Firefox Support For NPAPI Plugins Ends Next Year

An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.

Experience?

Too much use of the word 'experience' shows that Mozilla has been taken over by managers.

Re:Experience?

Nope, experience is a bullshit bingo word because it triggers the positive association that people have with knowledge which is gained through experience. But while it sounds positive, it doesn't actually make a qualitative or quantitative claim one way or the other in the way it is used by business people. "The web experience" just means that people are using the web. They could be hating it from start to finish, not learning a thing on the way, and it would still be their web experience.

Moral of the story:

[140Mandak262Jamuna]

Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture."

The moral is, if you screw up in small scale you pay the price. If you screw up in gigantic scale, others will accommodate you. Small borrowers get foreclosed. Gigantic debtors get bailed out. Minor plug-ins with stability and security issues get pulled.Even major ones like java. But you screw up in gigantic scale like Adobe Flash, the market prices your misdeeds in and expects others to act knowing, "yeah, Adobe Flash is a mess, but we know it is a mess, we need to work around it".

Re:Moral of the story:

I was going to post pretty much the same thing. Yes, let's close off all those insecure plugins, but give FLASH a pass. The worst offender of the bunch for security and stability issues. Flash: the Citibank of plugins.

Re:Moral of the story:

[Anonymous+Brave+Guy]

It's not even as if Java is a huge security problem today. It's effectively been click-to-play by default in all major browsers for a long time, and the plug-in itself then has a bunch more security safeguards before it will trust remote code to do just about anything.

As I seem to have to point out every time this subject gets raised, this is a horrible move in terms of preserving useful content on the web. A lot of things that have been done with plug-ins like Java or Silverlight are small and in-house, like the math lecturer's interactive visualisation of something in their course, or the applet some guy in sales wrote a few years ago for the intranet so the group managers could see a quick overview of how everything is going and copy the data straight into their Excel spreadsheet. Of course they have also been used for a lot of GUIs for networked devices, where things like drawing interactive charts wasn't possible using native web technologies until relatively recently.

Many of these useful tools won't have dedicated maintainers and they aren't magically going to get rewritten to use the new blessed technologies. Closing them off in Firefox as well just means anyone who actually relies on them is now left on IE forever. Again.

Re:Moral of the story:

[Anonymous+Brave+Guy]

I make browser-based user interfaces for a living, and I can say without hesitation that a lot of these new technologies aren't ready for prime time yet (though that's not going to stop Google, Apple and Mozilla treating them as if they are).

SVG and Canvas performance is highly variable. There are sometimes serious rendering glitches in some of the browsers as well, even looking at quite simple cases. Plus issues with events not propagating properly, which variation of animations we're supporting this week, etc.

MathML is only supported usefully in Firefox and Safari.

HTML5 audio/video is just a gigantic mess, not only in the lack of any portable format for each that works just about everywhere, but also in terms of browser controls, cache behaviour, even basic stuff like triggering corresponding JS events at the right time or showing the right poster image for a video. Plus of course there's the whole ECE mess, which is corrupting the open web with DRM, creating whole new attack vectors, or just another kind of plug-in that now needs to be developed and then ported across platforms instead of the old ones, depending on who you'd like to hate it the most right now.

WebGL is interesting but support is generally still patchy. It's also worth noting that like any of the other hardware-accelerated features here, it's going to create more attack surface, which is why the argument that browser features are somehow more likely to be secure than the equivalent plug-in features they're replacing is just silly.

As a final comment, a lot of those sites using plug-ins that you call "legacy" were doing things the only way they could just a few years ago. Even if they all worked properly today, those technologies I mentioned above have only been viable alternatives very recently. It's not realistic to expect everyone who has been developing tools built with plug-ins and sunk large amounts of time and money into developing them to just do a Big Rewrite into HTML5-friendly technologies to suit the browser makers. Given that most of those browser makers have made it abundantly clear that they don't really care about providing meaningful long term support for anything any more, I suspect before long they are going to start reaping what they have sown as they find people who build web apps increasingly sceptical about relying on unproven features. Ironically, they could even be strengthening the native software and mobile app markets in the long run.

Re:Moral of the story:

[Anonymous+Brave+Guy]

The standard is not whether something worked a year or two ago, but whether it followed the recommended best practices in effect at that time.

The important thing is always whether something works properly. Everything else -- formal standards, compatibility work, portability work -- is just a means to that end.

If you write a site using standards on the verge of being declared obsolete, you have no one to blame but yourself.

Which is an easy argument to make until someone points out that in these cases the people declaring something "obsolete" are frequently biased and, in particular, advocating a new and inferior replacement.

Dependence on NPAPI plugins hasn't been best practice for a long time now, much longer than one year

And yet viable alternatives to the things we've been doing successfully with various plug-ins for literally a decade or more have barely been around that long, and in many cases are still obviously and objectively worse in significant respects today.

Flash is the only plugin with any widespread support left, and it's been on its way out for a while.

Not in corporate use. Not even close.

Sites which depend on such plugins already fail on mobile browsers, which are becoming more and more popular and haven't even supported Flash for several years, much less other plugins.

And the corporates mostly don't care, because they have real work to do and provide their staff with real computers to do it. No-one is preparing their quarterly accounts presentation on an iPhone.

Plugins, on the other hand, have always been a compatibility nightmare—non-standardized, proprietary, and non-portable.

And yet Java applets were recognised as early at the <applet> tag somewhere back in the 90s, while Flash has been one of the most successfully standardised parts of web history in terms of both portability and longevity. I suspect only HTTP, HTML 4 and CSS 2.1 have been more successful in those respects.

If you like standards and cross-browser compatibility, you should be backing this change.

I like things that work. To be fair, I also like the new "standard" and "cross-browser compatible" features, but for a very different reason: they are still so badly implemented so often, and broken so often by browser updates, that I make an awful lot of money fixing things that rely on them.

fewer one-off, closed-source, browser- and OS-specific binary plugins

Because ECE for multimedia playback and graphics drivers to accelerate WebGL are so much better?

IE itself is deprecated

It really isn't, in any practical sense. Realistically, Microsoft are going to continue supporting it until at least 2020 because of the Win7 support, and because dropped it would cost them the support of the business community that makes up the lion's share of revenues.

For perspective, that is more than 30 six-weekly update cycles of various other major browsers where businesses don't have to worry unduly about something they rely on being arbitrarily broken.

Yeah whatever man

Firefox isn't that technologically interesting anyway. A crusty single-threaded browser running on the old hacked Netscape engine.

Re:Is this goodbye?

Of course, they're also killing support for NoScript

Odd. Giorgio Maone, the author of NoScript, says Mozilla isn't doing that. It's almost as if you don't know what you're talking about.

Re:NPAPI Plug-ins

[isj]

I want ads to be in flash because that makes them easy to block :-)