Firefox - The Platform

Strudelkugel writes "Business 2.0 reports Firefox is becoming a problem for Microsoft. But FF is not just a problem as a browser; its potential as a platform is significant. From the article: 'It all adds up to a business opportunity for startups, established software companies, and Web giants alike. Though Ross and the nonprofit Mozilla Foundation don't stand to make money, Firefox's open platform gives it enormous potential to hatch a new class of applications that live on the desktop but do business on the Web.'"

no, the cat HASN'T got my tongue.

[flynns (639641)]

The potential for development within firefox is fairly impressive...microsoft had better be concerned.

Maybe Firefox is like the third-party candidate of browsers. Sure, it may not ever hold a dominant market share, but it will guide those who DO towards the right issues...

Re:no, the cat HASN'T got my tongue.

[CanadianCrackPot (727998)]

Like security, stability, and compliance with actual standards.

True 'nuff

[stealth.c (724419)]

The features it has now are just FINE. Stop adding them. We could probably even do with fewer. I am curious though. What makes you say it "isn't that great?" It's far and away better than IE (imho), and it doesn't feel as clunky as the Mozilla Suite. It does everything I want it to and for me it's been a pleasure to use. In fact I use it exclusively. What flaw am I overlooking? Is it something that only anal-retentive coders notice?

But of course--security problems or not--almost anything is better than IE, eh? eh? ;)

Work on security issues

[jeti (105266)]

It has the potential to be great, but we need to get past all this "add more features" and fix security programs.

Maybe Firefox is not yet as secure as it should be. But people are intensely at work tightening things up.
According to The Burning Edge [squarefree.com] no less then 10 security related bugs have been fixed in the last week.
The developers are obviously using the random HTML script, and the security bug hunting program seems to pay off.

I'm under the impression that Firefox developers are working very hard to provide a secure version 1.0 of Firefox.

Re:no, the cat HASN'T got my tongue.

[by Anonymous Coward]

Three years ago I had a fairly full function IDE for creating XUL applications working in Mozilla (project creation, form designer etc.). It was written in XUL+CSS+Javascript+RDF+XML.. I even demonstrated it at Netscape in Mountain View - Zero interest. At that time Netscape was entirely engaged in finishing the Browser, nothing else mattered.

The problem is that Mozilla was designed as a platform to develop a browser (unsurprisingly), not a platform to develop applications. I believe they were wrong in this decision as they could have finished the project sooner if the platform had been powerful enough to bootstrap itself. Unfortunately the rush to finish the browser lead to a mish-mash of api's which treat HTML, XUL, XML and now probably XHTML documents entirely differently. For example, some api's had a large number of unimplemented functions. Embedding HTML documents in XUL or visa-versa led to bizarre problems. Also the parsers did not have a round-trip mode in which DTD, entities, comments, CDATA etc. were preserved. Writing an XML editor was an exercise in frustration.
Application development in Mozilla/Firefox is possible. However, I believe that the current technologies seem to have been designed for excessive hand crafting - lots of exceptions and hard to comprehend mechanisms for overlaying functionality. Robert Ginda's excellent Javascript debugger was a labor of love and a triumph over adversity. It shouldn't be that hard.

Unless Mozilla.org has had a change of heart, MS has nothing to worry about.

Re:no, the cat HASN'T got my tongue.

[LWATCDR (28044)]

"and with ActiveX controls"
There is the rub. Active X is a nasty locking that should be avoided at all costs. It locks you in to not just an OS but also an ISA.

Re:no, the cat HASN'T got my tongue.

[kcb93x (562075)]

But to compare ActiveX and XPI/Plugins, you have to look at their requirements:

ActiveX:
Microsoft OS (98/ME/2000/XP/2003) 250MB - 3GB
Internet Explorer No additional - included in above

Firefox:
Your choice of OS (so no additional needed - it works with whatever you're running)
Mozilla Firefox itself: 10-20MB (16MB for me, on XP Pro, with some extensions installed)

Plus...one's open source, so if it doesn't have functionality that should be added at the api layer (or any layer for that matter) you can easily do it yourself.

Security aside, XPI/Plugins would beat ActiveX in a logical comparision.

Re:no, the cat HASN'T got my tongue.

[Fnkmaster (89084)]

No, they are fundamentally different in intention and use. XPI entensions are installed into your browser to give you extra functionality. In that sense they are much more like browser plugins than ActiveX objects - plugins that have access to browser structures, DOM tree, menus, etc. Since many of these things are by definition browser specific structures, it doesn't really make sense to talk about cross-browser browser extensions.

You will never go to a random company's web page and see an XPI object on the page. And FF won't even let you install or use an XPI object from a random page as a security measure - by default you can only download them from the officially maintained archive. You have to override this if you want to download XPI files from some other source.

You may some day go to a random company's page and see a XUL application as part of their interface in the same way that ActiveX is used sometimes today. But A) XUL is a standard (I don't know if it's de facto or de jure at this point) that others can implement if they choose and B) doesn't suffer from the kinds of broken-by-design security model that ActiveX has, C) will in practice probably never be used as the only way to do something, just a way to enrich existing web UIs, whereas ActiveX is used as a crutch for things like delivering 'secure' video and audio content.

Re:no, the cat HASN'T got my tongue.

[swillden (191260)]

so is it the concept or the implementation [of ActiveX] thats flawed?

Yes.

The concept is fundamentally bad (for everyone other than Microsoft): using operating system and hardware-specific code to build web sites is a bad idea, unless your goal is to promote eternal lock-in to that platform. From a security standpoint, the notion of running automatically-delivered-over-the-net native machine code that runs outside of any kind of protective sandbox is sheer insanity, and code signing doesn't really help much, because since *all* ActiveX controls have to be signed to have any chance of being safe, the user has to either get used to zombie-clicking the approvals or else just configure the damned thing to assume that every signed control is safe.

Not to mention (getting back to lock-in and monopoly preservation here) that whoever controls the signing process and keys has a semi-veto power over what can or cannot be done with the platform.

The implementation sucks primarily because it's integrated into such an insecure environment to begin with.

But even if the implementation were perfect, and even if we didn't care about the platform lock-in aspectes, the basic idea is just bad. With Java and Javascript, the downloaded code runs in a protected environment. Malicious code has to first break out of that jail before it can even begin trying to compromise the system. Javascript further provides "data tainting" to reduce privacy risks. Most importantly, because 95% of the useful stuff you'd like to do in a web-based application doesn't require breaking out of the sandbox, signed Java applets that do are rare, so users can be appropriately cautious about them (actually Java applets are rare, and for good reasons, but that's another rant). Javascript + XUL actually has no way to break out of the sandbox, AFAIK (someone please correct me if that's wrong).

Re:no, the cat HASN'T got my tongue.

[CaptainZapp (182233)]

and code signing doesn't really help much, because since *all* ActiveX controls have to be signed to have any chance of being safe

Even if signing the code would be secure it doesn't help a hell of a lot if the good burgers at Verisign [verisign.com] hand out the keys to every pimply faced teenager walking in.

This advisory [attrition.org] describes this spectacular goof in detail. I quote:

In mid-March 2001, VeriSign, Inc., advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is "Microsoft Corporation". The ability to sign executable content using keys that purport to belong to Microsoft would clearly be advantageous to an attacker who wished to convince users to allow the content to run.

Re:no, the cat HASN'T got my tongue.

[Compact Dick (518888)]

But who are the two others ?

Microsoft Internet Explorer and iexplore.exe.

Security of Online Apps a Hurdle?

[spin2cool (651536)]

Online applications clearly have many benefits, especially with the recent surge in broadband, but adoption and support has been slow in coming. Why is this?

Well, I think many companies are hesitant to move to online platforms, though, because they feel that it's a security risk. Putting sensitive data on a closed intranet seems safer in many ways, especially to those unfamiliar with encrpytion and other modern security measures.

Huh? Who isn't online yet?

[Ars-Fartsica (166957)]

Your bank? Check. Your brokerage? Check? Your government? Check. Your doctor? No, but thats because your doctor is still using Win95 and Office 97. Once someone consolidates the IT operations of law offices and medical practices, this will happen too...the cost of handling paper records is killing these industries.

Re:Huh? Who isn't online yet?

[cduffy (652)]

Your bank? Check. Your brokerage? Check? Your government? Check. Your doctor? No, but thats because your doctor is still using Win95 and Office 97. Once someone consolidates the IT operations of law offices and medical practices, this will happen too...the cost of handling paper records is killing these industries.

It's not all that bad. Practice management systems (for patient scheduling and billing) have almost 100% market share already. It's only electronic medical record systems that are next to unheard of -- and there are plenty of folks (such as the startup I work for) working hard to fill that gap.

Re:Security of Online Apps a Hurdle?

[aldoman (670791)]

Have you ever worked in a real office before?

Most companies now use at least one IE (sadly, almost all are heavily locked into ActiveX atm) based app.

I'd guess that most of new big backoffice apps are being developed for the web now. The benefits are so big.

Firefox is what we should be focusing our attention on. Not Linux. Linux is at this stage a pipe dream on the desktop, at least for now. All Firefox needs to get is killer installs in the office, which I don't see too hard especially with the status of IE patching, and those tricky ActiveX issues can be got round with the use of an icon that opens IE only for that certain site and for the rest of the things, Firefox is the default.

But, I've thought this for a long time that Linux is harping up the wrong tree. Look how quickly FF has got hold - this is the sort of real changes OSS can do. However, I'm not undermining Linux's achievements in the server room. I think that is where it will get hold next.

Anyway, this is what I think we as an OSS 'people' should evangelize:

1) Use of Linux in the server room. Mail servers, web servers. Anywhere that it works.
2) Use of XUL in Firefox/Mozilla. Get Safari to support it.
3) Get BigVendor (tm) cooperation. Show them how XUL is really a lot better than using ActiveX, especially as Microsoft is really not a great partner to work with.
4) Watch as the books, tutorials etc for XUL gathers up. Watch the small developer presence increase.

Basically what we want is XUL/PHP/mySQL (a very strong combination) is to become the new VB. Once we have this, it's going to be a cakewalk to get Linux on the desktop everywhere. Then the hardware support jumps up, and boom, desktop too.

Re:Security of Online Apps a Hurdle?

[Erik Hollensbe (808)]

I really think you missed the point.

The tool for the job does not really leave room for an all encompassing smorgasborg of half-assed features.

The tool for the job is sed, or awk, or perl. It's cp, not mv. It's FreeBSD on the server but not on the Desktop. It's Windows for gaming.

Really, is this so hard to understand? Are you really advocating that your multi tool have a soldering iron, ball peen and crow hammers, cross-cut and standard tooth saw, and everything else that might be in your belt?

Frankly, I am concerned with my desktop performing window management and placing things in spots and in ways that make sense. Everything else is just shit and fluff in a nice little glossy package. The OS, being a more complete idea, should be something for a desktop role that makes sense for my needs. It should not be something that's also my first choice for a server, unless it truly merits that.

Really, how many of you would willingly use X11 if it was not free?

Re:Security of Online Apps a Hurdle?

[mrjohnson (538567)]

Personally, I have never used or considered using ActiveX since it only runs on Windows. What I know is it's a program, usually Visual Basic cab file, running within the browser. There have been several security problems, mainly stemming from the fact that once running, it has programatic access to the whole computer.

Other than the security issues, and that it only runs on Windows and within IE, I understand it's generally a pain to work with and debug. But it does allow you to run programs on the client and use normal Windows widgets in your design. Painfulness is measured differently by me than somebody who programs for Windows. I imagine they would disagree.

Somebody will correct me if I'm wrong on the ActiveX details here, I'm sure. :-)

XUL is meant for addressing the same problem -- bad interfaces on the web, but it takes a drastically different approach. The dialogs are described by lightweight XML files that are pretty painless to develop. The client programming is done in Javascript, which is not as bad as it sounds. The main problem Javascript faces is cross-browser support, which is negated by only using gecko. There's also a decent Javascript console which make it a lot easier to fix script errors in Mozilla than in IE.

The main advantage is everything is still done on the server, only a little user interface junk is left to the client to handle in Javascript, which is arguably where it belongs. You'd do the same in a normal webapp, write html and use Javascript to manipulate objects for a better user experience.

Also, I've seen far too many ActiveX programs that do database access from the client, for example. Typically, there's no security or verification of who's doing what at that level, a difficult thing to get right in any client. Often times you can take the ActiveX object and use it's own objects to access the database and change whatever you like. XUL leaves all of that up to the server which makes it easier to manage and more difficult for bad programmers to leave gaping security holes.

Anyway, there's no 'trusted' environment. All companies should prevent internal users from abusing the system. :-)

Good Show, Mozilla!

[LegendOfLink (574790)]

It's about time the Mozilla foundation is getting the recognition they deserve. As a Windows user (yes, flame me), Internet Exploder has been nothing but a giant general protection fault.

Just goes to show, when you take out competition, you get stale, passionless software. Thank you Mozilla.

Re:Good Show, Mozilla!

[ScrewMaster (602015)]

Actually, we don't call them "general protection faults" any more. That sounds too much like ... a problem with the operating system or something. Really, there's no need to burden the user with awareness of such things. In fact, one of XP's many improvements is in the way malfunctions are presented to the user. No outright lies, you understand, but we've dispensed with technical-sounding terminology and hexadecimal numbers. We simply say, "We're sorry, but your application needs to close." Much friendlier that way, don't you think? Wouldn't want the user calling tech support or anything. Best if they think that spontaneous application "closures" and loss of data is standard operating procedure.

let it be just a browser

[xlyz (695304)]

as soon a browser reach a bit of popularity, everybody seem to try to have it substitute his OS. why can't it just be a browser???

Re:let it be just a browser

[SimplexO (537908)]

The title is a catchy one because Firefox is "new and cool". Really, it's Mozilla as a Platform, and that just really means XUL as a Platform. XAML is Microsoft's attempt at XUL, because it's XUL's a "Good Idea".

Re:let it be just a browser

[FuzzzyLogik (592766)]

It is a browser. But the components that were used to BUILD the browser are very cross platform (hence you have firefox on 3 major different platforms, windows, linux, and mac). in doing so the backend of all of this is cross platform and can be used to create other applications besides just a web browser. you only really need to know javascript, xul, and a few other things and you can use the stuff that was used to build firefox and make your own application. it's a novel idea and hopefully it'll be put to good use.

November 9 lauch day

[solferino (100959)]

Blake Ross's minimal website [blakeross.com] reveals that November 9 is the day we "take back the web" i.e. the launch date for Firefox 1.0.

Shhhh! We awe hunting wabbits...

[coupland (160334)]

People need to be vewy, vewy quiet, we awe hunting microsoft...

catch-up has slowed down in my opinion

[jdkane (588293)]

From the article: Along the way, Firefox is fast becoming the browser of choice for anyone fed up with all the nasty things polluting the Web (pop-ups and viruses and spyware, oh my!).

However XP Service Pack 2 has taken a big bite out of many security, spyware, etc types of issues that formerly plagued Microsoft's IE browser. That said, users on other versions of Windows do not benefit from these new features.

Going forward, I would say that Firefox has more of a fight on its hands, now that Microsoft is starting to listen to the browser crowds.

I went strictly Firefox about seven months ago, and for the last few months have not even had the IE icon available on my desktop or in my menus. However since XP SP2, I've started moving back to using IE sometimes, because it blocks pop-ups, ActiveX controls, etc. Of course Firefox still has many extensions available which I (not the average user, but a developer user) have fallen in love with. However from the average Windows XP user's point of view, why would they switch to Firefox when Microsoft just made IE more secure for them and blocked annoying popups for them? It's definitely going to be harder to market those Mozilla features now that they doen't represent the edge over IE (XP SP2) anymore.

Deja Vu...

[D-Cypell (446534)]

enormous potential to hatch a new class of applications that live on the desktop but do business on the Web.

This sounds a lot like late 90's, .com era speak to me.

I am using firefox to type up this comment, and yes it is a great browser, but it's not going to change the way the world does business.

Nearly every business application that has been developed for the last 10 years does business on the web.

I hereby petition for a change to this article text so that it reads 'do business in a tab'. Now that's innovation!

sshh

[guet (525509)]

Yet here was Andreessen publicly proclaiming in the summer of 1995 that Netscape's plan was to reduce Windows to "a poorly debugged set of device drivers." "They didn't save it up," Myhrvold said. "They fucking pulled up alongside us and said, 'Hey, sorry, that guy's already history.'"

"The tactic drove Redmond into a rage. The day after Andreessen's quote appeared in the press, John Doerr, the prominent venture capitalist and Netscape board member, received a chilling email from Jon Lazarus, one of Gates' key advisers. In its entirety, it read: "Boy waves large red flag in front of herd of charging bulls and is then surprised to wake up gored."

from Wired [wired.com]

They could start with W3C validation

[hsoft (742011)]

Before taking back the web, I think Firefox team should start by making their website W3C valid.

I noticed that today: Firefox page and "spread firefox" page are both invalid html code. Is it just be or they are supposed to be the ones caring about standards?

great browser, but...

[geg81 (816215)]

Firefox is a great browser, and there are a number of useful plug-ins available for it. It's also supported on many platforms.

But I have my doubts whether it's a good applications development platform as it is. Out of the box, you get, what, XUL and JavaScript? I'm sorry, but that doesn't strike me as a good platform for application development. In particular, JavaScript is just far too flaky to develop anything significant or complicated in it, and a lot of libraries just don't exist for JavaScript at all. And, like it or not, even if you put part of the application on the server, things still get complicated if you want a high quality GUI.

Maybe if Firefox shipped with a small, efficient JVM or CLR runtime and JIT that tie into the DOM, XUL, HTML, SVG, and event handlers (but without most of the bloated class libraries that Sun or Microsoft want to force on you), it could become a full platform. It would be even better if it included a small IDE out of the box.

As it is, I think it will remain limited to simple web apps created by rather dedicated Firefox hackers (and thank you for it, it is a great browser).

The developers will make out fine

[Ars-Fartsica (166957)]

I can't think of a more bullshit-proof resume bulletpoint than to point to your commit log on a high profile project.

Anyone using Mozilla code as a basis for a product will pay out to people with a commit history.

A few really good Apps could make the difference..

[Coryoth (254751)]

After seeing this [faser.net] demo of exactly what Firefox and XUL can do in the way of fast, rich applications, I think its only going to take a few significant applications in XUL to get people moving to Firefox just to get it.

Does anyone know if someone is writing a webmail client in XUL? If not, someone really needs to (I've even started looking at trying to do it myself, and I'm no coder). Compared to current webmail interfaces a XUL interface would be almost indistinguishable from a local mail client. All you need to do is have browser detection send users to the old style webmail client if they aren't using a browser that supports XUL.

Now, imagine if GMail started doing that... IE users of GMail get the standard webmail interface, but Firefox users get a full fast XUL interface. Have a look at that demo site [faser.net] again, and do some clicking around ... then tell me that that wouldn't be an absolutely killer app for Firefox.

Jedidiah.

Re:A few really good Apps could make the differenc

[CosmicDreams (23020)]

Does anyone know if someone is writing a webmail client in XUL?

Yes, http://xulwebmail.mozdev.org/ [mozdev.org]

Re:A few really good Apps could make the differenc

[Fnkmaster (89084)]

XUL is cool. Javascript is nicht so cool. I can't really imagine having to build or debug a complicated GUI application with Javascript as your primarily language for doing everything.

I realize that part of the problem with Javascript has been different browsers with slightly different interpretations of DHTML and DOM stuff, and that has given Javascript a worse rap than it deserves.

But that rap isn't completely undeserved. And trying to convince programmers that they should be building the key functional blocks of their applications in Javascript just isn't going to fly any time soon. At least call it something else. Like "XULscript", fix the marketing problem that Javascript has.

Cute

[Dark Lord Seth (584963)]

Reminds me of a teacher at college. Well, not exactly a teacher, mind you. Teachers teach stuff, this guy just stood in front of the class and told us all to go learn ASP.NET from w3schools.com. If the guy was even at college to start with. But I digress. I recently argued with him as to why the hell we were learning ASP.NET while the course read "advanced programming". The moron gave me the following reasons why ASP.NET was to be the "entlösung" to all problems, including war, famine and dropbears*:

• Web-based I: Everything will go over "the web" with .NET, ranging from word processors to databases.
• Web-based II: Other programming languages like C/C++, Delphi, Java and anything not .NET will die because of this web-based 'paradigm-shift'.
• Python: Python (my suggestion) was a joke programming language by amateurs and hobbyists.

That's pretty much when I stopped listening and just started to stare in sheer amazement. The guy seems to be a bit right after all though, considering the possibilities that are now available for XUL regarding web-based applications. But hey, let's be fair; .NET isn't all that bad but riding the .NET car with ASP.NET is like driving a Ferrari with wooden wheels. C# would have been nice enough, instead. But this whole "everything will be web-based" idea was utterly shit and I KNEW there was a better solution than ASP.NET to web-based solutions. Then I saw a site with XUL elements plastered all over it and I was impressed. No more silly tricks with HTML forms and parsing it all through CGI scripts. It seemed like a clean enough solution for lots of things. Think of a small company; Items need to be tracked, clients need to be contacted and managed, rosters needs to be kept up to date and plenty more. Now all that can be done by HTTP with a standard webserver and a Mozilla platform.

The compant where I worked as intern could have used that. Instead they adopted a win2k3 server with office 2k-something premium, using it as a terminal server to log in to single Access database using remote desktop, which would function as a POS system with the aid of heavy VBA scripting. Not exactly an elegant solution, though it sure is a creative way to make an Access database centralized. Now imagine the same trick with a cheapo webserver running Apache 1.3.something, serving XUL documents that read/write data from an MySQL database... ( It WAS a rather small shop, after all... )

Mozilla Amazon Browser

[CanadaDave (544515)]

"Amazon (AMZN) could build a search application into the browser that lets users buy books without visiting its website."

That already exists! Ok, it doesn't let people buy book yet, but you can search. I wonder if the author of the article knew that. Check it out here [mozdev.org] and here [faser.net]. I've actually tried it out and it works really well.

Get the firefox extension here [texturizer.net].

The usual ...

[orangeguru (411012)]

Netscape was supposed to be a new platform ...
Java was supposed to be a new platform ...
Even Flash was supposed to be a new platform ...
Now Firefox is supposed to be a new platform ...

Did they kill MS? Nope.

XUL is cool, but so far I haven't seen MANY great applications done with it.

IE7

[LordMyren (15499)]

Why hasnt IE been updated in so long?

Because IE7 was the biggest threat to microsoft. They nearly built open standards which would have let their users to everything as webapps. The only problem is they didnt have any lock-in.

Thats why IE7 team was stomped into the ground and we havent seen or heard a major release since Win2000.

Someone dig up some of those random facts i once had on this subject please? IE7 was a strong active dev team doing neat stuff. Then they were axed.

XUL as an Application Platform

[SendBot (29932)]

This is shamelessly ripped from http://xulplanet.com/tutorials/whyxul.html
I think it presents a concise overview of firefox as a development platform.

XUL and Gecko make an excellent choice for building sophisticated Web applications. It provides a rich user interface toolkit, an HTML and CSS renderer with excellent standards-compliance and support for web services, all completely cross platform.

Work is ongoing with the Gecko Runtime Environment (GRE), which aims to make Gecko a snap to drop into a standalone application, complete with your own executable, if you desire. The idea is to allow the right version of the GRE to be installed automatically with the application if necessary. If the GRE is already installed, there is no need to install it again, or even download it. For those that are interested, the GRE is about 5 to 10 MB, depending on your platform, which is quite small compared to other application platforms. It's also possible to have Gecko run directly from a network drive or CD.

Since XUL may be used on Web sites, it can be used with server-side architectures such as PHP and JSP to build dynamic content. This allows Gecko to be both a two-tier or a three-tier application model depending on your needs. There are projects in development now which aim to integrate Java, Python and other languages into Gecko directly.

works for us

[Gunark (227527)]

I work for a company that develops intranet-type applications for big mega corporations here in Canada. We've been developing and deploying apps written in XUL/JavaScript + PHP or Python for almost a year now... so far so good. Surprisingly (or maybe not surprisingly) no one has complained about the forced switch to Firefox. In fact we tend to get thank you emails gushing with compliments about Firefox :)

XUL is here, and it works. Having all of the advantages of web-based deployment, while being able to use proper user interface elements is a godsend.

Not unti l XUL is beyond just mozilla

[Ambassador Kosh (18352)]

Overall I can't see how doing stuff with XUL is a good idea until other systems support XUL also. The point of web based apps isa freedom to change at any time. If you write to XUL you have locked yourself in to one rendering engine essentially. If xul worked with khtml and opera then I would not have this problem.

I want to have the freedom that web based apps give me and my customers not remove that freedom. Tieing myself to one browser engine does remove that freedom. Right now if I do regular html, css etcthe stuff works pretty much everywhere under almost any kind of device. With XUL I would lose that freedom and it is important.

Some maybe Most are getting confused...

[vivehosting (825092)]

Alot of people are confused about the facts and the potential of Firefox, even the ones that use it. First, let me just say to those who claim IE is faster... IE loads up faster initially, but Firefox renders faster. Unless you are the type to go to a website, close the window, open ie, go to a website, and so on. Firefox is going to be a much faster solution.

I've been noticing more here than anywhere else that some are confusing Firefox with the Mozilla Suite(Someone even mentioned being a user of FireFox 1.7.3). Firefox is not bloated and will never be bloated. Extensions are optional and if you are like me, you would only be installing about 5 small features to the default installation. The option is there to bloat to your wishes though ;).

Now the potential as a platform isn't really going to be Firefox. It's starting with firefox, and will become popular because of firefox, but the platform is under development as the XUL Runtime Environment (XRE) [mozilla.org]. This is where the magic starts.

One will be able to develop executable applications seperate from Firefox that automatically run on Windows/Linux/Mac. Right now, noone wants to tie their developments to a browser although a few like to tinker with it on their own. When the XRE is released, people will then actively develop XUL/Javascript applications with an optional backend of their choice. You will be able to create .exe applications. You can make those one-click installations someone mentioned somewhere here. No need for the browser although the browser can be used if you want to. Bad news is the XRE isn't being actively developed as Firefox is. So, who knows when they'll release it. But when they do, Firefox, Thunderbird, etc will be complete XUL/Javascript Applications that run using the XRE and GRE. I don't know much about GRE, but that's most likely going to stay browser-specific, although I'm probably wrong.

I'm one of the people who has starting learning XUL and such, and although I have big plans for it. I do not plan on coding for a browser ;) XRE all the way!

Re:Google?

[Conspiracy_Of_Doves (236787)]

Can you say google?

Yes, we can. And so can the article -- In the paragraph immediatly above what you quoted.

Re:Worries me..

[damiam (409504)]

FireFox is already extremely bloated (on Windows) compared to other Windows applications

Firefox is a 4.5MB download. That may be bloated compared to sol.exe, but it's tiny compared to IE, and not much bigger than Opera (3.5MB).

Re:Worries me..

[shadowmatter (734276)]

FireFox is already extremely bloated (on Windows) compared to other Windows applications and the source code is hundreds of meg in size, the reason - it has an entire platform.

Maybe the Mozilla suite, but not Firefox. In my downloads folder at work:

FirefoxSetup-0.8.exe: 6348KB
FirefoxSetup-0.9.exe: 4845KB
Firefox Setup 1.0PR.exe: 4630KB

These are the setup executables for Windows. And if memory serves me correctly, the Thunderbird client has been getting smaller with each new version even more dramatically...

- sm

Re:What about security?

[FuzzzyLogik (592766)]

The reason so many holes are found are due to the Bounty that the mozilla foundation puts forth for each security hole found. this means that people are actively looking for security holes to turn them in and get i think $500.

Why are they doing this? Simple really. Find the holes now and lock firefox down pretty good. Better that the holes are found and fixed ASAP than found but not fixed at all... say.. like internet explorer. they're simply trying to make it more secure and this is a pretty good way of doing it.

Look at it this way, if you develop software you look at the same code all the time and once you see it so many times you don't potentially see the security holes that you might otherwise see because you've looked at it so much that you kind of become numb to the fact that something could be wrong there. by having new eyes looking at the code you are having new eyes put on that older code and they're finding the problems, $500 is just an incentive to get people to look at the code.

Re:What about security?

[darnok (650458)]

Your points are valid, but I can see a potentially huge market for Firefox in intranet applications. Many browser vulnerabilities are simply irrelevant in an intranet context, where users' PCs are already locked down.

Most/all large customers have internal-only applications that have been client-server or n-tier with a custom front end. These apps tend to be brutal to deploy, particularly the front-end, as they are prone to DLL hell and various interdependency issues with other applications (it'd be nice if a customer's IT was mandated to only ever use version X of app Y to develop all apps, but that never is the case). In many cases, customers have resorted to deployment "hacks" such as deploying these front-ends to a small number of servers, then using e.g. Citrix terminal services to expose them to their users.

Enter Firefox and other Mozilla browsers. Now it's practical to build your front-end GUI using XUL and related stuff, and have it talk to the backend over sockets, XML-RPC, SOAP, etc. The only thing that gets deployed to the end user is the Firefox/Mozilla/etc. browser (plus possibly a few addons, typically JavaScript), which is self contained and very easy to deploy.

This is a potentially huge market, which is why MS is keen to grab it with Avalon. Unfortunately for MS, Mozilla is here now and Avalon is over a year away; Mozilla is easy to deploy, and Avalon will presumably be bundled with Longhorn and all the installation/testing issues that go with it.

Finally, I suspect that it will be relatively easy to develop an XUL-based app solution and later retrofit it to Avalon using XSLT and not a huge amount of extra effort - an investment in Mozilla app development now *won't* be lost if a later decision is made to jump to Avalon.

Re:What about security?

[DigitalRaptor (815681)]

I agree totally.

To say FF is more buggy and less secure than IE because of the number of bugs found is higher is as stupid as it is inaccurate.

I spent 4 HOURS at my inlaws house on Saturday removing OVER 800 different bugs and viruses (750 removed by Ad-Aware, 50+ had to be removed by hand) from their XP machine. I would never have believed it if I didn't see it.

This is an old man and an old woman. ALL they do on that computer is suck in pictures from their camera, read email, and occaisionally surf the web. They never download and install programs.

Firefox is infinitely more secure than IE in real world usage. The vast majority of bugs are only minor issues and do not lead to the entire computer being owned.

Compare that to IE, where the vast majority of bugs ARE doozies and DO lead the machine being compromised. Tying IE so deeply into the OS was the stupidest thing MS could have done. I'd like to send them a bill for my 4 hours, just to see if I get a response.

Re:What can the platform do?

[Coryoth (254751)]

Does it give me the ability to have processing in a webpage on the desktop? The ability to open windows with controls that look like "normal" (read: non-HTML) Windows-windows? The ability to create my own controls and use those on any desktop?

Um, pretty much, yeah. Open this [faser.net] in Firefox or Mozilla, or better yet, go here [faser.net] and click on the "launch in its own window" link.

Jedidiah.

Re:Not firefox. Try google

[toddestan (632714)]

A web browser is not an operating system. I repeat a web browser is not an operating styem!

It is if you ask Microsoft!

Re:Memory leaks.

[jesser (77961)]

If you're interested in helping find memory leaks, look at how David Baron has been finding them:

http://www.mozilla.org/projects/xpcom/MemoryTool s. html
http://www.mozilla.org/performance/leak-brow nbag.h tml
https://bugzilla.mozilla.org/show_bug.cgi?id= 25682 2#c2
https://bugzilla.mozilla.org/show_bug.cgi?id =25721 8#c0

Or e-mail David Baron and say "I'd like to help find memory leaks in Firefox. How can I help?".

If you're not interested in helping, and you're just trying to get people already volunteering to shift their priorities, that's ok too.