HTTPS-only mode arrives in Firefox 83 as Mozilla finds new home for Rust-y Servo engine
Another notch towards the SSL-only web
The adoption by Mozilla of a four-week release schedule for Firefox means that some builds are light on few features, but version 83 packs in more than most. Introduced this time round is HTTPS-only mode, off by default. If enabled, navigating to an HTTP site automatically redirects to HTTPS, and if no secure connection is available, a warning comes up with an option to continue. Insecure resources such as images loaded over HTTP are blocked. HTTPS-only can be disabled for specific sites.
Most traffic on the web is now encrypted. Google reports that between 80 and 98 per cent of pages are loaded over HTTPS in Chrome, with figures varying by platform (Linux is the lowest at 71 per cent). In 2015 it was under 50 per cent.
Firefox 83 promises to 'upgrade all connections to HTTPS', though in reality it will block and warn users when only an insecure connection is available
The increase has been driven in part by the security advantages, in part by Google ranking HTTP sites lower in search results, and in part by the availability of free SSL certificates from Let's Encrypt. If a site never asks for a login or passwords, does it need to be encrypted? Arguably not, though there is still a risk from spoofing. The case for SSL everywhere has been won.
Pinch to zoom, a much-requested feature, is now supported on Windows touchscreens and touchpads, as well as macOS touchpads. There is also better desktop performance on older versions of Windows, with an optimised WebRender architecture, already available for Windows 10, now coming to Windows 7, Windows 8, and macOS 10.12-15 (but not Big Sur yet).
Mozilla is moving towards making a native Firefox build for Apple Silicon, the new Arm-based chips for macOS. Version 83 requires Rosetta 2 emulation but a nightly build for ARM64 is available for testing.
Developers will find new support for conic gradients in Firefox 83, a CSS feature for graphical effects. Chromium and WebKit-based browsers already have this but support in Firefox will help adoption.
Servo adopted by Linux Foundation
There is some good news for fans of Servo, a web browser engine coded in Rust that shares some code with Firefox, including WebRender. At the KubeCon North America virtual event, the Linux Foundation stated that it will host Servo. The future of Servo has been clouded since August, when Mozilla's headcount was reduced by 250 with layoffs apparently including Servo developers. Servo is designed to be embedded in other applications and runs on Windows, macOS, and Linux.
We asked about the implications for the funding of Servo development. Chris Aniszczyk, veep of strategic and dev programs at the Linux Foundation, told us: "As part of the move to the Linux Foundation, the Servo project is establishing a funding charter and will be funded by member organisations in the near future, similar to other Linux Foundation efforts."
The move means a change in governance for the project, which will now have a board and a technical steering committee (TSC). Currently the TSC has 19 members, at least eight of whom introduced themselves as "ex-Mozilla". There are some clues about the direction in the initial minutes. What will be the relationship with Firefox? "We share some components that are co-maintained and nothing will change there," said Manish Goregaokar, ex-Mozilla. What is Servo trying to make? "A browser engine," said chair Alan Jeffrey, former Mozilla Research Engineer, though not a browser. "I don't see Servo competing in the same space [as Firefox]," he added.
Hosting within the Linux Foundation is better news for the Servo project than languishing with little funding at Mozilla. But questions remain about the extent of interest and how long it will take for Servo to become production-ready as an embeddable component. It is good for web standards that the Servo implementation exists, and Rust has advantages for secure coding, but it has formidable competition from Chromium. ®