> Mozilla also isn't interested in supporting it
Mozilla is more than willing to adopt it. They just won't adopt the C++ implementation. They've already put into writing that they're considering adopting it when the rust implementation is production ready.
There's way more than one rust implementation around
- https://github.com/libjxl/jxl-rs
- https://github.com/tirr-c/jxl-oxide
- https://github.com/etemesi254/zune-image
Etc. You can wait for 20 or so years "just to be sure" or start doing something. Mozilla sticks to the option A here by not doing anything
The jxl-oxide dev is a jxl-rs dev. jxl-oxide is decode only while jxl-rs is a full encode/decode library.
zune also uses jxl-oxide for decode. zune has an encoder and they are doing great work but their encoder is not threading safe so it's not viable for Mozilla's need.
And there's work already being done for properly integrating jxl implementations with firefox but frankly things take time.
If you are seriously passionate about seeing JPEG-XL in firefox there's a really easy solution. Contribute. More engineering hours put towards a FOSS project tends to see it come to fruition faster.
You have a really strange interpretation of the word “consider”.
Seems like the normal usage to me. The post above lists other criteria that have to be satisfied, beyond just being a Rust implementation. That would be the consideration.
Mozilla indicates that they are willing to consider it given various prerequisite. GP translates that to being “more than willing to adopt it”. That is very much not a normal interpretation.
From the link
> To address this concern, the team at Google has agreed to apply their subject matter expertise to build a safe, performant, compact, and compatible JPEG-XL decoder in Rust, and integrate this decoder into Firefox. If they successfully contribute an implementation that satisfies these properties and meets our normal production requirements, we would ship it.
That is a perfectly clear position.
How far away is JPEG-XL rust version from Google if Chrome is not interested in it?
You can review it here: https://github.com/libjxl/jxl-rs
Seems to be under very active development.
Now I'm feeling a bit less bad for not using Firefox anymore. Not using it because it's C++ is <insert terms that may not be welcome on HN>
So you think it's silly to not want to introduce new potentially remotely-exploitable CVEs in one of the most important pieces of software (the web browser) on one's computer? Or are you implying those 100k lines of multithreaded C++ code are bug-free and won't introduce any new CVEs?
[flagged]
> and don’t think that the programmer more than the languages contribute to those problems
This sounds a lot like how I used to think about unit testing and type checking when I was younger and more naive. It also echoes the sentiments of countless craftspeople talking about safety protocols and features before they lost a body part.
Safety features can’t protect you from a bad programmer. But they can go a long way to protect you from the inevitable fallibility of a good programmer.
I never said anything about unit testing nor type checking, last time I checked C/C++ are strongly typed but I guess I'm just too naïve to understand.
It's crazy how anti-Rust people think that eliminating 70% of your security bugs[1] by construction just by using a memory-safe language (not even necessarily Rust) is somehow a bad thing or not worth doing.
[1] - https://www.chromium.org/Home/chromium-security/memory-safet...
I'm not anti rust but I'm not drinking it's kool-aid either.
It's not about being completely bug free. Safe rust is going to be reasonably hardened against exploitable decoder bugs which can be converted into RCEs. A bug in safe rust is going to be a hell of a lot harder to turn into an exploit than a bug in bog standard C++.
> It’s crazy how people think using Rust will magically make your code bug and vulnerability free
It won't for all code, and not bug-free, but it absolutely does make it possible to write code parsing untrusted input all-but vulnerability free. It's not 100% foolproof but the track record of Rust parsing libraries is night-and-day better than C/C++ libraries in this domain. And they're often faster too.
Straw-man much?
Nope, not at all actually.
Multiple severe attacks on browsers over the years have targeted image decoders. Requiring an implementation in a memory safe language seems very reasonable to me, and makes me feel better about using FF.
It's not just "C++ bad". It's "we don't want to deal with memory errors in directly user facing code that parses untrusted contents".
That's a perfectly reasonable stance.