Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mozilla Testing Click-to-Play Option For Plugin Content

Soulskill posted more than 2 years ago | from the but-who-doesn't-like-autoplaying-videos dept.

Firefox 124

Trailrunner7 writes "Mozilla is developing a feature in Firefox that would require some user interaction in order for Flash ads, Java scripts and other content that uses plugins to play. In addition to easing system slowdowns, the opt-in for Web plugins is expected to reduce threats posed by exploiting security vulnerabilities in plugins, including zero-day attacks. 'Whether you hate them or love them, content accessed through plugins is still a sizable chunk of the web. So much so, that over 99% of internet users have Flash installed on their browser,' writes Mozilla's Jared Wein, the lead software engineer on the project, in a blog post."

cancel ×

124 comments

Sorry! There are no comments related to the filter you selected.

Why did it take so long?! (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39675375)

Seriously, this is a no-brainer, that has been implemented by tonnes of extensions. So now that we're at version 4000, why is it suddenly a good idea to implement it?

Here's The Deal (-1)

Anonymous Coward | more than 2 years ago | (#39675783)

Look, here's the deal: POOP DIGITY. That's it, that's all there is. POOP DIGITY.

OK?

Re:Here's The Deal (0)

Anonymous Coward | more than 2 years ago | (#39676731)

I like the way you work it. Got to bag it up.

Re:Why did it take so long?! (3, Informative)

b4dc0d3r (1268512) | more than 2 years ago | (#39676231)

And, it was the subject of an EOLAS lawsuit against Microsoft, who IIRC had to disable automatically running things in IE for a while (maybe they got that overturned before actually having to implement it).

EOLAS invents something, patent-trolls, gets $30million (down from the 500+ originally awarded) and 10 years later everyone starts to realize it's a bad idea!

Re:Why did it take so long?! (1)

Deathlizard (115856) | more than 2 years ago | (#39680389)

Frankly, MS should have kept that Click to run as an security option in IE. It pretty much did the same thing noscript did back in 2003. Of course IIRC it had one of those annoying drop down bars you had to click on in order to get it to run instead of clicking the control box in question and it was easily worked around (but that could be fixed)

Gnash (3, Insightful)

buchner.johannes (1139593) | more than 2 years ago | (#39676481)

I would like it if one could decide on a per-site basis to play the Flash with Gnash or with Adobe Flash.

Gnash is much faster, plays nicer with the graphic card, and is more secure. I had success using it on several websites.

However it doesn't support many of the newer Flash features, so everyone trying it out will turn away from it.

If there was a "SafeFlash" extension, that would, like HTTPSEverywhere, use Gnash where the website is compatible, a smooth transition away from Adobe Flash (which will be phased out for Linux anyway apparently) would be possible.

Re:Gnash (5, Interesting)

hairyfeet (841228) | more than 2 years ago | (#39676977)

While that is a pretty good idea there is an even worse bug in FF that they need to address because I'm sure other bad guys will pick up on it and that is the Yahoo porn bug. I call it a porn bug because its seen most often on porn video sites but I've been told the trick is showing up at other places so maybe its starting to spread and the sad part is it ought to be trivial to stop. This is how it works:

Target A uses FF to surf a porn video site. While the video is playing FF is sent a hidden iFrame that loads the yahoo login, FF logs the target in and then everyone in their address book gets porn and malware spam links. This gets around many of the spam filters because its from a non blacklisted account and they don't send more than one or two emails per targeted address and having received a couple from those that were hit it looks like it may be taking random sentences from somewhere (maybe another hidden iFrame?) to get past the filters and look like a legit email.

The fix seems pretty obvious and I honestly don't know why mozilla hasn't done so. All one would have to do is prompt the user on install or upgrade to put a master password on their password store and here is the key have it only ask ONCE per session and no means do not ask again for the session because after telling my users to put a master password they immediately started screaming that it made FF unusable so I put a master password on mine and...wow. it will bug the ever loving shit out of you with constant asking for the master password! I was getting 4 or 5 requests for the master password on just regular sites which tells me that the current password design sucks ass if so many see you are running FF and try to hit it.

So while i'm glad they are working on the autoplay problem I'd say user passwords being threatened is just as big if not bigger and really hope they do something about this in future releases. Since I had a machine I was gonna wipe anyway I decided to cook up a couple of phony Yahoo accounts (along with a phony Gmail and Hotmail) and test this for myself and can say that at least as far as i could tell this bug ONLY affects FF and Yahoo, not Gmail or Hotmail, and not Dragon, Opera, Safari, QTWeb, or Chrome. So I'd say if you have a user or family member that uses yahoo as a primary email you might want to switch them to another browser until they get that fixed. Oh and NO I did NOT test IE because after they refused to backport to XP which is still supported i officially wrote off IE. If you have to replace a supported OS just to stay current on the fricking browser then its no longer a functional choice IMHO.

Oh and since someone always seems to ask the version number the one I tested was i believe 8, FF has been spinning through version numbers so fast lately its hard to keep up and I don't have the time to rerun this test every time a browser has a new release. If someone wants to run the test again its pretty easy, you'll need 1 fake yahoo account along with either another fake yahoo or gmail or hotmail in the address book of the fake yahoo so the bug has an email to send spam to. Then simply start clicking on random porn vids, xHamster or youPorn, any of the major porn sites will do. If the bug is still active you'll see strangely worded spam go to your target account from the yahoo account and that's how you know its still active. Like I said i just don't have the time so after trying several browsers i switched my users and family over to Comodo Dragon since it had both ABP and low rights mode. Since the switch no more strange porn spams so I'd say it was a successful switch.

Re:Gnash (1)

TheRealMindChild (743925) | more than 2 years ago | (#39677305)

Are you saying that flash allows for XXS attacks?

Re:Gnash (0)

Anonymous Coward | more than 2 years ago | (#39677519)

eXtra eXtra Small attacks? Whoa!

Re:Gnash (0)

Anonymous Coward | more than 2 years ago | (#39677755)

The multiple, blocking master password prompt you refer to is the single most annoying megabug in Firefox. Here's the extension to control it: Master Password+ [mozilla.org] . Since I'm using it together with Secure Login [mozilla.org] , I can actually use Firefox without screaming at it.

Re:Gnash (0)

Anonymous Coward | more than 2 years ago | (#39678225)

I use the master password system all the time. I only get asked after I restart the browser. I do remember that there was a setting to enable a more advanced encryption for the password store and when I enabled that, I started seeing the master password all the time. But if I just use the default encryption with master password, it works great. Though, if you cancel the master password, it will ask you again until you enter one.

Re:Gnash (1)

theshowmecanuck (703852) | more than 2 years ago | (#39678499)

F logs the target in and then everyone in their address book gets porn and malware spam links.

FTFY: FF logs the target in and then everyone in their address book gets porn and malware sperm links.

Re:Gnash (1)

ThatsMyNick (2004126) | more than 2 years ago | (#39679727)

FF logs the target in and then everyone in their address book gets porn and malware sperm links

I had to ask, was that intentional?

Re:Gnash (1)

theshowmecanuck (703852) | more than 2 years ago | (#39681471)

What you expect from porn related intrusion?

Re:Why did it take so long?! (1)

Assmasher (456699) | more than 2 years ago | (#39677759)

It isn't a good idea unless it is disabled by default and only available as an option.

I WANT Firefox to spread in the enterprise, and this will likely make that less probable.

Web based applications requiring individual permissions for aspects of their functionality in the corporate world? I have enough trouble getting these mental giants to load a web page...

finally (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39675411)

This should have been the default 10 years ago.

I'm a fan of Java, but I still cringe when I go to a web page and the Java console opens.

for javascript? (4, Insightful)

sdnoob (917382) | more than 2 years ago | (#39675433)

really? you'd get carpel tunnel if you had to click-to-run every script on most commercial sites these days.

no script is more effective but with a learning curve.

but either method will still have the masses turning the 'feature' off (essentially white-listing everything).

Re:for javascript? (0)

Anonymous Coward | more than 2 years ago | (#39675461)

Konqueror has had this option forever.

Re:for javascript? (0)

Anonymous Coward | more than 2 years ago | (#39679397)

Opera also has this - I use it a lot.

Re:for javascript? (3, Informative)

phayes (202222) | more than 2 years ago | (#39675519)

I've been using NoScript for years. You whitelist the trusted sites where you need it & the others are just an occasional click.

Re:for javascript? (1)

sdnoob (917382) | more than 2 years ago | (#39675665)

exactly.. but the brain-dead masses won't "get" how to use it... thus, would just turn it off (if they could even figure *that* out) or continue their click-click-click-click ways..

NS (5, Interesting)

tunapez (1161697) | more than 2 years ago | (#39676067)

I've tried this on numerous occasions, the more advanced users eventually click 'Allow Scripts Globally", the less advanced keep calling me until I click 'Allow Scripts Globally".

I personally love it, easy-peasy black/white-list. My other apps do not stutter and bog whenever I scroll a page or open a new one. Pages load faster or not at all(both good IMO). Google's auto-search doesn't clog up my 1MB connection or freeze FF trying to force feed me their assumptions(must remove Goog from pre-loaded whitelist). Minimal ad tracking tools/cookies/malware collecting in my system, bleachbit completes in record time. My whitelist allows mo-add-ons page, my local library and some local devices. I'm typing now with /. & FSDN blocked. With the exception of moderation, the site suits me better with them blocked!

Re:NS (1)

b4dc0d3r (1268512) | more than 2 years ago | (#39676699)

Moderation comes and goes. Right now, I shift-click the comment number and get the comment by itself in a new window. Select the moderation, and the 'moderate' button is at the bottom.

Even if it has child replies, as long as they remain 'normal', you only moderate the single comment.

It also helps refresh to see if someone else has changed the moderation, or made a reply that I should consider in my moderation. Unless there are 5 child replies and the page gets large, overall I think this way is the best way.

Re:NS (1)

cpu6502 (1960974) | more than 2 years ago | (#39677047)

I use the "allow second-level domains" (or whatever it's called) on NoScript. For example: news.slashdot.org. That eliminates a lot of headaches but still blocks dangerous sites filled with viral-scripting.

I also use the free AVG which includes a Firefox plugin to filter-out anything it considers bad.

Re:for javascript? (0)

Anonymous Coward | more than 2 years ago | (#39676129)

The "brain-dead masses" will always be a lost cause. Frankly, I say make it more difficult for them. Add a feature that warns you by dialog box, twice, that allowing the content to play could possibly be a security risk. Also include a way to disable it in the settings, but don't make it super easy to find. Those that are smart enough to find and disable the feature might just be smart enough to not click on every damn advertisement they see.

If the "brain-dead masses" can't be bothered to learn how to properly and responsibly use the internet, why should the rest of us be bothered by the side-effects of their incompetence? If it weren't for the "brain-dead masses", there would be significantly less crap on the web to begin with. Just like if there weren't morons that fell for 419 scams, 419 scams would eventually stop.

Re:for javascript? (0)

Anonymous Coward | more than 2 years ago | (#39676431)

The "brain-dead masses" bring some good. If the majority of Web users started using AdBlock, FlashBlock, etc., then most webpages would start telling you to go stuff it unless you viewed their ads, or move to even more intrusive ads (interstitials, content only available via video), or having their content only viewable via an add-on (where the whole site is a Flash app.)

So, let the "brain-dead masses" view the ads. I'll keep my ad blocking and clean computers (since there were reports earlier on /. that ads are the #1 vector for infections these days.)

Re:for javascript? (1)

jank1887 (815982) | more than 2 years ago | (#39676279)

the braindead will want a way to fix it, quick, without thinking hard. if you want this as default, but don't want them turning it completely off, then you need to provide a really easy way of them to think they've fixed their immediate problem. They won't think beyond that. Maybe a "whitelist this page so your scripts work?" popup the first time you visit a site? may get annoying on every other page, though.

Re:for javascript? (1)

Rolgar (556636) | more than 2 years ago | (#39676447)

I do this, but if everybody had it as the default, the websites would put all the scripts in the same domain so you would have to choose to get all or nothing.

The companies the host the ad scripts would have to figure out a way to make money without hosting their scripts directly, but I'm sure they would figure out something.

Re:for javascript? (3, Informative)

amicusNYCL (1538833) | more than 2 years ago | (#39676139)

This doesn't have anything to do with Javascript, Javascript is not a plugin. This affects plugins like Flash, Java, and Silverlight.

Re:for javascript? (1)

metrometro (1092237) | more than 2 years ago | (#39676209)

Or, we stop loading scripts. You're assuming a whitelist wouldn't be built in. I use Ghostery, and it sometimes requires intervention, but for the most part silently nukes ad scrapers. This would create something similar, but standard in the browser. Third party script? No thanks.

Oh, and Click-for-Flash (via an add on) has been my preferred UI for years. Works fine.

Re:for javascript? (1)

Anonymous Coward | more than 2 years ago | (#39676845)

The summary doesn't say "JavaScript" it says "Java scripts", as in applets. JavaScript isn't even a plugin. They're talking about blocking automatic execution of Java applets and Flash, not JavaScript.

Re:for javascript? (0, Troll)

Anonymous Coward | more than 2 years ago | (#39677443)

Yes, but anyone who says "Java scripts" instead of "Java applets" deserves to be shot. It's hard enough trying to tell people there's a difference between "Java" and "Javascript" without mouth-breathing retards making it even more difficult.

Per usual Opera's been doing it for years (1)

cpu6502 (1960974) | more than 2 years ago | (#39676963)

Well maybe not "years" but since Opera 10 came out. The Javascript operates normally, but if you turn-on the Turbo mode, Opera does not load any flash content but just displays a placeholder until you click it.

That's a nice way to avoid loading a lot of ads, or embedded youtube videos (thus speeding-up browsing). Opera also has a convenient "images off/on" toggle at the bottom, which I use on slow connections like Dialup or cellphone.

Re:Per usual Opera's been doing it for years (1)

Anonymous Coward | more than 2 years ago | (#39677281)

You don't have to use turbo mode.

Tools -> Preferences -> Advanced -> Content -> Enable plug-ins only on demand.

Re:Per usual Opera's been doing it for years (1)

Anonymous Coward | more than 2 years ago | (#39678741)

In addition, this can be turned on granularly as well (per website). It'll be under F12->Edit Site Preferences.

Re:for javascript? (0)

Anonymous Coward | more than 2 years ago | (#39680715)

I think they meant java, not javascript. Even if you do embed something like NoScript or NotScript into the browser it wouldn't be the end of the world for the power user. I use those addons because I like the degree of control they give me. However, I think you're right about the average user not being OK with javascript being blocked.

You mean like (0)

CanHasDIY (1672858) | more than 2 years ago | (#39675463)

NoScript? Already done, thanks.

Re:You mean like (3, Informative)

ElmoGonzo (627753) | more than 2 years ago | (#39675511)

FlashBlock, too.

Re:You mean like (1)

FudRucker (866063) | more than 2 years ago | (#39675545)

noscript already blocks flash so flashblock would be redundant if you already have noscript

Re:You mean like (2)

allo (1728082) | more than 2 years ago | (#39675793)

i think you need to change the defaults for that. Might be a reason, why some noscript users still use flashblock.

Re:You mean like (1)

b4dc0d3r (1268512) | more than 2 years ago | (#39676777)

People who allow scripts so the page will run/load, might not want flash running automatically. For example the entire Gawker family, including iO9 which occasionally posts interesting things. I might whitelist it to read the content, but I don't want flash loading automatically.

So you get the combination. By default, Java, Flash Silverlight, and 'other plugins' are disabled bu default.

Re:You mean like (1)

allo (1728082) | more than 2 years ago | (#39677453)

yeah, and you can configure noscript to block plugins even when scripts are allowed.

you need to enable "block plugins even on whitelisted sites" or something like this. Then you have exactly the flashblock behaviour.

Re:You mean like (1)

Jane Q. Public (1010737) | more than 2 years ago | (#39681063)

"i think you need to change the defaults for that. Might be a reason, why some noscript users still use flashblock."

Interface for Flashblock is better. You just click the element, you don't need to go through a menu.

Re:You mean like (1)

Jane Q. Public (1010737) | more than 2 years ago | (#39681299)

Addendum:

I just tested it, and the "Block Adobe Flash" option in my NoScript settings doesn't even work.

Re:You mean like (1)

mfwitten (1906728) | more than 2 years ago | (#39676611)

IIRC, NoScript would allow every YouTube video to play automatically if I just allowed one YouTube video to play temporarily. So, I installed flashblock, which ALWAYS requires me to start each flash video manually.

Re:You mean like (1)

FudRucker (866063) | more than 2 years ago | (#39676921)

noscript will block flash too if you configure it, you need to set "Apply these restrictions to whitelisted sites too" on the "embeddings" tab in the option

Re:You mean like (1)

phayes (202222) | more than 2 years ago | (#39675569)

Yeah those of us who care about security have been using NoScript for years but this will push the ignorant masses into better security.

Re:You mean like (1)

sexconker (1179573) | more than 2 years ago | (#39676077)

Yeah those of us who care about security have been using NoScript for years but this will push the ignorant masses into better security.

No, those of us who care about security, speed, and and hate ads and social crap have been using NoScript for years.
And we set it up so that clicking the button triggers "Temporarily allow all this page". If a site doesn't work, we just click the button repeatedly until it does.

Re:You mean like (0)

Anonymous Coward | more than 2 years ago | (#39676267)

If a site doesn't work, we just click the button repeatedly until it does.

If you actually care about security and/or privacy, that's a pretty shitty policy. I guess you just hope that the site you want to load doesn't have any malware? What the fuck is the point of even using NoScript at that point? Some of us actually look at what scripts the site is trying to load, and make rational decisions accordingly. I don't think I've ever once used "Temporarily allow all this page".

Re:You mean like (1)

santosh.k83 (2442182) | more than 2 years ago | (#39676793)

Exactly. For example slashdot wants to run scripts from four domains viz., slashdot.org, fsdn.com, doubleclick.net and google-analytics.com, but I allow only those from the first two, and that too only when I want to post a reply. Similarly for most other sites I find that allowing scripts from the same domain as the site is usually enough to enable essential site functionality.

Re:You mean like (1)

CanHasDIY (1672858) | more than 2 years ago | (#39679733)

Yeah those of us who care about security have been using NoScript for years but this will push the ignorant masses into better security.

A little bit... however, I doubt Mozilla is going to go as far as NoScript with the concept; likely, they'll stick to blocking media (read: Flash videos) and continue to allow the ad servers all the access they want.

Re:You mean like (1)

phayes (202222) | more than 2 years ago | (#39680001)

You're certainly right & that will mean that there will still be a good reason to use NoScript. However that doesn't mean that what Mozilla is planning still won't be a good thing for the less security consious.

Lol (-1, Troll)

Anonymous Coward | more than 2 years ago | (#39675483)

LOL. Flash may suck, but HTML5 is like Flash's mongoloid little brother. It's a half-assed freetard clone with most of Flash's failings but almost none of it's positives.

since flash on Linux is soon to be (1)

FudRucker (866063) | more than 2 years ago | (#39675491)

monopolized by google's chrome browser i would rather see HTML-5 make plugins like flash obsolete, i refuse to install google chrome just to have flash, and will remove the existing flash plugin at the first sign of vulnerability problems, for javascript and plugins i use noscript extension in firefox at the moment and if mozilla.org developers build something similar to noscript right in to the browser itself would be fine with me

HTML5 has half the frame rate of Flash (4, Interesting)

tepples (727027) | more than 2 years ago | (#39675729)

i would rather see HTML-5 make plugins like flash obsolete

So would I. But first, someone must fix these problems:

  • Make vector animations in web browsers implementing HTML5 Canvas play as fast as they do in Flash Player. This benchmark [themaninblue.com] gives about 40 fps for Flash on my computer and 20 fps for Canvas in Firefox.
  • Make a tool to author vector animations.
  • Make a way to reliably convert existing vector animated series, such as Weebl and Bob and Homestar Runner, so that they can be played through an implementation of HTML5. Smokescreen [slashdot.org] goes part of the way toward this.

Re:HTML5 has half the frame rate of Flash (1)

allo (1728082) | more than 2 years ago | (#39675815)

> vector animation
> canvas
you're doing it wrong.
you need to test scripted svg.

And SVG is even slower (2)

tepples (727027) | more than 2 years ago | (#39675941)

you need to test scripted svg.

Result of same benchmark with SVG [themaninblue.com] : eight times slower than Canvas.

Re:And SVG is even slower (1)

Anonymous Coward | more than 2 years ago | (#39676739)

They key here actually is that Firefox's SVG sucks - not that SVG in general sucks.

On my machine I get the following results for the test with the default parameters

Firefox:
      Canvas ~35 FPS
      SVG ~3 FPS

Chrome
      Canvas 40-50 FPS (bounces around a bit more than the other tests)
      SVG ~ 65 FPS

Re:And SVG is even slower (1)

allo (1728082) | more than 2 years ago | (#39677575)

flash html canvas svg with chromium.
with firefox, flash is the fastest and the rest is sucking.

good argument for using more chromium.

i really need to evaluate, how much of my data (history, bookmarks, etc.) can be imported and which extensions i would really be missing.

If analytics show a lot of Gecko (1)

tepples (727027) | more than 2 years ago | (#39680883)

good argument for using more chromium.

So if analytics show a lot of Gecko (Firefox, SeaMonkey, etc.) and a lot of MSIE, what's the most polite way to encourage the user to install one of the Chromium browsers so that the frame rate will become acceptable?

Re:And SVG is even slower (0)

Anonymous Coward | more than 2 years ago | (#39677317)

Flash, canvas, and HTML are all around 40 FPS in both Firefox and Chromium on my system,
whereas SVG is ~90 FPS on Chromium and ~20 FPS in Firefox.

Of course, it is much easier to link to some 2 year old graphs on some blog.

Re:HTML5 has half the frame rate of Flash (1)

Gordo_1 (256312) | more than 2 years ago | (#39676107)

That's funny because for me, with Win7/Firefox 11 on a Core i5 CPU with a recent Nvidia GPU, for a 2000 particle run I get 40fps in Flash and about 45fps using canvas.

http://themaninblue.com/experiment/AnimationBenchmark/flash/?particles=2000 [themaninblue.com]
http://themaninblue.com/experiment/AnimationBenchmark/canvas/?particles=2000 [themaninblue.com]

So I guess YMMV.

Re:HTML5 has half the frame rate of Flash (0)

Anonymous Coward | more than 2 years ago | (#39676375)

I have a similar setup (AMD GPU instead of Nividia) and am getting almost the same results as you. FF11 on Windows 7 as well.

SVG is slow though, it's practically a slideshow with 2000 particles.

Re:HTML5 has half the frame rate of Flash (1)

Desler (1608317) | more than 2 years ago | (#39676117)

I get ~42fps on my 3rd gen iPad for canvas. Either you have an old computer or Firefox's implementation is crap.

Five-year-old PCs in this recession (1)

tepples (727027) | more than 2 years ago | (#39677999)

Yes, it's a fairly old (2007 or earlier) desktop PC running Windows XP. But given the recent recession, I'd imagine that plenty of PCs of similar vintage are still in use, especially in workplaces.

Re:HTML5 has half the frame rate of Flash (1)

SScorpio (595836) | more than 2 years ago | (#39676169)

Flash gives me about 60fps, where canvas was staying right around 90fps with an occasional drop to 75fps, though Flash also did have some slow spikes. This is on Firefox 11 with the on CPU Intel graphics on a mobile i7.

Re:HTML5 has half the frame rate of Flash (1)

StuartHankins (1020819) | more than 2 years ago | (#39678843)

YMMV and all that, but I'm getting fastest results (42-43 fps) with canvas under Firefox 12 / Snow Leopard (there is an update I haven't applied yet, it just showed up). This is not a new machine by any standard -- it's a 2007 Core 2 Duo 2.4 MBP. I'm running Parallels with a Windows XP VM while testing, and I've got 2 X11 rdesktop sessions open (IOW if I wasn't at work and could close out everything, my results would probably be faster).

I get roughly the same under Flash, but it's very jumpy, with swings from 38-45 but returning to around 41 after the swings. You can feel the system under higher load once Flash starts up, but I don't see that with canvas.

At 42-43 fps, canvas is very usable for me on my older computer.

Re:HTML5 has half the frame rate of Flash (1)

Tubal-Cain (1289912) | more than 2 years ago | (#39679379)

HTML: 60 fps
Canvas: 87 fps
SVG: 85-90 fps
Flash: 33-36 fps

Chromium 17 & Flash 11-r1, on Debian testing.

Yes, I have Flash installed in my browser. (1)

QuietLagoon (813062) | more than 2 years ago | (#39675501)

So much so, that over 99% of internet users have Flash installed on their browser,' writes Mozilla's Jared Wein, the lead software engineer on the project, in a blog post.

Yes, I have Flash installed in my browser.

No, I do not have Flash enabled all the time in my browser. I only enable Flash for the particular content I want to view via Flash.

I already have the "click to play" option for Flash.

Re:Yes, I have Flash installed in my browser. (0)

Anonymous Coward | more than 2 years ago | (#39675699)

You're 99% of internet users?
That's great! I was hoping you could tell us why you use IE 6 2% of the time. Is there a specific web site you visit that's not compatible?

Re:Yes, I have Flash installed in my browser. (0)

Anonymous Coward | more than 2 years ago | (#39675731)

Yeah: thegpliscancer.org only works with IE6.

Bad TFA (1)

Anonymous Coward | more than 2 years ago | (#39675559)

The linked article says "Java scripts" but the actual blog post http://msujaws.wordpress.com/2012/04/11/opting-in-to-plugins-in-firefox/ [wordpress.com] she was writing about just says plugins. I'm guessing they wouldn't require permission for javascript.

Re:Bad TFA (1)

VGPowerlord (621254) | more than 2 years ago | (#39675889)

While it could have been worded better, Java scripts clearly has a space in the middle, meaning that the language being referred to is Java, not JavaScript.

They should have said Java Applets, though.

Re:Bad TFA (1)

hobarrera (2008506) | more than 2 years ago | (#39677209)

There's no such thing as a java script. Java is not a scripting language.

Little late there. (0)

Anonymous Coward | more than 2 years ago | (#39675607)

There's already several add-ons that do this.
Mozilla is slowly becoming that guy that pops in when the car is invented screaming how he just now invented a wheel.

99% do NOT have flash anymore (0)

Anonymous Coward | more than 2 years ago | (#39675617)

how many millions of apple handhelds are there? that 99% has to be significantly lower now.

Re:99% do NOT have flash anymore (1)

CharlyFoxtrot (1607527) | more than 2 years ago | (#39675835)

Yeah, looks like he forgot to count smartphone and tablet users. Maybe he meant 99% of Firefox users ?

There's a better solution (1)

daem0n1x (748565) | more than 2 years ago | (#39675757)

Just ban Flash outright! The whole world will be thankful.

Re:There's a better solution (1)

CharlyFoxtrot (1607527) | more than 2 years ago | (#39675907)

Ban plugins, their time has come and gone. The web's a very different place from when they were introduced in the mid 90's.

Re:There's a better solution (3, Insightful)

tepples (727027) | more than 2 years ago | (#39676039)

As I wrote in another comment [slashdot.org] , both Firefox's implementation of Canvas and Firefox's implementation of SVG are substantially slower than Flash Player at playing back vector animations. Furthermore, most web browsers don't provide an API for a JavaScript program to (ask the user's permission to) turn on the camera and microphone. Once Firefox's implementation of Canvas becomes competitive in frame rate and once a device API becomes widely implemented, I will become more inclined to agree with you. Until then, SWF is the only way to push certain features out to users of IE 8 who lack permission to install other browsers (e.g. work break room, public library) because Adobe Flash Player is far more widely installed than Google Chrome Frame.

Re:There's a better solution (1)

CharlyFoxtrot (1607527) | more than 2 years ago | (#39676301)

That's a vicious circle: things get implemented in Flash because the browser's too slow, browser features get a low priority because there's Flash to lean on, ... Third party plugins are the bane of the modern open web maybe it's worth dealing with breakages for a year if it forces the issue.

Re:There's a better solution (1)

Desler (1608317) | more than 2 years ago | (#39676409)

Or the users will just move to the browser that doesn't break things since they won't want breakage.

Re:There's a better solution (2)

CharlyFoxtrot (1607527) | more than 2 years ago | (#39676587)

Or the users will just move to the browser that doesn't break things since they won't want breakage.

Yeah, It'd require some consensus between Mozilla, Google and Microsoft although the first two would probably be able to force the issue on their own. Note that Apple's already there with iOS. The future is smartphones and tablets and they're already plugin-free, we just need the desktop to catch up.

Users who lack privs to move to another browser (1)

tepples (727027) | more than 2 years ago | (#39681441)

Or the users will just move to the browser that doesn't break things

In an office, public library computer lab, school computer lab, or other institutionally managed setting, it's not the user's choice; it's the IT administrator's choice. Users don't get to install browsers because they aren't administrators, and in some cases (such as AppLocker), users don't even get to download executables or bring them in on USB flash drives.

Re:There's a better solution (-1)

Anonymous Coward | more than 2 years ago | (#39676041)

Especially Java. Ban it, fire all Java weenie programmers and send them back to their 711 cashier and fry cook jobs.

Re:There's a better solution (0)

Anonymous Coward | more than 2 years ago | (#39676663)

Now we call them extensions? How is the web different? Browsers don't provide the capabilities the market demands, in a timely manner. Seems the same.

Re:There's a better solution (0)

Anonymous Coward | more than 2 years ago | (#39677121)

Extensions run as part of the browser, typically in some sandboxed interpreted language. Plugins are external native binaries. Their crashes and other foibles are big problems for your system, whereas extension problems affect only the browser.

Re:There's a better solution (1)

allo (1728082) | more than 2 years ago | (#39677717)

even native code could be run in a way, which cannot break your browser.

not good (1)

allo (1728082) | more than 2 years ago | (#39677697)

instead of stuffing more and more into the browser itself, put more of the stuff in plugins.

but not the old nsplugins, limited to their square area, but plugins which can for example improve the javascript engine, define new html-tags, and such stuff.
okay, much of this is done via javascript already nowadays, but everthing which would run faster with native code, should go to plugins. so what about and video? They could be plugins, just with a reasonable api, not the limited api which nsplugins use.

tl;dr: Plugins could mean, just make your code modular and load only when needed. Much like firefox-addons, but the concept should be cross-browser. At least stop putting more and more into firefox, when only a part of the users really use it.

Its already tested (1)

allo (1728082) | more than 2 years ago | (#39675769)

flashblock and noscript provide this option since a looooong time. They could just ask the users of these addons for their experience.

ClickToPlugin (2)

Maury Markowitz (452832) | more than 2 years ago | (#39675849)

I run ClickToPlugin in Safari for all the reasons above. During general browsing my fan no longer turns on and my battery lasts days.

FlashBlock (0)

Anonymous Coward | more than 2 years ago | (#39676535)

yay, so I can uninstall FlahBlock some day?

Scripting (0)

Anonymous Coward | more than 2 years ago | (#39676605)

Has anybody considered that some people don't like flyout menus and moving web parts? The main reason I use no script is to stop all this playing around with a website when I am there just to find some information. Now that flash and javascript are going to these new methods, I won't be able to turn off this stuff easily. What if I don't want a website storing information on my computer etc?

You mean... (1)

ledow (319597) | more than 2 years ago | (#39676871)

Like Opera's had for about 3 major versions now?

There's always the Flashblock plugin (1)

sl4shd0rk (755837) | more than 2 years ago | (#39676939)

"..Blocks Flash so it won't get in your way, but if you want to see it, just click..."

https://addons.mozilla.org/en-US/firefox/addon/flashblock/ [mozilla.org]

Re:There's always the Flashblock plugin (1)

hobarrera (2008506) | more than 2 years ago | (#39677175)

Came here to say exactly that. Looks like their intention is to integrate the functionality into firefox itself.

Re:There's always the Flashblock plugin (1)

allo (1728082) | more than 2 years ago | (#39677729)

like personas. put more stuff into the core, which works better as an extension.

Re:There's always the Flashblock plugin (0)

Anonymous Coward | more than 2 years ago | (#39677867)

This doesn't protect you from flash exploits, the SWF is still processed by the plugin.

yes, please (3, Insightful)

Tom (822) | more than 2 years ago | (#39679043)

On anything that is video (animated images count) or audio, I absolutely want confirmation.

I regularily open several tabs in the background, e.g. go through a news site, open all interesting articles in their own tabs, continue until end of summary page, then go read all of them. The next time some audio suddenly starts blasting through my speakers, drowning out my music, and I have to hunt down the fucking window that does it, I'll do berserk.

Seriously, audio in webpages should always require an explicit user start.

What am I missing? (2)

WillyWanker (1502057) | more than 2 years ago | (#39679453)

OK, I don't use Firefox, I use Chrome. And I have plug-ins disabled by default, so they all show up as grey boxes. If I want to run one I right click and select Run. How is this any different?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>