Firefox - The Platform 589
Strudelkugel writes "Business 2.0 reports Firefox is becoming a problem for Microsoft. But FF is not just a problem as a browser; its potential as a platform is significant. From the article: 'It all adds up to a business opportunity for startups, established software companies, and Web giants alike. Though Ross and the nonprofit Mozilla Foundation don't stand to make money, Firefox's open platform gives it enormous potential to hatch a new class of applications that live on the desktop but do business on the Web.'"
Re:What about security? (Score:2, Informative)
its been beta forever, and been a PR for like a month tops.
mozilla foundation dont have the man power of MS to internally test their product, so they release it for testing, if it worked ok for you during the test period then you got a bonus.
Re:let it be just a browser (Score:5, Informative)
Re:MPL is holding up Firefox (Score:2, Informative)
The MPL license, like the BSD license, means a company can incorporate Firefox into a commercial product, which encourages companies intending to do so to devote resources to Firefox development.
Re:Worries me.. (Score:5, Informative)
Firefox is a 4.5MB download. That may be bloated compared to sol.exe, but it's tiny compared to IE, and not much bigger than Opera (3.5MB).
Re:Worries me.. (Score:3, Informative)
I'm not quite sure where you get that "hundreds of megs" thing. As a gentoo user, I have source tarballs available and they're all about 30 meg:
In addition, the source tarballs contain lots of non-code stuff. The actual executable on my system is less than 80 kB. There are quite a few supporting libraries, of course. Oh, and the binary download is 8.1 megs (for linux/x86).
Firefox is just a browser. That's all it does. The point of this article is that we can use a browser as a platform for other stuff. This doesn't involve bloating the browser; it involves writing applications that run on top of it.
Re:What about security? (Score:4, Informative)
The reason there have been more security vulnerabilities is because of the security bug bounty [mozilla.org], which rewards people monetarily for finding security bugs. They're simply trying to shake out the security bugs in advance, before it goes big.
Plus, there's been more interest in firefox recently from security firms who see it as a rising star, and think they can get some fame and draw to their consulting business by finding and
publicly revealing security bugs.
I doubt mozilla/firefox is as insecure as IE. It doesn't have the same structural design problems, like activex, and "zones".
Re:no, the cat HASN'T got my tongue. (Score:1, Informative)
My point is, web based is web based. The best ones are browser independent, so touting firefox is not different than touting IE.
Mozilla Amazon Browser (Score:5, Informative)
That already exists! Ok, it doesn't let people buy book yet, but you can search. I wonder if the author of the article knew that. Check it out here [mozdev.org] and here [faser.net]. I've actually tried it out and it works really well.
Get the firefox extension here [texturizer.net].
Re:Worries me.. (Score:5, Informative)
Maybe the Mozilla suite, but not Firefox. In my downloads folder at work:
FirefoxSetup-0.8.exe: 6348KB
FirefoxSetup-0.9.exe: 4845KB
Firefox Setup 1.0PR.exe: 4630KB
These are the setup executables for Windows. And if memory serves me correctly, the Thunderbird client has been getting smaller with each new version even more dramatically...
- sm
Re:A few really good Apps could make the differenc (Score:5, Informative)
Yes, http://xulwebmail.mozdev.org/ [mozdev.org]
Re:Huh? Who isn't online yet? (Score:5, Informative)
It's not all that bad. Practice management systems (for patient scheduling and billing) have almost 100% market share already. It's only electronic medical record systems that are next to unheard of -- and there are plenty of folks (such as the startup I work for) working hard to fill that gap.
Re:What can the platform do? (Score:5, Informative)
Um, pretty much, yeah. Open this [faser.net] in Firefox or Mozilla, or better yet, go here [faser.net] and click on the "launch in its own window" link.
Jedidiah.
Re:The usual ... (Score:2, Informative)
: great applications done with it.
Apparently there are still quite a few restrictions on web applications that use XUL. That's a good thing (security wise), but hopefully beyond Mozilla/XUL2.0 the moz developers will implement something that will ease development as well, without re-inventing ActiveX hell. It _is_ possible to write working web applications if you invest a lot of time and can live with a somewhat disjointed documentation. xulplanet.com [xulplanet.com] is a good start. The Amazon Browser is pretty impressive (but not that useful in real life, I admit that). Don't miss The games at mozdev [mozdev.org], they're tiny XUL applications running over HTTP as well. And Nextls XUL [x25.se] is a somewhat weird frontend for a client/server mp3/ogg jukebox, also in XUL over HTTP. So what other XUL webapps are out there, anyone?
Re:no, the cat HASN'T got my tongue. (Score:5, Informative)
You will never go to a random company's web page and see an XPI object on the page. And FF won't even let you install or use an XPI object from a random page as a security measure - by default you can only download them from the officially maintained archive. You have to override this if you want to download XPI files from some other source.
You may some day go to a random company's page and see a XUL application as part of their interface in the same way that ActiveX is used sometimes today. But A) XUL is a standard (I don't know if it's de facto or de jure at this point) that others can implement if they choose and B) doesn't suffer from the kinds of broken-by-design security model that ActiveX has, C) will in practice probably never be used as the only way to do something, just a way to enrich existing web UIs, whereas ActiveX is used as a crutch for things like delivering 'secure' video and audio content.
2%??? Try 17% (Score:2, Informative)
According to this:
http://www.w3schools.com/browsers/browsers_stats.
Firefox / Mozilla is up to 17%, and IE is down to 75.8%.
I say to Microsoft: Good bye, and good riddance!
Mozilla Amazon Browser-Mega-pricewatch. (Score:1, Informative)
MAB (and other programs like it) has the potential to do for eCommerce what CD-Burners have done for the music industry. Take a big load off the server end. Puts more of what you want in your hands (by changing the interface). Merge several together and you can have a meta-shopper interface on your end (pricewatch on steroids).
XUL as an Application Platform (Score:5, Informative)
I think it presents a concise overview of firefox as a development platform.
XUL and Gecko make an excellent choice for building sophisticated Web applications. It provides a rich user interface toolkit, an HTML and CSS renderer with excellent standards-compliance and support for web services, all completely cross platform.
Work is ongoing with the Gecko Runtime Environment (GRE), which aims to make Gecko a snap to drop into a standalone application, complete with your own executable, if you desire. The idea is to allow the right version of the GRE to be installed automatically with the application if necessary. If the GRE is already installed, there is no need to install it again, or even download it. For those that are interested, the GRE is about 5 to 10 MB, depending on your platform, which is quite small compared to other application platforms. It's also possible to have Gecko run directly from a network drive or CD.
Since XUL may be used on Web sites, it can be used with server-side architectures such as PHP and JSP to build dynamic content. This allows Gecko to be both a two-tier or a three-tier application model depending on your needs. There are projects in development now which aim to integrate Java, Python and other languages into Gecko directly.
Re:Cute (Score:1, Informative)
But hey, let's be fair; .NET isn't all that bad but riding the .NET car with ASP.NET is like driving a Ferrari with wooden wheels. C# would have been nice enough, instead.
ASP.NET is the platform and you can use C# on it. I can understand your teacher well - if you don't know that much, how could your criticism be taken as anything else as anti-M$ fanboyism?
Re:Remember Java and Dotnet? (Score:1, Informative)
Most database front-ends in corporations use custom client apps, ActiveX components, mainframe terminal emulators, or plain HTML. Javascript at best fills in a little around the edges in plain HTML, but it is not used for anything like a full user interface.
Re:Security of Online Apps a Hurdle? (Score:1, Informative)
The poster does not understand where firewalls and cicso boxen fit into the picture, or that Firefox has better security for intra OR internet applications.
Secure data on 3270 dumb terminals or x-terms, has historically proved to be the safest of the lot, but 2nd to old fashioned paper records. Browser enablement, always was a security downgrade.
CITRIX does ok because many already rejected IE on security grounds (wisely too in hindsight).
With Firefox, and the ability to compile in custom security - means Firefox should be able to lure, or cap business growth of the former, and win some fat business pickings.
With IE, at the rate of one big exploit a month, employees could save data to removable storage.
Based on IE's track record, you should not think - you should be running to pick anything else.
Sure, IE does have VPN hooks and calls, and might or could do this or that, but FireFox has GNU cypto plugins. On all fronts, it is a slam dunk win to Firefox.
Re:Security of Online Apps a Hurdle? (Score:3, Informative)
I'm forced to do an app in Swing currently, and it's absolutly abhorrent. I'll take any sort of web service in an instant.
Personal Development Experience (Score:1, Informative)
Re:What can the platform do? (Score:2, Informative)
Processing stuf on the machine, however, is a bit more complicated. Fireforx, nowadays, accept any kind of javascript that doesn't access the local discs (for security reasons). Anything different must be installed locally with a XPI script. Javascript is not very powerfull, and installing a XPI script from the web needs a big amount of trust, but, with this, you can run any program you want.
Re:no, the cat HASN'T got my tongue. (Score:4, Informative)
Opera, maybe?
Re:IE7 (Score:3, Informative)
Re:no, the cat HASN'T got my tongue. (Score:5, Informative)
so is it the concept or the implementation [of ActiveX] thats flawed?
Yes.
The concept is fundamentally bad (for everyone other than Microsoft): using operating system and hardware-specific code to build web sites is a bad idea, unless your goal is to promote eternal lock-in to that platform. From a security standpoint, the notion of running automatically-delivered-over-the-net native machine code that runs outside of any kind of protective sandbox is sheer insanity, and code signing doesn't really help much, because since *all* ActiveX controls have to be signed to have any chance of being safe, the user has to either get used to zombie-clicking the approvals or else just configure the damned thing to assume that every signed control is safe.
Not to mention (getting back to lock-in and monopoly preservation here) that whoever controls the signing process and keys has a semi-veto power over what can or cannot be done with the platform.
The implementation sucks primarily because it's integrated into such an insecure environment to begin with.
But even if the implementation were perfect, and even if we didn't care about the platform lock-in aspectes, the basic idea is just bad. With Java and Javascript, the downloaded code runs in a protected environment. Malicious code has to first break out of that jail before it can even begin trying to compromise the system. Javascript further provides "data tainting" to reduce privacy risks. Most importantly, because 95% of the useful stuff you'd like to do in a web-based application doesn't require breaking out of the sandbox, signed Java applets that do are rare, so users can be appropriately cautious about them (actually Java applets are rare, and for good reasons, but that's another rant). Javascript + XUL actually has no way to break out of the sandbox, AFAIK (someone please correct me if that's wrong).
Work on security issues (Score:5, Informative)
Maybe Firefox is not yet as secure as it should be. But people are intensely at work tightening things up.
According to The Burning Edge [squarefree.com] no less then 10 security related bugs have been fixed in the last week.
The developers are obviously using the random HTML script, and the security bug hunting program seems to pay off.
I'm under the impression that Firefox developers are working very hard to provide a secure version 1.0 of Firefox.
Re:no, the cat HASN'T got my tongue. (Score:5, Informative)
Even if signing the code would be secure it doesn't help a hell of a lot if the good burgers at Verisign [verisign.com] hand out the keys to every pimply faced teenager walking in.
This advisory [attrition.org] describes this spectacular goof in detail. I quote:
In mid-March 2001, VeriSign, Inc., advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is "Microsoft Corporation". The ability to sign executable content using keys that purport to belong to Microsoft would clearly be advantageous to an attacker who wished to convince users to allow the content to run.
Re:let it be just a browser (Score:1, Informative)
javascript is a horrible hack thought up by some drunk, off-duty engineer on toilet paper one day while reading the graphiti over the urinal at work.
You know, I've read similar comments all over this story, and it's nothing but FUD. Have you ever actually used Javascript for anything other than a ten-line form validation hack? It's actually a very nice language. But people seem to be locked in the mindset that Javascript is this incompatible, restricted half-a-language that hasn't moved on since Netscape 2.0. That's not true.
Why can't a java VM be modularized so that language modules (javascript, PHP, Perl, Python, Ruby, etc) can be ported to the VM and let us use our language(s) of choice?
Java wasn't really designed for dynamically typed languages. However Python has already got a JVM implementation (JPython/Jython), and Parrot, which somebody else linked to, is just what you describe, although it won't be a Java VM.
Re:let it be just a browser (Score:2, Informative)
Nice troll! Seriously, what exactly is your problem with JavaScript? It is a standardised language that is quite powerful enough to handle anything reasonably expected of it. It's easy to learn and quite pleasant to work with.
Perhaps your beef with JavaScript lies with the variety of interpretations of the API [w3.org], and bastardisation thereof. Don't confuse a language with an impementation of an API. Obviously the developers of XUL think that JavaScript is worthy, and so they should. I'll be sideing with them, rather than your righteous self.
It's lousy, and not advancing
Taken from http://www.mozilla.org/js/js15.html [mozilla.org]: The next version of JavaScript will be the 2.0 release. 2.0 represents a rewrite of both the language specification and engine implementation... Your opinion that it's lousy is just that - your opinion. Please engage with some more considered argument before spouting your opinions.
Why can't a java VM be modularized so that language modules (javascript, PHP, Perl, Python, Ruby, etc) can be ported to the VM and let us use our language(s) of choice?
Yeap, because with a helthy dose of sarcasm, waiting half an hour for a VM load up which then consumes a tonne of system resources is really in the best interests of the user, not to mention that it's not complete overkill for simple maniplation of data and UI widgets.
Re:Loads faster then IE? (Score:3, Informative)
You wouldn't know how long IE takes to load because it doesn't unload.
Re:2%??? Try 17% (Score:1, Informative)
Comment removed (Score:2, Informative)
Re:True 'nuff (Score:2, Informative)