fabrice_d
Joined 4,594 karma
[ my public key: https://keybase.io/fabrice; my proof: https://keybase.io/fabrice/sigs/URmhDVibfi3S1P83ESbBBnbJh5W9L3O_RYm1pytF8gU ]
- fabrice_dMozilla Corp. has > $1B in the bank. Their pockets are not empty.
- The billion laughs attack has well known solutions (basically, don't recurse too deep). It's not a reason to not implement DOCTYPE support.
- > I can get the source of the kernel, including all drivers, running on my android phone with a few clicks and build a custom ROM.
No, most drivers are closed source and you can just extract binary blobs for them. They run as daemons that communicate through the binder ipc - Android basically turned the Linux kernel into a microkernel.
- According to Mozilla's own data at https://data.firefox.com/dashboard/hardware Windows (7, 10 & 11) make up 84% of their user base.
- Most of Firefox user base has always been on Windows, not Linux. What OS do you think the "techies" that promoted Firefox to replace IE in the first place were running?
- Indeed, I did not see that!
- No, the phone variant of HarmonyOS runs on top of a Linux kernel.
- It is absolutely Google's security issue if they use an open source project with that license:
https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/COPYING....
and then expect volunteers to provide them fixes.
- Related: https://github.com/servo/servo/issues/21817
You should likely join https://servo.zulipchat.com and ask questions to know where to start.
- On the web, if your server is compromised it's game over, even if the publisher is not malicious. In app stores, you have some guarantee that the code that ends up on your device is what the publisher intended to ship (basically signed packages). On the web it's currently impossible to bootstrap the integrity verification with just SRI.
This proposal aims at providing the same guarantees for web apps, without resorting to signed packages on the web (ie. not the same mechanism that FirefoxOS or ChromeOS apps used). It's competing with the IWA proposal from Google, which is a good thing.
- fwiw, I'm not imputing you any assumptions. I'm just pointing out that using wpt score as a criteria is not necessarily a good proxy for browser readiness. So I'm not sure why Apple uses that, other than... there's no other objective measure? Of course it's fair game for browser engines to improve their score!
- The wpt score is not that well balanced. Look at https://staging.wpt.fyi/results/?product=servo&product=ladyb... : out of about 2 million tests, more than half are for the "encoding" category. Good encoding support is needed for sure, but likely not at that level of prevalence.
- It looks like Amazon has people looking at Servo integration in GTK: https://blogs.gnome.org/nacho/2025/10/01/servo-gtk/
- This is what https://c2pa.org/ is for. I think some camera vendors already have support.
- It's a Rust based OS, so I expect people to try a Servo port instead!
- No, because using Chromium was the only way the could stay relevant in the browser space. They were just unable to build the same product with their own stack.
- The "almost" is very load bearing there... It's not remotely competitive with blink/webkit/gecko yet, be it for features support or performance.
- Why do you think they moved to Chromium then? They switched because they could not support a competitive engine by themselves.
- PostmarketOS seems to have decent support for the Fairphone 5: https://wiki.postmarketos.org/wiki/Fairphone_5_(fairphone-fp...