Open Source Adapted Bicycle Pedal Comes to the Rescue
Accessibility has always been important to designers of open source software. Now that open source has come to design, that's more true than ever, as demonstrated with this open source bicycle
Linux Action Show to End Eleven-Year Run at LFNW
Six more episodes before the popular Linux podcast, Linux Action Show, ends its nearly 11-year run in a live broadcast from LinuxFest Northwest.


Jupiter Broadcasting's long-running
Dealing With Real-Life, Everyday Security Threats
No one has ever been shot by a hacker who was breaking into their computer through the Internet. Not so for thieves coming in through the back door.

Roblimo's Hideaway

I wrote a piece
Four Things a New Linux User Should Know
When you move from "that other operating system" to Linux, you're going to find that in most ways you'll be in familiar territory. However, that's not always the case. We sometimes do things a little differently
The Future of Desktop Ubuntu
With all the changes happening at Canonical, you might wonder what this means for the future of desktop Ubuntu, besides the return to the GNOME desktop.

There hasn't been this much news about a single Linux distro
Libreboot Reorganizes: Seeks to Make Amends
It appears the people developing Libreboot have done some of the hard work necessary to fix potentially toxic personal dynamics after last year's controversy, when the project removed itself from the
It's Windows Time in Linux Land Again
Using Windows. What a horrible thing to ask a Linux user to do.
September 25th, 2013

The Death of the Browser Plugin is a Good Thing

Oddly, the death of the browser plugin started with Microsoft. Now, the other two major players in the browser game seem to be in the process of saying goodbye as well, although it’ll be a long goodbye evidently.

Everybody’s reporting on this. Earlier this week we heard that Google is in the process of doing away with the NPAPI architecture, a Netscape relic. They’re not throwing it out the window just yet; they’re just making it a damn nuisance to use. Brad Chacos at PCWorld put it this way:

“Google announced that plug-ins using the uber-popular NPAPI architecture would be shifted to ‘click-to-play’ by default this coming January, rather than running automatically. Many top plug-ins use the technology, including Java, Silverlight, Unity, Google Earth, Google Talk, Facebook Video, RealPlayer, QuickTime, Shockwave, Windows Media Player and Adobe Reader prior to Adobe Reader X.”

Firefox brings "click to play" to browser plugins.“Click to play” means that every time a webpage wants to take advantage of a plugin, the user will have to click to give it permission. Eventually, Google hopes to replace the old architecture with PPAPI or the Pepper Plugin API, which supposedly fixes a lot of NPAPI’s problems, if they can get traction outside of Google which doesn’t seem likely at this juncture. The folks at Mozilla have already said, “Mozilla is not interested in or working on Pepper at this time.” That sounds like a “no” to me.

Mozilla and Firefox have announced they’re otherwise of a similar mind, however.

“Firefox is even less enamored with plug-ins. This week, click-to-play functionality arrived in Firefox Aurora, a preview build of the browser that will hit release status in mere weeks. As with Chrome, the new feature still allows you to use plug-ins, but you have to explicitly allow them to run.”

This morning on CNET, Stephen Shankland explained why:

“Mozilla’s move is a new step in a wider movement among browser makers to rid the Web of plug-ins, which were useful in a time when browsers rarely released new programming interfaces for new features. However, now plug-ins are viewed largely as security and stability risks, which is why Chrome will begin barring many plug-ins starting in January 2014 and Microsoft banished plug-ins from Internet Explorer running on the new Windows 8 interface. Like Mozilla and Google, Microsoft carved out an exception for Flash, but others–including Google Talk, Java, and Adobe Acrobat — will require permission.”

Yup. Unfortunately, for the time being Flash won’t be included in the mix and will continue to run out of the box. Yesterday, Benjamin Smedberg, the Firefox engineering manager for stability and plugins, explained why in a blog post:

“Flash content is so common on the Web, and many websites use ‘hidden’ Flash instances that the user does not see and cannot click on: making Flash click-to-play would be confusing for most users. Users with older versions of Flash that are known to be insecure will see the click-to-activate UI and will be prompted to upgrade to the latest version.”

I, for one, won’t be unhappy if the browser plugin goes entirely the way of the passenger pigeon. I’m tired of going to the plugin section of my browser and finding plugins that have been installed and activated without my permission, although I think this problem has been fixed in recent times. Oddly again, or maybe not, the worst player in this regard was or is Microsoft, the same folks who were the first to bar plugins from their browser.

I’m also tired of browser crashes on old hardware, caused by web designers who think it okay to ask a browser to use multiple plugins on a single page, eating up tons of memory in the process. I expect this problem to get better almost immediately. Surfers aren’t going to like being confronted with half a dozen click throughs every time they visit a webpage.

As for security, the vast majority of browser exploits these days involves a security vulnerability in a plugin.

The following two tabs change content below.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Latest posts by Christine Hall (see all)

5 comments to The Death of the Browser Plugin is a Good Thing