RE: Hackers spent at least a year spying on Mozilla to discover Firefox security holes – and exploit them

Cathal (Phone) cathalgarvey at
Sun Sep 6 05:28:49 PDT 2015

TBF, Servo is kind of a total rewrite of exactly the sort the world needs: memory and type safe from the ground up.

What Servo needs then (besides 'completion') is a type/memory safe JS engine to replace Gecko, and likewise a LibreSSL-like replacement for OpenSSL.

While they've got nothing to lose though, they should go further than a mere reboot. They should resume *leading* FFS, for example by making their JS engine strict by default so they become the go-to development browser again. "If it works on FF it will work anywhere" would be a nice selling point I think.

They should also take privacy seriously and totally rethink their funding model. Patreon? Premium versions? I don't care, almost anything but built-in ads and bloatware will do. 

Baking in P2P in a real way would be nice. WebRTC-based replacement for Bittorrent Sync? Peer to Peer calls using Jitsi instead of (vomit) "Hello"? P2P filesharing and content publication, backed by subscription for "available while I'm offline"?

Loads of scope for Mozilla and not enough vision. I hate Google more than what Mozilla are becoming but that doesn't mean I'm proud to use FF. It kills my battery, WebRTC is still broken, and it keeps getting worse.

On 6 September 2015 12:01:39 IST, Peter Gutmann <pgut001 at> wrote:
>Juan <juan.g71 at> writes:
>>On Sat, 5 Sep 2015 18:35:37 +0300 Georgi Guninski
><guninski at> wrote:
>>> Likely the mozilla u$a comrades caught the less skilled attackers,
>>> not those with r00t access (having in mind what a mess
>>> their code is).
>>Ah, but firefox keeps getting an even cooler GUI every day. How can
>you not
>>like them?
>Not to mention their plan to deprecate their extension API, which is
>the only
>thing still separating them from actually being Chrome.  It looks like
>could be a race between them naturally driving their market share to
>before the API-deprecation, or the API-deprecation forcing the issue.
>What we'd really need is a reboot of the project to take it back to its
>removing layers and layers of accumulated bloat and "features" no-one
>run by dedicated developers who actually listen to their users rather
>doing whatever they think is trendy (mostly just cloning Chrome) and
>it on their users.  It'd be like Firefox rising anew from the ashes. 
>could call it, oh, I dunno, something like "Phoenix".

Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3219 bytes
Desc: not available
URL: <>

More information about the cypherpunks mailing list