During the past few days, I’ve been chatting with Firefox users, trying to separate fact from rumor regarding the consequences of the August 2020 Mozilla layoffs. One of the topics that came back a few times was the removal of XUL-based add-ons during the move to Firefox Quantum. I was very surprised to see that, years after it happened, some community members still felt hurt by this choice. And then, as someone pointed out on reddit, I realized that we still haven’t taken the time to explain in-depth why we had no choice but to remove XUL-based add-ons. So, if you’re ready for a dive into some of the internals of add-ons and Gecko, I’d like to take this opportunity to try and give you a bit more detail. David Teller’s been at Mozilla for nearly 10 years, so he knows what he’s talking about. A good and detailed explanation of why Mozilla pretty much had no choice.
Mozilla, Gecko Archive
Mozilla and Google have extended their current search deal for another three years, multiple sources have told ZDNet. The new search deal will ensure Google remains the default search engine provider inside the Firefox browser until 2023 at an estimated price tag of around $400 million to $450 million per year. Mozilla officials are expected to announce the search deal’s extension later this fall, in November, when the organization is scheduled to disclose its 2019 financial figures. This is definitely good news in terms of Firefox’ continued existence, but the uncertainty every time the deal is about to run out illustrates once again that this situation is entirely untenable. I have no idea how to solve this problem, but my wildest idea is large open source projects like major Linux distributions, GNOME, KDE, and so on, taking an active interest in investing manpower and other resources into ensuring Firefox remains the independent browser for Linux and BSD users. God forbid I have to use Chrome.
Today we announced a significant restructuring of Mozilla Corporation. This will strengthen our ability to build and invest in products and services that will give people alternatives to conventional Big Tech. Sadly, the changes also include a significant reduction in our workforce by approximately 250 people. These are individuals of exceptional professional and personal caliber who have made outstanding contributions to who we are today. To each of them, I extend my heartfelt thanks and deepest regrets that we have come to this point. This is a humbling recognition of the realities we face, and what is needed to overcome them. I feel for the 250 laid off employees – that always sucks and I hope they will be able to find a new job quickly. That being said, I have no idea what to make of this corporate speak word soup, and it’s hard to parse what, exactly, is going to change from here on out. There’s nothing concrete here, no announcements, no goals or targets – just vague evergreen wording. There’s hints that the deal with Google – wherein Google contributes about 90% of Mozilla’s revenue to be the default search engine in Firefox – might expire and not be renewed at the end of this year, which would effectively cut all of Mozilla’s revenue off. That will be an immense shock, and it could easily spell the end of the Mozilla Foundation in its current form – and thus the continued viability of Firefox.
Firefox 75 due to be released next month should finally have its native Wayland support in good order. Merged yesterday were the Firefox Wayland patches for VA-API video acceleration support in conjunction with FFmpeg. And so the slow, almost never-ending march towards Wayland continues. I wonder if the march will ever end,
The SeaMonkey project is a community effort to develop the SeaMonkey Internet Application Suite (see below). Such a software suite was previously made popular by Netscape and Mozilla, and the SeaMonkey project continues to develop and deliver high-quality updates to this concept. Containing an Internet browser, email & newsgroup client with an included web feed reader, HTML editor, IRC chat and web development tools, SeaMonkey is sure to appeal to advanced users, web developers and corporate users. SeaMonkey has been around for a while, and I’m sure many of you are familiar with it. It’s effectively a modern continuation of the more classic Mozilla browser, the Mozilla Application Suite, which also included a news reader, email client, and so on. Not exactly the kind of thing most people want to use today, but there must still be a place for it in today’s era. That being said, the project just released its latest new version, 2.53.1, so I figured I’d highlight it here.
Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users. The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users. At the creation of the internet, these kinds of threats to people’s privacy and security were known, but not being exploited yet. Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit. We can only hope other browsers will follow soon. This is a very important and great improvement.
There was a time when Thunderbird’s future was uncertain, and it was unclear what was going to happen to the project after it was decided Mozilla Corporation would no longer support it. But in recent years donations from Thunderbird users have allowed the project to grow and flourish organically within the Mozilla Foundation. Now, to ensure future operational success, following months of planning, we are forging a new path forward. Moving to MZLA Technologies Corporation will not only allow the Thunderbird project more flexibility and agility, but will also allow us to explore offering our users products and services that were not possible under the Mozilla Foundation. The move will allow the project to collect revenue through partnerships and non-charitable donations, which in turn can be used to cover the costs of new products and services. Thunderbird’s focus isn’t going to change. We remain committed to creating amazing, open source technology focused on open standards, user privacy, and productive communication. The Thunderbird Council continues to steward the project, and the team guiding Thunderbird’s development remains the same. I’m glad Thunderbird and its users found a way forward for the application, but I’ve never been a fan of these complex, overloaded e-mail/groupware applications like Thunderbird, Evolution, and Kmail. I use Geary because it focuses on one thing and does it well – e-mail – and it doesn’t try to also do all sorts of stuff I don’t want an e-mail client to do. As a side note, KDE could really use a Geary-like simple e-mail client – because Kmail is not in a great state.
A couple of weeks ago, we landed a commit that took years of effort at Mozilla. It removed “XBL”, which means we’ve completed the process of migrating the Firefox UI to Web Components. It wasn’t easy – but I’ll get to that later. It’s taken a couple years of work of remarkably steady progress by a small team of engineers along with the support of the rest of the organization, and I’m happy to report that we’ve now finished. This is a big accomplishment on its own, and also a foundational improvement for Firefox. It allows teams to focus efforts on modern web standards, and means we can remove a whole lot of duplicated and complicated functionality that wasn’t exposed to websites. The fact the people at Mozilla have been able to do this without any major disruptions to Firefox users is pretty impressive.
Sideloading is a method of installing an extension in Firefox by adding an extension file to a special location using an executable application installer. This installs the extension in all Firefox instances on a computer. Sideloaded extensions frequently cause issues for users since they did not explicitly choose to install them and are unable to remove them from the Add-ons Manager. This mechanism has also been employed in the past to install malware into Firefox. To give users more control over their extensions, support for sideloaded extensions will be discontinued. This blog post requires some very clear translating before all of grab our pitchforks. Users will still be able to install extensions from outside Mozilla’s own add-on website, and developers will still be able to distribute them separately. The functionality Mozilla is removing from Firefox is the ability for application installers – such as Skype – to dump an extension in a folder and then have that extension be installed in every Firefox profile on the machine.
And today we’re excited to announce that we’re moving to a four-week release cycle! We’re adjusting our cadence to increase our agility, and bring you new features more quickly. In recent quarters, we’ve had many requests to take features to market sooner. Feature teams are increasingly working in sprints that align better with shorter release cycles. Considering these factors, it is time we changed our release cadence. I’ve been incredibly satisfied with Firefox for a long time now, and aside from a few hiccups along the way, I trust the team to handle a faster release cycle just fine.
I’ve found myself agreeing wholeheartedly with the recent pushes to get people to switch from Chrome to Firefox. Google keeps pulling dumb trick after dumb trick in an attempt to have more control over the web. It’s hard not to think that this kind of behavior warrants quitting Chrome and other Google products. But taking a look at Firefox usage statistics, it’s pretty obvious that the trend (looking at Monthly Active Users) is going in the wrong direction. This raises some questions: why is Firefox usage going down, and what does Mozilla need to do to bring it back up? Harsh, but fair. Firefox’s out-of-the-box defaults are very counter-intuitive to its privacy-focused marketing. Nonsense like recommended articles littering the new tab page, forced Pocket integration that you can only disable through about:config, recommended themes and extensions based on your usage, Google being the default browser, and so on, all seem to fly in the face of claims that using Firefox allows you to take control of your privacy. Sure, I disable the Pocket integration, set DDG as my default search engine, and do other things to decrapify Mozilla’s terrible defaults (Firefox is my browser on all my computers and mobile devices), but regular users shouldn’t have to.
At Firefox, we’re passionate about providing solutions for people who care about safety, privacy and independence. For several months, we’ve been working on a new strategy for our Android products to serve you even better. Today we’re very happy to announce a pilot of our new browser for Android devices that is available to early adopters for testing as of now. We’ll have a feature-rich, polished version of this flagship application available for this fall. This version does not yet support extensions, making it a bit useless for me at this stage. I hope they address that soon.
Recently, Firefox had an incident in which most add-ons stopped working. This was due to an error on our end: we let one of the certificates used to sign add-ons expire which had the effect of disabling the vast majority of add-ons. Now that we’ve fixed the problem for most users and most people’s add-ons are restored, I wanted to walk through the details of what happened, why, and how we repaired it. An in-depth look at the cause and fixes for the devastating extensions bug that hit Firefox users over the weekend, written by Firefox CTO Eric Rescorla.
Update: a partial fix has been shipped by Mozilla A few hours ago a security certificate that Mozilla used to sign Firefox add-ons expired. What this means is that every add-on signed by that certificate, which seems to be nearly all of them, will now be automatically disabled by Firefox as security measure. In simpler terms, Firefox doesn’t trust any add-ons right now. Basically, all your Firefox extensions will be disabled and won’t work until Mozilla fixes this embarrassing issue. Until they do, you can go to about:config and set xpinstall.signature.required to false. This is obviously a major security issue, so only change this flag if you know what you’re doing, and don’t forget to set it back to true once Mozilla fixes the issue.
A recently published support document highlights Mozilla’s plans for the current Firefox for Android and also Fenix. Mozilla’s main idea is to maintain the legacy version of Firefox for Android until Fenix reaches migration readiness status. Firefox users on Android should be able to use the legacy version until Fenix is ready while Mozilla wants to minimize support costs. Fenix currently does not support extensions just yet, so I’ll be staying on the regular Firefox for Android until that has been addressed.
It’s no secret that Google Chrome is the world’s most popular browser, and while a lot of that might be owed to its quality, some believe that Google intentionally sabotaged competing browsers in order to grow in popularity. A former Mozilla executive has lashed out at the Mountain View company for repeatedly and continuously finding less-than-desirable ways to promote its own browser. Jonathan Nightingale posted a series of tweets over the weekend, detailing some of the events that took place between Google and Mozilla over the years. Nightingale starts by pointing out that Google typically played nice with Mozilla before Chrome was a thing, but things turned sour once Google’s browser launched. While the company kept trying to convince Mozilla that both organizations were on the same side, things would often break in Firefox for no real reason. This is really not that surprising. The only reason Google plays nice with Mozilla is the same reason Microsoft invested in Apple in the late ’90s and kept its products available on Mac OS despite the fact the Mac was basically dead: they need an antitrust lightning rod.
At Mozilla, we are always committed to people’s security and privacy. It’s part of our long-standing Mozilla Manifesto. We are continually looking for new ways to fulfill that promise, whether it’s through the browser, apps or services. So, it felt natural to graduate one of our popular Test Pilot experiments, Firefox Send. Send is a free encrypted file transfer service that allows users to safely and simply share files from any browser. Additionally, Send will also be available as a an Android app in beta later this week. Now that it’s a keeper, we’ve made it even better, offering higher upload limits and greater control over the files you share. Neat feature, because sending files is still a messy and unpleasant experience. I trust Mozilla to do this right.
We know that unsolicited volume can be a great source of distraction and frustration for users of the web. So we are making changes to how Firefox handles playing media with sound. We want to make sure web developers are aware of this new autoplay blocking feature in Firefox. Starting with the release of Firefox 66 for desktop and Firefox for Android, Firefox will block audible audio and video by default. We only allow a site to play audio or video aloud via the HTMLMediaElement API once a web page has had user interaction to initiate the audio, such as the user clicking on a “play” button. Good move, and long overdue. Autplaying video isn’t just a mere annoyance – it’s incredibly rude, obnoxious and desrespectful.
A Microsoft program manager has caused a stir on Twitter over the weekend by suggesting that Firefox-maker Mozilla should give up on its own rendering engine and move on with Chromium. “Thought: It’s time for @mozilla to get down from their philosophical ivory tower. The web is dominated by Chromium, if they really ‘cared’ about the web, they would be contributing instead of building a parallel universe that’s used by less than five percent?” wrote Kenneth Auchenberg, who builds web developer tools for Microsoft’s Visual Studio Code. This is such a rude and discourteous thing to say to a competitor – a competitor that has played a crucial role in bringing back competition to the browser market back when Internet Explorer 6 kept the web down like an anker. We need competition on the web.
According to Mozilla’s plugin roadmap, the firm planned to disable Flash by default in Firefox sometime this year. Now, a new bug filing has revealed that the plugin will be disabled as of Firefox 69 which is due for release on September 3, 2019. Mozilla will disable Flash beginning with the Nightly builds before it works its way down to the Stable channel. The disabling of Flash comes in anticipation of Adobe ending support for its Flash plugin at the end of 2020. Mozilla has said that it will completely remove Flash support for consumer versions of Firefox in early 2020, while the Extended Support Release (ESR) version will have support until the end of the year. In 2021, Mozilla has said that Firefox will refuse entirely to load the plugin due to a lack of security updates from Adobe. Aside from the occasional Flash-based online game, is Flash even a thing these days? Do any of you still use it on a regular basis?