Slashdot Mirror
A Mozilla Plugin to Help Overcome IE Rendering Flaw
least_weasel writes "An article on Ars Technica reveals Mozilla's intention to create and release a plugin for Internet Explorer that would allow the often-criticized IE to utilize some of the cooler rendering code developed for Firefox. The current WIP focuses on rendering using HTML5 standards, but the plans seem to be more ambitious than just fixing this one small piece of IE. The article covers some of the plans, hurdles, and potential benefits. It also spills the beans on the code name for the project: Screaming Monkey."
FYI, Screaming Monkey was already discussed in an earlier story.
The only problem is getting people to install the plugin. My own solution was to use the market penetration of Java Applets to develop a shunt that would render Canvas using Java APIs. (Note that the events system has not been completed in that demo. Make sure you click outside the block falling area so that the browser receives the keyboard commands.)
The same sort of shunt could be done with Flash 9 or Silverlight. Which would do a nice end-run around the problem of getting plugins installed.
Javascript + Nintendo DSi = DSiCade
The new plan for Mozilla:
What could possibly go wrong?
HTML 5: have DOM storage (session and local) and database storage. These should all be SameOrigin. Meant to block userâ(TM)s deleting of tracking cookies. Use of database storage, there can be SQL injection against the local database. Some browsers support GlobalStorage that donâ(TM)t have SameOrigin control. Lots of new attack surface in FF3. Websites can be protocol handlers (support spyware!!). Installation of protocol handler is one click. WebKit is a big supporter of HTML5 and supports these issues.
HTML5 has limited storage (~ 15 Mbytes total) allowing easy exhaustion attacks and there is no UI to manage this. DOS is easy. Can easily plant arbitrary evidence on a system. HTML 5: Security âoeneed to write this sectionâ.
We now have web developers making desktop apps without any security or privacy expertise. The Web is becoming more heterogeneous and far far more dangerous.
Hey, that's great. Do they also have plans to fix the flaws in Firefox?
Off the top of my head, could we finally have support for SVG as a native image format? Or even just SVG rendering that isn't slower than a stone cow?
Don't want to sound like the grumpy old man, I just want most of my web shit to work in *one* browser before I worry about how it works in every browser.
Never approach a vast undertaking with a half-vast plan.
The fact still remains that people use IE, because that's "the Internet" on their computer. It's been suggested that Adobe might include these plugins (there's also one in the works for the canvas element) with their Flash installer. That would greatly increase the number of people with IE that would support some of the features that are already available in FF/Opera/Safari.
I think that people who don't have permission to install the plugins just won't be able to do so, but they wouldn't be able to install FF anyway.
I think the idea might be to get a first mover advantage on IE. If the IE installed base gets this plugin and gets used to the behavior, Microsoft will find it harder to do their usual trick of implementation-but-not-quite. People who have this plugin will be upset if Microsoft releases a new version of IE that breaks the Canvas behavior that they've become used to. A wide deployment of the plugin (perhaps through Adobe as the article speculates) might create just enough perceived path-dependence that Microsoft won't go out of its way to break the Canvas standard with a proprietary implementation.
The Rise and Fall of Online Community
We now have web developers making desktop apps without any security or privacy expertise. The Web is becoming more heterogeneous and far far more dangerous.
What bothers me is how security is somehow pushed to the forefront as the most important issue, even more important than functionality.
The most secure system is one that is turned off. This new stuff they're adding increases the attack surface, sure, but it's also necessary to build stuff that actually works (like a web app that doesn't die when your wifi does).
But even aside from the issue of functionality vs. security, there's the issue of security somehow being way more important in the browser, which I think is nonsense. Client-server apps have always had lousy security, and were easily hijacked. Just because they now run in a browser, the threat level hasn't changed. A hacker that is determined can break in sure, but they've always been able to break in. Nothing has truly changed, except for the perception of the threat level.
All in all I think the web stack is pretty secure by default, when comparing it to the alternatives.
This is exactly backwards to what most of us need. We need a [multiplatform] plugin for Firefox that will allow broken IE-only sites to work under Firefox so we can continue to use the browser of our choice. Not that I want to promote the use of IE-only coding, but the reality is that if the site doesn't work, the average users always blame Firefox, not the site designer.
I'd also like to believe Microsoft will get a bit arsey about it and be all "wut, we don't need ur bloody plugins, we'll make these features available ourselves!" and thus push them towards implementing more standards rather than just fixing the broken ones they have now.
Note: Not trying to troll on Microsoft here, just trying to point out that it would be helpful to everyone if IE supported more features that other browsers have.
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Sigh, if life were fair this would be true. The jocks become corporate sales guys and upper management types. While I honed my programming skills they developed "leadership" skills on a football scholarship at State U. Now they drive nice cars, play golf on office time, and their cheerleader girlfriends have become hot moms.
I think I'm going to put Revenge of the Nerds on to feel better.