Tell HN: When Firefox jumps the shark, the call to action is Ladybird
I want to start this post off by saying that I fully understand software loyalty. There are people who will defend Firefox to the end of the Earth, and there should be! Over the years, Firefox has been invaluable to the open web, and is solely responsible for securing web standards in general. Without them, the web would surely be yet another decaying Google platform. So in my opinion, there is nothing wrong with defending Firefox at every turn. It is a tough market, and they should do anything it takes to secure their own survival.
That being said, there comes a time when we must explore our options. As Firefox shifts towards an advertising and tracking model, Ladybird, the first new browser engine since the 90's with the ability to pass the Acid3 JavaScript test suite, has secured a $1 million grant from the founder of GitHub. This is exciting news to put it lightly, and may very well be a small glimmer of light at the end of this tunnel.
In my opinion, if there is to be any hope for the future of the open web, we must put our full support in backing behind the Ladybird project by any means available to us. Please, spread the word, contribute, or donate whatever you can. I truly feel the future of the open web may depend on it.
Tell your friends!
48 comments
[ 5.0 ms ] story [ 115 ms ] threadSustainability wise, Firefox is not built for hackers. One example is the Haiku community has been working on porting Firefox for years, to varying degrees of success. The problem is that it's just so huge; there are so many things going on, so many libraries that each require porting efforts on their own, DRM standards built into the core platform that will likely never see support, so real "Firefox" is likely to never happen regardless of community effort.
Meanwhile, though it is in a quite early state, multiple people are already experimenting with their own working builds of Ladybird on Haiku.
I'm not trying to say I can guarantee this will continue being the case as the ladybird project reaches maturity, but I think they deserve an honest shot. Wouldn't it be nice to have a truly portable browser engine?
Plus, I don't see how Firefox is really broken. Right now, forking and shipping with a custom user.js is sufficient to fix most annoyances.
Chrome: 70% of all security bugs are memory safety issues: https://www.zdnet.com/article/chrome-70-of-all-security-bugs...
"Rust is an emerging programing language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property is very attractive to developers, and many projects start using the language. However, can Rust achieve the memory-safety promise? This paper studies the question by surveying 186 real-world bug reports collected from several origins which contain all existing Rust CVEs (common vulnerability and exposures) of memory-safety issues by 2020-12-31. We manually analyze each bug and extract their culprit patterns. Our analysis result shows that Rust can keep its promise that all memory-safety bugs require unsafe code...": https://arxiv.org/abs/2003.03296
Seems persuasive to me.
How so?
> Rust is not really a factor (either way) when I'm deciding whether or not to use a particular piece of software.
For a five function calculator or alarm clock app, sure. Browsers have an immense attack surface, handle incredible amounts of untrusted data in hundreds of different formats, and are actively exploited regularly.
Cloudflare reports almost 7% of internet traffic is malicious: https://www.zdnet.com/article/cloudflare-reports-almost-7-pe...
Software which is expected to deal with such hostilities and complexities needs to be written in memory safe languages in 2024.
Wayland's been in the works for well over a decade now and many Linux distros still haven't switched over yet. I don't think this is a great example.
I wish. To me it seems like Firefox is certain to only get worse and worse. For a while now it felt like every major update came with something new I had to disable, often for privacy reasons, but now that Mozilla is an ad tech company, Firefox users are their product and they're just getting started selling us to advertisers.
It also lacks the substantial improvements to hardware accelerated decoding on linux within the last year or so and improvements in performance.
It does have a sync backend but inactive account data may be deleted and if the project is shuttered your data is kaput.
It also lacks Android and ios support meaning you lack the virtuos benefits of using the same tech on all platforms like syncing passwords and bookmarks.
They also recently improved integration by allowing you to browse open tabs on synced computers
Firefox in also has in the last while added privacy preserving local translation support and long ago added really good local reader mode.
Also my browsing would be less nice without addons like Sideberry and Tridactyl not to mention colorful via pywal.
Then we get to adblocking an arms race that Palemoon with its several year old (2021)version of uBlock that will never be updated stands to lose.
Also the lack of a mobile version means that your options for adblock on the go are meager unless you either run Firefox Mobile or look into a more complicated option like pihole with its own tradeoffs like not being able to turn it off for a site with a click.
Firefox has been making dumb communication mistakes and been too friendly with partners but it remains in my opinion the best choice. Dumb choices like this can easily be disabled and if that becomes onerous libreWolf unlike Palemoon is just Firefox with different privacy friendly defaults.
That said it also requires more setup as far as addons and sync which is why I prefer to simply configure Firefox.
Project Page: https://servo.org/
The hype is unfounded. Yet another browser engine designed using the same tools with the same methods isn't going to yield an organization resistant to the monetary and social problems that Mozilla has faced.
It's not about the tech. It's about the org making the tech. Dev time is expensive, and there isn't a way to pay for it. Eventually people get tired of working for free and begin to treat life realistically - f#@$ you, pay me. That is the correct and expected outcome.
Ladybird as a browser has nothing special going for it other than hype. It's a walking vulnerability that has to play catch-up to be a contender as a web browser.
Chromium was/is "the" open browser, and it only happened because google and friends footed the bill.
Where ladybird and servo could shine is as an embeddable renderer that doesn't have to have all the other features of a fully kitted browser.
That must be why there are no successful open source projects in the world and nobody ever works on software for long unless it's for money (https://www.gnu.org/philosophy/fs-motives.html)
If Ladybird gets big, what stops it from being captured by a major commercial contributor?
What we need to be thinking about is how to make browser components more embeddable, and I suspect the sensible target is Gecko at this point.
This gives us the wedge into the market. You have the Vivaldis, Edges, and Operas of the world who have figured out market fit and their technical needs, and the goal is to provide them a compelling alternative to building around WebKit/Blink. The offer you can present them is "building around Gecko or Ladybird means you don't have to spend half your time unwinding every stupid and self-serving choice Google made".
At least in the short-mid term, you're not cleaving off the people who actually LIKE Chrome, or simply download it because they don't know better, but you can at least capture that other 5%.
That might be okay to you, but a browser that snoops on my browsing history and reports it to third parties who will then use it to send reports to advertisers is totally unacceptable to me.
That said, I don't expect this to be the end state of their user tracking. They could expand their system to track the kinds of ads we get here on HN too. Maybe eventually start ups will be able to pay Mozilla to track how many firefox users use their web apps after seeing a "Show HN" post or even just after seeing mentions of a product in comments. Right now it's hard to track the success of astroturf campaigns, but when a web browser is working for advertisers instead of being a user agent it becomes possible.
For Google and Apple browsers are loss leaders for their bigger business, so they have infinitely deep pockets to play Fire and Motion[1] with each other by adding more and more stuff to the platform, and setting higher and higher performance and security/privacy goals. Once you implement the first 90%, there's the harder second 90% to implement, and the goal keeps moving. And that's before you even have to waste time fighting bug-compatibility caused by the Chromium monoculture and Google's "oopses" serving non-broken code only to Chrome.
[1]: https://www.joelonsoftware.com/2002/01/06/fire-and-motion/
Which is sort of what I expected from AMP and Gemini.
https://kagi.com/orion/
Note that I've only used it on iOS personally, where I'm using it for everything.
Haven't tried the macOS version, as I'm no longer a macOS user.
The only 2 websites I've come across that struggle with Firefox are Youtube and Photopea.