←back to thread

The JPEG XL Image Coding History, Features, Coding Tools, Design Rationale

(arxiv.org)
94 points ksec | 1 comments | 13 Jul 25 05:05 UTC | HN request time: 0.247s | source
Show context
ekunazanu ◴[15 Jul 25 11:29 UTC] No.44570052[source]
JPEG XL had so much going for it. Kinda sad it was killed off just like that.
replies(7): >>44570077 #>>44570161 #>>44570521 #>>44570580 #>>44570956 #>>44572410 #>>44575108 #
arp242 ◴[15 Jul 25 12:39 UTC] No.44570521[source]
It wasn't "killed", it was always disabled by default in Chrome, and removed for really quite reasonable reasons: literally every other image decoder has had serious vulnerabilities. Enabling it by default would expose a gigantic attack surface that almost certainly will be exploited sooner or later.

This is also why Firefox doesn't support it by default (IIRC it doesn't even link against libjpegxl by default in release builds – only nightly ones).

There is nothing preventing the Chrome or Firefox people from revisiting all of this in the future.

It seems to me the Rust implementation of JPEG XL is by far the best path forward for broad JPEG XL support in Firefox, Chrome, and other browsers. While Rust is of course not a complete guarantee there will never be any security issues, it does eliminate virtually all of the major exploits that have targeted image decoders in the past. Both Firefox and Chrome have expressed interest in this.

replies(1): >>44570574 #
badgersnake ◴[15 Jul 25 12:46 UTC] No.44570574[source]
And because they wanted to push WebP
replies(4): >>44570633 #>>44571463 #>>44572495 #>>44572804 #
1. arp242 ◴[15 Jul 25 14:23 UTC] No.44571463[source]
WebP got added about 15 years ago or so. Chrome (and Firefox) learned the lessons from the problems that caused.

And "push WebP" for that purpose? Google as a whole benefits hugely from reduced image sizes.

Firefox also doesn't implement JXL as I mentioned. Are they trying to "push WebP" too now? This is such conspiratorial nonsense. No evidence for it at all. Doesn't even make any logical sense. Google literally worked (and continues to work) on JXL.