Exciting Stuff: Firefox 19’s Built-in PDF Viewer

Firefox 19’s built-in PDF viewer is pretty exciting — not just because Firefox (finally!) has a PDF viewer, but because it’s written in JavaScript. Why is that exciting?

First, we’re always looking to extend the web platform’s capabilities. Writing a PDF rendering engine in JavaScript pushed the platform’s boundaries. We learned quite a bit while working on our PDF viewer, and we used that information to improve Firefox and the web platform in general [1].

Second, being written in JavaScript is great for security. The alternative, pursued by all other browsers with built-in PDF viewers, is to include another binary rendering engine alongside the HTML and JavaScript engines. Adding hundreds of thousands of lines of C and C++ code to render PDFs is not a good thing for security. Complex binary engines are hard to secure, and PDF engines are no exception — ask Adobe or FoxIt. Mozilla’s built-in PDF viewer will not be without vulnerabilities, but they will be vulnerabilities in the web platform that we’re already committed to securing — we’re not adding to the problem.

There’s still work that needs to be done, but Firefox and the Web took a big step today!

[1] e.g. improved font handling, canvas APIs, and JavaScript performance.

Mozilla Joining ISOC in Support of IETF Activities

Mozilla has been significantly increasing its participation in IETF working groups over the past couple of years. This has coincided with increasing investments in the networking layers of our software and the Web platform. Today we’re heavily involved in IETF working groups relating to key Internet technologies such as TLS, HTTP and HTTP/2, RTCWeb, WebSockets, and others.

We think it’s important to support the standards groups in which we participate, so I’m pleased to announce that Mozilla has become an ISOC (Internet Society) Silver member. Among other things, ISOC provides administrative and organizational support to the IETF. We believe supporting ISOC and, by extension, the IETF, is a solid investment in terms of our mission to promote openness, innovation and opportunity on the Web.

Mozilla Removing Support for the ‘java’ and ‘Packages’ DOM Objects

We have removed direct access to Java from the DOM in Gecko. Specifically, we have removed support for the ‘java’ and ‘Packages’ DOM objects. These are not part of any web standards and we don’t believe they are good for the web.

Script can still interact with Java plugin instances via NPRuntime, authors simply have to instantiate a Java plugin instance to script against.

This change will be in Firefox 15. See Mozilla bug 748343 for more information.

IETF 83 (Paris), HTTP/2.0, and Encryption

I attended IETF 83 in Paris this past week with my fellow Mozilla networking team member Patrick McManus. This was my first IETF meeting, and it won’t be my last given how productive and enjoyable it was.

Our primary goal was to participate in the HTTP(bis) working group, where we hope to standardize SPDY, possibly under the label HTTP/2.0. I learned quite a bit about how the IETF standards processes work and greatly enjoyed spending time with many of the people involved.

We’re excited about what SPDY has to offer in terms of security and performance. The HTTP/2.0 proposals based on alternatives to SPDY (or that deviated significantly) were interesting, but I’m still convinced that the solution we end up with should be based largely on SPDY. I can hardly imagine a proposal that better exemplifies “rough consensus and running code,” with plenty of data confirming its benefits.

I’m also more convinced than ever that encryption (e.g. TLS) should be a requirement in HTTP/2.0. This is the right thing to do for our users and there is now plenty of data available to debunk myths about unacceptable deployment costs. Mozilla has a strong history of standing up for user security and privacy and hopefully we’ll continue with that tradition by strongly opposing any solution that does not require encryption. Perhaps we should go so far as to decline to implement any non-encrypted solution that might be specified.

Mozilla’s Networking Team in 2011

Mozilla created a networking team as part of the platform engineering group in April of 2011. There are nine of us now, spread out around the world, with me managing. We’re responsible for Gecko’s networking stack, including network protocol support, security, and caching. I want to share some of the things we did in 2011.

We landed a SPDY implementation for the upcoming Firefox 11. SPDY will remain pref’d off until we’ve completed testing and various reviews, but it works quite well already. We’re working with Google to properly standardize SPDY.

We added support for the latest WebSockets specification. Firefox 11 currently has WebSockets enabled in standard form, without our vendor prefix.

Firefox 11 also includes SSL performance improvements. We can now negotiate SSL connections in parallel, on multiple threads, instead of serially on a single SSL thread.

We’re looking forward to increased IPv6 usage and we want to make sure that Gecko handles it well. In the past year we’ve improved IPv6 auto-detection, proxy support, and security. These fixes are spread out among a number of Firefox releases.

We made a number of improvements to HTTP pipelining in 2011, largely related to batching and ordering requests efficiently. HTTP pipelining is interesting because it’s an improvement to an existing, widely-used technology, but it has compatibility issues. Pipelining is currently only in use for our mobile products, where the risk/reward ratio is clearly in its favor, but we may enable it for desktop products next year.

Performance on Android is a priority for us. One optimization for Android that we’re particularly happy with is a major DNS performance improvement, which is detailed in a previous post. We also did the work necessary to enable our disk cache on Android.

Networking performance can be hard to test due to the variety of network conditions users can be operating under. In order to add flexibility to our testing capabilities we developed a system called NeckoNet. NeckoNet is a software suite including, among other things, a web server (Apache), talos, and a modified netem kernel module. We provide a Linux VM with all of this properly set up. Using NeckoNet, we can adjust bandwidth, packet loss and latency for network tests.

We’ve also made many other bug fixes and optimizations, conducted security reviews, and spent time planning future work.

In case you want to follow our work in the future, I’ll point out some of the ways in which we communicate (in addition to B.M.O.). Mozilla’s main networking wiki page has links to a number of pages we use to stay organized, including quarterly goals. Starting in January 2012 our team meetings will be open, with dial-in information posted on the mozilla.dev.planning newsgroup the day before the meeting. These meetings happen at 10am Pacific every other Tuesday. We’re also going to try to blog about what we’re doing more often. Any blog posts will be syndicated to Planet Mozilla.

Improving DNS Performance in Firefox for Android

Mozilla has been working hard to improve Firefox on Android. The following is a guest post from Steve Workman of Mozilla’s networking team which describes an effort to improve DNS performance. – Josh

It started with some crashes on Android that were due to getaddrinfo being called from multiple threads. The problem was that the version of getaddrinfo supplied by Bionic (Android’s minimal-but-fast libc implementation) in pre-Honeycomb Android isn’t thread-safe. This is because fopen/fclose etc. aren’t thread-safe. Multiple accesses were being made to a file pointer when reading the local hosts file, resulting in crashes.

Why were we calling getaddrinfo on multiple threads? Calls to getaddrinfo can block until a response is received from a DNS server. This can take a while, especially if there is a problem and we wait for the timeout. Making parallel getaddrinfo calls allows us to cut down on waiting and get more done at once. Sockets can be opened sooner, HTTP requests can be sent sooner, and ultimately your content can be received and displayed sooner. Not being able to make parallel calls to getaddrinfo would be a serious performance regression, especially on mobile where round trip times are generally longer.

First we needed a quick fix for the crash – a performance regression is better than a crash regression. We temporarily serialized calls to getaddrinfo and prefetching (predictive DNS resolution) was disabled.

After that, we decided to provide our own thread-safe version of getaddrinfo, bypassing Bionic’s. Our implementation would have mmap‘d access to the local hosts file, using open/close directly, thus providing a thread-safe function. However, since we were dealing with a library-exposed function, it meant calls to functions and use of structures which were not exposed; at least not officially. After a few failed attempts in which we were trying to get away with dependencies on some unofficially exposed symbols, we finally pulled in a pretty complete version of the host resolver from Gingerbread. This added to our library size a bit, but it allowed for parallel calls to getaddrinfo on Android again. Given the potential for such calls to block for the duration of a DNS request, we believe this is a good tradeoff.

This change is currently scheduled to ship in Firefox 11.

Steve Workman

2011 Favorite Restaurants (in the U.S.)

It has been a little over a year since I put together my first list of my top ten favorite restaurants in the U.S., along with some honorable mentions. Things have changed over the past year, though there was no movement in the top four.

  1. La Belle Vie (510 Groveland Avenue, Minneapolis, MN)
  2. Grocery (288 Smith Street, Brooklyn, NY)
  3. Burma Superstar (309 Clement Street, San Francisco, CA)
  4. Hard Times Café (1821 Riverside Avenue, Minneapolis, MN)
  5. Frankie’s 457 (457 Court Street, Brooklyn, NY)
  6. Amber Indian (2290 West El Camino Real, Mountain View, CA‎)
  7. Saad’s Halal Restaurant (4500 Walnut Street, Philadelphia, PA)
  8. Jasmine Deli (2532 Nicollet Avenue, Minneapolis, MN‎)
  9. Boqueria (53 West 19th Street, New York, NY)
  10. Maialino (2 Lexington Avenue, New York, NY)

Worth mentioning: