upvote

points

by worldsavior3 hours ago |
comments
upvoteby netdevphoenix3 hours ago|
next
[-]
How so?
reply
upvoteby capitainenemo3 hours ago|
parent|
next
[-]
Yeah. Take Firefox choosing to create PDF.js to have a clean minimalist sandboxed PDF parser. Chrome instead used an existing one that has been the source of dozens of vulnerabilities.

Or Firefox pulling in a ton of anti-fingerprinting measures from the Tor team. Not even worth talking about anti-fingerprinting as a serious consideration in Chrome.

Rust - a mozilla effort that resulted in code from servo being pulled into Firefox - chrome is headed that way too.

Even WASM was definitely a security improvement over NaCL, and Mozilla also led the way on Flash replacements in the day, making one of the first JS flash players (in the end, the solution was no more flash, but hey, at least they tried).

Font sanitisation - originally a mozilla security effort...

I feel I could go on and on.

reply
upvoteby worldsavior2 hours ago|
parent|
next
[-]
Everything you said don't really matter when there is basically no site sandboxing on Android and desktop.
reply
upvoteby capitainenemo2 hours ago|
parent|
[-]
[edit] correction - I looked this up - I thought they used the chrome version, but they wrote their own sandboxing layer from scratch. On top of that they go beyond Chrome's measures with containers that isolate pretty much everything tracking-related if you use them. https://blog.mozilla.org/security/2021/05/18/introducing-sit...

That's on the desktop. I don't know about the situation on Android, but my impression was the codebases are pretty similar these days.

Where did you get the idea there was no sandboxing?

reply
upvoteby maxloh3 hours ago|
parent|
prev|
[-]
Did you know that Mozilla spends so much of their budget on their CEO's compensation that they actually had to lay off the entire Servo team?
reply
upvoteby capitainenemo3 hours ago|
parent|
[-]
Cite? I think the timeline has issues there. That predates the CEO controversies AFAIK. They did ditch a lot of R&D as their userbase kept shrinking due to chrome growth. 'course this sort of thing keeps coming up - yeah, I do think their CEO is overpaid ... and? Solution is what. Kill firefox off completely, hand internet over to chrome? Basically, where is this point going?
reply
upvoteby maxloh2 hours ago|
parent|
[-]
In 2018, Baker received $2,458,350 in compensation from Mozilla. In 2020, after returning to the position of CEO, Baker's salary was more than $3 million. In 2021, her salary rose again to more than $5.5 million, and again to over $6.9 million in 2022. In August 2020, the Mozilla Corporation laid off approximately 250 employees due to shrinking revenues after laying off roughly 70 employees in January 2020. Baker stated this was due to the COVID-19 pandemic, despite revenue rising to record highs in 2019, and market share shrinking.

https://en.wikipedia.org/wiki/Mitchell_Baker#Mozilla_Foundat...

reply
upvoteby capitainenemo2 hours ago|
parent|
[-]
Yes, the (significant) salary increases happened well after the servo team was cut. In 2020 when that happened she was at 3 million at a revenue of 466 million or 0.6% of revenue.

They laid off 320 people that year. If she had taken a salary of $0 they could have paid them each <$10k with that salary.

I don't think the salary was appropriate, but like a lot of these CEO compensation things, it's not going to make a huge difference to the final problem. Which was people switching to Chrome which google was pushing aggressively everywhere. ... and I guess purists here abandoning them for... Chrome? Again, no idea what the point is here. Mozilla has flaws, so screw 'em?

reply
upvoteby sosuke2 hours ago|
prev|
[-]
Just an FYI there are many efforts already available to clean and or provide a clean Firefox.
reply