Hacker News new | past | comments | ask | show | jobs | submit login
Spidermonkey has passed V8 on Octane performance (ocallahan.org)
651 points by francois2 on Oct 28, 2014 | hide | past | web | favorite | 333 comments



I have been very impressed by Firefox lately. Kudos to the whole team at Mozilla.

Just about 5 years ago, it was looking to me like it was the end of Firefox. It was Chrome all the way. New features were coming out one after another. Faster rendering. Safe process isolation for each tab. Looked better.

But I just switched back last month. It happened kind of randomly. Saw an announcement of a new release ( 33, I think ), downloaded, re-imported my bookmarks from Chrome and just kind of kept using it instead of Chrome since then.

I like how the tabs look also I think it feels lighter and snappier on my (now old-ish) laptop.


Same here. Especially as Google becomes more and more evil, Chrome looks less attractive. Even on mobile, I use FF, despite it needing a lot of work and having a lot of rendering and input issues. And Chrome on Android looks very sexy. On desktop, FF is fine, once more.

Rust is also one of the most promising languages with a potentially massive impact on the world. Not only safer software, but exposing more programmers to better ways of coding. (Imagine how different the world would be if a popular OS had adopted a Rust-like two decades ago.)

Mozilla is really an important thing these days.


I am actually still going back and forth between chrome and firefox and it's design was something that was holding me back, specially in a stacking window. Now looking at this I looked through themes and found Simple White[1] something that way out dones chrome and et all in sexy factor.

[1] https://addons.mozilla.org/en-US/firefox/addon/simplewhite/


I would like it if something like that was the default and never changed. They seem to keep trying to jump on whatever style is popular when they start a redesign but by the time it appears in a release version it's way out of date. The developer tools are even worse in this regard, they're not even consistent with the rest of the browser. Themes are much better suited to keeping up with trends, the default should be simple.


well styling is always a matter of personal opinion. I don't think Mozilla should spend time on theming it's developer tools as long as it's readable and usable.

For the main theme, as long as it's customizable to satisfy the 5% of grumpy people I'm fine with that. The other 95% just doesn't care.


I just can't stand white themes anymore. DeepDark is the bee's knees, as far as dark themes are considered. It even works on Thunderbird.


Thanks!!! This theme is incredible


That is a beautiful theme, thanks


Thanks a lot for the tip, that theme is beautiful!. It's now my default :)


Amazing theme! Thanks for sharing.


Great theme, thanks a lot !


Don't forget that a large chunk of Mozilla's revenue comes from Google: http://thenextweb.com/insider/2013/11/21/mozillas-reliance-g...


It makes me happy that a chunk of Google's money is being used for Mozilla's purposes.

(Disclaimer: as a Mozilla employee, that includes my salary :)


Isn't it actually whoever will pay the most to be the default search? I mean, I <3 google search, but i'd bet microsoft could pony up quite a bit of cash as well.


Once upon a time, you could come across a post like this and confidently respond to it by pointing out that, no, Google's position as the default search engine in Firefox is not for sale to the highest bidder. So that even if, e.g.:

a) the "deal" with Google had never happened, and

b) Microsoft came out of nowhere and began offering to pay what Google is actually presently paying (or, let's say, just for fun, even double or triple that), all while

c) Google were making no offer to start paying

... then Google would still be the default search engine in Firefox, regardless.

The same almost definitely cannot be said today.


Years ago, Google was head and shoulders above all other search engines. Today Google's competition are almost as good, so other parameters might affect Mozilla's search engine defaults.


We are not talking about whether or not other search engines are probably, maybe now in a better place to compete with Google in terms of quality. Let's assume that they are, even. In fact, let's assume that they are, in fact, better. What we are talking about is this question:

Is the default search position in Firefox for sale to the highest bidder?

If Bing today is the better search engine, or if it's slightly inferior to Google, or if your perspective is that when Bing debuted it was terrible and it's even worse today--these are all absolutely immaterial. They have no bearing on the answer to this question.


I think theres 3 arguments that are really important here:

- which is the technically better search engine?

- which will pay the most money? (gotta keep lights on!)

- which is the one the users actually want?

Google used to check all 3. Then only 2 (Pretty sure Bing would have paid more).

Today? I don't know.

Sadly engines like Duckduckgo probably can't afford to pay Mozilla enough to keep the lights on.


What's changed?


Well the set of Mozillians today is not the same as the set of Mozillians in 2009, which is not the same as the set of Mozillians in 2004. It's such a facile thing point out, but it has a huge impact on a project.

Then, it's another very facile thing, but a person involved with Mozilla today who was involved X years ago differs from themselves by X years of experiences. X years' difference also produce X years' worth of changes in the externalities on a project. For example, what impact did the timbre of HN alone have on Mozilla in 2011? What impact was it having in 2008?

So pick how far back you want to go, and then enumerate events that have happened since then. The establishment of Mozilla Corporation. Key developers exiting the project to go work on what would become Chrome. Working with Google on VP8 before the public announcement at Google I/O 2010. The reality of a company that had a couple hundred employees or so for years and then quickly grew to one that now has 1000+, and dealing with that. The shift in focus from the Internet to a focus on the Web, and coping with a lack of influence on the direction of both. The shift in focus on users to a focus on designers and Web developers. The not-terrible idea but also not-amazing idea to try out directory tiles, then dooming it and destroying all kinds of public goodwill in a single stroke by doing this: < https://blog.mozilla.org/advancingcontent/2014/02/11/publish... >. Coping with a number of other failed projects and initiatives over the years like: Theora+VP8 for free video, BrowserID, Do Not Track and changes to third-party cookie policy, and Firefox OS.

Those are some changes Mozilla has been through.

(Note that this is a list of changes Mozilla has gone through, not a "list of bad things about Mozilla". If I were trying to make that kind of list, there are things on there that I wouldn't have put there, and things that aren't on there that should be. But it's not that kind of a list.)


Users that settle for defaults are IE or Safari users :)


There was talk last time it was renegotiated that the large increase was down to MS pushing it up.


No, the policy is that they will use the best search, and take the money from whomever that is.


> Don't forget that a large chunk of Mozilla's revenue comes from Google

I'd love to support Mozilla as much as possible, but no way I'm keeping the default Google-search when you have stuff like DDG around.

Hopefully me wanting privacy doesn't impact Mozilla's financials too hard. Firefox + DDG only seems like the most natural combination: both are powerful and privacy-centric.


IMHO, Mozilla only appears to be privacy centric, in reality the way they hide the 3rd-party-cookie on-by-default setting shows that the user's privacy is not their top priority. I'm pretty sure that they are paid for hiding it like that and not blocking third party cookies by default (like Safari).

Disappointing.

The slogan on their page ("Committed to you, your privacy and an open Web") sounds hollow when considering this and their recent support for DRM.


Plus it doesn't forbid people to make a donation to support the software they like right ? That's what I do, knowing FFx isn't making any money from me, and knowing that I'm using years and years of development is a good enough reason for me.


When you donate it goes to Mozilla Foundation while search deal money goes to Mozilla Corporation AFAIK.

That means they actually need donations for the foundation to run (but its not 800 employees so its much less money). Legally you can't fund the Foundation with the Corporation money - since that would make 2 Corporation and zero Foundation then :)

I don't know if the opposite is possible (send donations from Foundation to the Corporation) but I suspect it has the same problem/effect.


> Legally you can't fund the Foundation with the Corporation money

The Foundation is the sole owner of the Corporation. The Corporation pays dividends to the Foundation.

Now the amount of those dividends can't be too much if the Foundation wants to keep its nonprofit status. "Too much" is determined by how much people donate: the restriction is on fraction of money that comes from non-donations.


It's not like Google's just gifting them the money...


I'm using Opera instead of Chrome. I use Chrome Canary for web dev, but Opera is basically Chrome sans-Google. It's got all the same features as Chrome as it's based on Chromium. Just none of the Google account features. I've also dumped gmail for fastmail and am trying out duckduckgo, but if that doesn't work out I'll just use Google in an incognito window.


I find duckduckgo quite usable for commonplace CS things such as programming in popular languages. For more obscure things I usually just enter g! [query] into my URL bar, so it will revert to an anonymous google. I find this better even just for the fact that I don't get the filtered down view of the world anymore - if there are things named similarly than the ones I use in the world, I want to know, so I can adjust my own naming.


Really? I tried to use DDG, I really did. But the results are just so subpar unless it was a simple "navigational" type search where I knew exactly what I was looking for. I really want to quit Google. I'd even pay for it. But they just dominate by such a large margin.


In my usage over the last few years, I've come to rely on StartPage for good search results (since it's a proxy for Google). While DDG has improved over time, it still is nowhere close enough to be a Google replacement for me. I end up doing searches on DDG only to repeat the same on startpage.com to get better results. DDG still does not have time based search (where you can search for results in the past day, week, month, etc.), which is a huge disadvantage for me.

I do use both StartPage and DDG, although it's more like a 80%-19% split between these two. The remaining 1% is still on Google to get things like news, and Self-Destructing Cookies [1] helps keep things clean on that front.

[1]: https://addons.mozilla.org/en-US/firefox/addon/self-destruct...


Have you tried https://startpage.com ?


DDG results have greatly improved over the last year. I tried switching from Google to DDG a couple years ago, but didn't last more than a week. DDG results are as good (and nicer looking) than Google for general searches, but I still rely on Google for needle in a haystack searches.


Yeah, I doubt that DuckDuckGo could compete with PageRank in its first iteration.

There is a reason that Page and Brin are billionaires: their algorithm was absurdly clever.


What are you talking about? Totally lost after the first sentence here.


DuckDuckGo has a 'bang' feature, where you add a bang like '!g' to search a different site directly.

For example, '!g hacker news' becomes 'https://encrypted.google.com/search?hl=en&q=hacker%20news'.


Sorry, I understand that part. Was wondering what you meant by this (specifically the part about a "filtered down view of the world"):

"I find this better even just for the fact that I don't get the filtered down view of the world anymore - if there are things named similarly than the ones I use in the world, I want to know, so I can adjust my own naming."

It wasn't a loaded question or anything, not sure why I got down-voted either... (shrug)


Google gives you a "filter bubble", essentially exacerbating confirmation bias. That way if you search "what's wrong with Python" it won't return "snakes can hurt you".

Take a look at http://dontbubble.us


ah I gotcha. thanks for the link.



> use Google in an incognito window.

I've been doing that for a few years now. I only need to log in for GMail, basically. At once or twice a day max, it's not a big hassle at all.

In particular, I find that YouTube is much more useful if you're logged out. At least then the sidebar contains related or similar videos, instead of the stuff I watched last week.


Try Startpage.com instead of Ddg. It will give you the the same results as Google, but with the privacy features of Ddg.


Startpage appears to have been around a while and seems relatively open.

However, how does Startpage make money?

In fact, how does DDG plan to make money?


DDG proxies ads from Bing and so they make some revenue from that. It's a small team so it seems to be enough (for now anyway).


Startpage shows text ads (similar to how Google Search ads used to be long ago). And it claims not to record the IP address [1].

[1]: https://startpage.com/eng/protect-privacy.html


Just curious why do you use Canary for web dev?


It has the best developer tools. You just have to be careful to not use the es6 features that aren't in stable Chrome yet.


Is there somewhere I can read about new dev tool features that have not yet made it to Chrome?


@addyosmani [1] is a Chrome DevTools engineer who often talks about new features. That's probably about the easiest way to find nightly updates without following a mailing list.

1. https://twitter.com/addyosmani


I've been using FF for a while, but partly switched off when I got a Surface (on account of IE's better touchscreen support).

But soon I'll be moving from iOS to Android, the wonderful land of being able to change your default browser. And I'll be using FF there for the bookmark syncing. Firefox on 2/3 devices ain't bad.

There was a lot of hate over the australis redesign, but I like it better than Chrome.


+1 for IE's touchscreen support. I keep holding out and using Chrome on my laptop for a few extensions and all of the bookmarks/passwords I have synced over the years, but IE makes Chrome look absolutely kludgy and clunky when it comes to performance and UI these days. It's a shame IE doesn't have a more approachable extensibility model...


Does IE run on anything but Windows these days?

(Edit: Doesn't look like it. Alas.)


Not that I've tried that hard, but the most recent IE that I can run under WINE (Crossover Mac) is IE 8.


You could always scrounge up a copy of IE5 for Mac ;)


So what? Safari is also stuck in Apple land.


Perhaps he means "I don't run windows, can I run I.E. on anything else, like it used to run on Solaris or under Wine"

Some people do exist that have Linux desktop / Android smart device as the only computers we can change.


Yes, that makes it harder to try Safari, too.

Firefox, Chrome, Opera and others are not so picky about which operating system they run on.


Safari is available for OS X and Windows.


The Windows version was silently killed last year.


Safari on Windows has been abandoned; it’s now 3 versions behind.


And since that includes security patches, probably best to avoid it.



Android is also the land where almost every single app can see who you call, who calls you, and get a unique serial number for your phone hardware. All because Google smuggled "check to see if the user's on the phone" permission, which many apps rightfully need, into that whole bundle.

As this is technically a very stupid move, it feels like the only way to interpret this is that Google wants more people giving up privacy, for it to be normal.

Also see: Chrome flips around OK/Cancel in the DNT enable dialog, purely to confuse and prevent users from enabling DNT.


For those curious, go look up Phone State and Identity. If an app wants to behave while your in the phone, it also needs to be able to read your IMEI and the number calling or called. So a flashlight app that wants to disable in call can now see that you're calling a cancer doc. This hardly seems accidental, given that knowing if the user is oh the phone isn't s sensitive operation.

As far as Chrome: go compare. Enable things like spell check, which put up a normal little explanation. Then try DNT, which elicits a scary disclaimer and swaps the OK and Cancel buttons.


I actually think that while its very debatable on desktop, firefox for android may be the best all around android browser.

Now for surface I hear you - i was sad they discontinued the work for that. Even on touchscreen latpops.


Even with no Metro version of Firefox, the desktop version could be better. Touch scrolling in IE for desktop feels like it does on a smartphone. Firefox is jerkier and doesn't get momentum quite right.


Firefox Beta just got Opera-level responsive for me on Android and no rendering issues so far.


I haven't tried Firefox in a coupled of months, but to me Firefox rendering was the worst out of all the top browsers. I think Firefox does something on purpose that makes rendering worse, such as delaying it somehow in order to increase performance or whatever. So for example you won't get the whole page rendered immediately, and if you switch to a different part of the page, you have to wait for it to get rendered, too. I don't like that much.


> safer software What makes Rust-written software safer?


This has been covered repeatedly in the past. Rust inherently helps to prevent many types of memory related and concurrency errors.

Rust programs are not 'safe' in the sense that they cannot crash or have security bugs, but they are 'safer' in that the compiler automatically performs a series of safety checks to prevent common errors.


And note that the most serious security bugs in widespread software[1] are typically exactly these common errors. Eliminating them would have prevented nearly all of the remote execution bugs in history.

1: Widespread meaning OSes and popular platforms, not custom LOB apps where SQL injection exists on the login page.


Option types and safe pointers, and modern abstractions. Some other programming languages offer these too, but Rust attempts to do them while incurring no run-time costs.


It is effectively impossible to have an unsafe memory access error in Rust. The compiler eliminates a huge variety of bug types, including null pointer dereferences, use-after-free bugs, memory leaks, etc. All arrays are bounds-checked and rust encourages good programming practice like using abstracted list-processing mechanisms (like mapping instead of loops) and algebraic types instead of e.g. null pointers.


    It is effectively impossible to have an unsafe memory access error in Rust
Please, don't say that. Lets be reasonable. Rust is great, but Rust code crashes and segfaults too, just like any language, programs have bugs, and those bugs can cause program failure.

Rust just has less of them, because it has a smart compiler. ...but it's not right to suggest that it has none.

Remember:

There is no way of ensuring that a rust program does not result in a segmentation fault or other memory or race condition as a result of unsafe code.

There is no way of ensuring a rust program does not contain any unsafe code.


I don't understand your post. If you mean 'unsafe' as in 'may misbehave' then the compiler can definitely ensure there will be no segmentation faults and there cannot be certain classes of race condition. If you mean 'unsafe' as in the keyword that lets you do dangerous things, it's trivial to check if your source has blocks marked with that keyword.

There's no way to ensure the compiler is perfect, but rust itself is not capable of certain types of errors.

You can always code the wrong algorithm, but that doesn't mean you can segfault or use after free (in the default safe mode you almost never have an excuse to leave).


This is a misconception.

You are flat put wrong, and spreading misinformation about it doesnt help anyone.

If you use any rust, and that includes dependencies and the standard library with unsafe code, bugs in the unsafe code can and do cause segmentation faults.

Its easy to say, 'well, thats a bug in the library, not a problem with rust', but thats the same as with C++ isnt it? If you can assert any code is 100% bug free then why do we care about the nice safety features in rust?

What is true is that any 'safe' code path that never enters an unsafe block in rust proveably cannot result in certain types of failures.

BUT every rust program uses unsafe code. In the standard library. In c bindings. In 'safe' pure rust dependencies (with hidden unsafe blocks). In loading dynamic libraries.

Its completely unavoidable.

What are going to do? Vet every line of every part of every dependency in the code you use? Dont be ridiculous.

Do you use rust?

..because practically speaking it does crash. Not often, sure. ...but this falacy that rust is 'provably safe' is absolutely false. Its provably false.

Thats why people saying it is unfortunate; it makes the rust community look like a bunch of clueless fanboys.

Please stick to reality. Rust has a zero cost memory management strategy and a smart compiler that helps to prevent certain types of common errors.

We dont need to step into magical fairy land to convince people rust is good. It stands on its own merit easily enough.


I guess I should have been more explicit that I was talking about the language itself (without the unsafe keyword). Not libraries written in other languages, not compilers. It's the job of theorem provers and whatnot to make those safe.

In other words I'm talking about code the programmer makes themselves.

>Its easy to say, 'well, thats a bug in the library, not a problem with rust', but thats the same as with C++ isnt it?

In C++ nothing prevents the lines I write from having memory errors. It's not the same at all.

>If you can assert any code is 100% bug free then why do we care about the nice safety features in rust?

Oh well you shouldn't do that, but you also don't have to use unsafe code willy-nilly. In C++ everything you touch is unsafe unless proven otherwise.

>What are going to do? Vet every line of every part of every dependency in the code you use?

For unsafe blocks? Sure, that's easy.


There is no rust language without the unsafe keyword. It doesnt exist. The unwinding is unsafe. see the recent thread on /r/rust about mysterious segfaults.

Thats the point.

You cannot assert your rust program cannot crash.

Even if your code is perfect, there may be bugs in either the std library or some dependency you use that does crash.

Im not saying everyone uses unsafe code (or should) in their own code. Far from it.

Im saying that every rust program invokes unsafe code at some point.

So this myth of the 'pure rust' that is 'completely safe' is just that. A myth.

I dont understand why this is difficult idea for people to accept. Just use the good bits of rust. rust doesnt need to be 100% safe; its not, and thats completely ok.


You can write a library in rust that will never invoke unsafe code, even if you can't have an entire standalone program.

>I dont understand why this is difficult idea for people to accept. Just use the good bits of rust. rust doesnt need to be 100% safe; its not, and thats completely ok.

It's okay for now, but I'm eagerly waiting for a version where the important pieces of unsafe code can be formally verified. Give me safe unwinding, memory allocation, and sockets, and I can cover half the world.

As far as I know this isn't an especially difficult request. I could probably cobble together something right now by borrowing bits of verified C and gluing them to library-limited rust.


How often has one of your Rust programs segfaulted for you, when it wasn't a bug in your own unsafe code (as opposed to that in the standard library)? For me, the count still stands at zero.

I've been writing Rust for well over a year. I like to abuse new features and I've found many compiler bugs, but my code doesn't crash at runtime.

I'm not saying it doesn't happen, and the plural of anecdote is not data, but I think you're grossly misrepresenting Rust's practical safety benefits. That you only have to trust code in unsafe blocks, rather than all the code everywhere, is a huge benefit.


Have you used any of the graphical bindings?

maybe once a fortnight for me?

I'm certainly not trying to bash rust, and I do apologise if it comes across that way.

I just think a bit of realism makes everything look much more sincere and plausible.

As you say 'Rust cannot crash' is false. 'Rust has never crashed for me' could well be a completely true thing to say. Also, 'Its so much easier to write rust code (than say c) that doesnt crash!'

I completely ok with all of those.

..but 'you can do anything in rust and its always perfectly safe!' or 'rust programs dont have to worry about security issues' or 'It is effectively impossible to have an unsafe memory access error in Rust'?

Those are people being enthusiastic (good) but unfortunately spreading misinformation (bad) and making the rust community look bad (very bad).

I just wish people could be excited about the the things that are actually exciting about rust. I feel like this whole safety thing is a massive distraction.

fast, low level, concurrent and managed memory with no cost is both accurate and exciting about rust.

'helps avoid bugs and race conditions' isn't very exciting to me, but I acknowledge its important.

I guess 'completely provably safe!' is exciting to some people; but since its not true, Id prefer not to get people excited about rust that way.


The safety thing isn't a massive distraction. It's a major part of the point of Rust, whether it's exciting to you or not.

The graphical bindings you're using are not part of the standard library, which is why I specifically asked about that. I know there are bugs in third-party dependencies in Rust, because there are many C bindings that aren't exposed safely by those libraries. I've segfaulted using a TrueType binding library, for example, because it was not actually exposed in a way that prevented double frees. But writing a bad binding is something you can do just as easily in Ruby, or Java. The standard library is what we were originally talking about. I wouldn't disbelieve you if you said you crashed every fortnight using only standard library code, but I would probably press for details.

I am not saying Rust is "completely provably safe", but nothing is. You always have some trusted software or hardware that, if it screws up, will compromise your program. Rust's advantage is that it allows you to be explicit about what parts are trusted and what parts aren't. It vastly reduces the potential attack surface.


This is misleading. Apart from bugs in the core code (compiler and stdlib) you shouldn't be memory unsafe in an exploitable way. Even segfault from deref null should be rare. It's like saying Java isn't safe because it might call some JNI. While pedantically true, it's qualitatively different.

That's why effectively impossible is an OK statement. Unless you go out of your way, your program will not contain such bugs.


I don't accept that 'effectively impossible' means 'can happen, but probably doesn't happen very often'.

Rust has many other unsafe code paths than ffi; low level optimisations, dynamic libraries, etc.

Unless you go out of your way or are doing low level work, your code will not contain such bugs, and if you used no dependencies that do anything meaningful, what you said is plausibly true.

...but what are we trying to argue here?

That you can build a contrived rust program that doesn't crash?

Or that if you build an arbitrary program in rust, using arbitrary dependencies to do meaningful work (that will invoke a c library at some point, and talk to device drivers), that it wont crash?

In my view 'effectively impossible' is faaaaaar over stepping the bounds of reality.


Inveterate Rustacean here, and I agree with this. We need to carefully clarify the sort of safety that Rust provides in order to avoid misleading people.

Improperly implemented `unsafe` blocks can cause crashes. APIs that don't properly isolate unsafe interfaces can cause crashes. Bugs in the compiler, bugs in LLVM, and unforeseen unsoundness in the type system can cause crashes. So instead of saying "Rust makes crashes impossible", I'm starting to prefer "If you write only safe code, any crashes that occur are not your fault". A bit less comforting, but still a best-in-class guarantee for a bare-metal language (not to mention that the former claim is impossible in any language).

Furthermore, I think it's important to express to people the true role of `unsafe` blocks, which are not so much "Rust without safety" as they are "reified inline C code with a bit more safety". Rust without `unsafe` blocks could exist, but it would require an enormous amount of FFI and/or much more machinery baked into the compiler itself.


> There is no way of ensuring a rust program does not contain any unsafe code.

Sure there is. There's a compiler lint available which can disallow "unsafe" code, i.e. code which is able to create null pointer errors (and thus segfaults).

Of course, the standard library will always contain a bunch of unsafe stuff - but at least it's shared between every project, and any bugs can be fixed once, and assuming it's correct any non-unsafe code that depends on it is memory-safe.


What's so evil about Google?


It doesn't matter.

(disclaimer: googler)

I see it as a hubris against the idea that Google claimed to not be evil, and the fact that evil is such a poorly defined concept, and whether or not Google meets the bar depends entirely on the values of the perceiver. Many perceivers, for instance, miss the distinction between "Don't be evil." and "Don't do evil.". The former is a mindset, strategy, and intention, while the latter is impossible for a corporation with 50k employees.

Then, the only logical conclusion for someone who hasn't grasped all of the above is that Google is becoming more and more evil every day.


What's the mindset that ends up with Chrome going out of its way to swap OK/Cancel when you enable DNT? (I don't think DNT is a real solution, but I'd guess Google wants to be able to point to data showing users don't enable it.)

What's the mindset behind the broken permissions on Android? Where any app that wants to change behavior when you get a call must request permission to your IMEI and calling/called number? Or why the broken, upfront, all or nothing model is still even used?

What's the mindset behind G+'s incessant nagging, and forcing it as a requirement to even rate apps on Play? Or the same for YouTube, etc.? Not to mention the "real names" debacle.

At what point are we allowed to say Google's mindset is not "don't be evil" as far as external observers are concerned? Or will everyone that brings this up always be labeled as unable to understand?


> What's the mindset that ends up with Chrome going out of its way to swap OK/Cancel when you enable DNT?

Chrome dev here. The way the Chrome settings web UI is written does not lend itself to strong consistency, just eventual, as devs notice it and fix it. Your DNT example was fixed last week in https://codereview.chromium.org/665113003.

Another example of inconsistent button ordering: the overlay for disconnecting a managed profile has its buttons reversed from the usual order, while the overlay for disconnecting an unmanaged profile does not.


Damn. I guess this just goes to show how hard it is for an external observer to judge intent. I mean, you gotta admit that between the long, scary warning and flipping the buttons around compared to other privacy related settings, it certainly seems like a dark pattern. But I've been on the receiving end of this, so I understand how frustrating this must be. "No, really, it was late and one line got pasted in front of another and no one noticed."

I guess that just leaves the fundamental incompatibility with Google's current business model and personal privacy.


> I mean, you gotta admit that between the long, scary warning and flipping the buttons around compared to other privacy related settings, it certainly seems like a dark pattern.

Hanlon's Razor is a good rule to apply here.


"What's the mindset behind the broken permissions on Android?

Where any app that wants to change behavior when you get a call must request permission to your IMEI and calling/called number? Or why the broken, upfront, all or nothing model is still even used?"

At the time android created its permissions model, most of these issues were not obvious, or it would have been done differently.

Remember, of course, that prior to things like android (the first version of the iphone only had webapps), permission models of any sort were pretty much unheard of. Flip phones running java apps, or blackberries, had apps that got to do whatever they wanted.

Permissions changes are being slowly made in android. The same way you'd slowly change most serious things about something with billions of users.

It's not like C++ or Java just release new features every day (even if we may want them to :P).

This is of course, the same as any large system in engineering.

I don't know enough to comment on the rest.

" At what point are we allowed to say Google's mindset is not "don't be evil" as far as external observers are concerned? Or will everyone that brings this up always be labeled as unable to understand?"

Truthfully? It doesn't matter. At some point, every company large enough will lose its sheen, and people will worry about it, and eventually question its motives. Nobody can be perfect at doing the right thing all the time, even if they wanted to. Eventually, even with the best of intentions, mistakes add up, and people stop believing. In fact, i'd wager it happens slower if you don't even try to have good intentions, and and just stay under the limelight, rather than try and occasionally mess up.

In any case, I guarantee the same will happen to Mozilla (or whoever we want to peg as the current defender of the world) over time, the same as it has happened in the past to every other company. Non-profitness won't save them.


This is a lie, I have a Nokia with the S40 OS and Java apps can't just do anything they want, particularly sensitive thing like accessing contacts and making internet connections.

In fact, if your app isn't signed by Nokia, you can't let an app make a request without nagging you for permission. This totally kills homebrew.


This was the "pretty much" part. But even that permission model is really really simple.

MIDP 2.0 had permission domains. In practice, the permission domains were basically "want this app to let you do anything on your phone Y/N?" for a lot of phones.

In the specific case of S40, Nokia's security policy came into play in 6th edition feature pack 1, or so Nokia claims.

For fun, look at the deviations different carriers (and editions) have at http://developer.nokia.com/community/wiki/Java_Security_Doma...


The permission domains govern what the defaults are and what permissions you are able to request, but the permissions themselves are more finegrained. And none of them defaulted to "allow" – see table linked from the page you linked to: http://developer.nokia.com/community/wiki/MIDP_2.0_API_acces...

"Trusted 3rd party domain" is everyone who gave heaps of money to Verisign. They get no permissions by default, but they can request, for example, network access and the user can then grant it once, per-session or always.

"Untrusted 3rd party domain" is the rest of us, and basically any app I ever installed, in which case the user is prevented from selecting "always allow" for network access and is prompted once per session, which was highly annoying.

So if anything, it was too secure! Sun sank their own standard by requiring expensive certificates for normal functionality. If they had used self-signed certificates they way Android does (checking on upgrade that it's the same certificate) it would have been great.

"Operator protection domain" and "Manufacturer protection domain" mighty work differently, but that's no different from the stuff that comes pre-installed on Android phones having access to everything without asking.


DNT is a bad idea that does nothing useful. Discouraging people from using it is good, just like IE always sending DNT is absurd.

Android permissions aren't great. When Android was being designed (before Google bought it), the permissions were a huge step forward from desktop apps, which can still do anything at all. Arguably the very concept of upfront permissions is inferior to asking when needed, but attributing malice to the choice is silly. It'd also be really hard (or even impossible) to change without breaking all the apps out there.

G+ is annoying, indeed. They were aping Facebook with the real names thing and they should've known better.


"What's the mindset behind the broken permissions on Android?

Where any app that wants to change behavior when you get a call must request permission to your IMEI and calling/called number? Or why the broken, upfront, all or nothing model is still even used?"

At the time android created its permissions model, most of these issues were not obvious, or it would have been done differently.

Remember, of course, that prior to things like android (the first version of the iphone only had webapps), permission models of any sort were pretty much unheard of. Flip phones running java apps, or blackberries, had apps that got to do whatever they wanted.

Permissions changes are being slowly made in android. The same way you'd slowly change most serious things about something with billions of users.

It's not like C++ or Java just release new features every day (even if we may want them to :P).

This is of course, the same as any large system in engineering.

I don't know enough to comment on the rest.

" At what point are we allowed to say Google's mindset is not "don't be evil" as far as external observers are concerned? Or will everyone that brings this up always be labeled as unable to understand?"

Truthfully? It doesn't matter. At some point, every company large enough will lose its sheen, and people will worry about it, and eventually question its motives. Nobody can be perfect at doing the right thing all the time, even if they wanted to. Eventually, even with the best of intentions, mistakes add up, and people stop believing.

I guarantee the same will happen to Mozilla (or whoever we want to peg as the current defender of the world) over time.


All of these things are designers trying for one user-centric goal and having it backfire in ways that were not predicted.

None of these things say "evil" to me even remotely.


>Many perceivers, for instance, miss the distinction between "Don't be evil." and "Don't do evil.". The former is a mindset, strategy, and intention, while the latter is impossible for a corporation with 50k employees.

No, we perceive the disctinction just fine. Some of us just believe Google does "evil" with mindset, strategy, and intention...


I would suggest that those of you that believe that are deluded.

What possible motivation could they have for being "evil", comic book style?


No one said anything about comic book style. Google is the one that framed things in terms of evil. Are you saying Google meant it in a tautological way? That is, unless they start killing children or something really evil, it doesn't count?


Comic-book style? Who said anything about that?

Just greedy capitalist style, and "patriotic" pro-US-interests style.


Given that everyone at the top has more money than they know what to do with, what would "greed" have to do with it?


Mega-laffo if you think that the super-rich don't want to become ultra-rich.


You don't think they're a front company for the NSA?

What possible motivation does anyone have for doing evil?


> You don't think they're a front company for the NSA?

No, I don't. the NSA isn't magic or the Illuminati.


Don't be silly. The probability that the NSA works through Google doesn't hinge on magic or the Illuminati at all.

It's quite common that intelligence agencies use front companies to do their work. Look it up.


You're suggesting that a scrappy startup in a field everybody else wrote off which eventually grew to be one of the biggest companies in Silicon Valley was actually just a front and not a real business the whole time? That strains credulity — really far.


Ever heard of Operation Mockingbird? http://en.wikipedia.org/wiki/Operation_Mockingbird


Project mockingbird, therefore the NSA established Google as a front company for spying on the population?


So, the alphabet agencies have done it before but there's zero probability that they'll do it again right?

Yeah, makes perfect sense.


I do not know if Google is evil, however I do find it hard to trust an organisation that feels the need to have "Don't be evil" as a motto, for much the same reason as avoiding someone on the street who is loudly reminding themselves not to kill people.


As a side question, I'm curious why you think that Google is becoming "more and more" evil? There are products like Cultural Institute, google.org, and many others which prove just the opposite.


Across Google products, the UIs seem intent on getting users to reveal and allow themselves to be tracked. Google appears to want to downplay this and get people in the mindset of giving out personal details.

See my other comments, but things like swapping OK/Cancel when a Chrome user attempts to enable DNT fit right into "evil". Really, how does one excuse adding a dark pattern like that? Even though DNT is bad, Google shouldn't resort to trickery to juke the stats.

Edit: A Chrome dev in this thread says this was fixed and just an artifact of how the UI code is in Chrome. Well that makes me look foolish.

I'm not a huge fan of the evil terminology, as it sounds melodramatic and it's easy to dismiss anyone saying "evil" in such contexts. I use it because Google chose that word.

On a less objective point, everytime I use a Google service, I feel icky. It's bad enough that I'm working on the one missing app I want so I can switch to Windows Phone. (MS has problems, but between their internal legal oversight and inability to execute, I don't feel icky with them. Apple is also a choice, but I just really hate the UI and poor development tools.)


Do you really think Google is evil?

One of the co-founders is still the CEO. He is one of the world's wealthiest men. He doesn't need the money and I doubt he feels the need to put shareholders first.

Why would he let Google stray from an ideal he ascribed to previously? Has he been corrupted by having more money than he could possibly spend?


Beyond a certain point, power, influence and fame become bigger motivating factors than money. Additionally, competition from the likes of Facebook in diminishing the "value" of what Google (his "baby") provides could also motivate certain people to do all sorts of things. And on the topic of Google, one cannot forget the time when Eric Schmidt was the CEO.


Being such a large corporation attracts unwanted attention: many interests at play, peer pressure, etc.


I've been reminding everyone I know who still uses Chrome to try Firefox again. Many have switched back. It's simply a better browser. One e10s is in stable, it's going to be even better.

Google is a for-profit company that makes money selling your data and targeted, personal ads.

Mozilla is not-for-profit and just wants to make the web better.


I don't think there is actually any evidence they use Chrome for much more than

1. disrupt IE/MS - i can say for certain they originally backed Firefox for this effort and only decided to split away to build chrome in the first place because they felt starting fresh they could build a better core and i believe they did.

2. enabling more people to build on the web, enables more of their ads to be shown. Firefox achieves this just as well as chrome. IE was dominating not too long ago and you could argue much of google's ad revenue growth can be attributed to more people having access to a higher quality web.

That said... I don't see why you should believe google would need or desire to sell data from what it might collect from Chrome. More likely they see it as a means to ensuring web dominance by ensuring the web is never locked down by one mega corp. It's similar in away to what they have done in the mobile space. Android is more of a technology to disrupt Apple and ensure it can't be dominate, but really does google have any control over Android?


If you sign in to Chrome, your bookmarks and full browsing history are uploaded to Google's servers. Only your passwords are encrypted locally before being sent to Google.

https://support.google.com/chrome/answer/1181035 contains info on how the encryption works.

chrome://terms/ links to https://www.google.com/intl/en/chrome/browser/privacy/ which links to http://www.google.com/policies/privacy/ to define "how we use information we collect." From that page: "We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads."

Your full browsing history is a treasure trove of information useful for making Google's core services (search and ads) more effective. They would be stupid not to use it to improve the quality of their services. I challenge your assertion that Chrome is an altruistic endeavor.


Don't forget about omnibox predictions. By default, all keystrokes in the address bar are being sent, even while you're logged out.

References:

"Get predictions in the address bar" https://support.google.com/chrome/answer/95656?hl=en

"Logging policies for omnibox predictions" https://support.google.com/chrome/answer/180655?hl=en


uhh… with any "omnibox" UI in any browser, every keystroke is sent to Google.


Based on my current knowledge, I believe you are wrong. Firefox' Desktop Awesomebar (which actually predates Chrome's omnibox) does not send every keystroke to Google[0], and never has.

Even Firefox' Mobile Awesomebar doesn't do that[1] unless you click that "Yes" button.

On the other hand, Google's Chrome browser is clear about the fact that it does send everything in the omnibar[2]:

> When you type URLs or queries in the Chrome address bar (omnibox) or App Launcher search box, the letters you type may be sent to your default search engine so that the search engine’s prediction feature can automatically recommend terms or URLs you may be looking for.

If you still believe you are right, I would be interested in seeing your sources.

[0]: https://support.mozilla.org/en-US/kb/awesome-bar-find-your-b...

[1]: https://blog.mozilla.org/privacy/2013/01/08/search-suggestio...

[2]: https://www.google.com/chrome/browser/privacy/


Huh. Your first link says nothing about search suggestions. I based my comment on my experience of having to disable search suggestions every time I start a new browser. I hope you're right…


Here's a Quora answer from Asa Dotzler, to make you feel better: http://www.quora.com/Why-hasnt-Firefox-merged-their-search-b...

Obviously, I can't prove that it doesn't send search suggestions by giving you a link to the code, since it isn't there. If you want to make sure for yourself, I advise using Wireshark.


Oh. The search suggestions I get come from my DuckDuckGo Plus extension (installed it a long time ago). But my point stands with other browsers: Opera, Safari, and IE all have the unified bar, and I was referring to those browsers in my comment (specifically Safari).


The point is: Omnibox in Chrome sends every key stroke. The Awesomebar in Firefox doesn't send anything to Google until you initiate a search.


That's a feature of most "cloud" services that allow multi-device synchronisation.

It could be said Google already have your browsing history (of sites that they serve adverts on, or that use their analytics). I doubt Chrome's syncing data would give them any more information than what they have already.


Firefox provides synchronization without relying on 3rd-party servers, you can just use your own or one provided by a trusted friend.

and it's quite easy to block Google from tracking your browsing habits using GA or Ads: just use an Adblocker and something like Ghostery, RequestPolicy or Disconnect to block Google Analytics.


1) Google never backed Firefox with a billion-dollar-a-year advertising campaign like they have Chrome for several years now.

2) It's not an accident that Google's webservices work best (sometimes only) in Chrome.

They're way past the "disrupt IE" goal. They're into the "tightly couple our web service and Chrome and try to force out other options" goal.


I'd like to see a source for the billion-dollar-a-year campaign, that sounds crazy. That's 3 times Mozilla's entire budget, if memory serves me right.


365 days a year for several years Google has had a Chrome banner ad on www.google.com showing to Firefox users. That page is the most lucrative property on the web in terms of eyeballs, so take your most outrageous ad rate you can find and do the math. It's billions per year worth of advertising.


It's also completely free for Google to advertise on their own website.


Yes but that doesn't mean the economic value is non-existent.

Theoretically Google could sell that space. They trade this potential profit to promote their own product, at a loss, of how ever much that space could be sold for. This is like economics 202, opportunity cost.


It's not that simple. It's easy enough to claim that showing a Chrome ad benefits users and helps Google's brand. Showing third party ads hurts Google's brand and overall value.


Only if the 3rd party project is subpar. largely chrome is a 3rd party project from the eyes of search. I'm pretty sure there isn't a massive overlap between search and chrome developers at google.


$1 billion is Apple's ad budget as of two years ago and a non-trivial fraction of Coke's overall annual ad budget. I call bs.

(http://www.asymco.com/wp-content/uploads/2013/11/Screen-Shot...)


> I'd like to see a source for the billion-dollar-a-year campaign

I can't find a source for the figure right now, unfortunately. And the whole thing is a guess, since Google doesn't release this information. All it releases is overall sales/marketing spending, which in 2012 was about $6 billion if I understand right (see <http://www.quora.com/How-much-does-Google-spend-on-advertisi...). That includes salaries for the marketing folks, etc, not just direct spending on campaigns.

As I recall, the $1b estimate broke down something like 30% actual spend (primetime TV ads, ads all over the London Tube, etc, etc) and 70% in-kind placement (i.e. "every search you do on Google with another browser shoves an ad for Chrome in your face"). I'll see if I can hunt down where I saw that...

> That's 3 times Mozilla's entire budget

Yep.


I recall seeing a heavy metro ad campaign in Paris. All the slots were used. The campaign cost listed[0] (Q-Massifs) doesn't even have a regular price. Extrapolating from the regular campaigns, it cost Google beyond a million euros a week, and the campaign lasted more than that, if I recall correctly. And that is just one city, one campaign.

As for Google Search ads, let's take the number of search requests[1], an example CPC they give[2], an example CTR they give[3], the StatCounter portion of non-Chrome users[4], we get 1216373500000 * (1-0.3) * $0.10 * 0.005.

That's $425,730,725 for a one-year campaign in 2012. Given the prominence of this ad (and its unintentional scare value), the CTR is probably off, so that's a very conservative figure.

If that is indeed 70% of the whole campaign cost, the total is $608,186,750 per year.

[0]: http://www.mediatransports.com/wp-content/uploads/2013/12/Qu...

[1]: http://www.internetlivestats.com/google-search-statistics/

[2]: https://support.google.com/adwords/answer/2375420?hl=en

[3]: https://support.google.com/adwords/answer/2615875?hl=en

[4]: http://en.wikipedia.org/wiki/Usage_share_of_web_browsers#Sum...


The "billion dollar" number is speculation, since the Google front page ad space that Chrome got isn't for sale to anyone else. "Priceless" would possibly be more accurate.


What do you think it would cost to put an Ad on the google homepage?


You are correct. If you try to go to inbox.google.com, it says "Sorry, this only works in Chrome."


> It's not an accident that Google's webservices work best (sometimes only) in Chrome.

A web service that only works in Chrome? Maybe you mean web application (web service would be really odd to work in just one browser). Do you have a source for this regardless? I hadn't heard of this.


I mean the services Google provides to users in the form of web applications, yes. The terminology is sucky.

As for concrete examples, Hangouts only works in non-Chrome browsers (including ones with WebRTC support) if you install a Google-provided binary blob. Which you may not be able to do.

Gmail only supports offline access in Chrome (see https://support.google.com/mail/answer/6557?hl=en the "two exceptions" bit). Whether not having offline access to your mail counts as mail "not working" is up to you, I guess; for me it counts as "not working".

Various Google properties use UA sniffing to deliver degraded content to non-Chrome browsers. https://bugzilla.mozilla.org/show_bug.cgi?id=921532#c9 is an example.

https://bugzilla.mozilla.org/show_bug.cgi?id=973754 is an example where as far as I can tell they built the feature around non-standard Chrome-only functionality even though Firefox supports the standard version.

Google news menus don't work in standards-compliant browsers because they rely on a Chrome/WebKit bug. See https://bugzilla.mozilla.org/show_bug.cgi?id=1083932

Google patent search uses UA sniffing and locks out various browsers as a result. See https://bugzilla.mozilla.org/show_bug.cgi?id=1013702

Google Translate will fail to work in Firefox unless you have Flash installed (good luck on Mobile).... or spoof the Chrome UA string. See https://bugzilla.mozilla.org/show_bug.cgi?id=976013

They do fix these bugs sometimes (the UA sniffing ones, where they just got the sniffing flat out wrong, tend to get fixed once someone diagnoses them). And sometimes not.


> Hangouts only works in non-Chrome browsers (including ones with WebRTC support) if you install a Google-provided binary blob.

The Google Hangouts website uses some carefully-constructed language to imply that people must download Chrome to use Hangouts, even though a Hangouts NPAPI plugin supposedly exists:

https://www.google.com/hangouts/

  The Hangouts Chrome extension won't work in your current browser. You'll need to
  download Chrome before installing the Hangouts Chrome extension. Do you want to
  download Chrome now?
Google+ photo editing is another Google feature that requires Chrome. I believe it uses NaCL to optimize some photo effects.


The NPAPI plugin is the binary blob bz was referring to.


The NPAPI plugin is one binary blob. The Chrome extension is another. The Google Hangouts home page only offers the Chrome extension. To actually find the NPAPI installer, you have to know it exists and search for it.


Google Inbox is also Chrome-only. It UA sniffs and tells you to download Chrome if you aren't using it.



It's not nefarious on the part of the _developers_. They were given concrete goals. I wasn't privy to those, but it sure looks like those were: Must work in Chrome (Android) and on iOS, working elsewhere is nice to have but optional. They were also given deadlines. Then they proceeded, with no nefariousness, to deliver a product that works on Chrome and iOS and not elsewhere. I'm sure if they had more time or more people they would have made it work elsewhere too.

Then you ask yourself why the goals were set the way they were. Obvious guess at an answer: because they only want to target "mobile" and Android+iOS cover most "mobile" clients. Had iOS had less market share, I will bet the goal would have been Android-only (modulo advice by lawyers based on antitrust worries in that situation, of course).

No malice anywhere along here, but the end result is not so distinguishable from malice, sadly.


Also iOS support is needed for Chrome on iOS. Since the same engine is used for Safari and Chrome in that platform.

That's the other easy explanation as to "why iOS?"


I would like to see similar arguments given when Microsoft developers follow what their management orders them, but alas.

Note, not picking on you, just Internet in general.


Every single case is different, but with with Microsoft it was corporate policy to do so - "Embrace, Extend, (Extinguish)", and it was executed again (MS-DOS vs. DR-DOS) and again (IE and Frontweb) and again.

The old saying was "Windows is not done until Lotus won't run", and the DR-DOS case shows it might not have been an exaggeration


MS spent huge amounts to time and money making sure lots of programs with oddities and bugs worked successfully on Win XP - http://www.joelonsoftware.com/articles/APIWar.html


So? That's irrelevant to the discussion.

Google/Chrome also works hard to support "what's already out there", which is what you mention, but what we're discussing now is building on your supposedly-open-but-really-proprietary platform _against_ other players, whether that's policy or coincidental with constraints.

Microsoft spent effort making sure Windows itself WON'T run on DR DOS before that. They constantly ignored web standards after they won the browser wars (conveniently working well with Microsoft tools that produced non-standard markup, though) ... up until the moment they lost them again, at which point they started to pay attention to standards again.

With their last few releases, Google seems to be adopting this Microsoft style of evil. Some people defend that, and some don't.


Yeah, people who think individual developers at Microsoft were trying be evil just aren't thinking clearly. Now upper management, on the other hand....


btw, the Inbox team clearly didn't bother to contact Mozilla about the Firefox performance problem because Mozilla fixed the bug within a couple hours of it being reported on HN:

https://bugzilla.mozilla.org/show_bug.cgi?id=1087963


This is a huge problem for the overall strength of the open web and Mozilla unfortunately is no less guilty of this. Many of the tools developed for FxOS are targeted for Gecko and wont run on other rendering engines. More and more it seems the only people actually building libs for the open web are independent developers and small shops. :(


I think there's a difference between ChromeBook or FxOS apps, which may need functionality and more importantly permissions that are not available on the web yet and creating web apps that use functionality that's supported in multiple browsers but restricting to only one browser.

That said, I agree that more FxOS bits need to end up on standards tracks. The permissions issue really needs solving to make serious progress there.


http://www.otsukare.info/2014/10/28/google-webcompatibility-... has a more complete rundown of the still-extant issues in case you're interested. The whole post is well worth reading, because it does say something important that needs to be said: there are many individuals at Google who believe in things like interoperability, web sites working in all browsers, etc, and strive for that (sometimes against internal opposition). It just happens that Google as an overall organization cares a lot more about its sites working in Chrome than it cares about them working in other browsers, with predictable results.


An example of this is Google Drive's offline mode, which only runs on Chrome (https://support.google.com/drive/answer/2375012?hl=en)


I can't entirely blame them for this one considering the alternative is either using something standard (localStorage) where they're only going to be able to store a really insignificant amount of information or creating something proprietary for multiple web browsers which is difficult to maintain.

If there was a web standard way of caching 5GB of files locally then I would be annoyed.


IndexedDB is supported on all major browsers by now.


Hmm you have a point though I don't know how well Chrome supported it when they first came out with the offline drive support. May be an issue of legacy needing to be upgraded. I also can't find good performance benchmarks for very large blobs in IndexedDB. But yeah I suppose they could use that now.


> More likely they see it as a means to ensuring web dominance by ensuring the web is never locked down by one mega corp.

I wouldn't let Google off the hook so easily.

More like, they want to ensure that if/when it is, they are that one mega corp: https://i.imgur.com/AIxYzl9.jpg

If you ask me, the only reason they haven't moved even faster in this direction is because they're afraid of triggering the same legal action that Microsoft did back in the 90s with IE, but that doesn't mean that they wouldn't love to have that form of dominance - it can only help them.


Google has used it's position in Android and Chrome to undermine privacy. Both platforms encourage users to "knowingly" give up privacy. This is beyond simply preventing monopolies.


Disrupting MS is a big goal of Google's, but that ambition runs far beyond displacing IE. Google, via Chrome (and ChromeOS) and their online services, wants to displace Windows, Office and Exchange. Firefox helped (and still helps) to fend of Microsoft's browser share, but development of Chrome is what Google is using to push browsers towards being able to replace Windows and Office for enterprise customers.


There never was a good reason for Chrome to exist in the first place. Content companies should not produce browsers, it is too much of a temptation for them to optimize their content for their own browser and vv.


> There never was a good reason for Chrome to exist in the first place.

Chrome kicked off the browser performance wars, especially javascript. A fast and performant web was important to any strategy Google could have had, regardless of their status as a good or evil company.


Please check your history. There was a JavaScript performance war in full swing, with both Firefox and Safari producing new JITs and working on improving them, before Chrome ever appeared.


My memory was that there was a cold war, but not hot-and-heavy competition until chrome, although this article seems to agree with you.

But man, Chrome sure got good fast.

http://www.cnet.com/news/browser-war-centers-on-once-obscure...


Your memory might be based on press releases, not what was actually going on. Safari and Firefox had the jits in their development builds, and were actively competing with each other, but hadn't shipped them in a final release yet at the point when the existence of Chrome was announced. Those JITs shipped a few months after that, with the attendant press hoopla.


Safari never had the marketshare to make its JIT a 'threat'.

Besides, Chrome didn't just introduce V8, it also introduced a cleaner UI, sandboxed tabs, and eventually, a much better set of DevTools than any other browser.

To deny that competition from Chrome didn't put pressure on other vendors I think is trying to willfully discount it's contributions for political, not technical reasons.


There's a difference between "Chrome put pressure on other vendors" (which is clearly true) and "Chrome kicked off the browser performance wars, especially Javascript" (which is the statement I was responding to upthread).

Chrome obviously put pressure on other vendors in various areas, including performance. What just isn't true is that without Chrome there would have been no JS performance competition. Whether the competition would have been as intense as it ended up being is a debatable counterfactual; I believe it would have been.

One other historical note, since you brought it up: Chrome was first announced publicly Sept 3, 2008. The first public beta of IE 8, with tabs in separate processes, was released on March 5, 2008. These processes ran in a low-privilege sandbox, as in fact did the entire browser starting with IE 7 (released October 2006), on Windows Vista or newer. Chrome did provide the first browser sandbox on Windows XP and non-Windows platforms, which was a big step up, of course. Again, there is a difference here between "introduced a new ground-breaking concept" and "incrementally improved on what was already going on".

Oh, and V8 was clearly considered a "threat" by other browser makers way before Chrome had any market share to speak of, so I'm not sure what your remark about Safari is supposed to mean.


To be totally fair, Brendan Eich has stated that he was well aware that Lars Bak et al were working on V8 years before Chrome was announced (and Bak's involvement implied the implementation direction that V8 was likely to head towards). I'm sure that knowledge was known elsewhere as well.

The problem with this discussion is inherent in any counterfactual history, as you point out, and the common issue of what appears to be revolutionary to people outside a domain vs merely implementing things people have discussed for years, as the same "revolution" appears to people inside that domain.

The reality is that circa-2008 JS engines were fairly rudimentary, including (or especially) V8, and your average JIT compiler writer at the time would have been less impressed and more compelled to question why this "revolution" hadn't happened years earlier (and several did ask exactly that).

All that said, "Chrome put pressure on other vendors" has been extremely important to the evolution of JS performance, especially with Crankshaft -- I think it's extremely likely that shipping Firefox would still have a tracing JIT today and would be just starting to move past it without Crankshaft having existed -- but Chrome in that slot vs the other major browsers is really not that meaningful a distinction either, as without SpiderMonkey existing, it's likely that V8's major strides forward would have stopped with Crankshaft in 2010. Performance would have continued to improve in either (especially with JSC making big improvements), but I don't think we'd have seen the major architectural changes as often as we have without that pressure. Competition is great.


I agree. IE kicked everyone else's butt first (in terms of market share), and the Web stagnated. Then Firefox kicked IE's butt, and the Web didn't stagnate quite as much, but let's be honest -- it stagnated. At the moment, Chrome is dominant but no browser is really trampling its competition, especially not in terms of overall quality. And the Web is improving faster than it ever has. (Well, not quite -- the "catch up" phases of the browser wars probably saw faster improvement while they were happening.)


Chrome does not exist to give the world a fast and performant web, it exists to give google full control over the audience from request to delivery, it exists to increase google's control and serves as a collection mechanism for data that it would not otherwise get at.

That it's a performant browser is a side-effect.


There could be multiple equally valid reasons for Chrome to exist.


> data that it would not otherwise get at.

My argument is that nobody would have put that data online in a slow and sucky web. If you think Google wants full control over the audience, surely they also want a large audience.

(Note that I do not think that Google is evil. But if they were, I don't think they would need chrome to get most of that information anyways, given all the other ways they are collecting data. Sure, there are some corner cases they would miss but I don't think the incremental coverage would be worth the effort.)


The web wasn't 'slow and sucky' before chrome appeared.


Christ: my slightly hyperbolic rhetoric aside do you really disagree with anything in the logic chain that a faster web = a more usable web = a more used web = a larger audience = better for google?


It wasn't even even slow and sucky before Firefox appeared; Opera was pretty nice even in 2000 :)


Honestly, my issue with Firefox all comes back to the Omnibar: I just like how Google does it better. And the only Firefox plugin I've seen that gets similar to that behavior, is slower at every step of the way. Also, having to manually add every search engine is a hassle even if you are willing to put up with the extra steps that plugin asks.

I really like Google, but I want to support open source(and am not quite willing to put up with Chromium). But for me, core usability is still king, and nothing really touches Chrome for that.



That doesn't really fix what I like most.

I like being able to hit a, see Amazon.com hilighted, hit tab, and have that be searching Amazon.

Or to do the same thing with GMail, Wikipedia, Youtube. It's the core functionality I like most with Chrome.


How do I enable the Omnibar search behavior you describe? When I enter "a" in the Omnibar, I see amazon.com in the Omnibar drop down list, but when I hit tab, Chrome just highlights the next item in the drop down list. It doesn't search Amazon. Have you manually added Amazon to Chrome's "Manage search engines" list?

Firefox has something similar: "Keyword Searches" bookmarks. I define my own search shortcuts, such as "am" for Amazon, "imdb" for IMDB, "nf" for Netflix, and "w" for Wikipedia. Using "am Harry Potter" or imdb or nf or w will use those respective website's own search forms to find "Harry Potter".

https://support.mozilla.org/en-US/kb/how-search-from-address...

http://kb.mozillazine.org/Using_keyword_searches


From my experience, Chrome seems to learn about a search engine by using it. So search for something on amazon.com and it should start working.


Nice! After loading amazon.com from the Omnibar, Chrome learned that "am" was "Search Amazon Search".


Wow, I didn't have any idea that that existed. That doesn't look discoverable at all and the Chome UI provides feedback that Firefox doesn't - but the ergonomics are just as good and that's enough for me to switch my home computers back to defaulting to Firefox.


You can do that in Firefox and with more granular control. If you right click in a search box you can choose to "Add a keyword for this search" and then you can make the keyword whatever you choose.

For example: I have a folder in my bookmarks containing like Youtube which is this url https://www.youtube.com/results?search_query=%s&oq=&gs_l= associated with the keyword "yt" so I can type yt <search term> and it loads the Youtube results. I've also added one for the Mozilla Developer Network (mdn <search term>), Python Documentation (py2 <term> or py3 <term>) and I add others as I use them more.


I use that, but it isn't as good as it used to be in Opera. Opera auto-completed your search using the target search engine's autocompletion. I don't use Chrome often enough to know if it does that too, but it might make me switch. (I switched from Opera to Firefox because of the plugin ecosystem.)


Chrome has all those features too, it let's you add search engines via right-clicking a searchbox, ,you can change the search keyword, and "<search-keyword> <search-terms>" in the omnibar works as described by you.


My solution to this issue is to use DuckDuckGo along with their bang commands [1]. So if you were to look for a replacement Wacom stylus on amazon, you would input "!a wacom stylus".

DDG bangs works with all large website or search engine (!g for google, !w for wikipedia), and with smaller, specialized one as well (I can look up words definition in the Trésors de la Langue Française Informatisé with !tlfi , and a particular protein in the Protein DataBase with !pdb).

If you use the official extension[2], you also get search suggestion out of the search box

[1] https://duckduckgo.com/bang.html [2] https://addons.mozilla.org/en-US/firefox/addon/duckduckgo-fo...


I agree, this is the single most lacking feature in Firefox. That said, I gladly sacrifice it to get a bit less under Google's control.


>makes money selling your data

To... other advertisers? Google is the advertiser. It not only goes against their Terms of Service to sell that data, but also makes zero business sense.

I swear people just make things up when it suits their world views.


I went back to FF after using Chrome since its release, for about 2 weeks before I was fed up with it not playing every youtube video.


So because of non-standard DRMed content, you decided that the best way of preventing that to be a problem in the future is to install the only non-standard browser which renders this non-standard DRMed content from the same provider?

Would you even considered that if that one provider was anyone but Google? No? If so, why do you give Google a free pass?


It just said "cannot play video", did not inspect why because it said something about a plugin, and it made me annoyed, so I switched. This page http://www.youtube.com/html5 had only 2/6 checkmarks in FF.


I try Firefox quite frequently. It's still nowhere near better for me than Chrome.


> It's simply a better browser.

Mozilla does not respect the rules of my native OS. For over five years, they insisted that double-clicking the upper-left corner of the window should not close the window like every other app on the system. Nope. They insisted on doing it their way ignoring the complaints of thousands of users.

Firefox also makes you press Shift to use access keys. Totally non-standard amongst browsers and OSes and annoying for devs and users.

Is Firefox the only browser left that hasn't switched to multiple processes?

No, Firefox isn't better and I don't trust Mozilla anymore than Google.


No, no it's not.

I just spent an hour trying to figure out why ff freezes on the partner's computer. Yay 780mb sqlite wal. Who the fuck knows what that's doing. Why on earth does using a browser require vaccuming sqlite files? Dunno, because there's no good reason.

If she'll finally switch to chrome I'll stop hearing complaints the internet is slow.


Try Help -> Troubleshooting -> Reset Profile (upper right). That fixes most problems of that sort with (often ancient, migrated since FF 2.0 or 3.0) profiles.

Most things are retained, even cookies. It does remove some things (often things that can cause problems, like badly out-of-date-unmaintained extensions, clears DOM storage, download history, plugin settings): https://support.mozilla.org/en-US/kb/reset-firefox-easily-fi...


TBH, the fact that bookmarking has not been completely separated from browsers makes me very sad. I know I can use a cloud service like pinboard.in. A universal bookmark sharing format would make the world a much better place. The fact that importing and exporting is still a thing sucks. Give me a content addressable store upon which multiple indices and management tools can be built and give me a way to choose how to view my bookmarks based on information about them. Near as I can tell bookmarking tools still only record url and title and let me organize into folders by copying entries. This is simply archaic. I should have to adopt a cloud solution to get something better, faster and easy to pull up in any browser on my computer.


RIP del.icio.us remember when browsers had extensions to sync your delicious bookmarks ? Or when bookmark sharing on delicious was a form of microblogging ? If you followed the right feeds it was the hackernews of the day.


I don't want my bookmarking completely separated from browsers, but I would like it to sync to shared browser-portable cloud storage. I'd also like the distinction between tabs, bookmarks, and history to go away and be replaced by some categories that are more relevant to me.


Having something like 1Password for bookmarks across browsers would be sweet. Perhaps with client-side encryption too, for increased privacy.


xmarks.com not too bad for that, I only know about it because of lastpass


Owncloud has a really nice plugin for this. All you need is a simple bookmarklet and you can tag bookmarks and access them anywhere


I wonder how hard it would be to write a Chrome Plugin that connects to Mozilla Sync ...


If process isolation is indirectly responsible for the "page freezes, doesn't re-render, doesn't respond to input" symptom then it seems to have cost more than it was worth in the stability department. Those freezes have dogged chrome on both my mac and my pc for the last 4 or 5 years every time I've tried it. Safari and firefox, OTOH, almost never seem to crash or become unresponsive.

I'm all for having clever damage control mechanisms, but having less damage in the first place seems to be the winning strategy.


Process isolation isn't actually on yet, it's still opt-in in Aurora.

It also makes everything about the interactive experience worse, or at least it did last week. `perf top` shows a pretty damning story around locks, too. So- we're probably not going to see it until 2015.


I wasn't complaining about lack of process isolation in firefox, I was complaining that process isolation in chrome caused more trouble than it was worth.

FWIW After re-reading my post I believe your mistaken impression was due to lack of clarity on my part, not laziness on your part.


Note that Safari also uses out-of-process rendering (using WebKit2).


Well, I guess Chrome's implementation just sucks then. ¯\_(ツ)_/¯


Hah, I did the same. I've been using Firefox Aurora for about 6 months now, and I don't miss Chrome in the slightest; in fact, I prefer Firefox for nearly everything. Now we've moved to Slack instead of Hangouts, I've never had a reason to open Chrome.


Never used Chrome for regular browsing really. Firefox was kind of behind in the 3.x days but not to the point of switching for me, especially since I value Mozilla's goals.


Check out http://arewefastyet.com/ (the website mentioned in the article), which tracks javascript engine performance. Spidermonkey is faster than v8 and Safari's JSC on all three popular javascript benchmarks [1]

[1] Octane (google's benchmark), Sunspider (Apple/Webkit's benchmark), and Kraken (Mozilla's benchmark).


Is there a reason they don't have the new Safari 8 FTLJIT in those numbers? JSC (Java Script Core?) was Safari 7 wasn't it?


According to [1]: "Last week I asked for benchmarks of the new JavascriptCore Fourth Tier LLVM JIT. Arewefastyet from Mozilla now includes such results. FTLJIT does particularly well on asm.js examples."

You can see JSC performing better than chrome on the asm.js benchmarks: http://arewefastyet.com/#machine=12&view=breakdown&suite=asm...

[1] http://blog.llvm.org/2014/05/llvm-weekly-19-may-12th-2014.ht...


FTL is shown there, but note that FTL only works on 64-bit machines. Click on "machines->mac os x 64-bit" to see the results. They are indeed much better than without FTL.


"This puts us in a position of strength, so we can say "these benchmarks are not very interesting; let's talk about other benchmarks (e.g. asm.js-related) and language features" without being accused of being sore losers."

But are asmjs benchmarks interesting? They are not representative of the vast majority of real-world JS, so wouldn't an asmjs-laden benchmark suite really be a case of optimizing for your own set of benchmarks, tuned to your own idiomatic-JS?

But anyway, congrats on the achievement. I like the fact that V8, JSC, and FF performance are converging. If the performance differential is too great, it creates additional headaches for the developer targeting a certain level of efficiency.


Don't look at asm.js benchmarks if you're interested in real-world JS. Look at them if you want to know something about the performance of C++ code transpiled to run in a browser, which is an interesting thing to know. And it's getting to be more and more relevant these days. (Even "real-world JS" is going to start using asm.js libraries, I bet.)

But asm.js execution is very different from JS execution, even in browsers that don't have specialized asm.js paths. Executing regular JS is all about balancing compile time and garbage collection with code execution. asm.js barely uses GC, and allows lots of opportunities to cache compilation in ways that would be invalid for regular JS. So the whole space of tradeoffs is different.


Being representative of "existing real world JS" is one way benchmarks can be interesting. On the other hand, asm.js benchmarks are interesting because improving asm.js performance expands the scope of what the Web can do. Ditto for new language features.


The vast majority of real-world JS don't need JITs to perform adequately, but heavyweight asmjs games are CPU-bound and it makes sense to optimize for them. Watching Firefox creep up on Chrome performance on the arewefastyet.com charts, all JS engines seemed to be converging on some performance asymptote. asmjs changes the rules of the game and break through for specific content.


Firefox is awesome and I love it, but my one complaint after all these years is that I have to restart the browser every day. It's not the end of the world, but it's still frustrating, especially when I'm in the throes of debugging or important research.

Over the course of a day, the browser becomes unresponsive and CPU usage idles at 10-15%. Restarting with the same tabs brings it down to 0%. Yes, I know, disable addons, blah blah...doesn't work for me. Same problem.

I'm really looking forward to the new threading model coming up. I have a feeling that once each tab has a thread, things like this will be much more self-repairing. It's not always easy to kill a rogue execution path in an event loop, but killing a thread is pretty straightforward =].

Also, congrats on the firefox team for really taking performance seriously.


Resetting might help: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fi...

It resets your profile while preserving history, cookies, bookmarks, etc.

> I'm really looking forward to the new threading model coming up. I have a feeling that once each tab has a thread, things like this will be much more self-repairing. It's not always easy to kill a rogue execution path in an event loop, but killing a thread is pretty straightforward =].

First, it's "process", not "thread" :)

The plan is to start with just two main processes -- one for chrome (browser UI, mostly) and one for web content. So no processes will be killed in normal operation. This is because additional processes incur certain extra costs, particularly when it comes to memory consumption.

Still, it might help with your problem; it's hard to say for sure.


I have hundreds (not kidding here, it's the nature of my work) of tabs open routinely for days or even weeks on end and this is not an issue for me. This is under Linux (which may be a factor) on a machine with plenty of RAM (which may be another factor), firefox is extremely stable and if it goes down it is because I power off the machine.

Do you have any plug-ins or add-ons installed that might be the cause of this problem? If you do I suggest you disable all plug-ins and then slowly re-enable them to figure out if any one of those is the culprit.


I've heard other people say this too, but it must be a workflow or use case thing. I run Firefox as my browser of choice on Linux, Mac, and Windows every day, and have for 10 years at least. I do remember a time when memory was an issue, but those problems have been resolved for a few years. I routinely have dozens of tabs open, often with Flash video or lots of javascript, sometimes 50 or more (with the excellent TreeStyleTabs plugin for hierarchical side tabs) and I have never had these problems. I restart my browser maybe once a month, usually along with OS updates.


Interesting that you are talking about RAM, but it's hard to beat Firefox memory usage among major browsers. I'm impressed on my computers how Firefox takes ~750 MB of RAM and Chrome with the same tabs takes ~1.4 GB RAM.

Kudos to the developers.


It's not threading, it's processes that's coming up. I would be surprised if each tab didn't already have its own thread, because eg. multiple tabs can load at the same time...

And umm, not sure what I'm doing differently but I usually keep Firefox open for weeks at a time and have no issues. Though I cut back a bit on keeping tabs open, I used to keep like 60-80 tabs open all the time but now I usually clean up when I'm done with something (more to reduce cognitive overhead than resource utilization).


All tabs are on the same thread in Firefox. Tabs appear to load concurrently only because io is async.


I'll second the motion that there's something going on specifically with your setup. A reset as another poster suggests might be worth a go. Or even just creating a separate, fresh profile and trying that out for a day or two. [1]

[1] https://support.mozilla.org/en-US/kb/profile-manager-create-...


Genuinely curious if this is a common use case or not. I personally close chrome maybe half a dozen times an hour.


How old are you? I won't get anything done if I kept re-loading my ~200 tabs.


What does age have to do with the number of tabs you keep open? Don't pretend you are perusing the contents of each of those tabs any time soon.

Some people prefer to use bookmarks for that sort of workflow (as they are intended)


Yep, everything I need to know is bookmarked and synced to my google account. If something is interesting enough I'll bookmark it, if not I'll close the tab.

Really the only time I'll have more than 5-6 tabs open is when I'm trying to read through an API documentation and I want to be able to reference multiple points quickly.


You have 200 tabs open? How do you find the tab you want? How often do you look at each of the 200 tabs? What happens when you're on another computer? What happens if you accidentally close Chrome, do you open all 200 tabs again?


You have 200 tabs open?

120-200 in each Chrome, FF, Safari.

How do you find the tab you want?

For me each window has tabs on a particular topic, e.g. database api docs plus stack overflow (10 tabs), a javascript one (7 tabs), hackernews (18 tabs), paleo recipes (12 tabs), etc. Tab creation and deletion basically acts like a stack with the most recent/specific tab on top—and I'll garbage collect (command-w a bunch of tabs) when I finish with the specific task.

What happens when you're on another computer?

Laptop goes everywhere with me. 99.5% of the time I'm not. But that other computer also has fuckton of tabs open. lol

What happens if you accidentally close Chrome, do you open all 200 tabs again?

Yup. Various plugins make it less painful but it does hurt. I make sure not to accidentally close the browser.


I generate maybe 60 tabs a day, and finally came to the conclusion that I was using tabs incorrectly. Tree Style Tabs is great, but I found that I was using tabs as combined bookmarks + todo list. So I wrote a Firefox addon that pops up a sidebar every morning and steps through every tab prompting me to either close it or save it as a bookmark. (with tags) It has definitely helped with this vague uneasy feeling I have about occasionally restarting Firefox and having to automatically reopen hundreds of tabs, most of which could have long ago been garbage collected.


Is that available online?


It's not quite ready for other people to use yet, but the source is available at https://github.com/mnutt/tabbers-anonymous.


Genuinely curious as I thought I was a heavy tab user.

What do you use 18 tabs of hackernews for?

I often have the front page in one and my threads in another.. then at least a few comments pages in others.. but never more than 5-6.


In Firefox you can search among open tabs by typing % in the awesomebar, I use this everyday with hundreds of tabs open. And there is also tab groups feature (which is activated by ctrl/cmd+shift+e). I don't know why this feature is not advertised more.


The "%" search sounds really interesting, but I can't seem to get it to work. No matter what I type after the "%", it initiates a web search. This is with Firefox 33 for Mac.


Probably because you have to put a space after % (not sure why, but likely to disambiguate it from other sorts of typing).

It rocks. And I have 1200 tabs open at the moment on Linux64 Nightly (~120 actually loaded). Yes, I'm a tab-hoarder. Bookmarks are useful, but don't give me the easy "I want to come back to this" aspect - once I do close it, I'm done with it; if I bookmark it it's there forever (and the number of bookmarks became unmanagable eventually).

Every so often I do a pass and close out 50 or 100 tabs I no longer care about. Usually I sit at 900-1000; it's time to cull.


In Firefox, opening a browser with 200 tabs doesn’t mean that 200 tabs are immediately loaded. The browser will retain your tab state without loading the contents (apart from the tab you previously had open and any pinned tabs). If you click on an unloaded tab it’ll load the contents dynamically.


I suspect that the reason people keeps tabs open is a deficiency of all modern browsers -- if we had the ability to search the contents of our history of sites, it would dramatically reduce our need to desperately hold onto tabs.

Right now you can search the history, but it searches only the title and basic metadata, and as we know well from HN, titles are often wholly unrelated with the content.

So many times I've found a page that has interesting information, and I can easily remember snippets of the page, but without walking through my history manually for hours, I'm left with trying to remember unique phrases and instead searching the world of information on Google, having to winnow through a lot of chaff. It would be so great if a browser (or an evil cloud-synced variant) generated a search corpus of every page you visit -- understanding the overhead and costs, made viable by many cores and massive IO performance -- allowing you to say "I saw a site about banking regulation and overcommitments in the past week...where was it?"


Assemble a team or otherwise generate enough interest in making Permafrost[1] a reality, and you could have this. I'd love to work on this with somebody...

1. https://wiki.mozilla.org/Permafrost


I'm 22 and I'm a software developer/university student.


How old are _you_?!


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: