, nobody employed in the development/production chain will have that information, possibly not even the CEO.


Sure, but accountants will not know the likelyhood of success of a new product or service, how the features will affect sales, the likelyhood of making large sales, the state of strategic relationships, etc. etc.

Yes, they may have models and estimates, but the real information will be in the hands of those involved directly.

Even things like refinancing and the options for doing so can be affected by things like letters of intent from potential large clients, industry validation, etc.

Just knowing numbers and dates isn’t enough.

I’m not saying accounting isn’t important, but it just isn’t the only source of truth.


You're missing the lack of creativity and courage in the managerial class.

Support can very much be a profit center. Support personnel is relatively cheap; if their services are priced correctly, they can easily become a stream of recurring income - and everybody knows that "recurring income is best income".

However, this requires efficiency and creativity at the managerial level. It's easier to see support as a burden and just work on shrinking its costs, instead of maximizing its revenues by formulating good price plans. The former is an internal effort that is fairly easy to implement in short timeframes and will easily win brownie points with direct superiors (who doesn't like to cut costs?); the latter requires actual pricing skills and market knowledge, and might take a while to get results. The mediocre manager will always prefer the former.


I feel like this is a double edged sword. Corporations have already embraced this idea of converting cost centers into profit centers and it makes life more difficult for consumers. Every time I call support at my ISP, because my internet is down, they work on my problem and tell me that my plan is slow and that I can upgrade my package for an increase in my bill.

This sets up perverse incentives, that as far as I can tell, are theoretical, but have potential to become more prevalent. Because of the cost center as a profit center idea, my ISP can generate more revenue by providing less value to me. If failing infrastructure causes me to call support more often, and more support calls increase the likelihood of more revenue, why should the ISP invest in better infrastructure?

The key to having a successful business is to carefully align the incentives of specialities in an organization to make the most competitive offerings to the market. If there are competitors, and customers can switch to them, and the competition is more compelling, then I would go to other ISPs.


I agree that what is good for an individual company is not necessarily good for consumers or the market as a whole, and that there is always a balance to find, but that's another issue. After all, the ideal scenario for a company is to have customers pay for support without actually using it most of the time.


Not much.

"Cost center" can be transformed into something else given both an understanding that support can and should contribute to future sales, and an organization capable of putting that understanding to work.

I have seen a similar scenario in manufacturing where various setup, prep, quality tasks are seen as cost centers and minimized.

Doing this kind of thing has ripple costs. Always.

In a perfect world, we make software, or hardware, and it just works and people grok it.

In the one we live in, these are fantasies and we can choose to understand, recognize the value, or not and get the benefits or not.

The users, customers, move from role to role, and support often determines their willingness to use the product again. That is straight up powerful marketing by referral.

Support often is the first to understand a user, customer needs an option too, or add on, replacement, preventative maintenance. Done right, these leads into lean, consistent sales.

"Cost center" to me has always been a bit silly in this way. There is opportunity to add value throughout the chain of people, process, machines, systems that are all necessary to properly conceive, realize and deliver something to others.

One thing often missed along with failing to understand value is failing to ask to be compensated for it.

Doing things in a robust, high value for the dollar way is not the cheapest way, in terms of raw product price, and depending, size of margin.

But, we do get what we pay for too, and the lowest price often comes with externalities paid by both the enterprise and its customers too.

Sometimes I see this all framed as a luxury. That is just as much of an error, and does come with unnecessary costs and or poor alignment with actual value.


Our support team is not technical in any way (they are support for our entire moderately sized membership-based nonprofit), but they are consistently a source of extremely high quality feedback, for the reasons you mentioned.

If there are serious UX issues, your designer might not uncover them, but support will hear about it. If there are edge case performance issues, your dev team might not uncover them but support will hear about it. Very few people know more about how real users interact with your products than support.


Word

I should have included that. Glad you did.


> What am I missing?

not much, or everything -

it's basically an accounting term on how you are tracking an expense and so it is very insightful as to how the effort of your project,group,department etc. is perceived by upper mgmt

so "we don't find this work to be valuable or interesting, and we'd like to do the bare minimum of it - in fact, we'd like to unleash smart people to explore new frontiers of just how minimal the bare minimum could possibly be."

is pretty spot on, if the effort has been (mostly arbitrarily) categorized as such..

when i learned the accounting theory behind it, it suddenly illuminated managment attitudes in current/previous jobs - literally in some orgs overly reliant on this perspective there is literally nothing certain efforts can do through official channels to be viewed as 'valuable' ..


Originally everything was a cost centre, but some rebranded as profit centres, and the PHBs swallowed it.


You should have shared you wisdom with Boeing in 2010 ...


x% of support requests are of questionable nature - to mention just a few categories:

* people expecting to use a sophisticated tool (for doing complex business processes requiring special know-how) without paying for and spending time on adequate training)

* people unwilling to RTFM, google, youtube, etc.

* people whining when a general purpose tool doesn’t fit their exact workflow to a tee


Those are all sales and service opportunities, BTW.

Back in my support role for higher end software, I flat out hit numbers comparable to sales and generated a ton of great leads.

Fact is, people do what they do and they have their reasons.

Judging them and acting on that judgement by marginalizing an important and necessary part of the process has a higher net cost to the world, and often the enterprise, than just doing those things reasonably does.

Net happiness goes up too. True for the enterprise and users, people at large.


Not all sales and service opportunities have positive ROI


There are no free lunches. Expecting otherwise is a very good sign the enterprise is penny wise, pound foolish.


Not every business environment is captured by grand sweeping general statements. Reality is a lot more nuanced than that.


Precisely.

And the fact is, enterprises seeing to make every support transaction a positive ROI are, in fact and in deed, penny wise and pound foolish.

They will see an opportunity cost due to missed sales opportunity.

They will see greater load due to people using an inferior process and poorly empowered people, repeatedly.

They will see a diminished overall market perception.

Their products will provide less value due to a greater misalignment with both exiating and potential users needs, which drive perception of value, which drives more dollars.

Personally, having been on all sides of this matter, I rank what we are discussing at the very top when considering who I will buy from and or work with.

Flat out, when I see enterprises putting seriously crazy amounts of money in the bank, I accept zero excuses in this regard.

It is not necessary. Lives are short, money hard to come by. Best get solid value for the dollar.


I generally agree with your arguments when the customers are medium to large businesses - and I assume that’s where your experience is. In the consumer and small business space the dynamics are very different.


Been there. They aren't. Some of the mechanics vary, but good service does not.

Right now, I am in the small business space and rock solid support is how we are killing it.

Been there, very large, small, medium, consumer, b2b...

Don't tell me it can't or should not be done when billions land in accounts free and clear.

It can. Should.

I spend with those who get that first and foremost.


Maybe you should quit your current career arc and help companies change their attitude and thus unearth extra billions in profits?

And I don’t mean that cynically - since if it’s as easy and guaranteed profitable as you say, why wouldn’t you be able to convince numerous CEOs to unearth all of those extra billions?


It is all value judgements.

Again, if the priority is to always have a positive ROI, and that metric is computed every quarter, without due and inclusive consideration for externalities?

All the things I discussed here are going to get watered down. And it is always the same priority on max dollars now, max recurring dollars now, and WGIF about the future, others.

Where that happens, so do the things I just said. Not my mess to clean up.

Some enterprises get it. They get my time, attention, dollars and referrals first.

Beyond that? Got better things to do.

Clearly you value things differently. That does not make anything I said wrong.

Take care. You get last word on this.


> Customer support is a cost center

For us, great customer support is one of our stronger sales arguments. In fact we've not had to push hard on sales due to our customers calling former colleagues who moved to a competitor to tell them "you have got to get this software". Having great support has been key to this experience.

Most of our support people have been recruited from our customers, so they know not just our software well but the processes and regulations around it, allowing them to quickly understand the issue at hand and offer relevant help.

So while it might look like a cost center on paper, I'm quite certain it's a massive net gain overall.

Of course as you say, we work hard to mitigate the cost of providing that support, like routinely looking at implementing changes that'll reduce repeat support issues. Maybe as simple as reworking a dialog text, to adding more automation.


Yup that's accurate. I was a regular old support drone who had some connections that allowed for some special paths to engineering.

We had 'official' faster escalation paths but those inevitably are determined by $$$ and there's always more ways to measure 'important customer' than can be defined / shown in $$$.

Management was totally aware of it all and supportive.

But eventually I got tired of the land of 'support' and moved on for a variety of reasons, mostly because time and again I saw support treated like the usual 'cost center' and I didn't want to be a part of that.


> What management needs to realize is that this is also an important interface point which requires attention. This doesn't happen at all, or is inconsistent.

> What I've always found interesting, is that all of these are often failing in some way at the same time in an organization of any size.

The formalization of it is frequently the cause of it failing or being inconsistent. Once it's a workflow that's explicitly acknowledged and condoned by management, it will start to lose its effectiveness. As an official express lane between customers and engineering, every account/sales person will become aware of it and overload it, either in the general course of supporting their client portfolio as much as possible, or even worse, by making this internal express route known to clients, as they can get incremental revenue by branding it as a "VIP Support" service or to make at-risk clients feel special. Which will eventually end up in actual client contracts in some form or another, opening the door to client abuse (or misuse) as well as causing legit cases that would have gone through this implicit channel to get routed to and trapped in normal support because the client at hand didn't pay up for the express lane.

You've also replaced a channel built off of relationships and mutual trust/respect into one based on official responsibilities and inertia, and all the hazards that entails. Such as political/managerial turf wars that add friction to the process, as well as cost minimization efforts that deskill the role over time and profit maximization efforts that overwhelm the capacity of the role, alienating the engineering team and undermining the entire intent.

... not to say it's impossible. But that's generally why you'll see it failing in some capacity any time you witness it, because it's almost impossible to maintain equilibrium the moment you officiate it.

An alternative that tends to be more lasting is for management to _actively facilitate organic growth_ of these sorts of things. Enable and encourage and provide opportunities for inter-departmental relationships and lines of communications to form. That way there is no single "back channel", and organic lines of communication between different parts of the org are robust against the loss of a single node.


The biggest problem we have in software engineering is the lack of support staff. You don't think a civil engineer has to deal with minutiae of paperwork, but software engineers for some strange reason think it is ok to be inundated by clerical work all the time. The industry eventually must evolve to create software assistants capable of running code, triaging bugs, etc.


> The industry eventually must evolve to create software assistants capable of running code, triaging bugs, etc.

In my opinion, we had this. They were your senior support staff or were operations; some companies combined this into a formal role called "Support" or "Service" "Operations."

But then we as an industry decided that operations is bad[0] and if you write the code then you can obviously test the code, deploy the code, maintain the code, and support the code. Then every Hip And Cool Start-Up adopted the model of "sysadmins and support staff are bad because we've had bad experiences in the past so we will also have our devs talk directly to customers until they get tired of doing that and we just replace it with a contact form encumbered by CAPTCHA and a no-reply e-mail address."

As someone who has greatly enjoyed, been very good, and very well paid (so my employers agreed that I was good at it), at support and operations roles only to see them disappear into the inky void of Everyone Codes All Of The Time, I am both biased and frustrated.

0 - Because money, I suspect.


There are still lots of good support organizations out there, and not every place looks at support as a burden. It's a pretty critical piece in the "new" 'as a service' world, helping folks use complex systems that they don't control, etc.

I've been heavy in the data space, and get to do some fascinating work with folks, helping design data models, implement analysis, and other things in a wide variety of verticals. It's support, so sometimes there's some more tedious things too - there's no avoiding that. :)

But, and perhaps I'm biased, it's still a great career path, even if it's not as flash as "code all the time" work.


I think this is an indictment of the lack of organizational skills in the area of software engineering. It is still an industry run by the sit of their pants. There is no clear separation of responsibilities and everyone wants to do everything (and usually badly).


It's funny you mention that. I was a support drone when I was in the situation I described above.

But support being support ... it is eventually devalued and I chose to learn to code to move out of those types of roles.

When I moved on (through a somewhat handy acquisition and layoff and etc) some engineers reached out to me to join the support team there.... but I was done with support (and other factors).


In my company, there is a blurriness between support and technical sales, and while that can be a little chaotic, one benefit of that approach is support is looked at as a profit center to a degree. This is because the support people keep an eye out on upselling, maintaining subscriptions, and promoting consulting work. We're not obnoxious about it, but there's some awareness that part of the role of support is to promote the long-term growth of the customer relationship and sales.

I think if there was a stricter division between support and technical sales, there would be more of a temptation to focus on burning through support requests as quickly as possible. The flip side of this is that it is easy for us to get bogged down in a complex half-support half-sales opportunity situation and that can sometimes cause other support requests to fall through the cracks.


There is a fine line between running interference and sales prevention.


Just for reference, the pair is spelled "yea or nay" rather than "ya or nay".


That sounds like a dream career -- any advice getting there when you've hacked on graveyard startups most your life?


Stuff like what the parent described tend to be "on top" of your day job, rather than your actual day job.

Parent likely established a working relationship with individual(s) in engineering organically over time, and at some point leveraged that relationship to ping them about a customer issue that crossed their path and seemed to be an engineering concern vs user-error. That didn't cause waves and went well, and got repeated enough to become an established but unofficial "thing" parent was capable of, and they became known by a few sales/account folks as the go-to person when they felt a situation may warrant that unofficial route.

You can make a career off of doing this sort of thing, but I'd caution against it. If a company is hiring for specific scenario of "fast lane between client and engineering", the actual job is "support with special escalation privileges, servicing clients splurged for the premium package". You get all the soul-crushing hell of working a normal support role, but with the added benefit of solely servicing clients that expect you to hand them the world because they paid extra for it. Which is far closer to a nightmare than a dream; particularly considering someone working one of these official roles likely has the skills to pivot out of the support org and into the engineering org in some capacity, and drastically increase their salary potential while simultaneously improving their quality of (work) life.

In a more general sense though, pretty much any career benefits from doing what the parent described. It's effectively just flexing your soft skills and establishing relationships with people outside of your immediate sphere/department. Which has a tendency to make it easier for you to get things done, and garnering a reputation to that effect.


It wasn't an official job.

I was a regular support drone as far as anyone knew.

I just had some connections that came about because I could be discrete and the engineers understood that I didn't bring them garbage too early (without enough information) or without good reason.


And this is why it's important to recognize and retain people who get the right things done. One does not simply backfill a support position and replace someone who has built up the internal AND external reputation and relationships required for issues like this to get fast-tracked and fixed in a way that makes everyone happy.


Soft skills are key; getting to know key people, and their responsibilities and capabilities and personalities.

But above all: be a good listener. Listen to what they say, think about it and build it on next time you talk with them. If they see you showing interest and learning about their domain, you'll get a direct line to them. And don't always bring them problems, be sure to stroke their ego too by asking what they're working on.

It doesn't happen overnight, it requires perserverence and a dollop of luck. You won't walk into a job like that, it takes years of building a reputation for yourself.


The antivirus industry is the biggest player of the modern adware/malware crisis.

The dark patterns used in software like AVG and avast, both making every system I see them on so slow that they might as well be unusable, are all focused on getting more installs, be it to force people into getting whatever "premium" subscription or harvesting data(e.g. attaching themselves to every sent email like a virus).

There are very few that I could actually recommend, like Malwarebytes - for most users, Windows Defender will be more than enough nowadays. I haven't used a mac in a while, do you actually need AV on them today?


I mean there is mac malware and some of it is quite sophisticated. The compiled apple script bitcoin miner being one of the more ingenious ones. But those were distributed through pirated applications. There are probably a few zero days as well that maybe an AVE package could help stop if a signature is rapidly distributed. Ignoring the fact that the AV engine itself is a target too.

Most people using only the app store helps cut that down.


The one in recent memory for me is the KeRanger ransomware that was distributed in the official Transmission installer.

https://unit42.paloaltonetworks.com/new-os-x-ransomware-kera...

>Transmission representative John Clay told Reuters via email that the ransomware was added to disk-image of its software after the project's server was compromised in a cyber attack.

>"We're not commenting on the avenue of attack, other than to say that it was our main server that was compromised," he said. "The normal disk image (was) replaced by the compromised one."


Just to answer the original question: that's an example of something Apple handled -- no external AV required.


Yes, although it snuck by Gatekeeper to begin with by being signed by another developer account.

Would make it past Apple's new notarization scheme these days?


My work laptop runs Windows. It runs Outlook, Chrome, Slack, and Exceed to connect to a remote Linux server where I do all of my work. At random times throughout the day the fan will get really loud. When I run the process viewer tool during this time I see things using 100% CPU. It's a Core i5-8350U with 8GB RAM and during these times it gets almost unusable. I've googled a few of them and they always seem to be antivirus things.

At home I have over 8 Linux machines and the only times their fans get louder are when I am actually running a video encoding program or something CPU intensive like that. Some of them are slower with only 4GB RAM and they are always responsive.


The built-in Windows Defender is absolutely painful on low end machines. Yours should be absolutely fine, but on a 2010 macbook with an ancient core2duo and 2gb ram, it's very noticeable.


Out of interest why is the performance of a basic a/v be affected by “older” cpu.

Isn’t it basically finger printing files and intercepting IO and so the resources it uses just depends on the activity of the device not the age of the CPU


I have an i7 with 16GB of RAM and when Defender and update both decide to run at the same time it cripples the machine for half an hour.


"i7 CPU" is totally zero informative for now. It's vary from 2core 1GHz (ancient i7 620UM) to 18 core.


That is strange. Until fairly recently my daily driver was a low end ex-lease HP machine from 2013 or so with an i3 with 4gigs of RAM. Never saw much issue with Defender or the updates. Not unusual for updates of any kind to be all over and done with in <5mins from clicking update to a fully usable desktop. Win10 has improved a heck of a lot over previous versions even on old hardware. My work-supplied Mac on the other hand, even with much better specs than my lowly home machine, usually takes at least 30mins to do updates (with most of the time spent during the reboot which means I can't use it at all). One of many reasons why I moved away from Apple for my own hardware.


> There are very few that I could actually recommend, like Malwarebytes

Malwarebytes installs a program with elevated privileges that starts on boot and always runs in the background, and regularly sends data home - despite that it is an ON DEMAND scanner.

I have written to the company to understand this virus-like behavior, and have gotten no response.

Do you have a reason to trust them?


Commercial Malwarebytes isn't on-demand, it's an actual anti-exploit/rootkit solution. I assume the free version, which only has the on-demand features, comes with these components anyways? Might explain that behavior.

My reason to trust them is that they seem to be generally respected still, I've been using them for a long time and they've yet to start annoying me with dark patterns and upsells - of course that's not a super great indicator.


The free version of MBAM is an old-demand scanner but the paid version has "active" protections.


> * The antivirus industry is the biggest player of the modern adware/malware crisis.*

This is so true it hurts. Veracode releases an annual report ("State of Software Security"), part as marketing material, part as an industry insight leaflet. The worst offenders for software security and defect rate are, year after year, security products.

As an infosec veteran, it's obvious to me that the "industry" at large is not obeying the rules they set for others. The shoemaker's children have no feet.


> There are very few that I could actually recommend, like Malwarebytes

This used to be the case, but the commercial/enterprise cloud version of MBAM (required by my company) is godawful. It seems to call out to its cloud back end every time an executable launches, and it murders performance. It's most obvious in terminals when it causes a simple command that should run in < 1 second to take 4-5 seconds.


If anyone ever tries to install Sophos on your Mac, do your best to avoid it. Corporate IT seems to like it. It slows everything down. It's a nightmare to get rid off again.

The problem is for a lot of jobs you don't get a choice. The employer enforces it, no dark patterns necessary. And then you end up with a computer that is 70% busy doing AV-stuff and leaving 30% for actual work.


This really bugs me about Apple. We had the DTK (pre-release hardware for the M1). We got into trouble with an upgrade from beta2 to beta10 and the machine was bricked. Everywhere we turned, we were told to use the developer forums. We did. There were no responses there and I didn't see anyone but customer helping customers.

So, since we're an Apple developer, we decided we would use one of our DTS (developer technical support) tickets. Nope. Pre-release anything is not supported.

So, we ended up waiting for release, bought a new M1 mini and then started our porting effort. Then, we ran into problems and used one of our DTS incidents and we got some help. However, we lost months.


I don't have a bricked DTK, but the last seven builds or so kernel panic every few hours of use. It's kind of sad to see where the program is now…


beta 10 also bricked my DTK unit as well. Total paper weight


My experience working with antivirus vendors is... not good.

Product I used to work on had frequent false positives from antivirus software marking certain files as having some malware or whatever in it.

It's super unpleasant trying to get those changes pushed out. Glad that they were able to get some resolution quickly, usually that isn't the case, at least in my experience.


If Mozilla can’t get a hold of anyone...

20 years ago Google would have sent someone to Mozilla HQ for a week to work on stuff


This is the problem with jumping to conclusions from a vague excerpt. The vendor is some random anti-virus vendor and if you know what trying to get a handle there means....

> More of a concern was user reports that some antivirus software was flagging all our Universal Binaries as malware, and corrupting the Firefox installation the moment the update arrived.

> The software was using machine learning techniques and presumably observed that our combined Universal Binaries didn’t quite look like any other legitimate software it had ever seen before.

> Attempts to contact the vendor through regular support channels were unsuccessful so we ended up searching LinkedIn and managed to find an engineer working on the core antivirus detection.


It was Cylance made by Blackberry.


I had an awful experience with Cylance and some open source software I maintained, too-- false positive detections, and they wouldn't fix it.


Their website is... blech.


Apple did this when transitioning from CodeWarrior to the GNU chain. Apple had to apply patches to the C++ compiler for the company I was at.


This is surprisingly common for large companies. It often isn't formalized because no one wants to dedicate engineers to going onsite with customers.

Often the expert is too valuable to give up, or is a poor choice for customer engagement. If you have a consulting team, they may lack the experience needed, or reputation, that the customer wants. As soon as you send the expert onsite, you will have a challenge not sending them at a later time. This scares off engineering managers from lending their engineers because inevitably they have to fight off the requests.

The better workflow is one where you can send a less expensive resource (however you measure it) onsite and have them work remotely with the expert. If you can stick with that you often end up with the onsite person leveling up their skills and the ability to re-engage in a scalable manner. Any engagement needs prep before the onsite, a plan for escalation when onsite, and a disengagement plan.


It was Agfa in Antwerp. Their guy was very polite but I had to explain to him what was going wrong. I think he was more tech support than anything else.

Edit: Apple also had to change the linker for the sake of Macromedia’s monolithic applications. Another story though.


I'm not sure I follow. Why would an anti-virus product accidentally flagging their Universal Binary block them from releasing a native Apple Silicon version? Of all the Macs in use, I'd have to imagine that only a small percentage are using that specific anti-virus software much less any anti-virus software at all. It might cause them some headaches with specific people who are using that software but why extend that all the way to blocking the release indefinitely?


I guess this was Cylance: I ran into this one on my work laptop with Firefox Nightly and managed to get it escalated internally from us too.


They are being very careful not to identify the anti-virus vendor.

So it's hard to tell if the size of the vendor is the issue here.


I was doing Mac drivers about a decade ago, and some of the dumbest and most ignorant questions on the kernel and drivers mailing lists came from A/V folks. Things like "my machine locks up when our software does X", where it was clear that X was blocking the entire kernel waiting for a userpace thread. Ugh.

I've resolved to never, ever run A/V software on any machine I control based on the quality of those devs.


because A/V folks are hackers, not engineers. hackers do impressive things without reading the fucking manual. that's why they can break seemingly unbreakable things. but on the surface, to the engineer, they seem uncompetent.


how do you "secure" machines if they are windows ones and dumb people plugin flash drives and click on big shiny download ram buttons. genuinely curious.


One way to do it is to whitelist all binaries in the system, and sandbox all applications (to prevent chances of a malicious PDF/image/etc abusing a buggy application).


can you do that on windows? every single exe, every process?


Yeah, the security policies let you do that. I think the current mechanism is called AppLocker.

Note that there may be still ways to bypass it if you're an attacker sitting at the computer, rather than a hapless user.


Surprising they even went through with that. Personally I'd have said fuck it, blamed Apple and moved on with my life.

If Apple wants to create incompatible hardware, let them put the effort & money into fixing the software, if they want the software on their platform.


Though I get your point, in this particular case it was the antivirus company that was the problem. Not Apple.


AV vendors and software are cancer.


I once did the same with Microsoft Windows 8 (or 8.1) keyboard layout changes breaking old software. You'd think they don't suddenly change from '.' to ',' as decimal separator. But that's what they did. And so did Apple more years ago by the way, even resulting in a calculator that couldn't be used anymore with the numeric keypad.

Anyway, found a guy working on keyboard layout stuff at Microsoft through LinkedIn as the other support channels were non-responsive. Unfortunately he just confirmed the change if I remember correctly. But at least we knew what was coming.


Oh wow. So in this case, a foundation with roughly half a billion in revenue per year is still somewhat of a little guy, at least for the standard process. I'm curious which antivirus vendor it was. Mozilla did eject a few extensions written by antivirus vendors in 2019, probably for good reasons.


Even working for a big multinational with a big tailored support contact, support from our major IT services vendor is abysmal. It's not just the little guys that have trouble.


>It’s notable that without this last-ditch effort we would have been effectively blocked from releasing a native Apple Silicon version for an indefinite period."

And they are Mozilla. Imagine Indies.

The Modern Day Apple requires you to get some Mainstream Media publish about How Apple block Open Sources Software to be running on M1 before Apple saw the PR damage and start acting on it.


This was about Cylance being jerks, not Apple. I've fought Cylance quite a bit on Windows for flagging open source software as malware, too (and they fail to respond / fix).


So what do you do if an antivirus vendor is uncooperative? Can you sue them for defamation?


Give up on your open source project, in my case.


The issue itself sounds like a prologue for an A.I. dystopian story.


It's not like Mozilla is a nobody software outfit. For this to be what they had to do go get someone's attention at Apple is terrible.


It wasn't Apple they were trying to contact, it was a random anti-virus vendor who were flagging all new Universal Binaries as malware.


Doh! My bad


Obviously there is more to it then what I am going to say, and who knows with remote workers where people are.

But Apple and Mozilla headquarters are 5 miles apart (roughly). Couldn't you just walk/drive/scoot/fly/what ever over and talk to someone?


Setting aside that the problem with AV had nothing to do with Apple, for the most part nobody was working at either of those offices over the summer (2020, remember?). Also, which of Apple's 130+ Silicon Valley offices are you going to go to, and who do you ask for when you get there?


It sounds like this was an issue with an independent antivirus vendor, not Apple.


I'd imagine that security and the front desk are going to prevent anyone from entering to meet with specific teams or individuals without an appointment.

If you knew someone and had scheduled time with them, then yeah I'm sure you could hoverboard your way over.


Also, pandemic, remote workers, etc. gcp and the engineers who worked on this do not live in SV.


> The Apple Silicon chips are one of the first desktop chips that are a heterogeneous design with distinct performance and efficiency cores. We’re revising much of our core threading and thread pooling architecture to handle the distinction better, improve efficiency, and eventually be able to schedule less performance-critical tasks on the efficiency cores.

I found this bit interesting. Likely more prevalent in mobile apps, but perhaps shifting desktop code to Big.Little approach and using core affinity will result in a lot less wasted energy.


Got a kick out of one of the bugzilla links:

https://bugzilla.mozilla.org/show_bug.cgi?id=34572

"Use native context menus on Mac OS"

"Opened 21 years ago"


It’s little things like this that keep me from using Firefox. Context menus, various micro-interactions, visual design decisions—they all feel so non-native.


I'm using firefox on macos right now and I can't see what the issue is. The the menus show up in the main top bar like every other app. Am I missing something?


Pretty sure this bug is about the right-click menu.


I just checked again and the firefox one looks so close to the native right click that I can hardly tell the difference other than it not supporting dark mode


Firefox's engineers have done a remarkable job at trying to mimic the native context menu as much as possible, but it's not a 100% match (as evidenced by your discovery that it doesn't support dark mode). There have also been times over the past two decades where macOS updated something about the context menu that then make the Firefox one not match. The main point is that it really should just be a native menu; they shouldn't be spending time trying to make it match 100%.


I know of a lot of people like that, when presented with very illogical UI decisions, or controls that look absolutely nothing like the rest of the system, they just cannot see what the issue is. I wonder if it’s poor eyesight, lack of attention, or whatever.


I suspect it’s that they don’t care. It’s not an issue for them because they don’t use the missing native functionality anyway.

Also, if you frequently use cross platform software on multiple platforms, it’s possible consistency within the app is more important than consistently with the OS.


And thanks to the 'native ui' purists which you can never satisfy, now we are drowning in webapps and electron. How native does thst feel?


People that come from a Linux desktop background seem to be immune to these things. The rough sandpaper that is open source UI will eventually wear anyone’s awareness down.


Yes.


I don't really care much about the native menus, but the non-native scrolling in Firefox drives me nuts.

Granted neither of these are deal breakers for me. I don't use Firefox b/c of pretty context menus.


What else do you use?

Last time I used Chrome they pretty much reimplemented everything from buttons to modal sheets.


Safari for all my personal and work usage. I do pop into Chrome and Firefox to perform browser QA, but Safari is my daily driver.


I feel your pain.

But also ended up completely moving out of most "native" tools for a reason or another (from TextMate to VSCode, Mail to Gmail tab, FaceTime to Skype/Meet etc.). At this point deep platform integration looks more like exceptions than the norm, for the better or worse. There are things that I kind of hate in a lot of Apple product (Safari included), which make Firefox's approach a decent tradeoff.


There are so many things that are different between different apps and different OS and I’ve used many of them. Minor variations like this are just to be expected and I don’t feel thrown when I see something different.


Aesthetics aside, is there anything Firefox's context menu lacks because it's non-native? Like accessibility features and such?


Unlike native right click menus, Firefox's don't let you type to select an option after right clicking. Right clicking text in Firefox also displays a different set of options from the standard textual right click menu which is pretty annoying if you're used to the standard one that appears in literally every other app (for instance, the native one lets you right click a misspelled word to select a correction).

This is one of those rare instances of "no, it's not just different, it's actually much worse".


Look Up "[selection]" constantly bugs me. I constantly use it to define words. I feel like there are others that come up periodically. It sounds pedantic, but it's enough of a pain point that I'm itching to switch browsers.


Speech. and the whole Services ecosystem.


Lol wow. When I first read that bug when I read the article my brain automatically translated that to "21 days ago" as it viewed "21 years" to be impossible.


Wow - that bug can now legally drink in all 50 states!


But it can go to war and get married the past 3 years!


Not until April 5th.


A bit tangential to the main topic of the post. They mention that they are working on another optimizing compiler Ion which will replace the cranelift compiler (which is still in nightly) as the new compiler for WebAssembly.

They link the issue [1] tracking the change which also speaks about disabling cranelift.

To my knowledge cranelift was made for the purpose of compiling WebAssembly in Firefox, so I am not sure if I am missing something here (it's not yet production ready maybe). The Cranelift README[2] mentions that it will be a backend for IonMonkey.

I am a complete layman here so I am curious if someone here has a better understanding.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1687626

[2] https://github.com/bytecodealliance/wasmtime/tree/main/crane...


(I work on SpiderMonkey.)

Cranelift was originally started as a project to make a new backend for wasm in SpiderMonkey. It took on a life of its own, and has been transferred by the Bytecode Alliance (which Mozilla is a part of). At the moment it's not mature enough for us to use in production (both in terms of performance and in terms of code churn). We're hopeful that will change over the next few years, but we need to ship wasm support now, so we're sticking with our existing backend.

(We intend to keep Cranelift working behind a compile-time flag.)


> They mention that they are working on another optimizing compiler Ion which will replace the cranelift compiler (which is still in nightly) as the new compiler for WebAssembly.

Ion (nee IonMonkey) predates Cranelift, being the natural evolution of Mozilla's previous SpiderMonkey JITs. From your link:

"Prototyping work (bug 1678097) has demonstrated that Ion can generate good code quickly for wasm on ARM64, and given that Ion has good stability and we know it well, we will ship it as the initial optimizing compiler for wasm on that platform."

The keyword being "initial"; it appears to just be saying that Ion is good enough to enable, with support for Cranelift being retained in the event that it ever surpasses IonMonkey in capability.


I think the situation is:

Cranelift - experimental, quick to port

Ion - production, slow to port

So Firefox on Apple Silicon got Cranelift first, but only in nightlies, and will soon get Ion in release builds - "become the new default" means it will replace the baseline compiler.


I'm surprised that Rosetta 2 isn't installed by default. It seems that for the next couple of years the vast majority of people will need at least one x86 app.

I guess split-architecture applications were also not foreseen as it is clear that the auto-install prompt doesn't work very well in that case.


Feels like a bit of a nudge to developers to not take x86 compatibility for a given… kind of, "it's there if it's truly necessary, but you really should port that plugin/daemon/etc".


I suspect this as well. But it seems so obvious that it is necessary for a while that I doubt that anyone takes it seriously.


I believe the Mac OS Classic environment wasn't installed by default in the early OS X days.


This is both correct and incorrect.

This is correct if you refer to how early versions of the Mac OS X installer was packaged. The Classic environment framework was always installed but a copy of Mac OS 9 was also required to be installed on the system volume as well—and this wasn't included when installing a fresh copy of Mac OS X from a CD.

There was a limited period of time when Apple shipped and installed both Mac OS 9 and Mac OS X on Macs—so for those people, the Classic environment was "effectively" installed by default. Though to reproduce this you'd need to run the Mac OS X and Mac OS 9 installers from their respective CDs.


Mac OS Classic (running OS 9 apps on OS X) is more like a VM than a translation layer. The better comparison for rosetta 2 is rosetta 1.


Given the sibling comment "It's even worse. It's uninstalled when upgrading macOS." does it also give a way of monitoring emulation usage without violating privacy too much?

"X% of machines have installed Rosetta on this version of MacOS" would be a useful number without measuring the specific executions.


It's even worse. It's uninstalled when upgrading macOS.


Well, it's OS-version specific…


It could be upgraded rather than uninstalled.


It should be expected that during this transition, everyone will have one x86 app or another. An upgrade breaking nearly 100% of users is a laughed-out-the-door bad user experience.


The point to Rosetta this misses, however, is that for the vast majority of use cases it’s silently re-installed on demand.


It essentially works only when launching apps from the Finder or the dock (not when app A launches app B, except if it did something about it, but that's unlikely) and brings up a prompt window. The opposite of silent.


I wasn’t aware of the prompt. Mea culpa.


What does this mean, for dot releases? There's only been one release with Rosetta2 enabled.


M1 Macbooks were shipped with 11.0, they're now on 11.1. Upgrading from one to the other removed Rosetta2 on mine (as well as Command Line Tools).


It'll be interesting to see if this is a trend or 11.1 was a one-off.


I wonder if it has anything to do with licensing costs of everything that went into Rosetta? I imagine they owe someone royalties and licensing costs on some components in it, saves some pennies to dollars to only install it as needed


Could be. I suspect that's a factor in the fonts available for download or document support in Catalina and Big Sur:

https://support.apple.com/en-us/HT210192

https://support.apple.com/en-us/HT211240


The best case is you need no x86 apps. Bought an M1 Air for a kid - as soon as Zoom was native they didn't need Rosetta.


> If the user visits such a site, Firefox will automatically download and install such a proprietary EME/CDM module. This presented a problem to us as we would be dependent on those third-party vendors to publish ARM64 versions of those decoders.

Wait, modern browsers still download and run native binaries at the request of certain sites? How is this different from the days when native plugins like Flash were massive security liabilities? I thought we didn't do that anymore?


As I understand it, it's a single trusted binary (Google's Widevine), not arbitrary binaries from sites, so I doubt it's a huge security liability. Not to discount all the other problems with DRM on the web, of course.


The above is correct. The CDM is very heavily sandboxed, a signature is used, and therefore it can't really do anything apart from what it's supposed to do (which is very little, taking encoded data, a key, decode media).

Source: I'm on that team, but I don't work directly on this.


This is correct. These binaries are downloaded from specific update servers.

EDIT: I stand corrected thanks to a colleague on the media team: the EME CDM update servers are known Google servers.


Worth mentioning is that this is also solving a different problem from the old browser plugin ecosystem. Rather than enabling third parties to extend browser functionality, this exists exclusively to partition the open-source Firefox codebase from closed-source DRM code, a workaround to enable DRM playback in an open-source browser.


This is correct.

I still think the "best" answer is to untick the box that says "Play DRM Content" in the Firefox preference panes, and refuse to support corporations that would otherwise use it.

I haven't bought DRM media for over fifteen years.


The site is not making any such request, it is simply using a browser feature. The browser, on demand, downloads a known and trusted binary.


I wonder if this means there will finally be a way to use things like spotify and netflix on ARM linux machines.


> Rust in particular was a concern. Firefox depends on Rust code, and we require a working Rust compiler to build the browser. Although Apple Silicon support for Rust was underway, it took until mid-August for there to be functional compiler builds, which limited the amount of progress possible for Firefox.

Lack of rust support for 64-bit ARM was a bit surprising to me, especially given the velocity in which people have been rewriting certain components in Rust.

Take for example ffmpeg failing to compile because librsvg was rewritten in rust: https://trac.macports.org/ticket/61668


Pretty sure Rust has supported aarch64 Linux targets for ages. It is just aarch64 Darwin/macOS target support which needed to be added.


It has gotten significantly better recently, with Arm themselves pitching in.


And in turn this blocks a large Swift app I work on from shipping Apple silicon support…software dependency chains can be brutal.


Love you firefox. Keep fighting the good fight. Keep that budget figured out.


As they linked to the LibreOffice bug that we hit,[1] it might be worthwhile explaining how the cross platform architecture works in LibreOffice.

The widgeting/graphics library is actually run by something called VCL (the Visual Component Library). It's a bit of a mess to be honest, but the simplified version is that there is a class called OutputDevice that the rest of the app uses, which basically acts as a fascade over a platform specific class called SalGraphics (there are a number of other platform specific classes, SalGraphics is what I focus on here).

Basically it is a class that implements a bunch of primitive drawing functions which call on abstract functions. We then implement these functions in a platform specific class.

To see the guts of the Mac class, see AquaSalGraphics [2] - and no, none of know why it was named "Aqua"... our codebase is old.

FWIW, OutputDevice has serious issues. I have detailed them in a mailing list post. [3]

1. https://bugs.documentfoundation.org/show_bug.cgi?id=138122

2. https://opengrok.libreoffice.org/xref/core/vcl/inc/quartz/sa...

3. https://lists.freedesktop.org/archives/libreoffice/2020-Dece...


> and no, none of know why it was named "Aqua"... our codebase is old.

The macOS UI is called Aqua, and has been for quite a while!

https://en.wikipedia.org/wiki/Aqua_(user_interface)


For who curious, the antivirus that caused problem looks like Norton 360.

https://bugzilla.mozilla.org/show_bug.cgi?id=1682834#c39


> It’s notable that without this last-ditch effort we would have been effectively blocked from releasing a native Apple Silicon version for an indefinite period.

Effectively blocked from releasing it for the single-digit-percentage of people who run an antivirus on a Mac.

Does anyone have credible numbers on this?


The IT department at the place where I work installs antivirus on all Macs. I’d guess it is the same at most bigger corporations


Doesn't that assume that all these IT departments and corporations are using the anti-virus software in question? I feel like most AV software vendors were aware of the ARM transition and would know to look for the new Universal Binaries...


But was it not just a specific product?


How many anti-viruses for macOS are there exactly? If it's the most popular one (whatever that is), it probably doesn't change much about the problem.


They can't selectively release Firefox. If 5% of machines have AV, then the new version of Firefox wouldn't have worked for 5% of machines. That's far too high a failure rate to release.


i.e. all the folks who are using a macbook from work -- I don't think that's a small fraction.


> The Apple Silicon chips are one of the first desktop chips that are a heterogeneous design with distinct performance and efficiency cores. We’re revising much of our core threading and thread pooling architecture to handle the distinction better, improve efficiency, and eventually be able to schedule less performance-critical tasks on the efficiency cores.

Isn't this at the wrong abstraction level? I would expect this to be a job for the OS scheduler.


the application knows the tasks better than the OS?


The OS already needs to properly schedule tasks of different load intensities and match them to the available cores, which might already be running different processes. An application has strictly less visibility into whats going on overall in the system, what else is using resources etc., so I don't see how it can decide any better? All it needs to do is set the proper priorities, so the OS scheduler knows whats more important.


If you read the linked bug, isn't that exactly what's being proposed: https://bugzilla.mozilla.org/show_bug.cgi?id=1678083#c3


> Apple introduced a translation cache that likely removes this overhead completely for most applications but it does not work for code that is output by a JIT. With the native build, this second translation is avoided completely and we’re back to having a snappy browser.

Indeed while Rosetta does have support for JITs (which is really impressive in and of itself), every piece of machine code generated by the JIT has to be translated on the fly.

While the hiccup at the initial run is not too costly / annoying for a regular application being AOT-compiled in its entirety and Apple can then shove the result somewhere nearby, for a JIT it's basically constant, continuous overhead which can't be cached because it won't be around next run. I'm not surprised that the gains are significant there.


Wait, what? People run anti-virus on Macs? What proportion of the userbase is this?

It's good to hear from Mozilla doing some browser developmenmt, and not making bizarre political announcements that an authoritarian shutdown of a social network by a cartel of tech giants is "not enough".


Many enterprises require some form of anti-virus on all endpoints, including macs.


Oh hey, the author is also the guy who developed the amazing open source AlphaGo reimplementation Leela Zero: https://en.wikipedia.org/wiki/Leela_Zero


does firefox use llvm to compile ?


Yeah, clang for all platforms for a couple years now


Some Linux distributions, like Fedora, build their Firefox binary with gcc.


Yeah but this will probably change too.


I hope not, we need diversity. (Yes, also more rust compilers)


We will still have jobs to build Firefox with gcc and gcc is not going anywhere in general: the % of package built with clang in Debian/Ubuntu is a fraction compared to gcc.

Nathan Froyd wrote this great blog post about compiler usage: https://blog.mozilla.org/nfroyd/2018/05/29/when-implementati...


Yes. There are essential Rust components in Firefox, and the only serious Rust compiler uses LLVM. (This has nothing to do with clang as someone else suggests)


"does firefox use llvm to compile" is a very weird question that can be interpreted in a variety of ways :D

Seems your interpretation is "does Firefox require any LLVM based compiler to compile?" and yeah. But "does Mozilla use clang for official builds?" is another valid way to parse the question.

(Mozilla does use clang, and they even do cross-language LTO thanks to that: https://blog.llvm.org/2019/09/closing-gap-cross-language-lto...)


What an interesting and informative article! Nicely done!


Is “apple silicon” the port job here? Isn’t this more correctly described as a port of their existing ARM64 target to macOS?


Firefox on iOS is based on the system's Webkit engine; Firefox elsewhere is built on Gecko, so there's a vast difference in the codebase involved.


On iOS there are no web browsers other than Safari, per the app store rules. "Chrome" / "Firefox" / etc on iOS are just basically skins on top of Webkit.

See 2.5.6 here - https://developer.apple.com/app-store/review/guidelines/

This is why you don't get any of the features / extensions / etc of Chrome or Firefox on iOS.

Apple does this so that the mobile web can never replace apps that they have a monopoly on and get a % from. If you could just visit netflix.com and have it install a Netflix SPA that worked as well as the native app, why would you ever install the native app?

Edit after reading replies - lol, that programming of Apple users to believe "we need an app for every possible site".


>Apple does this so that the mobile web can never replace apps that they have a monopoly on and get a % from

Or you know, because they disallow dynamic code execution of arbitrary downloaded code in apps, and JIT JS compilers do just that.

>If you could just visit netflix.com and have it install a Netflix SPA that worked as well as the native app, why would you ever install the native app?

It's like asking "why would you ever use a native app". Because it's faster, native, and much more convenient?

Take the best desktop browser engine, e.g. Chrome, and put it inside a mobile browser app. Still, I (and most I guess) wouldn't use it to watch Netflix over individual apps.


I can't speak to the mobile/desktop distinction, but comparing "watching Netflix in Firefox on my desktop" with "watching Netflix on my LG WebOS TV", there's barely any difference. If anything, the browser version wins because of the superior input devices (kbd, mouse) attached to it compared with the TV. This suggests to me that there would be little difference when comparing mobile/desktop or app/browser, other than the netflix logo being the point of entry (and if you could run the SPA literally like an app, no difference at all).


> watching Netflix on my LG WebOS TV

No offence but what do you think applications for Web OS are written with?


How many watch web-based Netflix on their Android phone, where Chrome is available, and "Safari" doesn't hold the marvel of web apps back?

How many care to use web based apps over native apps in Android?


>Still, I (and most I guess) wouldn't use it to watch Netflix over individual apps.

If the experience is so much better why are Apple scared to let other browsers into the app store?

Phones are general purpose computers for the majority of the world's population, exercising such authoritarian grip over what a user can do with the device is very depressing to see being defended.


>If the experience is so much better why are Apple scared to let other browsers into the app store?

Well, the weasel word "scared" kind of begs the question.

Who said it's "scared"?

Apple spearheaded the modern browser with Safari. Chrome wasn't even a thing then (it forked off of Apple's work on Safari/Webkit later, just like v8 came after Apple's own JSC JIT work).

As for Mobile Safari, it took several years for Android browsers to come close: Android Browser in particular was a piece of crap, slower, and lacking more features, than Mobile Safari. Was Google also "scared" of web apps?

Also note that, when Apple suggested to developers they make their own web apps in lack of a native SDK, most dissed those and wanted, nay, demanded a native SDK.

And Mobile Safari is not exactly some bad browser holding those apps back. You can watch Netflix on mobile safari, on the web, if you so want. Why would you though?

And here's the 1000 pound argument: do you see many people watching Netflix on Android Chrome, as opposed to using the Android Netflix app?

Didn't think so.

Why would they do it on the iPhone then, if Chrome was available in the App Store?

>Phones are general purpose computers for the majority of the world's population

Not even close.


>Apple spearheaded the modern browser with Safari...

>As for Mobile Safari, it took several years for Android browsers to come close...

>suggested to developers they make their own web apps in lack of a native SDK, most dissed those...

>Safari is not exactly some bad browser holding those apps back...

>do you see many people watching Netflix on Android Chrome...

Absolutely none of these points are arguments against having the option to have an alternative browser rendering engine. Not sure why you think they are.


>Absolutely none of these points are arguments against having the option to have an alternative browser rendering engine. Not sure why you think they are.

Not sure why you think they were intended to be.

Those weren't "arguments against having the option to have an alternative browser rendering engine".

Those were arguments about "Apple not having an alternative rendering engine" is not about sabotaging some imaginary web app revolution, just about Safari having its own timeline and priorities.

Regarding that, not how there's no such web-over-native-app trend in Android either, where Chrome IS available. Most still prefer native apps.

If you think, you could also think them as "arguments not against, but as to why it's no big deal to not have an alternative browser rendering engine".


I don't think this conversation is going anywhere to be honest. Maybe I misinterpreted your point.

My central point was I see no reason for Apple to disallow altnernative browsers (not just shells around webkit) other than to gatekeep. Your points about safari being better or users not using a PWA for netflix don't seem to relate to this I don't think. I think Apple is only concerned about staying in control with regards to what users can install on their devices. I don't think they want other browsers to be genuine alternatives to iOS safari so they've essentially neutered the competition.

I also think you flippantly dismissed that a very large portion of the world is mobile first (not just the third world anymore) and this to me makes having the choice even more important.


Mobile Safari does hold the Web back. Examples are easy to find:

Safari doesn't support the standard unprefixed fullscreen API, while Firefox and Chrome have for years, so Web developers have to write a bunch of compatibility crap or accept fullscreen not working on iOS.

Firefox and Chrome have supported WebGL2 for years, iOS Safari still doesn't.


> Safari doesn't support the standard unprefixed fullscreen API, while Firefox and Chrome have for years, so Web developers have to write a bunch of compatibility crap or accept fullscreen not working on iOS.

Having used an iPad for general web browsing for a while, the worst change they made was allowing web apps write their own fullscreen interfaces. I can't think of any video website where they've done a better job at basic video player controls than what the OS does natively.


Fullscreen isn't just for video though. It's very commonly used for games. I also wrote fullscreen support for "DOM videos" (e.g. https://pernos.co/about/overview/) using the fullscreen API. The latter doesn't even support Webkit because the compatibility work was just too hard.


> Or you know, because they disallow dynamic code execution of arbitrary downloaded code in apps, and JIT JS compilers do just that.

No, they explicitly disallow other implementations, whether they JIT or not. Since Apple's WebKit is missing so many features, this has the effect that GP noted.

"2.5.6 Apps that browse the web must use the appropriate WebKit framework and WebKit Javascript."

https://developer.apple.com/app-store/review/guidelines/


>No, they explicitly disallow other implementations, whether they JIT or not. Since Apple's WebKit is missing so many features, this has the effect that GP noted.

So, do you know people who prefer web apps over native apps for their Android, where "other browsers" are not disallowed, and Chrome is available?

I'm sure you'll find some. I doubt you'll find any significant percentage though.

I, personally, never do, and haven't seen any doing it in the wild, except for things there's not an app for...


> So, do you know people who prefer web apps over native apps for their Android, where "other browsers" are not disallowed, and Chrome is available?

I do. Twitter's PWA is superior to its native app, and I can customize it with extensions. I prefer mobile Firefox over mobile Chrome though.


> Or you know, because they disallow dynamic code execution of arbitrary downloaded code in apps, and JIT JS compilers do just that.

What would you call a webview? Is it that much different if it is webkit or gecko or blink doing it? If I used a webview to run js-linux, xfce and firefox should that be disallowed too?


The code of the webview is made by Apple, it's part of the OS – so it doesn't abide by App Store rules.


Is there anything stopping Netflix from working in Safari on iOS? and then being installed as a bookmark to the Home Screen?

I believe it's Netflix that prefers that users use the app.


Off the top of my head, mobile Safari can't handle push notifications for new content or downloading videos to watch later. I'm sure there are other problems with it as well.


Good points.

Being able to download/cache content reliably would be welcome, on all browsers. However, I haven't seen a good example of using PWAs' storage APIs to cache video content, Safari or otherwise.

Lack of push notifications in iOS Safari is a giant shortcoming. It's especially baffling since it exists for Safari on macOS. That being said, I can't say that Netflix's push notifications (in the app) are particularly useful (to me). They always spam me with newly released yet irrelevant in-house produced titles.


Exactly. As we can see, everybody that uses Android watches Netflix on the web, and the Netflix Android app is left to languish with a measly 1B+ installs. There's clearly no reason why a long-running, DRM-heavy video streaming service like Netflix would want an actual native app on mobile devices.


This is a good question. On the one hand, the article says:

> Of all the work needed to support the new hardware, porting Firefox to the 64-bit ARM architecture was not actually something we needed to do: we’ve supported 64-bit ARM on Android and Linux for years.

On the other hand, it says:

> Secondly, we needed to adapt and fix the various parts of the Firefox codebase that deal with low-level calling conventions and particularly the interfaces between the JavaScript and C++ (and nowadays Rust) parts of the code.

I suppose MacOS on ARM has a different calling convention to both MacOS on x86-64 and Linux or Windows on ARM64.

Also:

> If the user visits such a site, Firefox will automatically download and install such a proprietary EME/CDM module. This presented a problem to us as we would be dependent on those third-party vendors to publish ARM64 versions of those decoders.

So what do Windows or Linux users on ARM64 do? Do they just not get DRM?


> So what do Windows or Linux users on ARM64 do? Do they just not get DRM?

The Windows ARM64 build of Firefox comes with a copy of the 32-bits x86 Windows Firefox binaries to launch the win32 CDM.

There is no support for things like this for Linux, and I don't think there's a native ARM64 Linux CDM (although I could be wrong. I mean, such a CDM likely exists, considering ARM64 Chromebooks)


Yes, "Apple Silicon" is the marketing name for macOS/ARM64.

(Why did 3 other people interpret this comment as saying something about iOS?!)


> (Why did 3 other people interpret this comment as saying something about iOS?!)

Because originally, the comment also said "Firefox already works on apple silicon, on iOS".


> Yes, "Apple Silicon" is the marketing name for macOS/ARM64.

Source?


iOS browser is just Safari reskin (with different sync)


What porting? Isn't C++ the most portable language in existence? Oh, there is also Rust. But isn't it just uses an LLVM codegen, same as Swift or clang? So, there is Rust's stdlib.

Seems like these abstractions are not exactly zero-cost?


> But isn't it just uses an LLVM codegen, same as Swift or clang?

It's more complicated than that. I've been involved in a project (bootstrapping little-endian 32 bit PowerPC on linux) which needed a rust port. I didn't work on that, but from what I saw, it's at best a major nuisance, possibly a nightmare when something breaks. This may be a bad example since darwin/aarch64 is a more sane target, but still. ;-)

More importantly I guess, Firefox has some reeeeaally old platform specific cruft and some really rusty (hah!) ABI-glue stuff lying around. Stuff like the Netscape Portable Runtime. There's still code in Firefox from back when it ran on HP PA-RISC. There's even code for IBM Z mainframes in there. Really glossing over details, but there are some inner mechanisms that are very platform specific and need at least some custom code for each OS + CPU combo.


I wonder if Mozilla regrets laying off 25% of their engineering team [0] given their rapidly declining browser market share [1], and their rapidly declining performance. Not to mention their forced adoption of the new Firefox on Android which disables all add-ons except Mozilla approved ones, despite their promises to correct this [2].

Mozilla _used_ to be about open internet and security, but that's just a false pretense at this point [3][4].

I believe it's time to embrace Chromium / Blink, throw away the idea of internet freedom and just use the best performing browser of the week.

[0] https://thenextweb.com/insights/2020/08/11/mozilla-firefox-l...

[1] https://en.wikipedia.org/wiki/Usage_share_of_web_browsers

[2] https://www.androidpolice.com/2020/09/03/firefox-update-face...

[3] https://blog.mozilla.org/blog/2021/01/08/we-need-more-than-d...

[4] https://www.theverge.com/2017/12/16/16784628/mozilla-mr-robo...


> [...] throw away the idea of internet freedom and just use the best performing browser of the week.

I'm not sure if you realise the ridiculousness of your statement.

I think many of your citations are used on a surface level to push your point. I don't think you considered the reasons for Chrome's dominance in the market, which is more to do with other issues such as Google's position of power than the issues you brought up here.

Chrome on Android has never supported addons, and now with Google spear heading changes such as manifest v3, I would consider these worse than decisions Mozilla have made with Firefox. You fail to mention decisions such as Mozilla's continued investment into tracking protection, which have been inheriting protections originating from the Tor Browser project.

I think the reasons why Mozilla have decided to slowly reintroduce addons to their new Android release should be considered. Their efforts to work with uBlock Origin to create a better mobile interface seems to point towards a desire for quality control, one that Google avoids with Chrome on Android altogether.


Nice trolling.

You can use general extensions on Android in Nightly, so this is in progress: https://blog.mozilla.org/addons/2020/09/29/expanded-extensio...

But sure, if you want to "throw away the idea of internet freedom" then that's your choice.


Not the parent but just to clarify:

The ability to install non-store extensions got completely removed on Firefox for Android and there is (AFAIK) no hint at whether it will ever reappear. That's pretty frustrating and clearly not a win in internet freedom.

Store extensions can be used if you create a Firefox account and use their Nightly, which is really hard to justify, IMO. To me it looks like they wanted to push their account numbers and I have great difficulties to find any potential hidden greatness in this policy.


What rapidly declining market share? Did you even open the wikipedia page you're referring to? There are no graphs over the last few months, and if you look at the sources[0][1][2], it looks like their market share declined BEFORE the layoff (from January to August 2020). After the layoff, it seems pretty stable.

As a reference, I'm going to post the values here:

  Source: Jan 2020 - Aug 2020 - Jan 2021
  netmarketshare: 3.61% - 3.00% - 2.98%
  wikimedia analytics: 5.2% - 4.6% - 4.7%
  statcounter: 4.7% - 4.09% - 3.77%
Also I'm actually pretty satisfied with Firefox.

[0] https://netmarketshare.com/browser-market-share.aspx?options...

[1] https://analytics.wikimedia.org/dashboards/browsers/#all-sit... (change date range to Jan 1 2020 - Jan 21 2021, remove other browsers)

[2] https://gs.statcounter.com/browser-market-share#monthly-2020... (remove other browsers)


You have to be joking right? You'd have to be blind to not see the rapid decline in Firefox marketshare.

https://en.m.wikipedia.org/wiki/Usage_share_of_web_browsers#...


First, (as I understood) you indicated that the market share decline and the layoffs were somehow related. Given that the graph started in 2009, 1 year after Chrome was first released and only the last datapoint is after the date, I don't think they're related at all. We all know that Chrome captured the IE/Firefox market share in the whole last decade and that's what the graph's showing.

Second, your concept of rapid decline clearly differs from mine. That is an eleven year decline and I don't think it's "rapid" at all for a browser.


FYI you still cannot get a full native experience with Chrome and Firefox, due to plugins that have not been ported.

For example Chrome ships with an x64 version of Widevine, a plugin that is required to watch live streams on YouTube TV (and perhaps other services with live TV). Currently, YouTube TV does not work natively in Chrome or Firefox.

All that said, it will work fine if you run Rosetta -- the x64 decoder will run in Rosetta.


The post talks about this in some length.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: