Snippets: PyPy.js, reBlink, Patch Tuesday


  • PyPy.js: Have you considered a Python JIT compiler in the browser? Ryan Kelly, a Mozilla developer, has and is porting PyPy, the Python JIT, to the browser using Emscripten and getting the JIT compiler to emit asm.js code. Asm.js is a subset of Javascript which has a specialised optimiser. It’s early days for PyPy.js, but first benchmarking of the proof of concept does show how much impact the Asm.js optimisations have on performance bringing the code to half the speed of the C based JIT.
  • Blink Now: Missing the <blink> tag already after Firefox 23 removed it? Brad Gessler has the answer with his “cooler native HTML tags” like shudder, correction fluid, outline, blur, blurrier, smear, rumble and shudder and even sparkle.
  • Patching: Remember, next Tuesday is your monthly patch day for Microsoft – The advance notification has 3 critical and 5 important holes to be patched in Windows, Internet Explorer, Windows and Windows Server.

Rust now on Rust


Rust, the alternative systems language that’s in development at Mozilla where they are using it to create Servo, a next generation browser, has just hit a huge milestone and entered into some turbulent territory. The runtime system for Rust, including a task scheduler written in C++, has now been replaced by a runtime written in Rust. Brian Anderson on the explained with a mailing list post that this was part of a huge rewrite of how Rust is going to handle I/O using libuv and stopping tasks that are blocked on I/O from blocking other tasks. The long-term aim is to make I/O very scalable in Rust. The task scheduler was in the way though so, they’ve redone that in Rust removing all the foreign function interfaces and making something that will be a lot easier to maintain and enhance.

But as with all big changes, there are ramifications. The work will need to be completed, the IO system fully implemented, regressions deregressed, performance pulled up to previous speeds and bugs fixed.  Anderson details the work that is going to be done in his posting and covers what is already in progress saying he expects it to “validate Rust in the domains it’s aiming for: concurrent and systems programming”.

Google adds patents to pledge but…

PatentsIconGoogle has announced it is adding 79 patents to its open source patent non-assertion pledge. Of course the pledge is limited only to things where the patents infringed are within the open source element … so no mixing a bit of FOSS into your proprietary application and hoping you’ll get coverage. Although there are 79 patents in the new batch, there aren’t 79 ideas in there. The count includes patents in each territory too, so take “Computer network for www server data access over internet” that patent is counted ten times, for Belgium, Canada, Switzerland, Germany, UK, Italy, Japan, Netherlands, Taiwan and the US. And that’s quite an old patent which will expire in the US in June 2015… do read it if you want a blast from the past with its OS/2 Warp systems and RS/6000s.

Anyway, counting out the double counting, I make it 38 actual different patents spread around the globe. The original ten patents in Google’s first pledge were all US patents related to MapReduce so this double counting didn’t occur. Let’s call the total number of different patents 48… out of Google’s estimated (inc Motorola portfolio) of, albeit patents for the same things in different territories, 18,000+ patents. Some folks call it a drip-feed but it’s more akin to open source patent homeopathy. The dilution is so extreme that it will make no difference to the problem and any improvement in the patient’s condition are unlikely to come from this treatment. Google should take a page from Red Hat’s book – their patent promise covers all their software patents, no lists, no donation dramatica.

Snippets: AOSP, Google Cloud, PuTTY, gNewSense and Mozilla updates


  • AOSP – Android’s open source problem: JBQ,  , announced yesterday that he was stepping down as Technical Lead for AOSP, the Android Open Source Project. The problem appears to be a combination of Qualcomm’s desire to keep control of it’s SoC drivers and Google’s inability to shake them of that view despite building Nexus devices which use Qualcomm chips. JBQ has found himself in the middle of this and recent tweets quoted by Android Police seem to bear out that the pressure was getting to the AOSP leader who was being blamed for not getting factory restore images of various Nexus devices out of the door. If Google can’t do it for their own devices, the questions about Android’s open source credentials will come to the fore.
  • Google Cloud: The platforms of the Google Cloud have had some updates. Google Compute Engine now has layer 3 load balancing as an option, with balancing over a set of healthy Compute Engine VMs in a region. Google Cloud Datastore now has an SQL styled Google Query Language, support for metadata queries and how-tos for Ruby developers. Over on Google App Engine, the company has also made improvements to the PHP runtime’s Cloud Storage along with other more general changes.
  • gNewSense: Version 3.0 of the “Free as in freedom” (no non-free elements) GNU/Linux distribution gNewSense is now available. The big change with this release is a switch from Ubuntu to Debian as the base distribution. It supports i386, amd64 and mipsel architectures (the latter being the CPU of the Lemote Yeelong notebook as previously used by Richard Stallman until it was stolen).
  • More Mozilla updates: Firefox ESR 17.0.8 also arrived earlier this week with 2 critical and 6 high severity holes fixed. Details on the advisories page for Firefox ESR and downloads page. Same set of vulnerabilities are also fixed in Thunderbird ESR 17.0.8 (downloads here). Seamonkey, the forgotten browser suite, also got updated to version 2.20 with the same security fixes and enhancements that were applied to Firefox 23. It can be downloadable by anyone who wants to recall the heady days of the all in one browser suite.

Amazon sets up shop for Web Apps

Amazon_120Amazon has announced that it will now be making “HTML5 Web Apps” available through its Appstore. But before you start packaging your web site into a commercial earner, there’s quite a few caveats to the term “Web App”. Firstly, the apps only come down the wire where there’s Appstore apps to sell them to you, so thats Kindle Fires and Android devices. No word on how the rest of the web is supposed to get access to these web apps.

Secondly, on Kindle, there’s a Chromium-based web runtime which apart from offering some of the usual HTML5 components and the ability to debug apps on-device, does seem to be missing out on webgl, ms pointer events, fullscreen API, camera and microphone access, accelerometer, geolocation, gyroscope and network controls on all the Kindle devices. Up front pricing for apps doesn’t seem to be on the agenda, but a JavaScript version of Amazon’s In-App Purchasing API is now available so app developers can slowly relieve the users of their money with funny money, virtual upgrades and subscriptions.

Still, Amazon does seem to be getting a foot in the door of “HTML5 Web App” publishing. The real question is… do customers actually want web apps. Amazon says it takes care of all the content delivery through the Appstore and will be listing the web apps next to the native apps in the store so they may be hoping that customers, not shown the difference, will not notice any difference. Let’s come back to that in three or four months and see how what review scores are like.

Snippets: Web Storage, VP8, Objective-C Style, Dead Code

  • Web Storage API: The W3C have moved the Web Storage API to the Recommendation stage which means its pretty much done and in as a standard. The API gives web applications a local key/value store in the browser. The user typically has to grant permission for storage and its strictly limited to a maximum of between 2.5 and 10MB though that has been abusable. Web Storage should though provide a handy tool for application developers. The only problem is that the EU “Cookie law” was worded to cover a variety of local storage methods; whether the permission request and lack of third party access pass muster with legal folk we will see…
  • VP8 vs Nokia: It seems Nokia lost out in German courts where it was bringing a case against HTC that included a claim that VP8 infringed a Nokia patent. According to a blog posting from the WebM project, a Mannheim court ruled it didn’t infringe. Whether this will change the state of play as Google tries to get VP8 adopted by the IETF and others is unclear though; Nokia presented them with far more than one patent claim.
  • The New York Times Style Guide: No, not for writing articles, but for Objective-C. It’s been developed in-house for their iOS app developers and popped online via Github under an MIT licence.
  • Bring out your dead: Dead code that is. One way of doing this is with a dead code detector and Oracle’s Geertjan Wielenga has a guide for NetBeans users which shows how to use his dead code detector plugin over a range of different project types.

Firefox 23 has landed

Firefox logoThe important things for developers in a rush…

  • Enable JavaScript as a preference setting checkbox is gone. The logic behind this, according to the bug report is “If a user unchecks this box, they’ll effectively render the browser unusable on a large number of sites. We should not ship this option to hundreds of millions of users”. It doesn’t lock JavaScript on though; you can still switch it with about:config, NoScript or similar. There’s just no easy way to turn it off now. Expect a Firefox Add-on in 5-4-3… By the way, if it was set to off, it’ll have been turned back on with FF23.
  • about:memory has been reduced down to a simple UI. Background on that change comes from Mozilla MemShrinker Nicholas Nethercote. In short, it’s a better UI for memory metric measurement and isn’t infested with UI side effects.
  • Mixed content is now blocked. So if you made a site which mixed HTTP and HTTPS content on pages, the insecure content (the HTTP stuff) will be blocked. And if you relied on it, your page will break. Mozilla’s details on the changes also include a link to the master bug for sites that break under this new set up.
  • Developer Tools in Firefox now include a shiny new Network Monitor; a posting from back in May covers that and the other additions (Remote style editor, Options panel to turn tools on and off, source map support for the debugger and more).
  • Oh, yes, the <blink> tag and the text-decoration: blink have been purged from the system. The bad smell that is the <marquee> tag persists and doesn’t seem to have a “remove this” bug entry for it yet. Still, no more <blink> pretty much everywhere now.

And if you needed more reasons to update, Firefox 23 fixes 4 critical and 7 high severity bugs. Details of those, as usual, on the Security Advisories for Firefox page. As usual, autoupdating within Mozilla should get you there. Otherwise, you’ll find all versions here and release-notes here.