Yeah. Take Firefox choosing to create PDF.js to have a clean minimalist sandboxed PDF parser.
Chrome instead used an existing one that has been the source of dozens of vulnerabilities.
Or Firefox pulling in a ton of anti-fingerprinting measures from the Tor team. Not even worth talking about anti-fingerprinting as a serious consideration in Chrome.
Rust - a mozilla effort that resulted in code from servo being pulled into Firefox - chrome is headed that way too.
Even WASM was definitely a security improvement over NaCL, and Mozilla also led the way on Flash replacements in the day, making one of the first JS flash players (in the end, the solution was no more flash, but hey, at least they tried).
Font sanitisation - originally a mozilla security effort...
[edit] correction - I looked this up - I thought they used the chrome version, but they wrote their own sandboxing layer from scratch. On top of that they go beyond Chrome's measures with containers that isolate pretty much everything tracking-related if you use them.
https://blog.mozilla.org/security/2021/05/18/introducing-sit...
That's on the desktop. I don't know about the situation on Android, but my impression was the codebases are pretty similar these days.
Where did you get the idea there was no sandboxing?
Cite? I think the timeline has issues there. That predates the CEO controversies AFAIK.
They did ditch a lot of R&D as their userbase kept shrinking due to chrome growth. 'course this sort of thing keeps coming up - yeah, I do think their CEO is overpaid ... and? Solution is what. Kill firefox off completely, hand internet over to chrome? Basically, where is this point going?
In 2018, Baker received $2,458,350 in compensation from Mozilla. In 2020, after returning to the position of CEO, Baker's salary was more than $3 million. In 2021, her salary rose again to more than $5.5 million, and again to over $6.9 million in 2022. In August 2020, the Mozilla Corporation laid off approximately 250 employees due to shrinking revenues after laying off roughly 70 employees in January 2020. Baker stated this was due to the COVID-19 pandemic, despite revenue rising to record highs in 2019, and market share shrinking.
Yes, the (significant) salary increases happened well after the servo team was cut.
In 2020 when that happened she was at 3 million at a revenue of 466 million or 0.6% of revenue.
They laid off 320 people that year. If she had taken a salary of $0 they could have paid them each <$10k with that salary.
I don't think the salary was appropriate, but like a lot of these CEO compensation things, it's not going to make a huge difference to the final problem. Which was people switching to Chrome which google was pushing aggressively everywhere. ... and I guess purists here abandoning them for... Chrome? Again, no idea what the point is here. Mozilla has flaws, so screw 'em?
... true. it's frustrating that /from supports site= but not points= and /over supports points= but not site=
Sometimes HN is a bit too minimalist for no good reason IMO.
Well, there's always running curl on the API. Maybe someone out there has made a nice minimalist non-JS interface that merges /from and /over or otherwise uses the API in a simple HTML wrapper.
First I've heard about this controversy, and I've never played the game, but I could see if a historian was a cite for something and they were saying different things in japanese and english, that the english wikipedia would end up citing inaccurate things.
There's been problems in the past with the deletionist faction on wikipedia or moderators abusing small fiefdoms - some of which has even ended up here on HN, but in this case, wikipedia just citing information from a supposedly reputable source seems to be wikipedia operating as intended.
No, just different cron schedules. If I just reboot a machine the job doesn't get triggered, only if I start a machine after the cron schedule should have been triggered. To be fair, if I start two machines in these conditions this will happen too, but such situation is much more manageable than rebooting too machines in a short period of time.
Huh.... why would a CSS animation of a transform be slower than JS? This is strictly for the "CSS transform" case ofc - obviously pure webgl would be way faster.
I'm having a hard time seeing it. My experiments with CSS animation have always performed much better in CSS than JS (again, excluding it being pure webgl/canvas JS).
And ofc there's the nice bonus that it works if I haven't chosen to trust and whitelist their website for JS yet.
Oh. Sure, that is pretty obvious. A triangle in webgl is so much more lightweight than building it out of DOM elements but this was more about "if one is going to use this CSS system, why not support a pure CSS viewing mode" - which right now, it does not - rotation requires JS and is pretty stuttery. I was thinking it should actually be a bit smoother if there was a "toggle on/off rotation using a CSS animation" option. Plus, something like that could easily be done in pure CSS if JS was disabled, which would make the output all the more accessible and offer a good usecase.
It could also be helpful in scenarios where JS is restricted - emails? iframes? bulleting board user content? Dunno. Trying to come up with some that aren't just "nemo was running umatrix and doesn't trust your site just yet"
well, people do in fact still do that. or APNG or WEBP.
But, all I was focused on was the initial comment was on if you were going to use this particular tool, it'd be nice if it had a pure CSS rotate mode, which makes a fair amount of sense given "working without JS" is probably one of the few significant use cases anyway (unless, you reeeeeally need your model to be tightly integrated into the DOM for some reason).
So, saying that CSS would be worse than JS as a feature for this project did not really make sense. We weren't talking about "should the project even exist"
(I feel it should and it's awesome ;) )
Huh. Didn't know there were 2 non-JS interfaces. I get redirected to https://html.duckduckgo.com/html/ (which is also 10 per page).
I do appreciate that DDG has it at all. Google blocks all non-JS searches these days.
I've never noticed the challenge, but then, I don't think I've ever clicked 20 pages into the search results either. Usually if I've clicked on a couple of pages I feel it's time to refine my query..
I will say it's nice to have them actually honour keywords in searches that google has made harder and harder to discover and seems to ignore at will (inurl: site: etc)
The funniest one for me in google is +"foo" they decided people didn't actually mean it, so they changed it to +""foo"" - then when we all started doing that, they made the new secret "yes I really want that string" to be +"""foo"""
shrug not interested in stock market speculation. That ⅕th figure is from 2025 actual revenue figures. The government percentage had dropped from 2024 where it was ¼.
It's variable though, and if DoD decides it wants a bunch of spy satellites or whatnot in orbit, you could see the percentage growing, along with their total revenue ofc.
It's just far from "completely dependent" which was my only objection.
Starlink obviously a huge part - $11½b revenue in 2025.
Or Firefox pulling in a ton of anti-fingerprinting measures from the Tor team. Not even worth talking about anti-fingerprinting as a serious consideration in Chrome.
Rust - a mozilla effort that resulted in code from servo being pulled into Firefox - chrome is headed that way too.
Even WASM was definitely a security improvement over NaCL, and Mozilla also led the way on Flash replacements in the day, making one of the first JS flash players (in the end, the solution was no more flash, but hey, at least they tried).
Font sanitisation - originally a mozilla security effort...
I feel I could go on and on.
reply