Firefox - The Platform 589
Strudelkugel writes "Business 2.0 reports Firefox is becoming a problem for Microsoft. But FF is not just a problem as a browser; its potential as a platform is significant. From the article: 'It all adds up to a business opportunity for startups, established software companies, and Web giants alike. Though Ross and the nonprofit Mozilla Foundation don't stand to make money, Firefox's open platform gives it enormous potential to hatch a new class of applications that live on the desktop but do business on the Web.'"
no, the cat HASN'T got my tongue. (Score:5, Insightful)
Maybe Firefox is like the third-party candidate of browsers. Sure, it may not ever hold a dominant market share, but it will guide those who DO towards the right issues...
Re:no, the cat HASN'T got my tongue. (Score:5, Insightful)
True 'nuff (Score:5, Funny)
But of course--security problems or not--almost anything is better than IE, eh? eh?
Work on security issues (Score:5, Informative)
Maybe Firefox is not yet as secure as it should be. But people are intensely at work tightening things up.
According to The Burning Edge [squarefree.com] no less then 10 security related bugs have been fixed in the last week.
The developers are obviously using the random HTML script, and the security bug hunting program seems to pay off.
I'm under the impression that Firefox developers are working very hard to provide a secure version 1.0 of Firefox.
Comment removed (Score:4, Funny)
Re:no, the cat HASN'T got my tongue. (Score:5, Funny)
Re:no, the cat HASN'T got my tongue. (Score:4, Informative)
Opera, maybe?
Re:no, the cat HASN'T got my tongue. (Score:5, Interesting)
The problem is that Mozilla was designed as a platform to develop a browser (unsurprisingly), not a platform to develop applications. I believe they were wrong in this decision as they could have finished the project sooner if the platform had been powerful enough to bootstrap itself. Unfortunately the rush to finish the browser lead to a mish-mash of api's which treat HTML, XUL, XML and now probably XHTML documents entirely differently. For example, some api's had a large number of unimplemented functions. Embedding HTML documents in XUL or visa-versa led to bizarre problems. Also the parsers did not have a round-trip mode in which DTD, entities, comments, CDATA etc. were preserved. Writing an XML editor was an exercise in frustration.
Application development in Mozilla/Firefox is possible. However, I believe that the current technologies seem to have been designed for excessive hand crafting - lots of exceptions and hard to comprehend mechanisms for overlaying functionality. Robert Ginda's excellent Javascript debugger was a labor of love and a triumph over adversity. It shouldn't be that hard.
Unless Mozilla.org has had a change of heart, MS has nothing to worry about.
Re:no, the cat HASN'T got my tongue. (Score:5, Insightful)
There is the rub. Active X is a nasty locking that should be avoided at all costs. It locks you in to not just an OS but also an ISA.
Re:no, the cat HASN'T got my tongue. (Score:5, Insightful)
ActiveX:
Microsoft OS (98/ME/2000/XP/2003) 250MB - 3GB
Internet Explorer No additional - included in above
Firefox:
Your choice of OS (so no additional needed - it works with whatever you're running)
Mozilla Firefox itself: 10-20MB (16MB for me, on XP Pro, with some extensions installed)
Plus...one's open source, so if it doesn't have functionality that should be added at the api layer (or any layer for that matter) you can easily do it yourself.
Security aside, XPI/Plugins would beat ActiveX in a logical comparision.
Re:no, the cat HASN'T got my tongue. (Score:4, Interesting)
Speaking of which....would be nice to see a Firefox extension which can embed
Re:no, the cat HASN'T got my tongue. (Score:5, Informative)
You will never go to a random company's web page and see an XPI object on the page. And FF won't even let you install or use an XPI object from a random page as a security measure - by default you can only download them from the officially maintained archive. You have to override this if you want to download XPI files from some other source.
You may some day go to a random company's page and see a XUL application as part of their interface in the same way that ActiveX is used sometimes today. But A) XUL is a standard (I don't know if it's de facto or de jure at this point) that others can implement if they choose and B) doesn't suffer from the kinds of broken-by-design security model that ActiveX has, C) will in practice probably never be used as the only way to do something, just a way to enrich existing web UIs, whereas ActiveX is used as a crutch for things like delivering 'secure' video and audio content.
Re:no, the cat HASN'T got my tongue. (Score:5, Informative)
so is it the concept or the implementation [of ActiveX] thats flawed?
Yes.
The concept is fundamentally bad (for everyone other than Microsoft): using operating system and hardware-specific code to build web sites is a bad idea, unless your goal is to promote eternal lock-in to that platform. From a security standpoint, the notion of running automatically-delivered-over-the-net native machine code that runs outside of any kind of protective sandbox is sheer insanity, and code signing doesn't really help much, because since *all* ActiveX controls have to be signed to have any chance of being safe, the user has to either get used to zombie-clicking the approvals or else just configure the damned thing to assume that every signed control is safe.
Not to mention (getting back to lock-in and monopoly preservation here) that whoever controls the signing process and keys has a semi-veto power over what can or cannot be done with the platform.
The implementation sucks primarily because it's integrated into such an insecure environment to begin with.
But even if the implementation were perfect, and even if we didn't care about the platform lock-in aspectes, the basic idea is just bad. With Java and Javascript, the downloaded code runs in a protected environment. Malicious code has to first break out of that jail before it can even begin trying to compromise the system. Javascript further provides "data tainting" to reduce privacy risks. Most importantly, because 95% of the useful stuff you'd like to do in a web-based application doesn't require breaking out of the sandbox, signed Java applets that do are rare, so users can be appropriately cautious about them (actually Java applets are rare, and for good reasons, but that's another rant). Javascript + XUL actually has no way to break out of the sandbox, AFAIK (someone please correct me if that's wrong).
Re:no, the cat HASN'T got my tongue. (Score:5, Informative)
Even if signing the code would be secure it doesn't help a hell of a lot if the good burgers at Verisign [verisign.com] hand out the keys to every pimply faced teenager walking in.
This advisory [attrition.org] describes this spectacular goof in detail. I quote:
In mid-March 2001, VeriSign, Inc., advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is "Microsoft Corporation". The ability to sign executable content using keys that purport to belong to Microsoft would clearly be advantageous to an attacker who wished to convince users to allow the content to run.
a quick trip down OS theory lane (Score:4, Interesting)
That's why, for example, we used to let 20+ students at terminals at a mainframe or mini, in universities for example. They could run whatever programs they wanted on that machine, including their own code and including stuff they found on a hacker BBS. And in fact in all CS universities they're _supposed_ to program on those machines. Yet none of them came anywhere _near_ owning the machine.
The concept that a program once running on a machine automatically can retrieve or overwrite _all_ data, format the drive, or generally even blow an alien mothership up, is (A) Hollywood idiocy, and (B) never true except for the simplest single-user OS's like Win'95.
Or to put it otherwise: what do you tell Unix users? "Don't run as root except to install programs or other admin tasks. Especially don't go online as roo." Then they ask: why? "Because if someone takes control of the program via an exploit, they can't do as much harm if it doesn't run as root."
For all practical purposes, a modern OS is (or could be) just as virtualized as any Java sandbox. Programs no longer run directly on the bare metal, like in the days of DOS. (Which was barely a program loader.) They have to go through the OS to do _anything_. Including, but not limited to, reading or writing files, opening TCP/IP sockets, installing stuff.
Heck, even directly accessing RAM from other apps or directly poking machine ports can be blocked when running on a 386 or above (and _is_ blocked when you don't have kernel access).
Basically when running an app on a 32 bit CPU it can be as sandboxed as you want it to be.
E.g. don't want them accessing files? That's trivial. Just run them as a different user that can only access its temporary directory.
So ActiveX _could_ work, and it _could_ be extremely secure. Maybe not on Windows, and maybe not implemented by MS. I'll concede that point. But at least theoretically it can be at least as safe as Java, and without needing users to download 100 MB plugins that get wantonly changed by Sun.
Has Microsoft ever faced this kind of competition? (Score:4, Insightful)
A free software and open source web browser with an audience (increasing numbers of people getting the browser, the press talking about it, and lots of third-party add-ons)? I don't think Microsoft has ever faced that kind of web browser before.
Google? (Score:4, Interesting)
Can you say google?
Re:Google? (Score:5, Insightful)
Yes, we can. And so can the article -- In the paragraph immediatly above what you quoted.
Security of Online Apps a Hurdle? (Score:5, Interesting)
Online applications clearly have many benefits, especially with the recent surge in broadband, but adoption and support has been slow in coming. Why is this?
Well, I think many companies are hesitant to move to online platforms, though, because they feel that it's a security risk. Putting sensitive data on a closed intranet seems safer in many ways, especially to those unfamiliar with encrpytion and other modern security measures.
Re:Security of Online Apps a Hurdle? (Score:4, Insightful)
As someone who has a reasonable understanding of "modern security measures", I don't do any online financial stuff.
I do have a reasonable trust in the security of the data in transit. What I don't trust (yet) is the security of the transaction information once it's stored on someone else's server.
I've lost count of how many times there have been news reports of credit card info (among other things) "leaking" off some supposedly secure system. Or of some worm taking out a bank's system, or some other breach of data storage.
Nope, I'll keep moving my money around the old fasioned way for a while longer.
BZZT, you are already digital (Score:4, Insightful)
Now let me guess you will tell me you keep it all under your mattress and don't deal with banks at all.
Re:BZZT, you are already digital (Score:4, Insightful)
What I intended, and apparently should have explicitly said, was that I don't (yet) trust the security of systems that are directly connected to the public internet. At least I don't trust them enough to bet my own money.
Re:BZZT, you are already digital (Score:3, Insightful)
Walking cross the street involves risk. I try to not spend all day playing in the street.
The same for my finances. I do use banking services now and then, but most of the time it's cash and carry. The fewer debit registers I use, the fewer of them that have my information. If one is compromised (Open Wireless registers at Home Depot for example) the fewer chances my data will be compromised.
It's about reducing risk, not elimination of risk for the
Huh? Who isn't online yet? (Score:5, Interesting)
Re:Huh? Who isn't online yet? (Score:4, Funny)
Re:Huh? Who isn't online yet? (Score:5, Informative)
It's not all that bad. Practice management systems (for patient scheduling and billing) have almost 100% market share already. It's only electronic medical record systems that are next to unheard of -- and there are plenty of folks (such as the startup I work for) working hard to fill that gap.
Re:Security of Online Apps a Hurdle? (Score:5, Insightful)
Most companies now use at least one IE (sadly, almost all are heavily locked into ActiveX atm) based app.
I'd guess that most of new big backoffice apps are being developed for the web now. The benefits are so big.
Firefox is what we should be focusing our attention on. Not Linux. Linux is at this stage a pipe dream on the desktop, at least for now. All Firefox needs to get is killer installs in the office, which I don't see too hard especially with the status of IE patching, and those tricky ActiveX issues can be got round with the use of an icon that opens IE only for that certain site and for the rest of the things, Firefox is the default.
But, I've thought this for a long time that Linux is harping up the wrong tree. Look how quickly FF has got hold - this is the sort of real changes OSS can do. However, I'm not undermining Linux's achievements in the server room. I think that is where it will get hold next.
Anyway, this is what I think we as an OSS 'people' should evangelize:
1) Use of Linux in the server room. Mail servers, web servers. Anywhere that it works.
2) Use of XUL in Firefox/Mozilla. Get Safari to support it.
3) Get BigVendor (tm) cooperation. Show them how XUL is really a lot better than using ActiveX, especially as Microsoft is really not a great partner to work with.
4) Watch as the books, tutorials etc for XUL gathers up. Watch the small developer presence increase.
Basically what we want is XUL/PHP/mySQL (a very strong combination) is to become the new VB. Once we have this, it's going to be a cakewalk to get Linux on the desktop everywhere. Then the hardware support jumps up, and boom, desktop too.
Re:Security of Online Apps a Hurdle? (Score:4, Insightful)
I disagree. We should focus on whatever tool is right for the job. That may end up being Firefox, or that may not. Focussing on the tool first is ass-backward.
Comment removed (Score:5, Interesting)
Re:Security of Online Apps a Hurdle? (Score:3, Informative)
I'm forced to do an app in Swing currently, and it's absolutly abhorrent. I'll take any sort of web service in an instant.
Re:Security of Online Apps a Hurdle? (Score:5, Interesting)
Other than the security issues, and that it only runs on Windows and within IE, I understand it's generally a pain to work with and debug. But it does allow you to run programs on the client and use normal Windows widgets in your design. Painfulness is measured differently by me than somebody who programs for Windows. I imagine they would disagree.
Somebody will correct me if I'm wrong on the ActiveX details here, I'm sure.
XUL is meant for addressing the same problem -- bad interfaces on the web, but it takes a drastically different approach. The dialogs are described by lightweight XML files that are pretty painless to develop. The client programming is done in Javascript, which is not as bad as it sounds. The main problem Javascript faces is cross-browser support, which is negated by only using gecko. There's also a decent Javascript console which make it a lot easier to fix script errors in Mozilla than in IE.
The main advantage is everything is still done on the server, only a little user interface junk is left to the client to handle in Javascript, which is arguably where it belongs. You'd do the same in a normal webapp, write html and use Javascript to manipulate objects for a better user experience.
Also, I've seen far too many ActiveX programs that do database access from the client, for example. Typically, there's no security or verification of who's doing what at that level, a difficult thing to get right in any client. Often times you can take the ActiveX object and use it's own objects to access the database and change whatever you like. XUL leaves all of that up to the server which makes it easier to manage and more difficult for bad programmers to leave gaping security holes.
Anyway, there's no 'trusted' environment. All companies should prevent internal users from abusing the system.
Good Show, Mozilla! (Score:5, Insightful)
Just goes to show, when you take out competition, you get stale, passionless software. Thank you Mozilla.
Re:Good Show, Mozilla! (Score:5, Insightful)
let it be just a browser (Score:5, Insightful)
Re:let it be just a browser (Score:5, Insightful)
Re:let it be just a browser (Score:5, Informative)
Re:let it be just a browser (Score:4, Interesting)
Because in the corporate environment, system administrators are completely fed up of the constant battle with spyware, adware, trojans, email spam, viruses and popups that users inadvertently download while using web based applications (E-mail, web browsing). Since at least one of these applications is web-based, having a secure browser is manna from heaven. And as the other applications (calendar/diary, group conferencing/whiteboard, voicemail) need network access anyway, there is no reason why these shouldn't be accessed through the same browser. If all of this is possible, then it eliminates the need for all the applications to be stored/run on a PC, thereby eliminating the need to buy licenses for the "professional" release of a certain OS whose vendor maintained a web browser is a basic part of the OS.
Re:let it be just a browser (Score:4, Funny)
I like FireFox, but it ain't never gonna replace XEmacs as my OS of choice
What about security? (Score:4, Insightful)
That isn't good. Sure, the FF crew may fix them faster, but ATEOTD it's getting hard to advocate FF over IE when effectively it's no more secure at present. I've already suffered this; a couple of people to whom I recommended FF have come back at me pointing out the recently discovered holes.
Being a 0.x release doesn't really count, as the Moz Foundation is pushing this to the masses - even looking for a NYT ad. It'd just be interesting to hear some thoughts on this. I'll be using it for years no doubt, but how do others promote it considering it has had more vulns than IE?
Re:What about security? (Score:5, Insightful)
Why are they doing this? Simple really. Find the holes now and lock firefox down pretty good. Better that the holes are found and fixed ASAP than found but not fixed at all... say.. like internet explorer. they're simply trying to make it more secure and this is a pretty good way of doing it.
Look at it this way, if you develop software you look at the same code all the time and once you see it so many times you don't potentially see the security holes that you might otherwise see because you've looked at it so much that you kind of become numb to the fact that something could be wrong there. by having new eyes looking at the code you are having new eyes put on that older code and they're finding the problems, $500 is just an incentive to get people to look at the code.
Re:What about security? (Score:4, Informative)
The reason there have been more security vulnerabilities is because of the security bug bounty [mozilla.org], which rewards people monetarily for finding security bugs. They're simply trying to shake out the security bugs in advance, before it goes big.
Plus, there's been more interest in firefox recently from security firms who see it as a rising star, and think they can get some fame and draw to their consulting business by finding and
publicly revealing security bugs.
I doubt mozilla/firefox is as insecure as IE. It doesn't have the same structural design problems, like activex, and "zones".
Re:What about security? (Score:4, Insightful)
I use Firefox, it gets better on each release.
I expect more bugs will be found, but I also expect they'll be fixed much, much quicker!
One thiing that needs pointing out.... (Score:3, Interesting)
But the mere fact that Firefox has "zones" is a pretty solid indicator that at some future point in time, the Mozilla team intends to make use of "zones" in the base products.
If you wish to enable the zones, all you need is this plugin. The plugin does not provide this zones itself, all it does i
Re:What about security? (Score:5, Interesting)
Most/all large customers have internal-only applications that have been client-server or n-tier with a custom front end. These apps tend to be brutal to deploy, particularly the front-end, as they are prone to DLL hell and various interdependency issues with other applications (it'd be nice if a customer's IT was mandated to only ever use version X of app Y to develop all apps, but that never is the case). In many cases, customers have resorted to deployment "hacks" such as deploying these front-ends to a small number of servers, then using e.g. Citrix terminal services to expose them to their users.
Enter Firefox and other Mozilla browsers. Now it's practical to build your front-end GUI using XUL and related stuff, and have it talk to the backend over sockets, XML-RPC, SOAP, etc. The only thing that gets deployed to the end user is the Firefox/Mozilla/etc. browser (plus possibly a few addons, typically JavaScript), which is self contained and very easy to deploy.
This is a potentially huge market, which is why MS is keen to grab it with Avalon. Unfortunately for MS, Mozilla is here now and Avalon is over a year away; Mozilla is easy to deploy, and Avalon will presumably be bundled with Longhorn and all the installation/testing issues that go with it.
Finally, I suspect that it will be relatively easy to develop an XUL-based app solution and later retrofit it to Avalon using XSLT and not a huge amount of extra effort - an investment in Mozilla app development now *won't* be lost if a later decision is made to jump to Avalon.
Re:What about security? (Score:5, Interesting)
To say FF is more buggy and less secure than IE because of the number of bugs found is higher is as stupid as it is inaccurate.
I spent 4 HOURS at my inlaws house on Saturday removing OVER 800 different bugs and viruses (750 removed by Ad-Aware, 50+ had to be removed by hand) from their XP machine. I would never have believed it if I didn't see it.
This is an old man and an old woman. ALL they do on that computer is suck in pictures from their camera, read email, and occaisionally surf the web. They never download and install programs.
Firefox is infinitely more secure than IE in real world usage. The vast majority of bugs are only minor issues and do not lead to the entire computer being owned.
Compare that to IE, where the vast majority of bugs ARE doozies and DO lead the machine being compromised. Tying IE so deeply into the OS was the stupidest thing MS could have done. I'd like to send them a bill for my 4 hours, just to see if I get a response.
November 9 lauch day (Score:5, Interesting)
Shhhh! We awe hunting wabbits... (Score:5, Funny)
Firefox as a platform... (Score:4, Interesting)
No this would not be a beowulf cluster.
The maximum amount of processing power available to any one process would be limited to the fastest machine in the group, but it could be useful for anyone who can give thier computer difficult tasks faster than the computer can complete those tasks.
Every new task would be automatically given to whichever node has the lightest load.
Mozilla? (Score:4, Insightful)
Must everything become an operating system? How about quitting trying to become a brand and just make a simple quality browser?
Mozilla?-Luddites on parade. (Score:4, Insightful)
What do you mean "tried once"? It's still there, and has been used. Just because every new use doesn't come with a press release, doesn't mean people aren't using it.
As far as why? Rich-clients [slashdot.org] are the future, even if all the luddites rally against them.
"Must everything become an operating system? How about quitting trying to become a brand and just make a simple quality browser?"
Must every bit of FOSS have a scripting capability? I'm browsing with Mozilla now. I'd say it reached "quality" when the majority of the "were's my browser?" posts dropped severely about two years ago. And YES brand is important. Quick! What is LINUX? Quick! What is Apache? Much better than "a browser" or "an operating system".
Re:Mozilla? (Score:4, Interesting)
catch-up has slowed down in my opinion (Score:5, Insightful)
However XP Service Pack 2 has taken a big bite out of many security, spyware, etc types of issues that formerly plagued Microsoft's IE browser. That said, users on other versions of Windows do not benefit from these new features.
Going forward, I would say that Firefox has more of a fight on its hands, now that Microsoft is starting to listen to the browser crowds.
I went strictly Firefox about seven months ago, and for the last few months have not even had the IE icon available on my desktop or in my menus. However since XP SP2, I've started moving back to using IE sometimes, because it blocks pop-ups, ActiveX controls, etc. Of course Firefox still has many extensions available which I (not the average user, but a developer user) have fallen in love with. However from the average Windows XP user's point of view, why would they switch to Firefox when Microsoft just made IE more secure for them and blocked annoying popups for them? It's definitely going to be harder to market those Mozilla features now that they doen't represent the edge over IE (XP SP2) anymore.
Re:catch-up has slowed down in my opinion (Score:3, Insightful)
"Going forward" is corp-rat speak. People who speak English prefer the phrases "in the future" or "from now on". The first of those two has become quite unfashionable; I'm not sure why.
You may begin your speculation here. (Or not; lord knows I've missed the moderation and conversation window already.)
I'll start. The word "future" was tarred by association with a se
Re:catch-up has slowed down in my opinion (Score:3)
Huh? You are going back to IE because it blocks popups? Firefox blocks popups too. Why would you stop using a browser you have used for seven months and go back to IE because it blocks popups?
As for activeX controls I don't let anybody run activex controls on my browser. I have then disabled in IE. By the way MS put out an advisory not too long ago telling people to disable activeX cont
2004? 1996 calling... (Score:3, Insightful)
Deja Vu... (Score:5, Insightful)
This sounds a lot like late 90's,
I am using firefox to type up this comment, and yes it is a great browser, but it's not going to change the way the world does business.
Nearly every business application that has been developed for the last 10 years does business on the web.
I hereby petition for a change to this article text so that it reads 'do business in a tab'. Now that's innovation!
Re: (Score:3, Funny)
sshh (Score:5, Interesting)
"The tactic drove Redmond into a rage. The day after Andreessen's quote appeared in the press, John Doerr, the prominent venture capitalist and Netscape board member, received a chilling email from Jon Lazarus, one of Gates' key advisers. In its entirety, it read: "Boy waves large red flag in front of herd of charging bulls and is then surprised to wake up gored."
from Wired [wired.com]
apt metaphor (Score:3, Insightful)
A lot more applications should have moved to the web over the last decade. Microsoft prevented that because they were not ready for it yet, even though the industry was. Instead, we got nearly another decade of poorly written VB, Office, and Access applications.
Re:apt metaphor (Score:4, Insightful)
I suggest you go back and review your history. The people who founded Netscape were as much hardasses as Gates and everyone else at Microsoft. These are the people who claimed they had "invented" the Internet (even before Gore) and took all the glory away from Berners-Lee and his team. It's just that they were not as good at the game as Microsoft were. They released a buggy unstable 3-4.x product that couldn't possibly compete with IE4 and then when they got reamed (Navigator was free, just like IE, remember?) they went to court to claim that Netscape engineers were not "weenies".
poorly written VB, Office, and Access applications
Yes, because I'm sure that the same people who wrote those applications would have done wonders with C, Python and Perl. After all, we all know it's the language, not the developer.
Memory leaks. (Score:4, Insightful)
Re:Memory leaks. (Score:5, Insightful)
http://www.mozilla.org/projects/xpcom/MemoryToo
http://www.mozilla.org/performance/leak-bro
https://bugzilla.mozilla.org/show_bug.cgi?id
https://bugzilla.mozilla.org/show_bug.cgi?i
Or e-mail David Baron and say "I'd like to help find memory leaks in Firefox. How can I help?".
If you're not interested in helping, and you're just trying to get people already volunteering to shift their priorities, that's ok too.
They could start with W3C validation (Score:5, Insightful)
I noticed that today: Firefox page and "spread firefox" page are both invalid html code. Is it just be or they are supposed to be the ones caring about standards?
great browser, but... (Score:5, Insightful)
But I have my doubts whether it's a good applications development platform as it is. Out of the box, you get, what, XUL and JavaScript? I'm sorry, but that doesn't strike me as a good platform for application development. In particular, JavaScript is just far too flaky to develop anything significant or complicated in it, and a lot of libraries just don't exist for JavaScript at all. And, like it or not, even if you put part of the application on the server, things still get complicated if you want a high quality GUI.
Maybe if Firefox shipped with a small, efficient JVM or CLR runtime and JIT that tie into the DOM, XUL, HTML, SVG, and event handlers (but without most of the bloated class libraries that Sun or Microsoft want to force on you), it could become a full platform. It would be even better if it included a small IDE out of the box.
As it is, I think it will remain limited to simple web apps created by rather dedicated Firefox hackers (and thank you for it, it is a great browser).
The developers will make out fine (Score:5, Insightful)
Anyone using Mozilla code as a basis for a product will pay out to people with a commit history.
A few really good Apps could make the difference.. (Score:5, Insightful)
Does anyone know if someone is writing a webmail client in XUL? If not, someone really needs to (I've even started looking at trying to do it myself, and I'm no coder). Compared to current webmail interfaces a XUL interface would be almost indistinguishable from a local mail client. All you need to do is have browser detection send users to the old style webmail client if they aren't using a browser that supports XUL.
Now, imagine if GMail started doing that... IE users of GMail get the standard webmail interface, but Firefox users get a full fast XUL interface. Have a look at that demo site [faser.net] again, and do some clicking around
Jedidiah.
Re:A few really good Apps could make the differenc (Score:5, Informative)
Yes, http://xulwebmail.mozdev.org/ [mozdev.org]
Re:A few really good Apps could make the differenc (Score:5, Insightful)
I realize that part of the problem with Javascript has been different browsers with slightly different interpretations of DHTML and DOM stuff, and that has given Javascript a worse rap than it deserves.
But that rap isn't completely undeserved. And trying to convince programmers that they should be building the key functional blocks of their applications in Javascript just isn't going to fly any time soon. At least call it something else. Like "XULscript", fix the marketing problem that Javascript has.
Re:A few really good Apps could make the differenc (Score:4, Interesting)
We've got to get this stuff out there and widely used before Microsoft does. The very future of computing is probably at stake.
Re:A few really good Apps could make the differenc (Score:4, Insightful)
Sure. I don't think web applications are ever going to take over as many people claim. I don't expect to see web based word processors of any note, nor web versions of any terribly complicated program - but XUL for webmail, for apps like the demo, for online tax calculation apps, for simple bespoke database frontend apps at companies etc. there is plenty of room (and value) in a fully cross platform web application. The utility of having the whole thing be cross platform and remote can be sufficient to justify any extra coding complexity if we're talking about relatively simple applications here.
Jedidiah.
Believe it when I see donations (Score:3, Interesting)
But - until I see some significant donations to The Mozilla Foundations, including some substantial in lieu payments from corps that are using Mozilla or Mozilla technology, I will have serious doubts that Mozilla will last in the long run. Serious cash is needed to fund a serious development effort.
sPh
Cute (Score:5, Insightful)
Reminds me of a teacher at college. Well, not exactly a teacher, mind you. Teachers teach stuff, this guy just stood in front of the class and told us all to go learn ASP.NET from w3schools.com. If the guy was even at college to start with. But I digress. I recently argued with him as to why the hell we were learning ASP.NET while the course read "advanced programming". The moron gave me the following reasons why ASP.NET was to be the "entlösung" to all problems, including war, famine and dropbears*:
That's pretty much when I stopped listening and just started to stare in sheer amazement. The guy seems to be a bit right after all though, considering the possibilities that are now available for XUL regarding web-based applications. But hey, let's be fair; .NET isn't all that bad but riding the .NET car with ASP.NET is like driving a Ferrari with wooden wheels. C# would have been nice enough, instead. But this whole "everything will be web-based" idea was utterly shit and I KNEW there was a better solution than ASP.NET to web-based solutions. Then I saw a site with XUL elements plastered all over it and I was impressed. No more silly tricks with HTML forms and parsing it all through CGI scripts. It seemed like a clean enough solution for lots of things. Think of a small company; Items need to be tracked, clients need to be contacted and managed, rosters needs to be kept up to date and plenty more. Now all that can be done by HTTP with a standard webserver and a Mozilla platform.
The compant where I worked as intern could have used that. Instead they adopted a win2k3 server with office 2k-something premium, using it as a terminal server to log in to single Access database using remote desktop, which would function as a POS system with the aid of heavy VBA scripting. Not exactly an elegant solution, though it sure is a creative way to make an Access database centralized. Now imagine the same trick with a cheapo webserver running Apache 1.3.something, serving XUL documents that read/write data from an MySQL database... ( It WAS a rather small shop, after all... )
Re:Cute (Score:4, Funny)
The Entlösung? As in "solution involving ducks"? Or "the Duck solution"? Is there a Monty Python + Holy Grail reference I'm missing here?
Mozilla Amazon Browser (Score:5, Informative)
That already exists! Ok, it doesn't let people buy book yet, but you can search. I wonder if the author of the article knew that. Check it out here [mozdev.org] and here [faser.net]. I've actually tried it out and it works really well.
Get the firefox extension here [texturizer.net].
The usual ... (Score:5, Insightful)
Java was supposed to be a new platform
Even Flash was supposed to be a new platform
Now Firefox is supposed to be a new platform
Did they kill MS? Nope.
XUL is cool, but so far I haven't seen MANY great applications done with it.
Why is this news? Anyone remeber.... (Score:3, Insightful)
What can the platform do? (Score:4, Insightful)
Re:What can the platform do? (Score:5, Informative)
Um, pretty much, yeah. Open this [faser.net] in Firefox or Mozilla, or better yet, go here [faser.net] and click on the "launch in its own window" link.
Jedidiah.
IE7 (Score:5, Interesting)
Because IE7 was the biggest threat to microsoft. They nearly built open standards which would have let their users to everything as webapps. The only problem is they didnt have any lock-in.
Thats why IE7 team was stomped into the ground and we havent seen or heard a major release since Win2000.
Someone dig up some of those random facts i once had on this subject please? IE7 was a strong active dev team doing neat stuff. Then they were axed.
Re:IE7 (Score:3, Informative)
Re:IE7 (Score:3, Insightful)
By doing so, they get the added
FF front end on Mozilla platform (Score:3, Insightful)
Anyway, Firefox is more user-friendly than MSIE, without becoming a lecturing tedious drone(clippy). It's installation size (1.7.3) is roughly 9MB, compared to my MSIE at 14MB. It blocks most popups and allows me to configure/repeal this and other user-level-tweaks with intuitive ease.
The open source aspect DOES have a positive impact on it's development as well. As another poster accurately stated - the more eyes on the code, the more better. Microsoft can't compete in that way. I think they should continue extending the platform - do they do firewalls as and end-product? (ok, I'll go find out later)
We're discussing a free product that most of us feel is superior to the market leader. That itself is reason to celebrate. Way to go F^2!
XUL as an Application Platform (Score:5, Informative)
I think it presents a concise overview of firefox as a development platform.
XUL and Gecko make an excellent choice for building sophisticated Web applications. It provides a rich user interface toolkit, an HTML and CSS renderer with excellent standards-compliance and support for web services, all completely cross platform.
Work is ongoing with the Gecko Runtime Environment (GRE), which aims to make Gecko a snap to drop into a standalone application, complete with your own executable, if you desire. The idea is to allow the right version of the GRE to be installed automatically with the application if necessary. If the GRE is already installed, there is no need to install it again, or even download it. For those that are interested, the GRE is about 5 to 10 MB, depending on your platform, which is quite small compared to other application platforms. It's also possible to have Gecko run directly from a network drive or CD.
Since XUL may be used on Web sites, it can be used with server-side architectures such as PHP and JSP to build dynamic content. This allows Gecko to be both a two-tier or a three-tier application model depending on your needs. There are projects in development now which aim to integrate Java, Python and other languages into Gecko directly.
Uh oh, "Platform" again (Score:4, Insightful)
Browsers, as a "platform", suck.
You really don't want browsers downloading and executing code. It's just too insecure. That way lies the hell of Active-X. The great thing about HTML is that it's basically descriptive, not executable. Downloading code in some interpretive language is only slightly less insecure, and much slower. (Or, when there's a page with a dumb ad on screen, CPU usage goes to 100%)
Asking the user for permission to run code doesn't work. Not only will users answer "yes" for hostile code, they'll implicitly agree to EULAs your business's lawyers would never agree to.
Most free "plugins" are in some sense hostile code. They phone home. They look around the host machine. They burn CPU time when not doing anything for the user. Even the "good ones", like Google's toolbar, overreach. Others are much worse.
What we really need are good extensions to HTML for forms. Better validation and help are all things that can be done descriptively, rather than by running executable code on the user's machine. HTML forms are lame; they can't even set up a field that must, say, have five numeric digits and must be filled in. You could do that on IBM green-screen terminals thirty years ago.
Re:Uh oh, "Platform" again (Score:3, Interesting)
You really don't want browsers downloading and executing code. It's just too insecure. That way lies the hell of Active-X. The great thing about HTML is that it's basically descriptive, not executable. Downloading code in some interpretive language is only slightly less insecure, and much slower. (Or, when there's a page with a dumb ad on screen, CPU usage goes to 100%)
One alternative is to go with VMs and enforce security that way. For example, it's possible to run a .NET application with restricted per
SlashHack (Score:4, Interesting)
SlashHack is a cool example of an app written on top of the Mozilla platform.
The article is correct Firefox (really Moz as others pointed out) is a fantastic development platform.
The technology is especially cool for me: I wrote a system in 2000 for a client that positions Java Swing widgets using XML, in order that the app could support pluggable skins. I view XUL as the ultimate application of that architecture. A fantastic decoupling of logic and presentation.
Same Threat - Different Date (Score:4, Interesting)
This was the Netscape threat of 5 years ago. That Java enabled apps running under Netscape would destroy Microsoft/Windows because any platform that that could support Netscape would run everything else as well.
Didn't happen then. Don't hold your breath yet now.
works for us (Score:5, Interesting)
XUL is here, and it works. Having all of the advantages of web-based deployment, while being able to use proper user interface elements is a godsend.
Loads faster then IE? (Score:3, Insightful)
I keep reading comments like this from time to time. I like FireFox and I find that it is pretty fast once it is loaded, but on every box I have tried it typically takes 8 to 10 seconds to load the first time I use it. IE always loads in under 2 seconds, usually less than 1 second. Is there some trick I am unaware of? Does anyone know why folks keep claiming that it loads faster than IE?
Not unti l XUL is beyond just mozilla (Score:5, Interesting)
I want to have the freedom that web based apps give me and my customers not remove that freedom. Tieing myself to one browser engine does remove that freedom. Right now if I do regular html, css etcthe stuff works pretty much everywhere under almost any kind of device. With XUL I would lose that freedom and it is important.
AcitveX XUL? (Score:4, Insightful)
Some maybe Most are getting confused... (Score:5, Interesting)
I've been noticing more here than anywhere else that some are confusing Firefox with the Mozilla Suite(Someone even mentioned being a user of FireFox 1.7.3). Firefox is not bloated and will never be bloated. Extensions are optional and if you are like me, you would only be installing about 5 small features to the default installation. The option is there to bloat to your wishes though ;).
Now the potential as a platform isn't really going to be Firefox. It's starting with firefox, and will become popular because of firefox, but the platform is under development as the XUL Runtime Environment (XRE) [mozilla.org]. This is where the magic starts.
One will be able to develop executable applications seperate from Firefox that automatically run on Windows/Linux/Mac. Right now, noone wants to tie their developments to a browser although a few like to tinker with it on their own. When the XRE is released, people will then actively develop XUL/Javascript applications with an optional backend of their choice. You will be able to create .exe applications. You can make those one-click installations someone mentioned somewhere here. No need for the browser although the browser can be used if you want to. Bad news is the XRE isn't being actively developed as Firefox is. So, who knows when they'll release it. But when they do, Firefox, Thunderbird, etc will be complete XUL/Javascript Applications that run using the XRE and GRE. I don't know much about GRE, but that's most likely going to stay browser-specific, although I'm probably wrong.
I'm one of the people who has starting learning XUL and such, and although I have big plans for it. I do not plan on coding for a browser ;) XRE all the way!
Re:Worries me.. (Score:5, Informative)
Firefox is a 4.5MB download. That may be bloated compared to sol.exe, but it's tiny compared to IE, and not much bigger than Opera (3.5MB).
Re:bloat is a non problem (Score:3, Insightful)
Because of bloat my Pentium II 366 Celeron laptop running a tweaked Slackware 8.0 (!) install seems to run faster that the Pentium IV Dell with Windows XP I have to use at work. The perceived speed (what the user sees as speed) difference between the two is nil. That is the downside of excessive bloat.
Axiomatic: Bloat attracts bloat! My bet is that after 30 days of running MS XP on the net your son's new emachine will have the perceived speed of a Commodore 64.
Have fun and
Re:Worries me.. (Score:3, Informative)
I'm not quite sure where you get that "hundreds of megs" thing. As a gentoo user, I have source tarballs available and they're all about 30 meg:
Re:Worries me.. (Score:3, Insightful)
Expand it.
Re:Worries me.. (Score:5, Informative)
Maybe the Mozilla suite, but not Firefox. In my downloads folder at work:
FirefoxSetup-0.8.exe: 6348KB
FirefoxSetup-0.9.exe: 4845KB
Firefox Setup 1.0PR.exe: 4630KB
These are the setup executables for Windows. And if memory serves me correctly, the Thunderbird client has been getting smaller with each new version even more dramatically...
- sm
The download has DECREASED in size (Score:3, Insightful)
Re:Worries me.. (Score:4, Interesting)
Firefox is not a 20 meg download, it is a 6 meg download, which is lean enough for my tastes. And for all intents and purposes, it already is the platform they want it to be, with the browser merely yet another app running on top of the platform, written in javascript, xul and css. So it is not going to bloat. In fact, it has been steadily shrinking/speeding up, and will continue to do so.
On a wider level though, the paradigm shift is inevitable. Historically the market has always demanded richer web apps in waves, and the browser maker which responded best won out marketsharewise. Now we see again the market complaining browsers are too dumb, asking for the ability to deliver desktop-quality apps to the browser. To not become a broader platform at this point is suicide marketsharewise. Even microsoft, who has tried desperately to avoid having the browser become a generic app design platform because it would make the OS less relevant, recognizes this and is launching their XAML initiative partly to focus attention away from the platforms that already exist, and partly to have something in the fray they can push at those wanting richer web apps.
Re:Not firefox. Try google (Score:5, Funny)
It is if you ask Microsoft!