Debate: Does Mozilla have more influence as a Chrome rival or ally?
…
“Thought: It’s time for @mozilla to get down from their philosophical ivory tower. The web is dominated by Chromium, if they really *cared* about the web they would be contributing
instead of building a parallel universe that’s used by less than 5%?” He made it clear the viewpoint was his personal opinion, not Microsoft’s position.
Mozilla is indeed in a sticky situation, trying to improve the web when it comes to things like openness, privacy and new standards. That mission is harder with declining influence,
though, and Firefox now accounts for 5 percent of web usage, according to
analytics firm StatCounter. But without independent efforts like Firefox, and to an extent Apple’s Safari, the web will stop being an independent software foundation and become
whatever Google says it is.
And plenty of people don’t like that one bit. Indeed, Mozilla defenders see the nonprofit’s mission as even more important with Chrome’s dominance.
“I couldn’t disagree with you more. It precisely *because* Chromium has such a large marketshare that is vital for Mozilla (or anyone else) to battle for diversity,” tweeted web developer Jeremy Keith in a response. “‘Building
a parallel universe’? That *is* the contribution.”
If you’re reading this post via my blog and using a desktop computer, try opening your browser’s debug console (don’t worry; I’ll wait). If you don’t know how, here’s instructions for Firefox and instructions for Chrome. Other browsers may vary. You ought to see something like this in your
debugger:
The debug console is designed to be used by web developers so that they can write Javascript code right in their browser as well as to investigate any problems with the code run by a
web page. The web page itself can also output to the console, which is usually used for what I call “hello-based debugging”: printing out messages throughout a process so that the flow
and progress can be monitored by the developer without having to do “proper” debugging. And it gets used by some web pages to deliver secret messages to any of the site users who open
their debugger.
Facebook writes to the console a “stop” message, advising against using the console unless you know what you’re doing in an attempt to stop people making themselves victims of
console-based social engineering attacks.
Principally, though, the console is designed for textual content and nothing else. That said, both Firefox and Chrome’s consoles permit the use of CSS to style blocks of debug output by using the %c escape sequence. For example, I could style some of a message with italic text:
>> console.log('I have some %citalic %ctext', 'font-style:
italic;', ''); I have someitalictext
Using CSS directives like background, then, it’s easy
to see how one could embed an image into the console, and that’s been done before. Instead, though, I wanted to use
the lessons I’d learned developing PicInHTML 8¾ years ago to use text and CSS
(only) to render a colour picture to the console. First, I created my template image – a hackergotchi of me and an accompanying
speech bubble, shrunk to a tiny size and posterised to reduce the number of colours used and saved as a PNG.
The image appears “squashed” to compensate for console monospace letters not being “square”.
Next, I wrote a quick Ruby program, consolepic.rb, to do the hard work. It analyses each pixel of the image
and for each distinct colour assigns to a variable the CSS code used to set the background colour to that colour. It looks for
“strings” of like pixels and combines them into one, and then outputs the Javascript necessary to write out all of the above. Finally, I made a few hand-tweaks to insert the text into
the speech bubble.
The resulting output weighs in at 31.6kB – about a quarter of the size of the custom Javascript on the frontend of my site and so quite a
bit larger than I’d have liked and significantly less-efficient than the image itself, even base64-encoded for embedding directly into the code, but that really wasn’t the
point of the exercise, was it? (I’m pretty sure there’s significant room for improvement from a performance perspective…)
What it achieved was an interesting experiment into what can be achieved with Javascript, CSS, the browser console, and a little
imagination. An experiment that can live here on my site, for anybody who looks in the direction of their debugger, for the foreseeable future (or until I get bored of it). Anybody with
any more-exotic/silly ideas about what this technique could be used for is welcome to let me know!
Update: 17 April 2019 – fun though this was, it wasn’t worth continuing to deliver an additional 25% Javascript payload to every
visitor just for this, so I’ve stopped it for now. You can still read the source code (and even manually run it in the console) if you like.
And I have other ideas for fun things to do with the console, so keep an eye out for that…
We need a movement of developers and enthusiasts who loudly, proudly, use @mozilla@firefox
as their primary browser. On our desktops and our laptops. We test in it, extend it, contribute to it. But we never, ever, take it for granted.
I’ve been using Firefox as my main browser for a while now, and I can heartily recommend it. You should try it (and maybe talk to your
relatives about it at Christmas). At this point, which browser you use no longer feels like it’s just about personal choice—it feels part of something bigger; it’s about the shape of
the web we want.
We need a new movement: a movement of developers, influencers, and tech enthusiasts who loudly, proudly, use Firefox as their primary web browser. We use it on our desktops. We use it
on our laptops. We use it on our phones. All of us test sites in it. Some of us write plugins for it. The bravest of us write code for it. But none of us, not one, takes it for granted.
Microsoft is officially giving up on an independent shared platform for the internet. By adopting Chromium, Microsoft hands over control of even more of online life to Google.
This may sound melodramatic, but it’s not. The “browser engines” — Chromium from Google and Gecko Quantum from Mozilla — are “inside baseball” pieces of software that actually
determine a great deal of what each of us can do online. They determine core capabilities such as which content we as consumers can see, how secure we are when we watch content, and
how much control we have over what websites and services can do to us. Microsoft’s decision gives Google more ability to single-handedly decide what possibilities are available to
each one of us.
From a business point of view Microsoft’s decision may well make sense. Google is so close to almost complete control of the infrastructure of our online lives that it may not be
profitable to continue to fight this. The interests of Microsoft’s shareholders may well be served by giving up on the freedom and choice that the internet once offered us. Google is
a fierce competitor with highly talented employees and a monopolistic hold on unique assets. Google’s dominance across search, advertising, smartphones, and data capture creates a
vastly tilted playing field that works against the rest of us.
From a social, civic and individual empowerment perspective ceding control of fundamental online infrastructure to a single company is terrible. This is why Mozilla exists. We compete with Google not because it’s a good business opportunity. We compete with Google because the health
of the internet and online life depend on competition and choice. They depend on consumers being able to decide we want something better and to take action.
Will Microsoft’s decision make it harder for Firefox to prosper? It could. Making Google more powerful is risky on many fronts. And a big part of the answer depends on what the web
developers and businesses who create services and websites do. If one product like Chromium has enough market share, then it becomes easier for web developers and businesses to decide
not to worry if their services and sites work with anything other than Chromium. That’s what happened when Microsoft had a monopoly on browsers in the early 2000s before Firefox was
released. And it could happen again.
If you care about what’s happening with online life today, take another look at Firefox. It’s radically better than it was 18 months ago — Firefox once again holds its own when it
comes to speed and performance. Try Firefox as your default browser for a week and then decide. Making Firefox
stronger won’t solve all the problems of online life — browsers are only one part of the equation. But if you find Firefox is a good product for you, then your use makes Firefox
stronger. Your use helps web developers and businesses think beyond Chrome. And this helps Firefox and Mozilla make overall life on the internet better — more choice, more security
options, more competition.
Scathing but well-deserved dig at Microsoft by Mozilla, following on from the Edge-switch-to-Chromium I’ve been going on about. Chris is right:
more people should try Firefox (it’s been my general-purpose browser on desktop and mobile ever since Opera threw in the towel and joined the Chromium hivemind in 2013, and on-and-off
plenty before then) – not just because it’s a great browser (and it is!) but also now because it’s important for the diversity and
health of the Web.
We used to have much more diversity in terms of browser engines years ago than we do today. This is easy to understand as the Web in 2018 is far more complex than it was in the early
noughties. It is very costly to develop and maintain a Web engine and few companies have the necessary talent and cash to do it. Microsoft is one of those companies but the fact that
it might be throwing in the towel on its engine signals a bad development for all
of us.
…
Further evaluation of the dangers of the disappearing diversity on the Web, following in the theme of my thoughts the other day about
Microsoft’s adoption of Chromium instead of EdgeHTML in its browser.
Andre raises a real point: how will we fight for a private and decentralised Web when it becomes “the Google Web”?
I don’t think Microsoft using Chromium is the end of the world, but it is another step down a slippery slope. It’s one more way of bolstering the influence Google currently has on the
web.
We need Google to keep pushing the web forward. But it’s critical that we have other voices, with different viewpoints, to maintain some sense of balance. Monocultures don’t benefit
anyone.
This essay follows-up nicely on my concerns about Microsoft’s move from EdgeHTML to Chromium in Edge, but goes further to discuss some of the
bigger problems of a homogeneous web, especially one under Google’s influence.
Microsoft engineers have been spotted committing code to Chromium, the backend of Google Chrome
and many other web browsers. This, among other things, has lead to speculation that Microsoft’s browser, Edge, might be planned to switch from its
current rendering engine (EdgeHTML) to Blink (Chromium’s). This is bad news.
This post, as it would appear if you were looking at it in Edge. Which you might be, I suppose.
The younger generation of web developers are likely to hail this as good news: one fewer engine to develop for and test in, they’re all already using Chrome or
something similar (and certainly not Edge) for development and debugging anyway, etc. The problem comes perhaps because they’re too young to remember the First Browser War and its aftermath. Let me summarise:
Once upon a time – let’s call it the mid-1990s – there were several web browsers: Netscape Navigator, Internet Explorer, Opera, etc. They all used different rendering
engines and so development was sometimes a bit of a pain, but only if you wanted to use the latest most cutting-edge features: if you were happy with the standard, established
features of the Web then your site would work anywhere, as has always been the case.
Then, everybody starting using just one browser: following some shady dealings and monopoly abuse, 90%+ of Web users started using just one web browser, Internet Explorer. By the time anybody took
notice, their rivals had been economically crippled beyond any reasonable chance of recovery, but the worst had yet to come…
Developers started targeting only that one browser: instead of making websites, developers started making “Internet Explorer sites” which were only tested in that one
browser or, worse yet, only worked at all in that browser, actively undermining the Web’s position as an open platform. As the grip of the monopoly grew tighter,
technological innovation was centred around this single platform, leading to decade-long knock-on
effects.
The Web ceased to grow new features: from the release of Internet Explorer 6 there were no significant developments in the technology of the Web for many years.
The lack of competition pushed us into a period of stagnation. A
decade and a half later, we’re only just (finally) finishing shaking off this unpleasant bit of our history.
History looks set to repeat itself. Substitute Chrome in place of Internet Explorer and update the references to other web browsers and the steps above could be our future history, too.
Right now, we’re somewhere in or around step #2 – Chrome is the dominant browser – and we’re starting to see the beginnings of step #3: more and more “Chrome only” sites.
More-alarmingly this time around, Google’s position in providing many major Web services allows them to “push” even harder for this kind of change, even just subtly: if you make the
switch from Chrome to e.g. Firefox (and you absolutely should) you might find that
YouTube runs slower for you because YouTube’s (Google) engineers favour Google’s web browser.
So these are the three browser engines we have: WebKit/Blink, Gecko, and EdgeHTML. We are unlikely to get any brand new bloodlines in the foreseeable future. This is it.
If we lose one of those browser engines, we lose its lineage, every permutation of that engine that would follow, and the unique takes on the Web it could allow for.
And it’s not likely to be replaced.
Imagine a planet populated only by hummingbirds, dolphins, and horses. Say all the dolphins died out. In the far, far future, hummingbirds or horses could evolve into something that
could swim in the ocean like a dolphin. Indeed, ichthyosaurs in the era of dinosaurs looked much like dolphins. But that creature would be very different from a true dolphin: even
ichthyosaurs never developed echolocation. We would wait a very long time (possibly forever) for a bloodline to evolve the traits we already have present in other bloodlines today.
So, why is it ok to stand by or even encourage the extinction of one of these valuable, unique lineages?
We have already lost one.
We used to have four major rendering engines, but Opera halted development of its own rendering engine Presto before adopting Blink.
Three left. Spend them wisely.
As much as I don’t like having to work-around the quirks in all of the different browsers I test in, daily, it’s way preferable to a return to the dark days of the Web circa
most of the first decade of this century. Please help keep browsers diverse: nobody wants to start seeing this shit –
I’ve generally been pretty defensive of Microsoft Edge, the default web browser in Windows 10. Unlike its much-mocked
predecessor Internet Explorer, Edge is fast, clean, modern, and boasts good standards-compliance: all of the things that
Internet Explorer infamously failed at! I was genuinely surprised to see Edge fail to gain a significant market share in its first few years: it seemed to me
that everyday Windows users installed other browsers (mostly Chrome, which is causing its own problems) specifically because Internet Explorer was
so terrible, and that once their default browser was replaced with something moderately-good this would no longer be the case. But that’s not what’s happened. Maybe it’s because Edge’s
branding is too-remiscient of its terrible
predecessor or maybe just because Windows users have grown culturally-used to the idea that the first thing they should do on a new PC is download a different browser, but
whatever the reason, Edge is neglected. And for the most part, I’ve argued, that’s a shame.
I ranted at an Edge developer I met at a conference, once, about Edge’s weak TLS debugging tools that couldn’t identify an OCSP stapling issue that only affected Edge, but I thought
that was the worse of its bugs… until now…
But I’ve changed my tune this week after doing some research that demonstrates that a long-standing security issue of Internet Explorer is alive and well in Edge. This particular issue,
billed as a “feature” by Microsoft, is deliberately absent from virtually every other web browser.
About 5 years ago, Steve Gibson observed a special feature of EV (Extended Validation) SSL certificates used on HTTPS websites: that their
extra-special “green bar”/company name feature only appears if the root CA (certificate authority) is among the browser’s default trust store for EV certificate signing. That’s
a pretty-cool feature! It means that if you’re on a website where you’d expect to see a “green bar”, like Three Rings, PayPal, or HSBC, then if you don’t see the green bar one day it most-likely means that your
connection is being intercepted in the kind of way I described earlier this year, and everything you see or send including
passwords and credit card numbers could be at risk. This could be malicious software (or nonmalicious software: some antivirus software breaks EV certificates!) or it could be your friendly local
network admin’s middlebox (you trust your IT team, right?), but either way: at least you have a chance of noticing, right?
Firefox, like most browsers, shows the company name in the address bar when valid EV certificates are presented, and hides it when the validity of that certificate is put into
question by e.g. network sniffing tools set up by your IT department.
Browsers requiring that the EV certificate be signed by a one of a trusted list of CAs and not allowing that list to be manipulated (short of recompiling the browser from
scratch) is a great feature that – were it properly publicised and supported by good user interface design, which it isn’t – would go a long way to protecting web users from unwanted
surveillance by network administrators working for their employers, Internet service providers, and governments. Great! Except Internet Explorer went and fucked it up. As Gibson
reported, not only does Internet Explorer ignore the rule of not allowing administrators to override the contents of the trusted list but Microsoft even provides a tool to help them do it!
From top to bottom: Internet Explorer 11, Edge 17, Firefox 61, Chrome 68. Only Internet Explorer and Edge show the (illegitimate) certificate for “Barclays PLC”. Sorry, Barclays; I
had to spoof somebody.
I decided to replicate Gibson’s experiment to confirm his results with today’s browsers: I was also interested to see whether Edge had resolved this problem in Internet Explorer. My
full code and configuration can be found here. As is doubtless clear from the title of this post and the
screenshot above, Edge failed the test: it exhibits exactly the same troubling behaviour as Internet Explorer.
Thanks, Microsoft.
I also tried Safari (both on MacOS, above, and iOS, below) and it behaved as the other non-Microsoft browsers do (i.e. arguably more-correctly than IE or Edge).
I shan’t for a moment pretend that our current certification model isn’t without it’s problems – it’s deeply flawed; more on that in a future post – but that doesn’t give anybody an
excuse to get away with making it worse. When it became apparent that Internet Explorer was affected by the “feature” described above, we all collectively rolled our eyes
because we didn’t expect better of everybody’s least-favourite web browser. But for Edge to inherit this deliberate-fault, despite every other browser (even those that share its
certificate store) going in the opposite direction, is just insulting.
Chrome comes with built-in developer tools. This comes with a wide variety of features, such as Elements, Network, and Security. Today, we’ll focus 100% on its JavaScript console.
When I started coding, I only used the JavaScript console for logging values like responses from the server, or the value of variables. But over time, and with the help of tutorials,
I discovered that the console can do way more than I ever imagined…
I’m looking for an extension that will automatically redirect-to-HTTPS for particular domains, e.g. to ensure that I’m using the secure version of Wikipedia, etc., whenever I go
there. The HTTPS Everywhere plugin from the EFF does this for Firefox and Chrome; what can I do to make this work in Opera?
As you may all know, I’m a die-hard supporter of the Opera web browser, despite many of my friends now claiming that Firefox is superior. I’ve been following the Mozilla project for a long while (haven’t we all), and on the many occasions I’ve tried Firefox (and it’s
grandparents) I’ve always been unimpressed. It’s always been the little things that Opera did that kept me coming back to it, time and time again.
With the full release of Firefox 1.0 (download Firefox here), there’s been an explosion in the number of Firefox extensions that have become available, so I decided to try to find a combination of extensions that would at long last give
Firefox the capabilities that always kept me coming back to Opera. The theory is – if I can find enough extensions to give me the functionality I need in a web browser (which Opera
very-nearly perfectly provides) in Firefox, it’ll make a convert out of me. Here goes –
Mouse Gestures 1.0 – One of the great things about Opera is that it really pioneered mouse gestures (waving your cursor in
strange patterns in order to facilitate shortcuts), and led the way for years thereafter. Mouse gestures are infectious – once you’ve used them and you get the hang of “doing
things faster” (particularly mouse-intensive activities like web browsing), you end up trying to do it elsewhere – I’ve frequently used friends computers (with Internet Exploder,
or similar) and tried to do a gesture before remembering that I can’t.The Mouse Gestures extension for Firefox is fully-featured and highly-configurable. I found the original
settings a little unresponsive, and had to increase the “diagonal tolerance” (slippage permitted in a non-cardinal direction) to bring it back in line with the speed at which I
execute gestures, and of course I’ve customised some of my own gestures. Apart from that, it’s wonderful.
Download Manager Tweak 0.6.3 – One thing I loved about my customised Opera configuration was that pretty much everything not directly
related to browsing – my RSS-feed subscriptions (that let me keep an eye on all my friends’ weblogs in realtime), my
downloads, etc. – were set up to all appear in the wonderful “sidebar”: a non-invasive way of keeping information “to hand”. Firefox’s download windows are chunky and ugly, only a
little better than the hideous ones provided by Internet Exploder. This plugin allows you to move the download window to the sidebar – a far more sensible place for it – and
manage all your transfers from there.
Web Developer 0.8 and Nuke Anything 0.2 – As a web
developer, I love the web developer tools in Opera. The ability to switch stylesheets, emulate other browsers, change and test content on the fly, and manipulate cookies
is invaluable when debugging large, complex web projects. Combining these two excellent extensions gives me all of this, and more. The Web Developer tools can do things like
manipulate form data on the fly, edit offline HTML and CSS on-the-fly,
simulate different screen resolutions, and validate source code – it’s fantastic. Nuke Anything allows content to be ‘removed’ from the page: a great way of digging through
complicated source code to find how a particular trick is being achieved.
Sage 1.3 – Now here’s a stunning piece of software. Thanks to Jon for suggesting this one.A great feature
of Opera is it’s use as an RSS reader. RSS is a wonderful way to “subscribe”
to news sources, weblogs, and the like, and be notified when they’re updated or even have the new content delivered directly to your desktop. It’s so good, that I rarely use Abnib or my friends page any more. Opera makes it easy to set up and manage your
subscriptions, and delivers them in the way that suits you best.Now Firefox does natively support syndication, but it doesn’t do a very good job of it. It’s system –
“Active Bookmarks”, relies on use of it’s bookmarks list, lots of scrolling, etc. Plus – and here’s the big problem – it doesn’t pass your browser cookies when picking up the feeds –
this means that you can’t have it, for example, pick up restricted “friends only” feeds from your friends’ weblogs. Without this feature, there was no way I’d be leaving Opera
behind.But Sage pulls it off. It pulls in the feeds and presents them in a brilliant way. It’s default options are a little weird, and it doesn’t support automatic “timed” feed
collection, but it still does a great job of this newsfeed lark. I think everybody with Firefox should install Sage.
Session Saver – Simply put, this allows Firefox to remember what tabs you had open when it was last closed (even if it crashed or there was a power cut), and re-open them when you
run it again, in a very Opera-esque way.
MiniT 0.4 – A pet annoyance, but one that would have really annoyed me, is the inability to re-order the tabs while using Firefox’s tabbed
browsing. I mean: why wasn’t this included with the program? Most other programs that use the dynamic “document” tab metaphor allow the user to click-drag-reorder them, including my
beloved Opera. But no, you need a plug-in like MiniT to do this. It’s good: not as “fluid” as Opera, but quite satisfactory.
TabBrowser Preferences 1.1.1 – It didn’t take long of playing with Firefox, particularly on the EasyNews web site, to find another thing which, to me, is a big problem. When people (very rudely) make hyperlinks that request to be opened in “a new
window”, Firefox does exactly that: opens them in a new window, rather than in a new tab in the current window (fitting with the tabbed browsing metaphor). I tried a couple of
plug-ins to prevent this from happening, but none of them worked consistently (for example, catching JavaScript pop-up windows and tabbing them, for example), as Opera does, until I
found this lovely little extension. TabBrowser Preferences has all kind of options I don’t use, but for this one, which I do, it’s wonderful.
LastTab 1.1 – By this point, I had very few quirks left unsatisfied on my “web browser wish list”. One was that, in Opera, pressing
CTRL-TAB takes you first to your most-recently used other tab, and then (if you keep pressing tab) through the others you have open. This makes sense to me, because you can then use
CTRL-TAB as a two-tab “flicker” (like the “last channel” button on a TV remote): perfect for use as a “boss key” (if you don’t know, you don’t
need to know). Satisfied.
This only leave one “big” niggle that still pisses me off – I can’t find a plug-in that will allow me to hold down a particular key (e.g. shift) and click on a tab, to close it (really
useful for closing multiple tabs at once, after running and completing a multi-tab information seek). If anybody can suggest an extension that does this, let me know!
So; I guess I’m a Firefox convert. I knew it would happen someday, but I’m just surprised it happened so soon.
