Webware

Mozilla, racing to release Firefox 3.6 by the end of the year, issued a fifth, and likely final, beta version of the new browser.

The open-source browser backer announced the new Firefox beta (download for Windows and Mac OS X) in a blog announcement Thursday.

Firefox 3.6 builds in a feature called Personas for customizing the browser's appearance, adds the File interface for better file management such as selecting what to upload, and, my personal favorite, placement of new tabs next to the ones that spawned them.

A total of 127 bugs were fixed since the fourth beta, but this time Mozilla didn't announce any new features. The first Firefox 3.6 beta arrived in October.

Mozilla had considered issuing its first Firefox 3.6 release candidate this week: "If we can go to build today or tomorrow, QA [quality assurance] will scrap Beta 5 and we'll release RC to the beta audience ASAP," the Mozilla meeting notes said.

Mozilla has updated its Firefox browser to patch three critical security holes.

Firefox 3.5.6 and 3.0.16 both fix earlier memory corruption issues. "We presume that with enough effort at least some of these could be exploited to run arbitrary code," the security advisory said.

In addition, the earlier version of Firefox 3.5 had two critical vulnerabilities in its technology for playing Ogg-format media, one with the liboggplay media library and one with the libtheora video library.

The patches are among 62 fixes in the new Firefox, software that's translated into dozens of languages and runs on multiple operating systems. Users of the OS/2 operating system will be delighted to know that problems with Firefox's full-screen mode and with print preview have been resolved.

"We strongly recommend that all Firefox users upgrade to this latest release," Mozilla said in a blog posting. By default, Firefox downloads updates automatically then prompts users to restart when it's ready; updates also can be retrieved through the "check for updates" menu option.

Mozilla plans to cease supporting Firefox 3.0 in January. Meanwhile, a significant update, Firefox 3.6, is due by the end of the year.

Correction 1:23 p.m. PST December 17: This story was corrected to note that it was the earlier versions of Firefox that suffered the vulnerabilities.

3D graphics became ordinary first in games, then in operating systems, and on Thursday, it took a significant step toward being built into Web browsers as well.

The Khronos Group, which oversees the OpenGL graphics interface, announced that its work with Mozilla to bring hardware-accelerated 3D graphics to the Web has reached draft standard form. The standard, called WebGL, lets programmers who use the Web's JavaScript language take advantage of the fact that video cards can handle 3D graphics with aplomb.

The group now wants commentary from Web developers and others who might be involved with WebGL so it can be finalized. "I anticipate us moving toward a spec that is not provisional, not merely a draft, in early 2010, the first quarter," said Arun Ranganathan, chairman of the WebGL working group and standards evangelist at Mozilla.

Internet Explorer remains the dominant browser in terms of usage, but all four of its main challengers--Mozilla's Firefox, Apple's Safari, Google's Chrome, and Opera Software's Opera--are working hard, sometimes in an informal alliance, to get ahead by advancing the Web state of the art.

WebGL fits into that effort, and not just academically. All four of those browser makers have endorsed WebGL, and developer test versions of Firefox, Safari, and Chrome have it built in. Microsoft declined to comment for this story beyond reiterating its general support for standards.

Ultimately, building 3D support into the Web could advance user interfaces of Web applications--including games, the popularity of which can be a powerful incentive for upgrading to the latest technology.

It's not clear exactly how it will play out, though, Ranganathan said. The arrival of Canvas, an advanced 2D interface for browsers, has led to a blossoming of graphics work, and he expects a similar change with 3D graphics.

But don't hold your breath for Web-based first-person shooters that rival native applications. First, even if 3D is accelerated, there are plenty of other processing and user interface constraints on Web applications. Second, even after WebGL is standardized, it must be built into browsers, people must upgrade to those new versions, and programmers must learn how to support the technology.

WebGL isn't the only 3D Web work under way. Google has its own O3D project, which currently is a browser plug-in but that the company also is building directly into Chrome.

O3D is a higher-level interface, though, not a direct competitor. Details are technical, but O3D uses a retained mode approach to WebGL's immediate mode interfaces.

And of course, a decade ago there was VRML--virtual reality modeling language, a file format rather than interface. A VRML successor called X3D, though, can actually make use of WebGL, and indeed a project called X3dom aims to do just that.

Mozilla Messaging pushed the stable release of Thunderbird 3 out of the nest on Tuesday, and there's a lot to like in case you haven't been following the beta development of this Outlook alternative. The long-overdue Thunderbird 3 is available for Windows, Mac, and Linux, and it introduces several hefty new features and some long-needed improvements, including an overhauled search and message indexing, tab support, and a revamped setup wizard that's designed to make new account setup quick and painless.

One feature that isn't included is the calendaring add-on, Lightning. Originally, Mozilla had planned to bake the extension into the program, but decided back in February 2009 to change course and leave it up to users to download. Although Thunderbird natively comes with Microsoft Exchange support, there's no calendar and therefore no meeting support in the default Thunderbird installation. Along with Lightning, there's an essential Google Calendar add-on for Lightning that gives Google users calendar support in Lightning. Currently, the only version of Lightning that works in Thunderbird 3 is the nightly build, available here.

Even without Lightning, Thunderbird makes for an excellent desktop-based e-mail client. Beyond Outlook replacement, it also makes a savvy offline or local-storage tool for the various Web mail providers. Gmail integration has existed in Thunderbird for a while, but improvements in version 3 include better recognition and integration of Gmail's special folders. These include Sent and Trash, and the non-English versions of Gmail. The All Mail option in Gmail defaults in Thunderbird to the Archives folder.

Thunderbird 3's new search results pane.

(Credit: Screenshot by Seth Rosenblatt/CNET)

Undeniably, the killer feature in Thunderbird 3 is the search. The most obvious competitor, Microsoft Outlook, doesn't offer anything that comes close to the level of granular control that Mozilla has given Thunderbird users. The new search bar is dominant at the top of the interface, and is set by default to search all messages. When you search, a new tab will open with your results organized as shown in the screenshot above. Filters based on e-mail addresses, folders, and tags appear on the left, while the majority of the window is given over to displaying summaries of the e-mails that meet your criteria. There's also a timeline bar graph at the top of the results. Click it, and then mouse over any of the subcategories to see how they occurred over time.

You can change the search box to one of several filters, including Subject, From, Recipient, To, CC, and Message Body. Frustratingly, you can't filter by Tag. You can also save any of these filtered searches as a virtual folder. Editors' note: The previous two paragraphs have been rewritten for clarity.

The new search bar drops down with options, but also can do predictive on-the-fly queries similar to the URL bar in Firefox 3.

(Credit: Screenshot by Seth Rosenblatt/CNET)

There is one drawback to the search: the first time it indexes your messages, you're potentially in for a long, long wait. In testing, this depended entirely on the number of messages in your folders. High volume accounts, whether locally archived or all on a server, should probably set their indexing to run overnight. After the first indexing, each new e-mail is added as it comes in.

E-mails open by default into new tabs, making the e-mail reading experience far more similar to the Web-browsing one. This can be toggled under the Advanced section of the Options, under the Reading and Display tab. The hot keys for the e-mail tabs have been mapped the same as in Firefox, so middle-click an e-mail to open it in a new tab but retain your focus on the current tab. The CTRL+Tab hot key combo will cycle through your tabs, and there's an open tab button on the right side of the tab bar to help manage your tabs.

There's a new activity manager that records all interactions between your e-mail provider and Thunderbird, making it easier to track down errors when you send or receive mail. There's also an entirely new system for archiving messages based on Gmail's "archive and forget it" method. The new version offers the traditional multiple-folder-based solution, as well as the new dumping-ground style, which can be activated via the "A" hot key. Thunderbird 3 supports Firefox personas, too, further reinforcing their shared architecture.

Thunderbird 3 beta 4 introduces tighter folder integration for Gmail users.

(Credit: Screenshot by Seth Rosenblatt/CNET)

Other changes include major code improvements. The setup wizard now looks to mozillamessaging.com for additional information on how to configure the account. This changes how new Web mail accounts are created. Mozilla has said that only the domain name from your e-mail address gets sent to Mozilla's servers, and that the entire process falls under the Mozilla's privacy policy. Nevertheless, it's a move that's likely to cause some concern among privacy advocates.

The compact header mode has been deleted, which is sure to annoy those who like using Thunderbird on smaller-form computers like Netbooks. Windows users should see Thunderbird results appearing in federated searches in Windows Vista and Windows 7, while Mac users will find Growl notification support for new e-mails, integration with Spotlight and the Mac OS X address book, and support for Mail.app. The full changelog for Thunderbird 3 can be read here.

Thunderbird 3 rates as a top-notch e-mail client, and it's definitely the best freeware one around. It will require some fidgeting to get it to be usable in a corporate environment, but it's far more scalable to user needs than anything else currently available.

Web pages aren't getting any smaller, but there are usually not more than a few paragraphs or a couple of images of particular interest on any given page. Firefox add-ons ICyte (also available for IE), Wired-Marker, and Trails let you save all or sections of Web pages and share your snippets with others.

ICyte makes sharing easy
Most of the time, sharing Web content means sending someone a link via e-mail, chat, or phone. The ICyte add-on for Firefox and Internet Explorer lets you highlight the important content on the page before you share it, or you can save and send portions of the page rather than the whole enchilada.

You must provide your name and e-mail address to use the service. After you download the add-on and restart Firefox, two buttons are added to the left of the address bar. Click the left button to create a Cyte for a new or existing "project." Here you can assign tags or a note to the Cyte. Click the button on the right to open your Cytes in the sidebar.

Annotate Web pages before you save and share them with ICyte.

(Credit: ICyte)

The Cyte entries in the sidebar show a thumbnail of the page, its name, the name of the project, and its comments and tags. When you click a Cyte to reopen it, a banner appears at the top of the main browser window showing the same information along with the date it was saved and a Live View button that returns to the original page. You can hide this banner to view more of the page itself.

Click the gear icon that appears when you hover over a Cyte in the sidebar to open its drop-down menu with options for editing the Cyte name and other data (but not the page itself), creating a copy, deleting the Cyte, sending it to someone via e-mail, or embedding it in a Web page. You can also share the sites you designate as public with others via RSS, Facebook, Twitter, and other social networks, though I didn't try these features.

... Read more

The World Wide Web Consortium has published a draft of an interface that browsers can use to manipulate files better, one of a series of steps aimed at gradually improving the sophistication and polish of Web site interfaces.

The draft File API (application programming interface) defines a number of ways that browsers and Web sites can handle files better. One big part of it: being able to select multiple files for upload, such as on photo-sharing sites or Web-based e-mail, a task that often relies on Adobe Systems' Flash today.

But there are other aspects, too. For example, the Files interface governs the use of "blobs," or packages of raw binary data such as video files. Google has touted blobs for its Gears browser plug-in as a way to divide large videos into small chunks so that uploads can be more easily resumed if a network problem interrupts the process.

Another benefit: files are handled asynchronously, which means the browser won't freeze up while a file is being uploaded or otherwise handled, and the browser reports progress on file transfers.

The technology is one example of work to transform the Web into a better foundation for interactive applications, a move that usurps some power from computer operating systems such as Windows and that's embodied most boldly in Google's Chrome OS project.

Here's one example of use of the Files interface provided by Mike Smith, who works for the W3C on matters relating to HTML--Hypertext Markup Language, the language used to describe Web pages:

A user uses a Web-based application for reading and sending e-mail. She wants to attach multiple files to particular messages. The Web application provides an user interface that allows her to select multiple files to attach at the same time. After she selects the files, they are uploaded to the Web application asynchronously, allowing the user to perform other actions while they are uploading (for example, finishing the rest of the message she was composing before you added the file attachments). As the attachments are uploaded, the Web applications shows progress bars to indicate how much of the contents of the files have uploaded thus far.

The interface can work in conjunction with various standards including the drag-and-drop support in the HTML 5 now under development and the Web Workers technology that lets browsers better perform multiple operations simultaneously.

The interface also can help Web applications process the contents of files. For example, Smith describes a lyrics finder:

A user has on her local file system a playlist file from her favorite desktop music player. The playlist contains a list of song titles and information, and she wants to be able to easily fetch the lyrics for particular songs without needing to manually search for the lyrics on the Web. So a site can provide a Web-based application that allows her to upload her playlist. The Web application then parses the file and then presents a user interface to her, show in the contents of the file as a hyperlinked, sortable list. She can then retrieve the lyrics for any given song just by clicking on a particular song title.

Arun Ranganathan, Mozilla's standards evangelist and chairman of the WebGL working group, wrote the specification, according to Chris Blizzard, Mozilla's director of developer relations.

Standards for the Web are advancing rapidly with W3C representatives including Microsoft working in conjunction with a parallel effort, WHATWG. New standards require actual implementation in browsers before they are accepted as finished, a fact that can lead to some chaos but that helps ensure the new ideas are tested in the real world.

Firefox 3.6, in beta testing now, will support most of the Files API, according to Blizzard.

Firefox has a CPU usage issue and, consequently, can cause overheating problems in some laptops, particularly ultraportables. That's what I've found over the last couple of years.

But don't take my word for it. This is documented on a Mozilla support page entitled "Firefox consumes a lot of CPU resources." The page states: "At times, Firefox may require significant CPU [central processing unit] resources in order to download, process, and display Web content." And forum postings like this one about a Dell Netbook are not uncommon: "Mini9 would get way too hot."

The Mozilla support page goes on to say that "you can review and monitor CPU usage through specific tools" and describes ways to limit CPU usage, such as: "A Firefox add-on, called Flashblock, allows you to selectively enable and disable Flash content on Web sites."

Let me describe my experience. I find that tab for tab, Firefox uses decidedly more resources than other browsers--Safari, for example. And in the past (when I was actively using a Windows Vista-based machine) Firefox also compared unfavorably with Microsoft's Internet Explorer for CPU usage.

More specifically, here's the behavior as I see it. When I'm accessing sites with multimedia content such as the CNET front door, Firefox CPU usage will bounce around between 30 and 60 percent, and sometimes spike higher (80 percent and above), as indicated by the Mac OS 10.6.2 Activity Monitor.

On the other hand, the Safari CPU usage with the same pages open is much lower--typically between 2 percent and 10 percent.

My theory is that most users don't notice this because in mainstream laptops, this isn't an issue. But it can become an issue in ultraportables--typically under an inch thick--which are more sensitive to heat because of the design constraints. The ultrathin Apple MacBook Air, which I use as my main machine, is a good example.

The fan is usually an audible indicator of CPU usage issues. When I'm using Firefox and I have tabs open on multimedia-rich sites (which is par for the course these days), the Air's fan will almost invariably kick on and stay on until I close the tabs. As I write this, the fan has finally shut down after I closed the Firefox tabs (e.g, CNET front door). Those same tabs in Safari are still open and not causing any significant spike in CPU usage or fan activity.

When I contacted Mozilla, a technical support person guessed that Safari is possibly better at optimizing Flash-based sites compared to Firefox. And that may be true. However, I had similar issues before when I was using a Hewlett-Packard business ultraportable (also very thin like the Air) that were not necessarily tied to Flash usage. In short, Firefox was less efficient with CPU usage compared to Microsoft's IE 8. And the behavior was similar. The HP laptop would quickly heat up and the fan would kick on.

Finally, let me reemphasize that I'm guessing that most users don't notice this because heat dissipation is not a big issue for mainstream laptops that are not necessarily thermally-challenged when accessing multimedia-rich Web pages. That said, this has been a steady problem for me because I use ultraportables almost exclusively and has forced me to limit my use of Firefox.

Internet Explorer 8, Firefox 3, Google Chrome 4, Apple's Safari 4, and Opera 10 include features that block sites known to host malware and malicious downloads. All but Opera also let you browse without leaving any tracks. But just as important as these protections is ensuring that whichever browser you use is thoroughly patched.

Filtering out bad sites
Firefox's built-in antiphishing tool claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page. Firefox 3 uses Google's Safe Browsing service to automatically block sites that are known to host malware. The Google Code site describes how Safe Browsing works in Firefox.

To verify that attack-site blocking is enabled in Firefox, click Tools > Options > Security and make sure "Block reported attack sites" is checked.

Firefox will prevent known-bad sites from opening when "Block reported attack sites" is checked.

(Credit: Mozilla Foundation)

The same feature is built into Google's own Chrome browser. You can ensure that malware-site filtering is on in Chrome by clicking the wrench icon in the top-right corner, choosing Options, and selecting Under the Hood. "Enable phishing and malware filtering" should be checked. The Google Chrome Help site describes the feature. (Hint: This page looks very similar to the description on the Google Code site.)

Google's Chrome browser blocks known-bad sites when "Enable phishing and malware protection" is checked.

(Credit: Google)

The SmartScreen technology in version 8 of Internet Explorer blocks known-malicious downloads as well as bad URLs. Other new security features in IE 8 include automatic blocking of click-jacking and cross-site scripting attacks, automatic crash recovery, and highlighting of the actual domain name in the address bar. The Microsoft Security site describes the SmartScreen Filter and includes links to a SmartScreen FAQ and information for site managers.

Apple's Safari browser added phishing and malware blocking in version 3.2, which was released in late 2008; read about this and other security features in Safari 4 on the Apple Safari site. Likewise, Opera's Fraud Protection predates the phishing and malware filters in IE and Firefox and is enhanced in the latest version 10. But attack-site blocking is only one of Opera's many security features, which you can read about on the Opera site.

Browsing in private
To activate private browsing in Firefox 3, click Tools > Start Private Browsing, or simply press Ctrl-Shift-P. You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy and check "Automatically start Firefox in a private browsing session." The Mozilla support site provides more information about this feature. Likewise, put IE 8 in private-browsing mode by clicking Safety > InPrivate Browsing, or by pressing Ctrl-Shift-P. You can also open a new tab and click either Browse with InPrivate or Open an InPrivate Window.

IE 8 also lets you control the information about your browsing habits that's shared with Web tracking services. To activate this feature, click Tools > InPrivate Filtering Settings and choose "Let me choose which providers receive my information." This opens the InPrivate Filtering settings dialog, where you can turn filtering off, choose which services to block from tracking you, or automatically block all trackers.

Internet Explorer 8's InPrivate Filtering lets you block some or all Web tracking services.

(Credit: Microsoft)

You can open an incognito window in Google Chrome by clicking the wrench icon in the top-right corner and choosing "New incognito window," or simply press Ctrl-Shift-N. The incognito icon (a shadow figure in a fedora and glasses) appears in the top-left corner of the browser window. The Chrome support site offers a more detailed description of this feature.

Opera lacks an equivalent private-browsing capability but does offer private searching and other identity-blocking features, as described on the Opera site. To activate private browsing in Safari, simply click Safari Settings Menu > Private Browsing.

Automatic and not-so-automatic browser updates
Patching is a way of life with nearly all software, but especially with browsers and the media players associated with them: Adobe Reader, the Flash Player, Apple's QuickTime, and Sun's Java, among others. All of a browser's security features can be rendered useless by a piece of malware that takes advantage of an unpatched hole in the program.

Firefox 3 alerts users to the presence of an update and now also notifies you when your Flash Player is out-of-date. Internet Explorer 8 updates via the Windows Update/Microsoft Update services. Google Chrome made a splash by being the first browser to update itself in the background without requiring any prompting from users. Safari updates automatically via Apple's update service, which also serves up patches automatically for QuickTime, iTunes, and other Apple software. Opera also notifies you automatically when a new version is available.

But updating is too important to leave to others. Back in April, I described Secunia's Online Software Inspector and downloadable Personal Software Inspector, which identify out-of-date programs on your PC. The programs mentioned in that post have all been updated since, but Secunia's services should point you to the most recent versions.

(Note that Secunia sometimes reports a program as being out-of-date when in fact you have the latest version. On my PC, it continually reports my up-to-date Flash Player as being in need of an update, for example. But the free service Secunia provides is worth putting up with this and similar minor annoyances.)

Google wants to catalyze the era of Web applications with its Chrome OS project, but Mozilla has no plans for its own browser-based operating system, at least for now.

"We're really focused on making the Web the right platform of whatever operating system one is using. That's a fair amount of work," Mozilla Foundation Chairman Mitchell Baker said. "I think we're going to continue to focus for quite awhile on the Web itself as a platform and the capabilities of the Web rather than build an operating system of our own and pull everybody into our world."

Mozilla Foundation Chairman Mitchell Baker

(Credit: Mozilla)

Baker shared the thoughts in an interview about the Mozilla Foundation's report of $79 million. The foundation isn't strapped for cash, but it is financially tiny compared to the three main rivals in the browser market today, Microsoft, Apple, and Google.

Microsoft was largely dormant when Firefox was getting its start five years ago, but the company is lighting a fire under its Internet Explorer developers for IE 9. Among the features the company touted are faster execution of Web-based JavaScript programs, better compliance with Web standards, and higher performance in general.

Internet Explorer remains the dominant browser in use today. Today, the elderly IE 6, dating from 2001, still is the most widely used version, and its widespread use is an anchor that keeps Web developers and therefore other browsers from advancing as fast as they might. So, unsurprisingly, Baker was comfortable with the prospect of a higher-powered IE being resurgent.

"If it could resurge enough to pull the hundreds of millions of people still using IE 6, we'd all be ecstatic," she said. "A lot of people are going to continue to use IE. They get it on their machine. If Microsoft makes that product more capable so the Web can move forward, there's good in that."

The Mozilla Foundation, of which Firefox developer Mozilla Corp. is a taxable subsidiary, gets the bulk of its revenue from Google through a search-ad deal that runs through 2011 at present. Search traffic that stems from Firefox's built-in search bar is set by default to go to Google, and a portion of the resulting Google search-ad revenue goes back to Mozilla.

Mozilla is looking to diversify its revenue sources, though, Baker said, and has taken some small steps.

"We did some small diversification in search, for example in Russia," using Google rival Yandex's services, she said. "We look at diversification, but we're not rushing into it."

And she's comfortable with today's funding situation because it doesn't force Mozilla to take Firefox in a direction it doesn't want to go.

"We have search in the product because we want it. We don't have any other discussions with Google about what the product is," she said. "The search and revenue relationship is completely distinct from the product development relationship."

Though Mozilla's revenue grew only at 5 percent from 2007 to 2008, compared to 12 percent the year before, Baker isn't concerned. "It matches our projections" of slow, steady growth, she said. "We're pretty much in line."

Digging into the financial statement, it should be noted that the foundation's $79 million in revenue is after a $7.8 million unrealized loss in the value of its investments. As the economy improves, it's possible those investments will recover some of their value.

The foundation is making more money than it loses. Expenses were $49 million for 2008, according to the financial statement.

"We have adequate resources to do what we have planned, plus save a little bit," Baker said. "Right now we're not bumping up against the ceiling. Our revenue is adequate to meet our needs. We try to be careful with money."

The Internal Revenue Service is scrutinizing Mozilla's corporate structure--a foundation with two taxable if not exactly for-profit subsidiaries. The foundation disclosed the scrutiny a year ago, and that investigation is continuing, Baker said.

"The IRS can be a very slow-moving organization. It's still an open discussion," she said, and the foundation is taking the matter seriously. "We don't have a clear idea what the IRS is thinking."

Two years ago, the Mozilla Foundation established its second taxable subsidiary, Mozilla Messaging, which focuses on the Thunderbird e-mail software and more recently on the Web-based Raindrop universal communications service. For now, that project gets its funding from the Firefox side of the house, but Baker plans to increase its financial focus once the near-final Thunderbird 3 is finished.

"The task now is to ship first Thunderbird 3. We expect to see that this year," Baker said. Mozilla overall is set up to be sustainable, not to be a money machine, but Mozilla Messaging will need to generate more revenue on its own eventually to help with that sustainability effort.