The World Wide Web Consortium has published a draft of an interface that browsers can use to manipulate files better, one of a series of steps aimed at gradually improving the sophistication and polish of Web site interfaces.
The draft File API (application programming interface) defines a number of ways that browsers and Web sites can handle files better. One big part of it: being able to select multiple files for upload, such as on photo-sharing sites or Web-based e-mail, a task that often relies on Adobe Systems' Flash today.
But there are other aspects, too. For example, the Files interface governs the use of "blobs," or packages of raw binary data such as video files. Google has touted blobs for its Gears browser plug-in as a way to divide large videos into small chunks so that uploads can be more easily resumed if a network problem interrupts the process.
Another benefit: files are handled asynchronously, which means the browser won't freeze up while a file is being uploaded or otherwise handled, and the browser reports progress on file transfers.
The technology is one example of work to transform the Web into a better foundation for interactive applications, a move that usurps some power from computer operating systems such as Windows and that's embodied most boldly in Google's Chrome OS project.
Here's one example of use of the Files interface provided by Mike Smith, who works for the W3C on matters relating to HTML--Hypertext Markup Language, the language used to describe Web pages:
A user uses a Web-based application for reading and sending e-mail. She wants to attach multiple files to particular messages. The Web application provides an user interface that allows her to select multiple files to attach at the same time. After she selects the files, they are uploaded to the Web application asynchronously, allowing the user to perform other actions while they are uploading (for example, finishing the rest of the message she was composing before you added the file attachments). As the attachments are uploaded, the Web applications shows progress bars to indicate how much of the contents of the files have uploaded thus far.
The interface can work in conjunction with various standards including the drag-and-drop support in the HTML 5 now under development and the Web Workers technology that lets browsers better perform multiple operations simultaneously.
The interface also can help Web applications process the contents of files. For example, Smith describes a lyrics finder:
A user has on her local file system a playlist file from her favorite desktop music player. The playlist contains a list of song titles and information, and she wants to be able to easily fetch the lyrics for particular songs without needing to manually search for the lyrics on the Web. So a site can provide a Web-based application that allows her to upload her playlist. The Web application then parses the file and then presents a user interface to her, show in the contents of the file as a hyperlinked, sortable list. She can then retrieve the lyrics for any given song just by clicking on a particular song title.
Arun Ranganathan, Mozilla's standards evangelist and chairman of the WebGL working group, wrote the specification, according to Chris Blizzard, Mozilla's director of developer relations.
Standards for the Web are advancing rapidly with W3C representatives including Microsoft working in conjunction with a parallel effort, WHATWG. New standards require actual implementation in browsers before they are accepted as finished, a fact that can lead to some chaos but that helps ensure the new ideas are tested in the real world.
Firefox 3.6, in beta testing now, will support most of the Files API, according to Blizzard.
Firefox has a CPU usage issue and, consequently, can cause overheating problems in some laptops, particularly ultraportables. That's what I've found over the last couple of years.
But don't take my word for it. This is documented on a Mozilla support page entitled "Firefox consumes a lot of CPU resources." The page states: "At times, Firefox may require significant CPU [central processing unit] resources in order to download, process, and display Web content." And forum postings like this one about a Dell Netbook are not uncommon: "Mini9 would get way too hot."
The Mozilla support page goes on to say that "you can review and monitor CPU usage through specific tools" and describes ways to limit CPU usage, such as: "A Firefox add-on, called Flashblock, allows you to selectively enable and disable Flash content on Web sites."
Let me describe my experience. I find that tab for tab, Firefox uses decidedly more resources than other browsers--Safari, for example. And in the past (when I was actively using a Windows Vista-based machine) Firefox also compared unfavorably with Microsoft's Internet Explorer for CPU usage.
More specifically, here's the behavior as I see it. When I'm accessing sites with multimedia content such as the CNET front door, Firefox CPU usage will bounce around between 30 and 60 percent, and sometimes spike higher (80 percent and above), as indicated by the Mac OS 10.6.2 Activity Monitor.
On the other hand, the Safari CPU usage with the same pages open is much lower--typically between 2 percent and 10 percent.
My theory is that most users don't notice this because in mainstream laptops, this isn't an issue. But it can become an issue in ultraportables--typically under an inch thick--which are more sensitive to heat because of the design constraints. The ultrathin Apple MacBook Air, which I use as my main machine, is a good example.
The fan is usually an audible indicator of CPU usage issues. When I'm using Firefox and I have tabs open on multimedia-rich sites (which is par for the course these days), the Air's fan will almost invariably kick on and stay on until I close the tabs. As I write this, the fan has finally shut down after I closed the Firefox tabs (e.g, CNET front door). Those same tabs in Safari are still open and not causing any significant spike in CPU usage or fan activity.
When I contacted Mozilla, a technical support person guessed that Safari is possibly better at optimizing Flash-based sites compared to Firefox. And that may be true. However, I had similar issues before when I was using a Hewlett-Packard business ultraportable (also very thin like the Air) that were not necessarily tied to Flash usage. In short, Firefox was less efficient with CPU usage compared to Microsoft's IE 8. And the behavior was similar. The HP laptop would quickly heat up and the fan would kick on.
Finally, let me reemphasize that I'm guessing that most users don't notice this because heat dissipation is not a big issue for mainstream laptops that are not necessarily thermally-challenged when accessing multimedia-rich Web pages. That said, this has been a steady problem for me because I use ultraportables almost exclusively and has forced me to limit my use of Firefox.
Internet Explorer 8, Firefox 3, Google Chrome 4, Apple's Safari 4, and Opera 10 include features that block sites known to host malware and malicious downloads. All but Opera also let you browse without leaving any tracks. But just as important as these protections is ensuring that whichever browser you use is thoroughly patched.
Filtering out bad sites
Firefox's built-in antiphishing tool claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page. Firefox 3 uses Google's Safe Browsing service to automatically block sites that are known to host malware. The Google Code site describes how Safe Browsing works in Firefox.
To verify that attack-site blocking is enabled in Firefox, click Tools > Options > Security and make sure "Block reported attack sites" is checked.
Firefox will prevent known-bad sites from opening when "Block reported attack sites" is checked.
(Credit: Mozilla Foundation)The same feature is built into Google's own Chrome browser. You can ensure that malware-site filtering is on in Chrome by clicking the wrench icon in the top-right corner, choosing Options, and selecting Under the Hood. "Enable phishing and malware filtering" should be checked. The Google Chrome Help site describes the feature. (Hint: This page looks very similar to the description on the Google Code site.)
Google's Chrome browser blocks known-bad sites when "Enable phishing and malware protection" is checked.
(Credit: Google)The SmartScreen technology in version 8 of Internet Explorer blocks known-malicious downloads as well as bad URLs. Other new security features in IE 8 include automatic blocking of click-jacking and cross-site scripting attacks, automatic crash recovery, and highlighting of the actual domain name in the address bar. The Microsoft Security site describes the SmartScreen Filter and includes links to a SmartScreen FAQ and information for site managers.
Apple's Safari browser added phishing and malware blocking in version 3.2, which was released in late 2008; read about this and other security features in Safari 4 on the Apple Safari site. Likewise, Opera's Fraud Protection predates the phishing and malware filters in IE and Firefox and is enhanced in the latest version 10. But attack-site blocking is only one of Opera's many security features, which you can read about on the Opera site.
Browsing in private
To activate private browsing in Firefox 3, click Tools > Start Private Browsing, or simply press Ctrl-Shift-P. You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy and check "Automatically start Firefox in a private browsing session." The Mozilla support site provides more information about this feature. Likewise, put IE 8 in private-browsing mode by clicking Safety > InPrivate Browsing, or by pressing Ctrl-Shift-P. You can also open a new tab and click either Browse with InPrivate or Open an InPrivate Window.
IE 8 also lets you control the information about your browsing habits that's shared with Web tracking services. To activate this feature, click Tools > InPrivate Filtering Settings and choose "Let me choose which providers receive my information." This opens the InPrivate Filtering settings dialog, where you can turn filtering off, choose which services to block from tracking you, or automatically block all trackers.
Internet Explorer 8's InPrivate Filtering lets you block some or all Web tracking services.
(Credit: Microsoft)You can open an incognito window in Google Chrome by clicking the wrench icon in the top-right corner and choosing "New incognito window," or simply press Ctrl-Shift-N. The incognito icon (a shadow figure in a fedora and glasses) appears in the top-left corner of the browser window. The Chrome support site offers a more detailed description of this feature.
Opera lacks an equivalent private-browsing capability but does offer private searching and other identity-blocking features, as described on the Opera site. To activate private browsing in Safari, simply click Safari Settings Menu > Private Browsing.
Automatic and not-so-automatic browser updates
Patching is a way of life with nearly all software, but especially with browsers and the media players associated with them: Adobe Reader, the Flash Player, Apple's QuickTime, and Sun's Java, among others. All of a browser's security features can be rendered useless by a piece of malware that takes advantage of an unpatched hole in the program.
Firefox 3 alerts users to the presence of an update and now also notifies you when your Flash Player is out-of-date. Internet Explorer 8 updates via the Windows Update/Microsoft Update services. Google Chrome made a splash by being the first browser to update itself in the background without requiring any prompting from users. Safari updates automatically via Apple's update service, which also serves up patches automatically for QuickTime, iTunes, and other Apple software. Opera also notifies you automatically when a new version is available.
But updating is too important to leave to others. Back in April, I described Secunia's Online Software Inspector and downloadable Personal Software Inspector, which identify out-of-date programs on your PC. The programs mentioned in that post have all been updated since, but Secunia's services should point you to the most recent versions.
(Note that Secunia sometimes reports a program as being out-of-date when in fact you have the latest version. On my PC, it continually reports my up-to-date Flash Player as being in need of an update, for example. But the free service Secunia provides is worth putting up with this and similar minor annoyances.)
Google wants to catalyze the era of Web applications with its Chrome OS project, but Mozilla has no plans for its own browser-based operating system, at least for now.
"We're really focused on making the Web the right platform of whatever operating system one is using. That's a fair amount of work," Mozilla Foundation Chairman Mitchell Baker said. "I think we're going to continue to focus for quite awhile on the Web itself as a platform and the capabilities of the Web rather than build an operating system of our own and pull everybody into our world."
Mozilla Foundation Chairman Mitchell Baker
(Credit: Mozilla)Baker shared the thoughts in an interview about the Mozilla Foundation's report of $79 million. The foundation isn't strapped for cash, but it is financially tiny compared to the three main rivals in the browser market today, Microsoft, Apple, and Google.
Microsoft was largely dormant when Firefox was getting its start five years ago, but the company is lighting a fire under its Internet Explorer developers for IE 9. Among the features the company touted are faster execution of Web-based JavaScript programs, better compliance with Web standards, and higher performance in general.
Internet Explorer remains the dominant browser in use today. Today, the elderly IE 6, dating from 2001, still is the most widely used version, and its widespread use is an anchor that keeps Web developers and therefore other browsers from advancing as fast as they might. So, unsurprisingly, Baker was comfortable with the prospect of a higher-powered IE being resurgent.
"If it could resurge enough to pull the hundreds of millions of people still using IE 6, we'd all be ecstatic," she said. "A lot of people are going to continue to use IE. They get it on their machine. If Microsoft makes that product more capable so the Web can move forward, there's good in that."
The Mozilla Foundation, of which Firefox developer Mozilla Corp. is a taxable subsidiary, gets the bulk of its revenue from Google through a search-ad deal that runs through 2011 at present. Search traffic that stems from Firefox's built-in search bar is set by default to go to Google, and a portion of the resulting Google search-ad revenue goes back to Mozilla.
Mozilla is looking to diversify its revenue sources, though, Baker said, and has taken some small steps.
"We did some small diversification in search, for example in Russia," using Google rival Yandex's services, she said. "We look at diversification, but we're not rushing into it."
And she's comfortable with today's funding situation because it doesn't force Mozilla to take Firefox in a direction it doesn't want to go.
"We have search in the product because we want it. We don't have any other discussions with Google about what the product is," she said. "The search and revenue relationship is completely distinct from the product development relationship."
Though Mozilla's revenue grew only at 5 percent from 2007 to 2008, compared to 12 percent the year before, Baker isn't concerned. "It matches our projections" of slow, steady growth, she said. "We're pretty much in line."
Digging into the financial statement, it should be noted that the foundation's $79 million in revenue is after a $7.8 million unrealized loss in the value of its investments. As the economy improves, it's possible those investments will recover some of their value.
The foundation is making more money than it loses. Expenses were $49 million for 2008, according to the financial statement.
"We have adequate resources to do what we have planned, plus save a little bit," Baker said. "Right now we're not bumping up against the ceiling. Our revenue is adequate to meet our needs. We try to be careful with money."
The Internal Revenue Service is scrutinizing Mozilla's corporate structure--a foundation with two taxable if not exactly for-profit subsidiaries. The foundation disclosed the scrutiny a year ago, and that investigation is continuing, Baker said.
"The IRS can be a very slow-moving organization. It's still an open discussion," she said, and the foundation is taking the matter seriously. "We don't have a clear idea what the IRS is thinking."
Two years ago, the Mozilla Foundation established its second taxable subsidiary, Mozilla Messaging, which focuses on the Thunderbird e-mail software and more recently on the Web-based Raindrop universal communications service. For now, that project gets its funding from the Firefox side of the house, but Baker plans to increase its financial focus once the near-final Thunderbird 3 is finished.
"The task now is to ship first Thunderbird 3. We expect to see that this year," Baker said. Mozilla overall is set up to be sustainable, not to be a money machine, but Mozilla Messaging will need to generate more revenue on its own eventually to help with that sustainability effort.
The Mozilla Foundation's revenue grew 5 percent to $79 million in 2008, with its Firefox search-ad deal with Google still the biggest benefactor, the organization said Thursday.
The figure is notable for an open-source effort, but the growth tapered off significantly. For 2007, by comparison, the Mozilla Foundation reported $75 million in revenue, a 12 percent increase over 2006.
Mozilla Chairman Mitchell Baker revealed the latest Mozilla figures on her blog Thursday.
Update: for further details and commentary from Baker, check this follow-up interview.
Firefox has won over about a quarter of the world's users of Web browsers, taking most of that share from Microsoft's still dominant Internet Explorer. The browser faces new challenges, though, in the form of newcomer Google Chrome and Microsoft's resurgent effort to improve Internet Explorer. On Wednesday, Microsoft showed off some elements of the forthcoming IE 9, and Thursday, Google released the source code underlying its Chrome OS, a browser-based operating system for lower-end computers.
Google supplies "the bulk" of the Mozilla Foundation's revenue through a deal that currently lasts through 2011, the foundation said. Under that deal, people performing searches through Firefox using the default Google search engine see and sometimes click on search ads at Google; Google and Mozilla share the resulting revenue. In 2007, Google supplied 89 percent of Mozilla's revenue.
Google isn't the only revenue source, though. Here's how Mozilla described its sources in an FAQ:
"The majority of this revenue is generated from the search functionality in Mozilla Firefox from partners such as Google, Yahoo, Amazon, eBay, and others. Mozilla takes in additional revenue from donations, online affiliate programs, the Mozilla Store, and income on our invested assets. In 2008, we expanded our Firefox partnerships with new firms such as Yandex (Russia Search), Canonical (Ubuntu), and Nokia (Mobile).
Earlier in November, Firefox surpassed 25 percent usage share of Web browsers, according to Net Applications.
(Credit: Net Applications)Mozilla released a third beta of Firefox 3.6 on Wednesday, adding stability and performance features, and said it hopes to lock down the code soon for its first release candidate.
The new beta, for Windows, Mac, and Linux, includes a component directory lockdown that makes it harder for other software to meddle with the open-source browser's state by preventing that software from sidling into the same folder as the browser's own components. The result should be fewer crashes, said Mozilla's Johnathan Nightingale in a blog post, and Firefox still is open to third-party extensions via its official add-on mechanism.
The change should improve security, too, added another Mozilla programmer, Vladimir Vukecevic, who wrote in his own blog post that Mozilla is considering bringing the change to Firefox 3.5, too.
"Creating binary components to interface with the operating system or with other applications is fairly straightforward, though ultimately dangerous. Binary components have full access to the application and OS, and so can impact stability, security, and performance," Vukecevic said.
Also in the latest beta of 3.6 is a feature that lets the browser run some Web-based JavaScript programs asynchronously, which is to say without being so picky about the order the scripts run. This can improve the speed that Web pages load, Mozilla said.
The biggest Firefox 3.6 feature most folks will notice is Personas, the reskinning add-on that's now being built in. More than 10 million Personas have been downloaded so far, Suneel Gupta and Myk Melez of the Personas team said Wednesday.
Mozilla is working to release a final version of Firefox 3.6 before the end of the year, and one sign the project is wrapping up is that the developers are locking down the features and changes that can be added into the release candidate 1. Code freeze for RC1 is scheduled for Wednesday but might be at risk, a Mozilla planning site said this week.
Firefox is steadily gaining in use. Last week, Web traffic monitoring firm Net Applications announced Firefox cleared 25 percent share of those using browsers worldwide--not dethroning Internet Explorer by any means but still winning over new users. Mozilla estimates there are more than 300 million Firefox users total, and this week said there are more than 300,000 testers using the Firefox 3.6 beta
Google's Chrome, meanwhile, is appealing to some of the same browser enthusiasts who were Firefox's first users. One of its big selling points is speed, and Google is working on other ways to make the Web faster, too. Chrome gives it a vehicle to test such ideas out in the real world, a strategy that Apple, Opera, and Firefox have employed to advance the Web state of the art.
One Mozilla programmer, Alexander Limi, revealed a speedup technology called Resource Package for Mozilla, too, on Tuesday. His proposal calls for bundling many Web page elements up into a single compressed file that can be retrieved in a single Web-page request action. Browsers are limited in the number of such actions they can take in parallel, so consolidating the interactions can make pages load faster. The approach is backwards compatible with existing browsers that don't support the feature, he added.
"If the feedback is good we're likely to try and get this implemented for Firefox 3.7," said Mozilla evangelist Christopher Blizzard in a blog post Tuesday.
There's no way to reduce to zero your risk of picking up some piece of malware while browsing. You need layers of security to keep viruses, Trojans, and botnets at bay—the more layers, the safer your browsing. (Of course, the more layers, the slower your browsing, too, so don't get carried away.)
Much emphasis has been placed on the enhanced security features of the latest versions of the popular browsers. Whether one is any safer than another is anybody's guess, but no browser gives you more ways to thwart a Web-based attack than Firefox via its wealth of security add-ons.
Link checkers add warnings to search results
Search results are often difficult to trust, even when the URL looks familiar. Phishers are adept at planting dangerous links that look like harmless ones. Link checkers provide you with an indication of the trustworthiness of sites before you click their links. (Note that several of the products are available for Internet Explorer as well.)
Some of the programs, such as McAfee's SiteAdvisor, give the thumbs-up or thumbs-down based on a single company's research. Web of Trust (WOT) bases its recommendations on the collective intelligence of a network of volunteers. LinkExtend is a link-check aggregator that combines the analyses of eight different services.
McAfee SiteAdvisor adds a safety indicator to Web search results.
(Credit: McAfee)While the recommendations of link checkers are helpful in identifying safe sites, you can't take their yeas and nays as gospel. For example, sites that offer downloads of system utilities may be flagged as dangerous because the programs require access to the operating system and thus could do major damage in the wrong hands.
Track the trackers
You know popular Web sites download software that tracks your activities on their sites, but do you know who's doing the tracking? Find out with the Ghostery add-on that pops up the names of the trackers as the page opens. The program puts a small "ghost" icon in the bottom-right corner of the Firefox window that turns orange when trackers are present. Click the link that appears to the right of the icon to find out more about the trackers and block them individually or entirely.
The Ghostery Firefox add-on lets you know who's tracking your activities on the site.
(Credit: Ghostery)
View encryption specs
When you open an encrypted Web page, a lock icon appears in the bottom-right corner of the Firefox window and the URL in the address bar begins with "https." But there's more than one form of encryption, and knowing which type and strength of encryption in use can be handy.
The CipherFox add-on puts in the bottom-right of the Firefox status bar the Secure Sockets Layer/Transport Layer Security (SSL/TLS) cipher and keysize currently in use. Double-clicking the entry opens the CipherFox dialog box, where you can disable RC4 encryption and display partial SSL/TLS. (Note that the developer accepts donations to support the product.)
Take charge of Web password management
Firefox's built-in password manager lets you create a master password and remember passwords for specific sites, but if you want to get serious about managing your passwords, get LastPass, a password manager that provides much more granular control over your sign-ins.
After you download and install the add-on, an icon is placed in the top-right corner of the Firefox window. Click it to open the LastPass menu, which lets you manage your identities, open the LastPass Vault, jump to favorite sites, and generate secure passwords. You can also import or export sign-in IDs, compose and print secure notes, and assign keyboard shortcuts for specific actions.
In addition to Firefox and IE, LastPass is available for Google Chrome and Apple's Safari browsers. LastPass backs up your passwords by storing an encrypted copy on its own servers. And because you can access your passwords via the Internet, you can use LastPass on any Web-connected device, although use of LastPass on an iPhone or other smart phone requires a Premium membership, which costs $1 a month. (You can also put LastPass on a USB thumbdrive for use with Firefox Portable and other portable apps.)
Mozilla, racing to release Firefox 3.6 before the end of the year, has released a second beta of the open-source browser for Windows, Mac, and Linux.
Firefox 3.6 beta 1 introduced most of the new features, most visibly the ability to customize Firefox's look through Personas, less than two weeks ago. But among the 190 patches in the new beta is what Mike Beltzner, Mozilla's director of Firefox, described in a blog post as "a mechanism to prevent incompatible software from crashing Firefox."
There also are a number of deeper changes in Firefox 3.6 that Web developers likely will be more interested in. Note that one of them, the ability to use color gradients with formatting technology called Cascading Style Sheets (CSS), has changed syntax in between Firefox 3.6 beta 1 and beta 2.
Mozilla is trying to accelerate the pace of Firefox releases; Firefox 3.7 is set for release in the first half of 2010 and 4.0 some time later that year. The project faces new competition from Google's Chrome browser.
(Credit:
Mozilla)
It's been just under four months since Mozilla launched its pilot program for contributions, a way for users to donate to add-on developers for their time and effort.
The program was launched in tandem with a redesign of Mozilla's add-ons site that gave developers their own profile pages. Many add-on makers were already running donation programs through their own sites, but wanted the option to show up in Mozilla's catalog too.
Already it appears to be working, but on a smaller scale than some developers might have hoped. For the half dozen developers that CNET News talked to, none has made enough from it to, say, quit their day job. While Mozilla would not reveal specifics on which developers are getting the most contributions, it did provide us with the total amount given: around $20,000. An organization spokesperson said that most of that came in September and October.
Of the 500 or so developers who are participating in the program, the average contribution falls somewhere between $5 and $6, with the largest thus far being $150. All have gone through PayPal, which is the sole way to pay through Mozilla's add-on site. PayPal then gets a small fee out of each transaction, something that comes out of the developer's pocket, although this varies based on how much the user gives.
Other ways to make money
Some developers believe Mozilla has gone about the payment problem in reverse. With the current contributions program developers are given the chance to ask for money before the user even downloads the free add-on. So why not give them a way to ask for a contribution after a user has downloaded and installed it?... Read more
Five years ago, Mozilla made it clear that the browser wars weren't over after all.
In the 1990s, Netscape had lost its dominance in the browser market to Microsoft's Internet Explorer, and the Netscape-spawned open-source project called Mozilla had sunk into obscurity. Even a federal antitrust suit accusing Microsoft of anticompetitive practices with its browser and Windows was not enough to turn the tide.
But on November 9, 2004, Firefox 1.0 emerged to fight back again.
The project, originally named Phoenix to symbolize rebirth from Netscape's ashes, has now clawed its way back to account for nearly a quarter of the browser usage today. Microsoft may not be on the run, but it's on the defensive, gradually building its browser development effort back up into fighting form.
... Read more
