Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Support For NPAPI Plugins Ends Next Year (mozilla.org)

Posted by Soulskill on from the no-time-like-the-future dept.

An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.

9 of 147 comments (clear)

  1. Experience? by Anonymous Coward · · Score: 5, Insightful

    Too much use of the word 'experience' shows that Mozilla has been taken over by managers.

    1. Re: Experience? by Anonymous Coward · · Score: 4, Funny

      That's a nice first post experience you had there!

  2. Moral of the story: by 140Mandak262Jamuna · · Score: 4, Insightful

    Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture."

    The moral is, if you screw up in small scale you pay the price. If you screw up in gigantic scale, others will accommodate you. Small borrowers get foreclosed. Gigantic debtors get bailed out. Minor plug-ins with stability and security issues get pulled.Even major ones like java. But you screw up in gigantic scale like Adobe Flash, the market prices your misdeeds in and expects others to act knowing, "yeah, Adobe Flash is a mess, but we know it is a mess, we need to work around it".

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Moral of the story: by Anonymous+Brave+Guy · · Score: 4, Insightful

      It's not even as if Java is a huge security problem today. It's effectively been click-to-play by default in all major browsers for a long time, and the plug-in itself then has a bunch more security safeguards before it will trust remote code to do just about anything.

      As I seem to have to point out every time this subject gets raised, this is a horrible move in terms of preserving useful content on the web. A lot of things that have been done with plug-ins like Java or Silverlight are small and in-house, like the math lecturer's interactive visualisation of something in their course, or the applet some guy in sales wrote a few years ago for the intranet so the group managers could see a quick overview of how everything is going and copy the data straight into their Excel spreadsheet. Of course they have also been used for a lot of GUIs for networked devices, where things like drawing interactive charts wasn't possible using native web technologies until relatively recently.

      Many of these useful tools won't have dedicated maintainers and they aren't magically going to get rewritten to use the new blessed technologies. Closing them off in Firefox as well just means anyone who actually relies on them is now left on IE forever. Again.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    2. Re:Moral of the story: by Anonymous+Brave+Guy · · Score: 4, Insightful

      I make browser-based user interfaces for a living, and I can say without hesitation that a lot of these new technologies aren't ready for prime time yet (though that's not going to stop Google, Apple and Mozilla treating them as if they are).

      SVG and Canvas performance is highly variable. There are sometimes serious rendering glitches in some of the browsers as well, even looking at quite simple cases. Plus issues with events not propagating properly, which variation of animations we're supporting this week, etc.

      MathML is only supported usefully in Firefox and Safari.

      HTML5 audio/video is just a gigantic mess, not only in the lack of any portable format for each that works just about everywhere, but also in terms of browser controls, cache behaviour, even basic stuff like triggering corresponding JS events at the right time or showing the right poster image for a video. Plus of course there's the whole ECE mess, which is corrupting the open web with DRM, creating whole new attack vectors, or just another kind of plug-in that now needs to be developed and then ported across platforms instead of the old ones, depending on who you'd like to hate it the most right now.

      WebGL is interesting but support is generally still patchy. It's also worth noting that like any of the other hardware-accelerated features here, it's going to create more attack surface, which is why the argument that browser features are somehow more likely to be secure than the equivalent plug-in features they're replacing is just silly.

      As a final comment, a lot of those sites using plug-ins that you call "legacy" were doing things the only way they could just a few years ago. Even if they all worked properly today, those technologies I mentioned above have only been viable alternatives very recently. It's not realistic to expect everyone who has been developing tools built with plug-ins and sunk large amounts of time and money into developing them to just do a Big Rewrite into HTML5-friendly technologies to suit the browser makers. Given that most of those browser makers have made it abundantly clear that they don't really care about providing meaningful long term support for anything any more, I suspect before long they are going to start reaping what they have sown as they find people who build web apps increasingly sceptical about relying on unproven features. Ironically, they could even be strengthening the native software and mobile app markets in the long run.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  3. Those are add-ons, not plugins. by WD · · Score: 4, Informative

    Add-ons will continue to work. This is talking about NPAPI plugins.

  4. Re:Is this goodbye? by Anonymous Coward · · Score: 4, Informative

    Plug-ins != add-ons

  5. Re:Question by Sigma+7 · · Score: 5, Informative

    What is NPAPI ?

    NPAPI is the legacy plugin system used by browsers that allows webpages to serve executable content without the user having to download a file.

    This system is used by Flash, Unity, Java, and various unimportant plugins. Of these, Flash has an arrangement with Adobe, Unity has an exit strategy, and Java is completely neutered as it was for quite some time. The unimportant plugins are unimportant (and if they were, they'd have fixed it by now.)

    and does this have anything to do with the add=ons and plug=ins specific to Firefox and Seamonkey
    SAome of which break every time they put out a new version of FF

    Those are extensions, which is completely different.

  6. Re:Question by fahrbot-bot · · Score: 4, Informative

    What is NPAPI ?

    Jesus you're lazy: NPAPI

    --
    It must have been something you assimilated. . . .