Slashdot Mirror

It already exists. Use google chrome and the gPDF extension, and all pdf files are opened by google's own javascript based viewer. Also availible for firefox as well!

I think you're missing the whole crux of their argument. Yes, IE was the source of at least one of the security holes, but France and Germany are mandating switching as though it's some sort of panacea. IE was just one link in the chain of exploits used in the attack. Maybe destroying one link in the chain destroys the chain, but it is more likely that they will find a different link to continue the attack. Like maybe a zero day in Firefox or one of these known exploits.

I truly believe that Firefox and probably Chrome is a more secure browser than IE, and I completely agree with the recommendation from France and Germany. But even if Google had no IE they would not have been completely protected from the attacks, and both countries aren't completely protected by some memo mandating the end of IE. To think so is foolishness. Don't let one poorly written PCWorld article convince you otherwise.

https://developer.mozilla.org/En/A_Brief_Guide_to_Mozilla_Preferences

If the administrators can write to the application directory and prevent the user from doing so, then they can enforce profile settings in Firefox (and almost any Mozilla app).

Mozilla is working on an MSI package. There's a bug in bugzilla for that. Vote for it and/or help with coding testing.

You're funny.
Bug 52052 was opened in 2000.
Bug 231062 was opened in 2004 when 52052 was closed with "WONTFIX"
Sure, there's been recent activity, but it's been TEN years. Until MSI becomes a blocker for 3.6 or 3.7, they'll drop it for the new shiny like they've always done.

Mozilla is working on an MSI package. There's a bug in bugzilla for that. Vote for it and/or help with coding testing.

You're funny.
Bug 52052 was opened in 2000.
Bug 231062 was opened in 2004 when 52052 was closed with "WONTFIX"
Sure, there's been recent activity, but it's been TEN years. Until MSI becomes a blocker for 3.6 or 3.7, they'll drop it for the new shiny like they've always done.

Considering that certain other browsers (Firefox and Safari) experience many more security bugs these days, combined with the fact that none of these offer sandboxing, the recommendation does seem a bit odd.

The rest of your post, including the sandboxing point, deserves that 5. This one doesn't belong on the same page.

Everyone paying attention can see that Firefox (and open-source general practice) reports and patches as critical security holes bugs for which there's only theoretic or even just heuristic evidence of a potential security breach, while Microsoft's usual reports are of bugs that have actually been exploited and are often actually leaking data in the wild, and eventually releases patches for those.

Microsoft, understandably given their nature as a marketing company, is only too happy to persuade the gullible that the two different counts are comparable.

Considering that certain other browsers (Firefox and Safari) experience many more security bugs these days, combined with the fact that none of these offer sandboxing, the recommendation does seem a bit odd.

The rest of your post, including the sandboxing point, deserves that 5. This one doesn't belong on the same page.

Everyone paying attention can see that Firefox (and open-source general practice) reports and patches as critical security holes bugs for which there's only theoretic or even just heuristic evidence of a potential security breach, while Microsoft's usual reports are of bugs that have actually been exploited and are often actually leaking data in the wild, and eventually releases patches for those.

Microsoft, understandably given their nature as a marketing company, is only too happy to persuade the gullible that the two different counts are comparable.

This is the proposal from Google as part of their "Long Tail" requirements

This allows native code running from the browser.
https://wiki.mozilla.org/Plugins:PlatformIndependentNPAPI

There is also once for Audio, and its fully featured.
https://wiki.mozilla.org/Plugins:PepperAudioAPI

This stuff is basically allowing the idea of Google Chrome OS to become a reality.
But it also has much wider implications. For instance for the YouTube Video codec question, it opens up the door for the codec to be delivered via the web site playing it.
The same goes for anything.
Mayeb you want to interact with Git and your file system.
NACL does not allow file system access, but if you had a NAS sitting at home or anywhere you could fully interact with it over tcp/ip or Http/ running inside NCL.

This is the proposal from Google as part of their "Long Tail" requirements

This allows native code running from the browser.
https://wiki.mozilla.org/Plugins:PlatformIndependentNPAPI

There is also once for Audio, and its fully featured.
https://wiki.mozilla.org/Plugins:PepperAudioAPI

This stuff is basically allowing the idea of Google Chrome OS to become a reality.
But it also has much wider implications. For instance for the YouTube Video codec question, it opens up the door for the codec to be delivered via the web site playing it.
The same goes for anything.
Mayeb you want to interact with Git and your file system.
NACL does not allow file system access, but if you had a NAS sitting at home or anywhere you could fully interact with it over tcp/ip or Http/ running inside NCL.

They are taking that into account for the future now. There are two projects to address that.

https://wiki.mozilla.org/Content_Processes
Jetpack
https://wiki.mozilla.org/Labs/Jetpack

They are taking that into account for the future now. There are two projects to address that.

https://wiki.mozilla.org/Content_Processes
Jetpack
https://wiki.mozilla.org/Labs/Jetpack

3.7 stands for a feature set on the Firefox roadmap.

Skipping that number signifies that the planned release has changed form. Avoiding use of that number then neatly avoids confusion about what the new planned releases will contain since Firefox 3.7 already has an attached meaning. It also allows retrospective discussion of what was planned for 3.7; useful if the roadmap is being updated.

If you don't have a published roadmap with promised features, keeping the next release as n + 1 is no problem.

Yeah, someone's been slack. You can see the progress, albeit via bug reports: https://bugzilla.mozilla.org/showdependencytree.cgi?id=478976&hide_resolved=1

4) Over 1 million people downloading the Bing search engine add-on for Firefox (I have a hard time believing Microsoft manipulated them/me).

The far and away priority one feature should be Multithreading. Each tab and each plugin should have its own process and its own memory space, so that a crash of one tab/plugin, or one tab/plugin using loads of CPU power, should have practically no effect on my other tabs/plugins on my 4-core CPU.

So I don't care about copying Chrome's GUI. But copying Chrome's sandboxing and multithreading architecture I very much care about!

There is a Mozilla project to implement this, but the project page hasn't been updated in months, as far as I can tell.

Have you seen $200 million worth of development in Firefox?

http://planet.mozilla.org/

Spend a little time reading this on a regular basis, and you'll soon discover how many projects Mozilla handles, and all the developers they're paying.

The big projects include:

Firefox, Bugzilla, Camino, Fennec, Lightning, Sunbird, Seamonkey, and Thunderbird.

These are major multi-platform projects.

Mozilla has several projects for first-party add-ons for all of the above such as Firebug, Chromebug, . Then they have tons of major projects that most people never hear about. At the moment they're working on:

Jetpack
Raindrop
Bespin
Concept
Personas
Prism
Snowl
Test Pilot
Ubiquity
Weave
Electrolysis

A tool recently said the KDE code based purely on lines of code should have cost $175 million to develop, and that wasn't counting Koffice, and anything outside the main KDE trunk.

Mozilla also doesn't just do code projects, they do tons of community management and outreach projects like Mozilla Education, which costs even more money.

They also help support outside developers using Mozilla and Xulrunner for other apps such as Kompozer, Songbird, etc.

I don't know where all their money goes, but Mozilla does *A LOT*. To suggest they're not doing much development is ignorance or lies.

Firefox experiences a LOT of crashes and memory hogging, and has for years.

Firefox does crash for me from time to time, on Windows and Linux. I tend to use a lot of extensions, and the most common thing I hear is that extensions are the largest source of memory and stability issues. Do I get daily crashes, or 10 crashes a day? No. And I run daily snapshot builds. I maybe get 1 crash a week, if that.

As a Systems Engineer, I troubleshoot and support some big money apps that crash fairly often. Large software projects are going to have bugs. However, I wager if you run without extensions, you'll find that Firefox is pretty damned stable for such a massive multi-platform app.

Memory issues are all but lies these days. Memory usage has improved so much over the past few years. Firefox is actually better with memory usage than Chrome in many ways. The core app doesn't take too much memory on first load. It doesn't have memory leaks.

There are some intentional features which cause Firefox to eat up some memory that you can turn off, such as Firefox keeping fully rendered pages in memory, so that when you hit the back button, they just display immediately without having to re-render. When you close a tab, it still keeps that full session in memory for some time, so that you can reopen the closed tab with full rendered pages and history if you want.

If you don't like these features, turn them off. Not to mention, these are set to use dynamic chunks of memory which is preportional to your total memory. If you have a desktop with 8 gigs of memory that you're not using, why get upset that Firefox is using 300-400 megs of memory?

Unused memory isn't doing you any good.

Stop with the FUD. Real geeks know better and see right through BS and lies.

The difference is whatever they want to make of it. The advantage of not promising anything is that no management is necessary.

It seems to me that Mozilla Foundation is badly managed.

Have you seen $200 million worth of development in Firefox? The Mozilla foundation has been getting more than $68,000,000 each year to make Google the default search engine in Firefox. See this article, for example: Google Deal Produces 91% of Mozilla's Revenue.

In return for that enormous amount of money, Firefox is for many the most unstable program they use. Every new version of Firefox includes "stability improvements", but the instability has gotten considerably worse since version 3.5.2. Firefox is so unstable it regularly crashes the Windows XP OS, although not Linux, apparently.

The instability and resultant memory hogging of Firefox has been reported many times by many people for many years, according to discussions online. For just one small example, see the comments tab for this crash report ID: 67f332db-205a-4944-8f88-1bb7a2091220. (Not a crash from one of our computers.) Typical comments from that comment tab:

"I can't believe how often firefox is crashing recently on multiple computers!!!"
"This is ridiculous! It happens everyday!"
"Mozilla crashes on average 10 a day. Can you help?"
"firefox is crashing on me twice a day. any advice please? thanks Graham"
"This new version of Mozilla sucks. It crashes on my multiple times each day."
"I keep going from tab to tab and after a while Mozilla crashes.."
"please fix this crash problem, thanks"

Want to see your own Firefox crashes? Enter about:crashes into the Firefox address window, and press the Enter key. You can substitute the numbers obtained from your crashes in the link above to get more information.

There is more about Mozilla Developer Center Crash Reporting on their web site. (That web site may be overloaded or not loadable from Slashdot.)

The randomness of failures suggests that Firefox writes to a random location memory that is important in some systems and not others. That's crucial in an unstable, poorly designed OS like Windows XP. Linux merely throws Firefox off the system.

Definitely the way events are handled in Firefox has degraded in the last few versions. Firefox often takes a long time to process a mouse event, for example, even when Firefox has been the only program in use for a long time.

Firefox is popular because of its add-ons, apparently. People don't want to watch abusive, flashing ads that assume that the reader is stupid, so they use AdBlock Plus. When the same extensions exist for Google's browser, it seems likely that Firefox will lose popularity.

Firefox experiences a LOT of crashes and memory hogging, and has for years. Apparently Firefox developers don't know how to debug that kind of failure. Apparently the more than $200 million has not been enough.

http://www.wired.com/politics/law/news/2001/10/47552

1st hit on google "RIAA wants to hack computers". Stop being so lazy :p

Careful, Wired wants to steal your copy buffer.

Be sure to use safe browsing practices.

Oops, forgot: Minefield

So let me get this straight. Because there are websites that are doing shady stuff with the text I select and such, you want me to install a Firefox Extension that theoretically won't do anything shady with my stuff, even though its license consists of

Source code license for Ghostery 2.0.2
Copyright Ghostery, Inc. All Rights Reserved.

And there's no source available.

Why should we trust the people behind Ghostery any more than a random website out there? If you're writing software to protect privacy and prevent data snooping, why make people trust more closed-source software?

How much did your /. account cost you?

So let me get this straight. Because there are websites that are doing shady stuff with the text I select and such, you want me to install a Firefox Extension that theoretically won't do anything shady with my stuff, even though its license consists of

Source code license for Ghostery 2.0.2
Copyright Ghostery, Inc. All Rights Reserved.

And there's no source available.

Why should we trust the people behind Ghostery any more than a random website out there? If you're writing software to protect privacy and prevent data snooping, why make people trust more closed-source software?

How much did your /. account cost you?

Honestly, if you think you can just slap a few open piece of software togeather and have a secure functioning browser, you're smoking something. There's a reason there's only 4 browser engines, and that's because it's *hard*.

Firefox is NOT doing well at producing a secure browser. They patch faster the IE, but every Mozilla 3.5 release has between 2 and 6 critical(read likely exploitable) security flaws. They have had 35 flaws total in the last 7 months. http://www.mozilla.org/security/known-vulnerabilities/firefox35.html

Chrome is doing somewhat better, but they have only 2% market share, and not as many people hunting for bugs. Still a number of critical bugs fixed last year.

Just ran sloccount on firefox 3.5.7 source tree, and it says there are 2.7 million lines of code. For comparison, the Linux 2.6.32.3 has 8 million lines, so Firefox is only 1/3 the size of the full Linux kernel, including all drivers.
The average code has about .5-1 security bugs per 1k lines of code. That means we can expect 1350-2700 security bugs in Firefox.

Just so this isn't all about Firefox, Chromium (the open source branch of Chrome) largely reuses software as much as possible, and has 4.5 million lines of code. That's a huge project. They seem to have less custom parsers, but upstream bugs still do affect them.

The point of this isn't to say that Firefox or Chromium is worse then IE, it's just that modern web browsers are *complicated*. Security is hard even for small projects, and 2.7-4.5 million lines of code is not small. You can hate on IE all you want for web standards support (SVG and XHTML are two nice places to start), but they're actually not doing much worse then the other players for security at the moment. Yes, IE 6 is a piece of crap, and if you're still running that then you deserve what you get, but IE 8 is decent.

Well let's see here, how about we look at Firefox 3.0's list of vulnerabilities from Mozilla:

http://www.mozilla.org/security/known-vulnerabilities/firefox30.html

Lotta red on there, and red means "Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing."

How about 3.5? Hasn't been out as long:

http://www.mozilla.org/security/known-vulnerabilities/firefox35.html

Less over all, as you'd expect, but seems an even greater percentage are critical risk.

Seems to me Firefox has plenty of holes, with new ones getting discovered all the time. I mean please remember 3.5 has been out for about half a year. There's been 7 updates, 5 of which have addresses critical problems, often multiple ones.

So it seems that indeed people ARE finding holes in Firefox. Mozilla is doing as they should and fixing them, but please let's not pretend like there are plenty there that have needed fixing.

Well let's see here, how about we look at Firefox 3.0's list of vulnerabilities from Mozilla:

http://www.mozilla.org/security/known-vulnerabilities/firefox30.html

Lotta red on there, and red means "Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing."

How about 3.5? Hasn't been out as long:

http://www.mozilla.org/security/known-vulnerabilities/firefox35.html

Less over all, as you'd expect, but seems an even greater percentage are critical risk.

Seems to me Firefox has plenty of holes, with new ones getting discovered all the time. I mean please remember 3.5 has been out for about half a year. There's been 7 updates, 5 of which have addresses critical problems, often multiple ones.

So it seems that indeed people ARE finding holes in Firefox. Mozilla is doing as they should and fixing them, but please let's not pretend like there are plenty there that have needed fixing.

The format is trivial, but oddly enough a secure parser is not.

One of the exploitable Firefox bugs this year is in the GIF parsing code, in a situation where there are multiple images in a GIF file, and one has a small color map and is malformed in a specific way, followed by one with a larger color map.

See https://bugzilla.mozilla.org/show_bug.cgi?id=511689 for more details.

Java and windows have also had GIF parsing security bugs in the past:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
http://www.checkpoint.com/defense/advisories/public/2008/cpai-02-Sepa.html

Remember, this GIF parsing is but one of the things I mentioned, and I only mentioned a small faction of the potential bugs in any web browser.

This is why security is hard: Secure software is perfect software, and we don't write perfect software.

Yes but how does it translate from knowing that a mouse drag was performed to exactly which characters are selected?

Through the stanard API.

AFAIK, it is very hard in Javascript to tell what character corresponds to which mouse coordinates.

No, it isn't.

Whatever Tynt's solution is, it must be something pretty cool.

Not really.

A really good application of the technique would be removing text: e.g., removing footnote references from copy-and-pasted wikipedia section, and removing inline site notifications from Slashdot posts.

Yes but how does it translate from knowing that a mouse drag was performed to exactly which characters are selected?

Through the stanard API.

AFAIK, it is very hard in Javascript to tell what character corresponds to which mouse coordinates.

No, it isn't.

Whatever Tynt's solution is, it must be something pretty cool.

Not really.

A really good application of the technique would be removing text: e.g., removing footnote references from copy-and-pasted wikipedia section, and removing inline site notifications from Slashdot posts.

I've noticed that RequestPolicy...
https://addons.mozilla.org/en-US/firefox/addon/9727/

requires much less management. NoScript constantly updates and constantly requires white-listing sites to be able to use them. RequestPolicy defaults to denying just the off-site JavaScript, which is the JavaScript I care the most to deny.

So let me get this straight. Because there are websites that are doing shady stuff with the text I select and such, you want me to install a Firefox Extension that theoretically won't do anything shady with my stuff, even though its license consists of

Source code license for Ghostery 2.0.2
Copyright Ghostery, Inc. All Rights Reserved.

And there's no source available.

Why should we trust the people behind Ghostery any more than a random website out there? If you're writing software to protect privacy and prevent data snooping, why make people trust more closed-source software?

So let me get this straight. Because there are websites that are doing shady stuff with the text I select and such, you want me to install a Firefox Extension that theoretically won't do anything shady with my stuff, even though its license consists of

Source code license for Ghostery 2.0.2
Copyright Ghostery, Inc. All Rights Reserved.

And there's no source available.

Why should we trust the people behind Ghostery any more than a random website out there? If you're writing software to protect privacy and prevent data snooping, why make people trust more closed-source software?

What happens if someone downloads Firefox and gets sued because of the patented codecs? I don't think Mozilla wants headlines saying...

It's things like this that make me wonder if it's a good idea to front a free project with a real-world rights-owning corporation that's responsible and can be sued. Mozilla's petty squabbling over their control of the Firefox name and logo is already ridiculous enough. Let's not start making less-than-ideal decisions for our software because we're worried about how it will affect The Project.

Remember this gem? It was judged that getting on the bad side of financial institutions by offering an option for non honoring the annoying "autocomplete=off" attribute that breaks the password manager half the time (even when your wallet is encrypted) is bad for the project.

If Firefox (or any
Gecko/Mozilla-based product), is to succeed, it needs the support of major sites
that end-users are going to use. If banks, etc, blacklist gecko, then those
users are forced, likely, back to IE (or an older version of Firefox, etc) which
isn't a situation we want to create at all.

I don't care if firefox succeeds, while I do care about whether a basic option is present in my most-used piece of software.

He's not referring to the updater. He's referring to the initial download from http://download.mozilla.org/?product=firefox-3.5.7&os=win&lang=en-US. Note the "http"?

(This looks like a problem superficially. I'd be interested if there is a security measure in place. Your link is to a different, but related, problem - without reading the entire ~50K of the thread.)

I'm fairly certain that bug has been fixed. Actually, from that bug report, I think you're exaggerating the nature and extent of the (solved) problem.

Why are browsers so horribly unfriendly for uploads?

Perhaps Google could put some money into fixing Firefox:
https://bugzilla.mozilla.org/show_bug.cgi?id=249338
or improving it
https://bugzilla.mozilla.org/show_bug.cgi?id=243468

Does Chrome have a decent upload UI? I can't recall ...

Why are browsers so horribly unfriendly for uploads?

Perhaps Google could put some money into fixing Firefox:
https://bugzilla.mozilla.org/show_bug.cgi?id=249338
or improving it
https://bugzilla.mozilla.org/show_bug.cgi?id=243468

Does Chrome have a decent upload UI? I can't recall ...

It's right in the founding documents: http://www.mozilla.org/foundation/documents/mf-ca-ct-registration.pdf

"The exempt purpose of the Foundation is to serve the general public by undertaking activities to (1) keep the Internet a universal platform that is accessible by anyone from anywhere, using any computer" (e.g. not just on Windows) "and (2) promote the continuation of innovation on the Internet". (page iii).

Gerv

AFAICT, SVG animation won't be in until Gecko 1.9.3, which should be in Firefox 3.7. Not sure if there is anything for this in the 3.7 pre-alpha.

You can find more info on the SVG implementation status here.

I really don't like the direction the craft is heading. We were making good progress up until Swing and WinForms, but then web development took over and it feels like we've made a serious regression.

HTML was never intended to be an application language, just a document presentation one. And rather than develop an additional language to embed real application elements, we've spent the past 10 years trying to turn a hammer into a screwdriver.

Mozilla tried to present a workable solution in the form of XUL, which actually gives web developers a real GUI toolkit to work with. The world pretty much ignored or misused it, sadly. (Although I have to admit early XUL implementation was pretty buggy and limited). At present, XUL is mainly used to create Firefox extensions, but even there we see a movement away from that to HTML.

Be that as it may, you have to admit that there are things web apps deliver that the traditional client-side program couldn't. Will we ever see a good marriage of the two? I suppose it's possible, but for the near future I foresee more and more of this 'papering over'; layering frameworks on top of suboptimal core technology in order for developers to at least achieve some sanity.

Huh? I see only minor changes in the pipe. The most annoying one seems to be the removal of the 'properties' context menu item, though I'm sure an extension can add it back in.

Want to see your Firefox crashes? Enter about:crashes into the Firefox address window, and press the Enter key.

There is a discussion of Mozilla product crashes at Mozilla Developer Center crash reporting.

If you've been rallying for this for years, the least you could do is link to the current work being done to achieve exactly that.

If you've been rallying for this for years, the least you could do is link to the current work being done to achieve exactly that.

The best solution to working around Flash video that I've worked out it to use the Video download helper Firefox plugin, then play the videos in Mplayer. It has pretty good support for Youtube and its many imitators. Unfortunately, it doesn't handle copy-protected stuff so it won't work with the full length movies on Youtube or anything on Hulu. It is an extra step to download the video before playing it, but the add-on makes it pretty easy, so I find it worth the hassle if I'm going to watch anything more than a few minutes long.

I haven't seen anything approximate ported to Chrome yet. Hopefully it'll get one soon... or better yet the <Video> tag becomes universally supported even sooner.

Right now, it looks like AdBlock, Flashblock, CustomizeGoogle, and my own AdRater couldn't be implemented under JetPack. The Jetpack API documentation has a section "Content - Methods for interacting with web pages. That's the mechanism anything that deals with ads needs. That leads to "Page modifications", which leads to This documentation is under development. Please see the page modifications API proposal for now."

That leads to Jetpack Extension Proposal #17 - Page Mods, which discusses how to implement Greasemonkey-like functionality using Jetpack. Current status is "Implementing (since May 27, 2009)".

So the functionality needed for AdBlock, etc. is vaporware. It's not even clear that, if implemented, the proposed mechanism would support AdBlock. The author of Adblock Plus wrote last month "Jetpack has to support Adblock Plus, not the other way around. As it is now, Jetpack isn't suitable for complicated extensions."

It's significant that Mozilla gave priority to implementing "themes" and such, which are needed for vendor-branded browsers, while putting off implementation of user-oriented features like ad blocking. Is this a back-door effort to get ad-blocking out of Firefox?

Right now, it looks like AdBlock, Flashblock, CustomizeGoogle, and my own AdRater couldn't be implemented under JetPack. The Jetpack API documentation has a section "Content - Methods for interacting with web pages. That's the mechanism anything that deals with ads needs. That leads to "Page modifications", which leads to This documentation is under development. Please see the page modifications API proposal for now."

That leads to Jetpack Extension Proposal #17 - Page Mods, which discusses how to implement Greasemonkey-like functionality using Jetpack. Current status is "Implementing (since May 27, 2009)".

So the functionality needed for AdBlock, etc. is vaporware. It's not even clear that, if implemented, the proposed mechanism would support AdBlock. The author of Adblock Plus wrote last month "Jetpack has to support Adblock Plus, not the other way around. As it is now, Jetpack isn't suitable for complicated extensions."

It's significant that Mozilla gave priority to implementing "themes" and such, which are needed for vendor-branded browsers, while putting off implementation of user-oriented features like ad blocking. Is this a back-door effort to get ad-blocking out of Firefox?

Right now, it looks like AdBlock, Flashblock, CustomizeGoogle, and my own AdRater couldn't be implemented under JetPack. The Jetpack API documentation has a section "Content - Methods for interacting with web pages. That's the mechanism anything that deals with ads needs. That leads to "Page modifications", which leads to This documentation is under development. Please see the page modifications API proposal for now."

That leads to Jetpack Extension Proposal #17 - Page Mods, which discusses how to implement Greasemonkey-like functionality using Jetpack. Current status is "Implementing (since May 27, 2009)".

So the functionality needed for AdBlock, etc. is vaporware. It's not even clear that, if implemented, the proposed mechanism would support AdBlock. The author of Adblock Plus wrote last month "Jetpack has to support Adblock Plus, not the other way around. As it is now, Jetpack isn't suitable for complicated extensions."

It's significant that Mozilla gave priority to implementing "themes" and such, which are needed for vendor-branded browsers, while putting off implementation of user-oriented features like ad blocking. Is this a back-door effort to get ad-blocking out of Firefox?

Right now, it looks like AdBlock, Flashblock, CustomizeGoogle, and my own AdRater couldn't be implemented under JetPack. The Jetpack API documentation has a section "Content - Methods for interacting with web pages. That's the mechanism anything that deals with ads needs. That leads to "Page modifications", which leads to This documentation is under development. Please see the page modifications API proposal for now."

That leads to Jetpack Extension Proposal #17 - Page Mods, which discusses how to implement Greasemonkey-like functionality using Jetpack. Current status is "Implementing (since May 27, 2009)".

So the functionality needed for AdBlock, etc. is vaporware. It's not even clear that, if implemented, the proposed mechanism would support AdBlock. The author of Adblock Plus wrote last month "Jetpack has to support Adblock Plus, not the other way around. As it is now, Jetpack isn't suitable for complicated extensions."

It's significant that Mozilla gave priority to implementing "themes" and such, which are needed for vendor-branded browsers, while putting off implementation of user-oriented features like ad blocking. Is this a back-door effort to get ad-blocking out of Firefox?

Right now, it looks like AdBlock, Flashblock, CustomizeGoogle, and my own AdRater couldn't be implemented under JetPack. The Jetpack API documentation has a section "Content - Methods for interacting with web pages. That's the mechanism anything that deals with ads needs. That leads to "Page modifications", which leads to This documentation is under development. Please see the page modifications API proposal for now."

That leads to Jetpack Extension Proposal #17 - Page Mods, which discusses how to implement Greasemonkey-like functionality using Jetpack. Current status is "Implementing (since May 27, 2009)".

So the functionality needed for AdBlock, etc. is vaporware. It's not even clear that, if implemented, the proposed mechanism would support AdBlock. The author of Adblock Plus wrote last month "Jetpack has to support Adblock Plus, not the other way around. As it is now, Jetpack isn't suitable for complicated extensions."

It's significant that Mozilla gave priority to implementing "themes" and such, which are needed for vendor-branded browsers, while putting off implementation of user-oriented features like ad blocking. Is this a back-door effort to get ad-blocking out of Firefox?

As a linguist, let me tell you something:

True translation is nigh impossible for a human, and requires comprehensive knowledge of both the source and target cultures. Not just the patterns of sound/text that represent the languages used by those cultures. A computer will not provide human-level-quality translation at any time in the foreseeable future. Maybe before the end of my life, especially if I take a lot of vitamins (if I'm to believe Kurzweil, which I stopped doing years ago--the guy is a hack), but not anytime soon.

I'd love for computers to be able to put me out of a job. But I don't see it happening.

And most scientists in the know thought mapping the Human Genome was a fool's errand due to the computing power requirements. Technology found a way to surprise almost everyone.

While I bow to your superior wisdom in the field, I remain convinced on some level that in 5-10 years we'll both be surprised at the amount of progress in getting computers to read. Will it replace human translation? Probably not... but it might supplement it enough that it'll make it possible for humans that aren't comprehensively knowledgeable in those languages to have a fighting chance.

For example, take Japanese -- Chosen as that is the second language I'm trying to learn. Take a bit of OCR technology -- the ReadIRIS suite of programs already do a great job of Kanji OCR, for example. Now add OCR to an augmented reality app, like something for an iPhone, or a web browser plugin, or what have you -- a simple enough prospect, really, it's just one step up from taking a scanned image and OCRing *that*.

I don't know Japanese. I can read some basic Kanji and the Kana, that's it. But with ReadIRIS and a few hours of time, I can get the gist of a chapter of Translucent or Doraemon. If I didn't have to spend hours cutting the text out of the pages using Photoshop - i.e., if ReadIRIS or other similar programs could pull text forward on their own...

Now, take that technology (on the fly OCR of Japanese characters from any source), and take it to some logical middle steps -- making the computer provide Furigana or SKIP numbers right next to the Kanji in a transparent overlay, for example. Would it translate? No, not technically, but it would certainly make it a lot easier for a Japanese-as-a-second-language student to figure it out -- instead of OCR, then copy, then paste into a machine translator, I'd look it up in a dictionary.

Or for simple translations (signs, menus, etc), you could whip out a cellphone, take a picture of a door or what have you, then look off to the side and see "Open" or "Express Vasectomy Service" -- you know, stuff you might wanna know about. ;) This is stuff that's not too far out there -- we have OCR, it just needs to get better in order to go to this step.

The rest of the functions we already have, in stuff like the Furigana Injector for Firefox, or rikaichan, although they require HTML or Plaintext. Hooking that up to an OCR augmented reality app... well... It's just taking our current gadgets 1 step further, and using some duct tape to put them together.

And actually, apparently Toshiba is working on something similar to what I was gibbering about earlier -- Voice Recognition coupled to Machine Translation and Voice Synth. Hold up your phone and let it translate for you. Kurzweil predicted this would happen in "2009 or 2010" in a November 07 interview, as well as in his 1990 book -- although admittedly he was off by 10 years in the book.

As for more traditional, complete, "humanesque" translations... Well. Lets see what happens in 10 years. To quote Pterry -- I wouldn't take that bet, it looks like it'd go to the judges.

As a linguist, let me tell you something:

True translation is nigh impossible for a human, and requires comprehensive knowledge of both the source and target cultures. Not just the patterns of sound/text that represent the languages used by those cultures. A computer will not provide human-level-quality translation at any time in the foreseeable future. Maybe before the end of my life, especially if I take a lot of vitamins (if I'm to believe Kurzweil, which I stopped doing years ago--the guy is a hack), but not anytime soon.

I'd love for computers to be able to put me out of a job. But I don't see it happening.

And most scientists in the know thought mapping the Human Genome was a fool's errand due to the computing power requirements. Technology found a way to surprise almost everyone.

While I bow to your superior wisdom in the field, I remain convinced on some level that in 5-10 years we'll both be surprised at the amount of progress in getting computers to read. Will it replace human translation? Probably not... but it might supplement it enough that it'll make it possible for humans that aren't comprehensively knowledgeable in those languages to have a fighting chance.

For example, take Japanese -- Chosen as that is the second language I'm trying to learn. Take a bit of OCR technology -- the ReadIRIS suite of programs already do a great job of Kanji OCR, for example. Now add OCR to an augmented reality app, like something for an iPhone, or a web browser plugin, or what have you -- a simple enough prospect, really, it's just one step up from taking a scanned image and OCRing *that*.

I don't know Japanese. I can read some basic Kanji and the Kana, that's it. But with ReadIRIS and a few hours of time, I can get the gist of a chapter of Translucent or Doraemon. If I didn't have to spend hours cutting the text out of the pages using Photoshop - i.e., if ReadIRIS or other similar programs could pull text forward on their own...

Now, take that technology (on the fly OCR of Japanese characters from any source), and take it to some logical middle steps -- making the computer provide Furigana or SKIP numbers right next to the Kanji in a transparent overlay, for example. Would it translate? No, not technically, but it would certainly make it a lot easier for a Japanese-as-a-second-language student to figure it out -- instead of OCR, then copy, then paste into a machine translator, I'd look it up in a dictionary.

Or for simple translations (signs, menus, etc), you could whip out a cellphone, take a picture of a door or what have you, then look off to the side and see "Open" or "Express Vasectomy Service" -- you know, stuff you might wanna know about. ;) This is stuff that's not too far out there -- we have OCR, it just needs to get better in order to go to this step.

The rest of the functions we already have, in stuff like the Furigana Injector for Firefox, or rikaichan, although they require HTML or Plaintext. Hooking that up to an OCR augmented reality app... well... It's just taking our current gadgets 1 step further, and using some duct tape to put them together.

And actually, apparently Toshiba is working on something similar to what I was gibbering about earlier -- Voice Recognition coupled to Machine Translation and Voice Synth. Hold up your phone and let it translate for you. Kurzweil predicted this would happen in "2009 or 2010" in a November 07 interview, as well as in his 1990 book -- although admittedly he was off by 10 years in the book.

As for more traditional, complete, "humanesque" translations... Well. Lets see what happens in 10 years. To quote Pterry -- I wouldn't take that bet, it looks like it'd go to the judges.