[HN Gopher] Porting Firefox to Apple Silicon
___________________________________________________________________
Porting Firefox to Apple Silicon
Author : sylvestre
Score : 376 points
Date : 2021-01-20 16:48 UTC (6 hours ago)
(HTM) web link (hacks.mozilla.org)
(TXT) w3m dump (hacks.mozilla.org)
| Toutouxc wrote:
| > It's notable that without this last-ditch effort we would have
| been effectively blocked from releasing a native Apple Silicon
| version for an indefinite period.
|
| Effectively blocked from releasing it for the single-digit-
| percentage of people who run an antivirus on a Mac.
|
| Does anyone have credible numbers on this?
| dilly_li wrote:
| i.e. all the folks who are using a macbook from work -- I don't
| think that's a small fraction.
| terhechte wrote:
| The IT department at the place where I work installs antivirus
| on all Macs. I'd guess it is the same at most bigger
| corporations
| green-bottle wrote:
| A bit tangential to the main topic of the post. They mention that
| they are working on another optimizing compiler Ion which will
| replace the cranelift compiler (which is still in nightly) as the
| new compiler for WebAssembly.
|
| They link the issue [1] tracking the change which also speaks
| about disabling cranelift.
|
| To my knowledge cranelift was made for the purpose of compiling
| WebAssembly in Firefox, so I am not sure if I am missing
| something here (it's not yet production ready maybe). The
| Cranelift README[2] mentions that it will be a backend for
| IonMonkey.
|
| I am a complete layman here so I am curious if someone here has a
| better understanding.
|
| [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1687626
|
| [2]
| https://github.com/bytecodealliance/wasmtime/tree/main/crane...
| kibwen wrote:
| _> They mention that they are working on another optimizing
| compiler Ion which will replace the cranelift compiler (which
| is still in nightly) as the new compiler for WebAssembly._
|
| Ion (nee IonMonkey) predates Cranelift, being the natural
| evolution of Mozilla's previous SpiderMonkey JITs. From your
| link:
|
| _" Prototyping work (bug 1678097) has demonstrated that Ion
| can generate good code quickly for wasm on ARM64, and given
| that Ion has good stability and we know it well, we will ship
| it as the initial optimizing compiler for wasm on that
| platform."_
|
| The keyword being "initial"; it appears to just be saying that
| Ion is good enough to enable, with support for Cranelift being
| retained in the event that it ever surpasses IonMonkey in
| capability.
| twic wrote:
| I think the situation is:
|
| Cranelift - experimental, quick to port
|
| Ion - production, slow to port
|
| So Firefox on Apple Silicon got Cranelift first, but only in
| nightlies, and will soon get Ion in release builds - "become
| the new default" means it will replace the baseline compiler.
| IainIreland wrote:
| (I work on SpiderMonkey.)
|
| Cranelift was originally started as a project to make a new
| backend for wasm in SpiderMonkey. It took on a life of its own,
| and has been transferred by the Bytecode Alliance (which
| Mozilla is a part of). At the moment it's not mature enough for
| us to use in production (both in terms of performance and in
| terms of code churn). We're hopeful that will change over the
| next few years, but we need to ship wasm support now, so we're
| sticking with our existing backend.
|
| (We intend to keep Cranelift working behind a compile-time
| flag.)
| shrimpx wrote:
| FYI you still cannot get a full native experience with Chrome and
| Firefox, due to plugins that have not been ported.
|
| For example Chrome ships with an x64 version of Widevine, a
| plugin that is required to watch live streams on YouTube TV (and
| perhaps other services with live TV). Currently, YouTube TV does
| not work natively in Chrome or Firefox.
|
| All that said, it will work fine if you run Rosetta -- the x64
| decoder will run in Rosetta.
| bla3 wrote:
| The post talks about this in some length.
| [deleted]
| r00fus wrote:
| > The Apple Silicon chips are one of the first desktop chips that
| are a heterogeneous design with distinct performance and
| efficiency cores. We're revising much of our core threading and
| thread pooling architecture to handle the distinction better,
| improve efficiency, and eventually be able to schedule less
| performance-critical tasks on the efficiency cores.
|
| I found this bit interesting. Likely more prevalent in mobile
| apps, but perhaps shifting desktop code to Big.Little approach
| and using core affinity will result in a lot less wasted energy.
| markdog12 wrote:
| Got a kick out of one of the bugzilla links:
|
| https://bugzilla.mozilla.org/show_bug.cgi?id=34572
|
| "Use native context menus on Mac OS"
|
| "Opened 21 years ago"
| loufe wrote:
| We talk often on this forum of how innaccessible giants like
| Google and Amazon are for the little guy. I thus found this point
| particularly interesting:
|
| >"Attempts to contact the vendor through regular support channels
| were unsuccessful so we ended up searching LinkedIn and managed
| to find an engineer working on the core antivirus detection. They
| immediately understood the seriousness of the problem and took
| prompt action to get a fix shipped, thus preventing quite the
| disaster for the users of this product. It's notable that without
| this last-ditch effort we would have been effectively blocked
| from releasing a native Apple Silicon version for an indefinite
| period."
| [deleted]
| dubcanada wrote:
| Obviously there is more to it then what I am going to say, and
| who knows with remote workers where people are.
|
| But Apple and Mozilla headquarters are 5 miles apart (roughly).
| Couldn't you just walk/drive/scoot/fly/what ever over and talk
| to someone?
| djrogers wrote:
| Setting aside that the problem with AV had nothing to do with
| Apple, for the most part nobody was working at either of
| those offices over the summer (2020, remember?). Also, which
| of Apple's 130+ Silicon Valley offices are you going to go
| to, and who do you ask for when you get there?
| dak1 wrote:
| It sounds like this was an issue with an independent
| antivirus vendor, not Apple.
| dblohm7 wrote:
| Also, pandemic, remote workers, etc. gcp and the engineers
| who worked on this do not live in SV.
| milkytron wrote:
| I'd imagine that security and the front desk are going to
| prevent anyone from entering to meet with specific teams or
| individuals without an appointment.
|
| If you knew someone and had scheduled time with them, then
| yeah I'm sure you could hoverboard your way over.
| meibo wrote:
| The antivirus industry is the biggest player of the modern
| adware/malware crisis.
|
| The dark patterns used in software like AVG and avast, both
| making every system I see them on so slow that they might as
| well be unusable, are all focused on getting more installs, be
| it to force people into getting whatever "premium" subscription
| or harvesting data(e.g. attaching themselves to every sent
| email like a _virus_ ).
|
| There are very few that I could actually recommend, like
| Malwarebytes - for most users, Windows Defender will be more
| than enough nowadays. I haven't used a mac in a while, do you
| actually need AV on them today?
| sjg007 wrote:
| I mean there is mac malware and some of it is quite
| sophisticated. The compiled apple script bitcoin miner being
| one of the more ingenious ones. But those were distributed
| through pirated applications. There are probably a few zero
| days as well that maybe an AVE package could help stop if a
| signature is rapidly distributed. Ignoring the fact that the
| AV engine itself is a target too.
|
| Most people using only the app store helps cut that down.
| wlesieutre wrote:
| The one in recent memory for me is the KeRanger ransomware
| that was distributed in the official Transmission
| installer.
|
| https://unit42.paloaltonetworks.com/new-os-x-ransomware-
| kera...
|
| _> Transmission representative John Clay told Reuters via
| email that the ransomware was added to disk-image of its
| software after the project's server was compromised in a
| cyber attack._
|
| _> "We're not commenting on the avenue of attack, other
| than to say that it was our main server that was
| compromised," he said. "The normal disk image (was)
| replaced by the compromised one."_
| setpatchaddress wrote:
| Just to answer the original question: that's an example
| of something Apple handled -- no external AV required.
| wlesieutre wrote:
| Yes, although it snuck by Gatekeeper to begin with by
| being signed by another developer account.
|
| Would make it past Apple's new notarization scheme these
| days?
| lizknope wrote:
| My work laptop runs Windows. It runs Outlook, Chrome, Slack,
| and Exceed to connect to a remote Linux server where I do all
| of my work. At random times throughout the day the fan will
| get really loud. When I run the process viewer tool during
| this time I see things using 100% CPU. It's a Core i5-8350U
| with 8GB RAM and during these times it gets almost unusable.
| I've googled a few of them and they always seem to be
| antivirus things.
|
| At home I have over 8 Linux machines and the only times their
| fans get louder are when I am actually running a video
| encoding program or something CPU intensive like that. Some
| of them are slower with only 4GB RAM and they are always
| responsive.
| ksec wrote:
| >It's notable that without this last-ditch effort we would have
| been effectively blocked from releasing a native Apple Silicon
| version for an indefinite period."
|
| And they are Mozilla. Imagine Indies.
|
| The Modern Day Apple requires you to get some Mainstream Media
| publish about How Apple block Open Sources Software to be
| running on M1 before Apple saw the PR damage and start acting
| on it.
| mlyle wrote:
| This was about Cylance being jerks, not Apple. I've fought
| Cylance quite a bit on Windows for flagging open source
| software as malware, too (and they fail to respond / fix).
| tyingq wrote:
| Oh wow. So in this case, a foundation with roughly half a
| billion in revenue per year is still somewhat of a little guy,
| at least for the standard process. I'm curious which antivirus
| vendor it was. Mozilla did eject a few extensions written by
| antivirus vendors in 2019, probably for good reasons.
| TwoBit wrote:
| AV vendors and software are cancer.
| gigatexal wrote:
| It's not like Mozilla is a nobody software outfit. For this to
| be what they had to do go get someone's attention at Apple is
| terrible.
| lambada wrote:
| It wasn't Apple they were trying to contact, it was a random
| anti-virus vendor who were flagging all new Universal
| Binaries as malware.
| robin_reala wrote:
| I guess this was Cylance: I ran into this one on my work laptop
| with Firefox Nightly and managed to get it escalated internally
| from us too.
| jmull wrote:
| They are being very careful not to identify the anti-virus
| vendor.
|
| So it's hard to tell if the size of the vendor is the issue
| here.
| selykg wrote:
| My experience working with antivirus vendors is... not good.
|
| Product I used to work on had frequent false positives from
| antivirus software marking certain files as having some malware
| or whatever in it.
|
| It's super unpleasant trying to get those changes pushed out.
| Glad that they were able to get some resolution quickly,
| usually that isn't the case, at least in my experience.
| duxup wrote:
| I was a back channel route to engineering at a company I worked
| for a while. A few of the engineers trusted me and a couple
| select customers / sales guys knew they could come to me to run
| a bug by me 'in theory' and if we had enough information I
| could unofficially run it by engineering without going through
| the song and dance of the typical support channels.
|
| I could get a quick ya or nay form them on some things and it
| was so much faster for everyone involved.
|
| If it was a ya, I knew we had something, still more work to do
| but the case would skyrocket through the usual channels and
| engineering was engaged and ready.
|
| If it was a nay, the usual channels it went and everyone was ok
| with that.
|
| The engineers would give me a few minutes knowing I wasn't
| going to bring them poorly thought out garbage, I would limit
| the rate of these special situations, and special customers /
| sales guys could get the job done way faster.
|
| It was a well known process by those who knew about it... but
| not everyone knew.
| zerkten wrote:
| This exists in almost every company by design. Engineering
| teams wouldn't make any progress towards their mission if
| they are constantly dealing with outside interruptions, but
| at the same time there are things which should be qualified.
|
| Customer support is a cost center and the focus is on
| mitigating the cost of providing that support. If you fail to
| do this you can burn through a lot of cash quickly. What
| management needs to realize is that this is also an important
| interface point which requires attention. This doesn't happen
| at all, or is inconsistent.
|
| It's important for at least the following to happen:
|
| 1. Bad issues that engineering will fix don't get stuck in
| support.
|
| 2. Product management review and respond to feature requests,
| or enable support to respond to customers.
|
| 3. Support have a reasonable level of technical and
| communication skill, and are empowered to answer for the
| company.
|
| 4. The organization works through rather than around support.
|
| What I've always found interesting, is that all of these are
| often failing in some way at the same time in an organization
| of any size.
|
| Your role as the back channel is helping to provide some
| coherence here. However, things can go bad if you left.
| Inevitably, this is the fault of the company, but when I've
| found myself in this position I've tried to "promote" people
| in support to take the lead on this role. Further,
| formalizing the special request process to be minimally
| tracked helps visibility with my manager and others.
| Eventually managers ask why you have become a gopher.
|
| Improving the workflow often involves helping support build
| relationships with engineering. Management can buy in if
| support attrition is high (it often is if there is a limited
| career ladder for support) and it can also improve their
| perception when people are focused on trimming support cost.
| magicalhippo wrote:
| > Customer support is a cost center
|
| For us, great customer support is one of our stronger sales
| arguments. In fact we've not had to push hard on sales due
| to our customers calling former colleagues who moved to a
| competitor to tell them "you have got to get this
| software". Having great support has been key to this
| experience.
|
| Most of our support people have been recruited from our
| customers, so they know not just our software well but the
| processes and regulations around it, allowing them to
| quickly understand the issue at hand and offer relevant
| help.
|
| So while it might look like a cost center on paper, I'm
| quite certain it's a massive net gain overall.
|
| Of course as you say, we work hard to mitigate the cost of
| providing that support, like routinely looking at
| implementing changes that'll reduce repeat support issues.
| Maybe as simple as reworking a dialog text, to adding more
| automation.
| cosmie wrote:
| > What management needs to realize is that this is also an
| important interface point which requires attention. This
| doesn't happen at all, or is inconsistent.
|
| > What I've always found interesting, is that all of these
| are often failing in some way at the same time in an
| organization of any size.
|
| The formalization of it is frequently the cause of it
| failing or being inconsistent. Once it's a workflow that's
| explicitly acknowledged and condoned by management, it will
| start to lose its effectiveness. As an official express
| lane between customers and engineering, every account/sales
| person will become aware of it and overload it, either in
| the general course of supporting their client portfolio as
| much as possible, or even worse, by making this internal
| express route known to clients, as they can get incremental
| revenue by branding it as a "VIP Support" service or to
| make at-risk clients feel special. Which will eventually
| end up in actual client contracts in some form or another,
| opening the door to client abuse (or misuse) as well as
| causing legit cases that would have gone through this
| implicit channel to get routed to and trapped in normal
| support because the client at hand didn't pay up for the
| express lane.
|
| You've also replaced a channel built off of relationships
| and mutual trust/respect into one based on official
| responsibilities and inertia, and all the hazards that
| entails. Such as political/managerial turf wars that add
| friction to the process, as well as cost minimization
| efforts that deskill the role over time and profit
| maximization efforts that overwhelm the capacity of the
| role, alienating the engineering team and undermining the
| entire intent.
|
| ... not to say it's impossible. But that's generally why
| you'll see it failing in some capacity any time you witness
| it, because it's almost impossible to maintain equilibrium
| the moment you officiate it.
|
| An alternative that tends to be more lasting is for
| management to _actively facilitate organic growth_ of these
| sorts of things. Enable and encourage and provide
| opportunities for inter-departmental relationships and
| lines of communications to form. That way there is no
| single "back channel", and organic lines of communication
| between different parts of the org are robust against the
| loss of a single node.
| coliveira wrote:
| The biggest problem we have in software engineering is the
| lack of support staff. You don't think a civil engineer has
| to deal with minutiae of paperwork, but software engineers
| for some strange reason think it is ok to be inundated by
| clerical work all the time. The industry eventually must
| evolve to create software assistants capable of running
| code, triaging bugs, etc.
| duxup wrote:
| It's funny you mention that. I was a support drone when I
| was in the situation I described above.
|
| But support being support ... it is eventually devalued
| and I chose to learn to code to move out of those types
| of roles.
|
| When I moved on (through a somewhat handy acquisition and
| layoff and etc) some engineers reached out to me to join
| the support team there.... but I was done with support
| (and other factors).
| techsupporter wrote:
| > The industry eventually must evolve to create software
| assistants capable of running code, triaging bugs, etc.
|
| In my opinion, we had this. They were your senior support
| staff or were operations; some companies combined this
| into a formal role called "Support" or "Service"
| "Operations."
|
| But then we as an industry decided that operations is
| bad[0] and if you write the code then you can obviously
| test the code, deploy the code, maintain the code, and
| support the code. Then every Hip And Cool Start-Up
| adopted the model of "sysadmins and support staff are bad
| because we've had bad experiences in the past so we will
| also have our devs talk directly to customers until they
| get tired of doing that and we just replace it with a
| contact form encumbered by CAPTCHA and a no-reply e-mail
| address."
|
| As someone who has greatly enjoyed, been very good, and
| very well paid (so my employers agreed that I was good at
| it), at support and operations roles only to see them
| disappear into the inky void of Everyone Codes All Of The
| Time, I am both biased and frustrated.
|
| 0 - Because money, I suspect.
| jkaptur wrote:
| The binary distinction between "cost centers" and "profit
| centers" has always seemed arbitrary to me (especially
| since, as an engineer, I've been in both without my work
| being substantially different).
|
| To be frank, it seems like an organizational way to say "we
| don't find this work to be valuable or interesting, and
| we'd like to do the bare minimum of it - in fact, we'd like
| to unleash smart people to explore new frontiers of just
| how minimal the bare minimum could possibly be."
|
| It seems like this leads to incredibly predictable
| problems: brain drain, demoralized workers, the bare
| minimum being aimed for and not actually being achieved,
| etc.
|
| I feel like a better organization has no "cost centers" -
| every single role at the company contributes to the mission
| and to the bottom line. If they didn't, that position
| wouldn't exist.
|
| What am I missing?
| ddingus wrote:
| Not much.
|
| "Cost center" can be transformed into something else
| given both an understanding that support can and should
| contribute to future sales, and an organization capable
| of putting that understanding to work.
|
| I have seen a similar scenario in manufacturing where
| various setup, prep, quality tasks are seen as cost
| centers and minimized.
|
| Doing this kind of thing has ripple costs. Always.
|
| In a perfect world, we make software, or hardware, and it
| just works and people grok it.
|
| In the one we live in, these are fantasies and we can
| choose to understand, recognize the value, or not and get
| the benefits or not.
|
| The users, customers, move from role to role, and support
| often determines their willingness to use the product
| again. That is straight up powerful marketing by
| referral.
|
| Support often is the first to understand a user, customer
| needs an option too, or add on, replacement, preventative
| maintenance. Done right, these leads into lean,
| consistent sales.
|
| "Cost center" to me has always been a bit silly in this
| way. There is opportunity to add value throughout the
| chain of people, process, machines, systems that are all
| necessary to properly conceive, realize and deliver
| something to others.
|
| One thing often missed along with failing to understand
| value is failing to ask to be compensated for it.
|
| Doing things in a robust, high value for the dollar way
| is not the cheapest way, in terms of raw product price,
| and depending, size of margin.
|
| But, we do get what we pay for too, and the lowest price
| often comes with externalities paid by both the
| enterprise and its customers too.
|
| Sometimes I see this all framed as a luxury. That is just
| as much of an error, and does come with unnecessary costs
| and or poor alignment with actual value.
| cat199 wrote:
| > What am I missing?
|
| not much, or everything -
|
| it's basically an accounting term on how you are tracking
| an expense and so it is very insightful as to how the
| effort of your project,group,department etc. is perceived
| by upper mgmt
|
| so "we don't find this work to be valuable or
| interesting, and we'd like to do the bare minimum of it -
| in fact, we'd like to unleash smart people to explore new
| frontiers of just how minimal the bare minimum could
| possibly be."
|
| is pretty spot on, if the effort has been (mostly
| arbitrarily) categorized as such..
|
| when i learned the accounting theory behind it, it
| suddenly illuminated managment attitudes in
| current/previous jobs - literally in some orgs overly
| reliant on this perspective there is literally nothing
| certain efforts can do through official channels to be
| viewed as 'valuable' ..
| noizejoy wrote:
| x% of support requests are of questionable nature - to
| mention just a few categories:
|
| * people expecting to use a sophisticated tool (for doing
| complex business processes requiring special know-how)
| without paying for and spending time on adequate
| training)
|
| * people unwilling to RTFM, google, youtube, etc.
|
| * people whining when a general purpose tool doesn't fit
| their exact workflow to a tee
| ddingus wrote:
| Those are all sales and service opportunities, BTW.
|
| Back in my support role for higher end software, I flat
| out hit numbers comparable to sales and generated a ton
| of great leads.
|
| Fact is, people do what they do and they have their
| reasons.
|
| Judging them and acting on that judgement by
| marginalizing an important and necessary part of the
| process has a higher net cost to the world, and often the
| enterprise, than just doing those things reasonably does.
|
| Net happiness goes up too. True for the enterprise and
| users, people at large.
| noizejoy wrote:
| Not all sales and service opportunities have positive ROI
| ddingus wrote:
| There are no free lunches. Expecting otherwise is a very
| good sign the enterprise is penny wise, pound foolish.
| indymike wrote:
| There is a fine line between running interference and sales
| prevention.
| duxup wrote:
| Yup that's accurate. I was a regular old support drone who
| had some connections that allowed for some special paths to
| engineering.
|
| We had 'official' faster escalation paths but those
| inevitably are determined by $$$ and there's always more
| ways to measure 'important customer' than can be defined /
| shown in $$$.
|
| Management was totally aware of it all and supportive.
|
| But eventually I got tired of the land of 'support' and
| moved on for a variety of reasons, mostly because time and
| again I saw support treated like the usual 'cost center'
| and I didn't want to be a part of that.
| tines wrote:
| Just for reference, the pair is spelled "yea or nay" rather
| than "ya or nay".
| anonymouse008 wrote:
| That sounds like a dream career -- any advice getting there
| when you've hacked on graveyard startups most your life?
| duxup wrote:
| It wasn't an official job.
|
| I was a regular support drone as far as anyone knew.
|
| I just had some connections that came about because I could
| be discrete and the engineers understood that I didn't
| bring them garbage too early (without enough information)
| or without good reason.
| dingaling wrote:
| Soft skills are key; getting to know key people, and their
| responsibilities and capabilities and personalities.
|
| But above all: be a good listener. Listen to what they say,
| think about it and build it on next time you talk with
| them. If they see you showing interest and learning about
| their domain, you'll get a direct line to them. And don't
| always bring them problems, be sure to stroke their ego too
| by asking what they're working on.
|
| It doesn't happen overnight, it requires perserverence and
| a dollop of luck. You won't walk into a job like that, it
| takes years of building a reputation for yourself.
| e40 wrote:
| This really bugs me about Apple. We had the DTK (pre-release
| hardware for the M1). We got into trouble with an upgrade from
| beta2 to beta10 and the machine was bricked. Everywhere we
| turned, we were told to use the developer forums. We did. There
| were no responses there and I didn't see anyone but customer
| helping customers.
|
| So, since we're an Apple developer, we decided we would use one
| of our DTS (developer technical support) tickets. Nope. Pre-
| release anything is not supported.
|
| So, we ended up waiting for release, bought a new M1 mini and
| then started our porting effort. Then, we ran into problems and
| used one of our DTS incidents and we got some help. However, we
| lost months.
| jarjoura wrote:
| beta 10 also bricked my DTK unit as well. Total paper weight
| [deleted]
| bluedino wrote:
| If Mozilla can't get a hold of anyone...
|
| 20 years ago Google would have sent someone to Mozilla HQ for a
| week to work on stuff
| OnlyMortal wrote:
| Apple did this when transitioning from CodeWarrior to the GNU
| chain. Apple had to apply patches to the C++ compiler for the
| company I was at.
| zerkten wrote:
| This is surprisingly common for large companies. It often
| isn't formalized because no one wants to dedicate engineers
| to going onsite with customers.
|
| Often the expert is too valuable to give up, or is a poor
| choice for customer engagement. If you have a consulting
| team, they may lack the experience needed, or reputation,
| that the customer wants. As soon as you send the expert
| onsite, you will have a challenge not sending them at a
| later time. This scares off engineering managers from
| lending their engineers because inevitably they have to
| fight off the requests.
|
| The better workflow is one where you can send a less
| expensive resource (however you measure it) onsite and have
| them work remotely with the expert. If you can stick with
| that you often end up with the onsite person leveling up
| their skills and the ability to re-engage in a scalable
| manner. Any engagement needs prep before the onsite, a plan
| for escalation when onsite, and a disengagement plan.
| OnlyMortal wrote:
| It was Agfa in Antwerp. Their guy was very polite but I
| had to explain to him what was going wrong. I think he
| was more tech support than anything else.
|
| Edit: Apple also had to change the linker for the sake of
| Macromedia's monolithic applications. Another story
| though.
| vlovich123 wrote:
| This is the problem with jumping to conclusions from a vague
| excerpt. The vendor is some random anti-virus vendor and if
| you know what trying to get a handle there means....
|
| > More of a concern was user reports that some antivirus
| software was flagging all our Universal Binaries as malware,
| and corrupting the Firefox installation the moment the update
| arrived.
|
| > The software was using machine learning techniques and
| presumably observed that our combined Universal Binaries
| didn't quite look like any other legitimate software it had
| ever seen before.
|
| > Attempts to contact the vendor through regular support
| channels were unsuccessful so we ended up searching LinkedIn
| and managed to find an engineer working on the core antivirus
| detection.
| rebelwebmaster wrote:
| It was Cylance made by Blackberry.
| cozzyd wrote:
| Their website is... blech.
| mlyle wrote:
| I had an awful experience with Cylance and some open
| source software I maintained, too-- false positive
| detections, and they wouldn't fix it.
| masklinn wrote:
| > Apple introduced a translation cache that likely removes this
| overhead completely for most applications but it does not work
| for code that is output by a JIT. With the native build, this
| second translation is avoided completely and we're back to having
| a snappy browser.
|
| Indeed while Rosetta does have support for JITs (which is really
| impressive in and of itself), every piece of machine code
| generated by the JIT has to be translated on the fly.
|
| While the hiccup at the initial run is not too costly / annoying
| for a regular application being AOT-compiled in its entirety and
| Apple can then shove the result somewhere nearby, for a JIT it's
| basically constant, continuous overhead which can't be cached
| because it won't be around next run. I'm not surprised that the
| gains are significant there.
| kevincox wrote:
| I'm surprised that Rosetta 2 isn't installed by default. It seems
| that for the next couple of years the vast majority of people
| will need at least one x86 app.
|
| I guess split-architecture applications were also not foreseen as
| it is clear that the auto-install prompt doesn't work very well
| in that case.
| glandium wrote:
| It's even worse. It's uninstalled when upgrading macOS.
| r00fus wrote:
| What does this mean, for dot releases? There's only been one
| release with Rosetta2 enabled.
| glandium wrote:
| M1 Macbooks were shipped with 11.0, they're now on 11.1.
| Upgrading from one to the other removed Rosetta2 on mine
| (as well as Command Line Tools).
| r00fus wrote:
| It'll be interesting to see if this is a trend or 11.1
| was a one-off.
| r00fus wrote:
| The best case is you need no x86 apps. Bought an M1 Air for a
| kid - as soon as Zoom was native they didn't need Rosetta.
| cududa wrote:
| I wonder if it has anything to do with licensing costs of
| everything that went into Rosetta? I imagine they owe someone
| royalties and licensing costs on some components in it, saves
| some pennies to dollars to only install it as needed
| SloopJon wrote:
| Could be. I suspect that's a factor in the fonts available
| for download or document support in Catalina and Big Sur:
|
| https://support.apple.com/en-us/HT210192
|
| https://support.apple.com/en-us/HT211240
| kitsunesoba wrote:
| Feels like a bit of a nudge to developers to not take x86
| compatibility for a given... kind of, "it's there if it's truly
| necessary, but you really should port that plugin/daemon/etc".
| kevincox wrote:
| I suspect this as well. But it seems so obvious that it is
| necessary for a while that I doubt that anyone takes it
| seriously.
| CyberRabbi wrote:
| Is "apple silicon" the port job here? Isn't this more correctly
| described as a port of their existing ARM64 target to macOS?
| jfk13 wrote:
| Firefox on iOS is based on the system's Webkit engine; Firefox
| elsewhere is built on Gecko, so there's a vast difference in
| the codebase involved.
| twic wrote:
| This is a good question. On the one hand, the article says:
|
| > Of all the work needed to support the new hardware, porting
| Firefox to the 64-bit ARM architecture was not actually
| something we needed to do: we've supported 64-bit ARM on
| Android and Linux for years.
|
| On the other hand, it says:
|
| > Secondly, we needed to adapt and fix the various parts of the
| Firefox codebase that deal with low-level calling conventions
| and particularly the interfaces between the JavaScript and C++
| (and nowadays Rust) parts of the code.
|
| I suppose MacOS on ARM has a different calling convention to
| both MacOS on x86-64 and Linux or Windows on ARM64.
|
| Also:
|
| > If the user visits such a site, Firefox will automatically
| download and install such a proprietary EME/CDM module. This
| presented a problem to us as we would be dependent on those
| third-party vendors to publish ARM64 versions of those
| decoders.
|
| So what do Windows or Linux users on ARM64 do? Do they just not
| get DRM?
| glandium wrote:
| > So what do Windows or Linux users on ARM64 do? Do they just
| not get DRM?
|
| The Windows ARM64 build of Firefox comes with a copy of the
| 32-bits x86 Windows Firefox binaries to launch the win32 CDM.
|
| There is no support for things like this for Linux, and I
| don't think there's a native ARM64 Linux CDM (although I
| could be wrong. I mean, such a CDM likely exists, considering
| ARM64 Chromebooks)
| skrowl wrote:
| On iOS there are no web browsers other than Safari, per the app
| store rules. "Chrome" / "Firefox" / etc on iOS are just
| basically skins on top of Webkit.
|
| See 2.5.6 here - https://developer.apple.com/app-
| store/review/guidelines/
|
| This is why you don't get any of the features / extensions /
| etc of Chrome or Firefox on iOS.
|
| Apple does this so that the mobile web can never replace apps
| that they have a monopoly on and get a % from. If you could
| just visit netflix.com and have it install a Netflix SPA that
| worked as well as the native app, why would you ever install
| the native app?
|
| Edit after reading replies - lol, that programming of Apple
| users to believe "we need an app for every possible site".
| coldtea wrote:
| > _Apple does this so that the mobile web can never replace
| apps that they have a monopoly on and get a % from_
|
| Or you know, because they disallow dynamic code execution of
| arbitrary downloaded code in apps, and JIT JS compilers do
| just that.
|
| > _If you could just visit netflix.com and have it install a
| Netflix SPA that worked as well as the native app, why would
| you ever install the native app?_
|
| It's like asking "why would you ever use a native app".
| Because it's faster, native, and much more convenient?
|
| Take the best desktop browser engine, e.g. Chrome, and put it
| inside a mobile browser app. Still, I (and most I guess)
| wouldn't use it to watch Netflix over individual apps.
| SahAssar wrote:
| > Or you know, because they disallow dynamic code execution
| of arbitrary downloaded code in apps, and JIT JS compilers
| do just that.
|
| What would you call a webview? Is it that much different if
| it is webkit or gecko or blink doing it? If I used a
| webview to run js-linux, xfce and firefox should that be
| disallowed too?
| PaulDavisThe1st wrote:
| I can't speak to the mobile/desktop distinction, but
| comparing "watching Netflix in Firefox on my desktop" with
| "watching Netflix on my LG WebOS TV", there's barely any
| difference. If anything, the browser version wins because
| of the superior input devices (kbd, mouse) attached to it
| compared with the TV. This suggests to me that there would
| be little difference when comparing mobile/desktop or
| app/browser, other than the netflix logo being the point of
| entry (and if you could run the SPA literally like an app,
| no difference at all).
| lern_too_spel wrote:
| > Or you know, because they disallow dynamic code execution
| of arbitrary downloaded code in apps, and JIT JS compilers
| do just that.
|
| No, they explicitly disallow other implementations, whether
| they JIT or not. Since Apple's WebKit is missing so many
| features, this has the effect that GP noted.
|
| "2.5.6 Apps that browse the web must use the appropriate
| WebKit framework and WebKit Javascript."
|
| https://developer.apple.com/app-store/review/guidelines/
| have_faith wrote:
| >Still, I (and most I guess) wouldn't use it to watch
| Netflix over individual apps.
|
| If the experience is so much better why are Apple scared to
| let other browsers into the app store?
|
| Phones are general purpose computers for the majority of
| the world's population, exercising such authoritarian grip
| over what a user can do with the device is very depressing
| to see being defended.
| coldtea wrote:
| > _If the experience is so much better why are Apple
| scared to let other browsers into the app store?_
|
| Well, the weasel word "scared" kind of begs the question.
|
| Who said it's "scared"?
|
| Apple spearheaded the modern browser with Safari. Chrome
| wasn't even a thing then (it forked off of Apple's work
| on Safari/Webkit later, just like v8 came after Apple's
| own JSC JIT work).
|
| As for Mobile Safari, it took several years for Android
| browsers to come close: Android Browser in particular was
| a piece of crap, slower, and lacking more features, than
| Mobile Safari. Was Google also "scared" of web apps?
|
| Also note that, when Apple suggested to developers they
| make their own web apps in lack of a native SDK, most
| dissed those and wanted, nay, demanded a native SDK.
|
| And Mobile Safari is not exactly some bad browser holding
| those apps back. You can watch Netflix on mobile safari,
| on the web, if you so want. Why would you though?
|
| And here's the 1000 pound argument: do you see many
| people watching Netflix on Android Chrome, as opposed to
| using the Android Netflix app?
|
| Didn't think so.
|
| Why would they do it on the iPhone then, if Chrome was
| available in the App Store?
|
| > _Phones are general purpose computers for the majority
| of the world 's population_
|
| Not even close.
| filleduchaos wrote:
| Exactly. As we can see, everybody that uses Android watches
| Netflix on the web, and the Netflix Android app is left to
| languish with a measly 1B+ installs. There's _clearly_ no
| reason why a long-running, DRM-heavy video streaming service
| like Netflix would want an actual native app on mobile
| devices.
| dhritzkiv wrote:
| Is there anything stopping Netflix from working in Safari on
| iOS? and then being installed as a bookmark to the Home
| Screen?
|
| I believe it's Netflix that prefers that users use the app.
| lern_too_spel wrote:
| Off the top of my head, mobile Safari can't handle push
| notifications for new content or downloading videos to
| watch later. I'm sure there are other problems with it as
| well.
| dhritzkiv wrote:
| Good points.
|
| Being able to download/cache content reliably would be
| welcome, on all browsers. However, I haven't seen a good
| example of using PWAs' storage APIs to cache video
| content, Safari or otherwise.
|
| Lack of push notifications in iOS Safari is a giant
| shortcoming. It's especially baffling since it exists for
| Safari on macOS. That being said, I can't say that
| Netflix's push notifications (in the app) are
| particularly useful (to me). They always spam me with
| newly released yet irrelevant in-house produced titles.
| nguyenkien wrote:
| iOS browser is just Safari reskin (with different sync)
| floatboth wrote:
| Yes, "Apple Silicon" is the marketing name for macOS/ARM64.
|
| (Why did 3 other people interpret this comment as saying
| something about iOS?!)
| glandium wrote:
| > (Why did 3 other people interpret this comment as saying
| something about iOS?!)
|
| Because originally, the comment also said "Firefox already
| works on apple silicon, on iOS".
| brundolf wrote:
| > If the user visits such a site, Firefox will automatically
| download and install such a proprietary EME/CDM module. This
| presented a problem to us as we would be dependent on those
| third-party vendors to publish ARM64 versions of those decoders.
|
| Wait, modern browsers still download and run native binaries at
| the request of certain sites? How is this different from the days
| when native plugins like Flash were massive security liabilities?
| I thought we didn't do that anymore?
| Gaelan wrote:
| As I understand it, it's a single trusted binary (Google's
| Widevine), not arbitrary binaries from sites, so I doubt it's a
| huge security liability. Not to discount all the other problems
| with DRM on the web, of course.
| padenot wrote:
| The above is correct. The CDM is very heavily sandboxed, a
| signature is used, and therefore it can't really do anything
| apart from what it's supposed to do (which is very little,
| taking encoded data, a key, decode media).
|
| Source: I'm on that team, but I don't work directly on this.
| mortenjorck wrote:
| Worth mentioning is that this is also solving a different
| problem from the old browser plugin ecosystem. Rather than
| enabling third parties to extend browser functionality, this
| exists exclusively to partition the open-source Firefox
| codebase from closed-source DRM code, a workaround to enable
| DRM playback in an open-source browser.
| dblohm7 wrote:
| This is correct. These binaries are downloaded from specific
| update servers.
|
| EDIT: I stand corrected thanks to a colleague on the media
| team: the EME CDM update servers are known Google servers.
| hoten wrote:
| The site is not making any such request, it is simply using a
| browser feature. The browser, on demand, downloads a known and
| trusted binary.
| mugivarra69 wrote:
| does firefox use llvm to compile ?
| sylvestre wrote:
| Yeah, clang for all platforms for a couple years now
| vetinari wrote:
| Some Linux distributions, like Fedora, build their Firefox
| binary with gcc.
| sylvestre wrote:
| Yeah but this will probably change too.
| gspr wrote:
| Yes. There are essential Rust components in Firefox, and the
| only serious Rust compiler uses LLVM. (This has nothing to do
| with clang as someone else suggests)
| floatboth wrote:
| "does firefox use llvm to compile" is a very weird question
| that can be interpreted in a variety of ways :D
|
| Seems your interpretation is "does Firefox require any LLVM
| based compiler to compile?" and yeah. But "does Mozilla use
| clang for official builds?" is another valid way to parse the
| question.
|
| (Mozilla does use clang, and they even do cross-language LTO
| thanks to that: https://blog.llvm.org/2019/09/closing-gap-
| cross-language-lto...)
___________________________________________________________________
(page generated 2021-01-20 23:00 UTC)