No announcement yet.

Pale Moon Project Rolls Out The Basilisk Browser Project

  • Filter
  • Time
  • Show
Clear All
new posts

  • Pale Moon Project Rolls Out The Basilisk Browser Project

    Phoronix: Pale Moon Project Rolls Out The Basilisk Browser Project

    The developers behind the Pale Moon web-browser that's been a long standing fork of Firefox have rolled out their first public beta release of their new "Basilisk" browser technology...

  • #2
    Since Firefox quantum Palemoon project doesn't make any sense anymore. Quantum project is a huge step forward to a better internet experience while XUL is something that belongs to the past.
    Last edited by Danielsan; 11-17-2017, 12:26 PM.


    • #3
      if you used ff57 and think that pre-57 firefox is better you certainly have some sort of problem with your head.


      • #4
        Firefox 57 is amazing, I love it!

        My co-worker likes it too, the first thing he told me was how fast it is.


        • #5
          People who are thinking that using Palemoon is a good idea should be warned. You are exposing yourself to significant security risks. NSAPI and XUL plugins were removed because they are dangerously insecure. Especially, keeping NSAPI is particularly ridiculous because there is no use case for it any more whatsoever( more on that in a bit), your just begging for problems. Both offered unrestricted access to the browser internals and the host OS.

          There is no use case for NSAPI any more because the browser has intentionally implemented a full spectrum multimedia API internally, for video, 3D, audio, and graphics. This was done intentionally, for security purposes. And with the realization, that a large number of users were using 3D and streaming video anyway via plugins, so it has become a ubiquitous part of the Web, especially due to 3D web games and video streaming such as Youtube. Most NSAPI plugins were implemented 3D content for online games, or streaming video, and scripting. The reason that NSAPI plugins proliferated was because the browser lacked good internal support for streaming video and 3D graphics. The fact of the matter is, implementing 3D technology and streaming video inside the browser in open source code, inside a secure kernel sandbox layer, is far, far, far safer than running proprietary closed source native code plugins via NSAPI. The vast majority of users were installed dangerous and insecure 3D and video plugins anyway, so its safer to do this in open source code in the browsers sandboxed processes.

          XUL plugins were removed because the API is inherently unsecure. To make it secure would require fundamental API changes anyway and would require code refactoring of extensions for the new model. The changes to the browser internals to make Firefox sandboxed and secure was going to break the XUL extensions anyway. So, Firefox chose to support the same extension API as google chrome. Since the extensions were being broken anyway due to internal architectural changes in the browser with an eye on security, have be refactored anyway to improve security, at least this way extension developers will be able to support both web browsers with the same code. The fact is with XUL extensions, they were breaking frequently already because extension developers were plugging deep into the browser internals in unapproved ways so when architectural changes were made, many XUL extensions broke.

          WebExtensions, the new API, basically runs extensions in a sandbox and allows fine grained access control and user notification of the permissions that a extension is requesting, the extension will be then confined to those permissions. It would have been difficult to maintain compatibility with XUL extensions due to the increase security sandboxing that is being implemented in Firefox 57, which requires internal architectural changes that will break compatibility with legacy extensions anyway, especially since legacy extensions were often plugging in deep into the browsers internals in ways that were not sanctioned, so when an internal change was made to the browser, extensions would break. WebExtensoions provides a much more stable API that avoids this keeps the add-ons to a set of well defined contract APIs. This is being done soley to protect users from malicious code. The Firefox Extensions repository was becoming very difficult to police, and difficult for Firefox to ensure the safety of the extensions which were being posted there. Because WebExtensions starts off with a more sandboxed and fine grained security model, it helps do a better job protecting users.

          I'm telling you, the sole concern of Firefox in these changes is the safety and security of the users. These changes were not taken lightly but were done because they are necessary to protect our users from an increasingly dangerous internet. The attitude of Palemoon shows a flagrant and cavalier disregard for security by embracing dangerous old technologies which are breeding grounds for attack. Palemoon does not have the critical sandboxing features that are being implemented in Firefox to protect users. They continue to support dangerous NSAPI which encouraged websites to induce people to download dangerous native code extensions full of buffer overruns and with no sandboxing or access control.

          It was an invitation for instead of developing secure sandboxed code to run inside of the browser sandbox, web developers relied on a slew of closed source external plugins, often native code plugins like Unity3D and flash, that only ran on a few OSs and were turning the Internet into a propreitary content platform where you needed closed source OSs and plugins to be able to access content. By eliminating Unity3D and Flash and replacing them with internal browser 3D and video APIs, running in an isolated sandbox, (absolutely necessary to cover the Youtube and online gaming use cases) we increased security and we made all content on the internet available by open source code on virtually all operating systems.
          Last edited by jpg44; 11-17-2017, 11:57 AM.


          • #6
            I used Pale Moon years ago when it was basically a 64bit port of firefox. Then they started removing some "crud" firefox added and that was okay, but then they doubled down and started to refuse to implement genuinely good features of Firefox while arbitrarily removing other stuff. It lost its way and hasn't been relevant since.


            • #7
              I've watched huge projects like StarOffice, Lotus Symphony, and now OpenOffice falter or fail completely over the years. If it weren't for The Document Foundation and LibreOffice forking OpenOffice at just the right time, the Linux desktop would be in very bad shape right now.

              So I'm supportive of forks like Pale Moon. I have used it and don't personally like its interface compared to Firefox, but I appreciate all the hard work the developers are doing to keep a working fork alive and to keep a browser available for people who rely on older extensions. There's no guarantee that Mozilla will always be a responsible steward of the Firefox project.


              • #8
                Originally posted by 89c51 View Post
                if you used ff57 and think that pre-57 firefox is better you certainly have some sort of problem with your head.
                Sorry man, dumpling modifier issue, for "this" I meant Palemoon so just FYI I am pretty fine.


                • #9
                  Originally posted by jpg44 View Post
                  <snip whinging about security>
                  Ok, yeah the plugin api is pointless now. But XUL plugins are great. Yes they aren't sandboxed or anything, that's the goddamn point. They have the full power of the browser. As good as jumping in and modifying the browser source code, except you don't have to know C++ and they can be distributed in a more convenient form than patches/git pulls or whatever than you then have to build. And yeah that means you have to be careful which ones you use... no different than you have to be careful what rando windows app you download and use.


                  • #10
                    Anyway, back to this announcement, what exactly is this? "UXP" sounds a bit like the old XULRunner initiative... but how is Basilisk any different from PaleMoon? It almost sounds like it is just the equivalent of FF's beta or nightly channel....