Asa Dotzler: Firefox and more

firefox 3 release candidate one

We're almost there, folks.

Today's penultimate release will make it clear to millions of people all across the globe that Firefox is in a league all its own.

This is the culmination of 3 years of intense development by the world's most experienced browser team to bring us the fastest, safest, most powerful, and easiest to use Web browser ever.

With more than 15,000 improvements over the previous release, ranging from dramatic performance and memory gains to truly innovative features like the "Awesome Bar," Firefox 3 is the no-compromise browser that puts you back in control of your Web experience.

Those Ajax apps that were "almost" fast enough? In Firefox 3 they scream. That Web page you can't find but were just at? It's only a few keystrokes away with the Awesome Bar. That mess of un-filed bookmarks? Neatly tagged and sorted. That suspicious "paypall" or "amason" website? Identified and blocked. That one add-on you just can't live without? Now available right from the Add-ons Manager.

I could go on and on and on. There are literally too many improvements to list. Why not download Firefox 3 RC1 now and see which new feature makes Firefox your browser of choice.

the return of the mozilla developer interviews

As some of the long-time readers here will remember, this blog hosted a number of Mozilla developer interviews "back in the day". The format was simple but fun, and I think informative.

For those of you who don't remember or weren't around back then, here's one of the interviews with Gecko hacker, Boris Zbarsky.

It's time to bring that feature back. I've got a few amazing Mozilla people lined up, starting with Jesse Ruderman, a member of Mozilla's security team and author of several amazing fuzzing tools.

Jesse's been finding and helping fix security bugs in Mozilla longer than just about anyone else and I couldn't be more pleased that he's agreed to do this interview with all of us.

So, ask away. At the end of the week, I'll gather up the best questions and deliver them to Jesse. (I may add a couple of my own, too.) Jesse will answer them and I'll post the questions and his answers soon after.

firefox taking over the galaxy

Jesse's pointed out another "Firefox in Space" -- this time from the amazing Chandra X-Ray Observatory.

gettin' real close now

With Firefox 3 RC1 just around the corner, Basil Hashem has just announced the availability of the the "3.0" and "3.0.*" Firefox compatible versions at AMO.

This means that add-on developers who have tested with Firefox 3 RC1 can offer those add-ons as being compatible with the final version of Firefox 3.

If you're an add-on developer and you're already compatible, you can flip that switch now. If you're not yet compatible because you've been waiting for the final release, now's the time to dive in.

make your extensions work with the firefox 3 beta

alternate title: "Ho To Make Firefox 3 Crash A Lot"

Over the last six or seven months, I've come across literally hundreds of blog posts and a decent number of full-length articles explaining how Firefox users can make all of their extensions "compatible" or "work" with Firefox 3 betas by making a very simple change to one of Firefox's hidden preferences.

This idea is not true. You can not make your extensions compatible by changing a Firefox preference.

Setting the hidden preference extensions.checkCompatibility to false does not make extensions compatible with Firefox 3. What it does is tell Firefox to not care about extension compatibility.

This is a problem because most extensions that are "fixed" by this change are genuinely not compatible with Firefox 3 and will cause problems ranging from pages not rendering correctly to frequent program crashes to Firefox not starting at all.

The only people that should be disabling this check are the extension developers and testing community that are contributing to making those extensions actually work with Firefox 3.

If you're experiencing regular Firefox crashes or other strange behavior after changing this preference, it is very likely that those problems are the result of an incompatible extension.

Firefox 3 is just around the corner and the community is making great progress in updating all of the most popular add-ons. Unless you're one of the people working on that, please don't open yourself up to crashes, broken web pages, or even security vulnerabilities by turning off the compatibility check.

You can undo the change by typing about:config into the addressbar, filtering on checkc and double-clicking the item to switch the value back to true

mozilla analytics?

For those of you who read Arrington's post, "Mozilla Stealth Data Project Could Be Just What The Internet Needs" I encourage you to head over to John Lilly's post, Mozilla, Firefox & Data to get some more information and better context.

update: Ken Kovash has a related post Fluctuations in International Internet Usage.

there's still time

If you've been putting it off because other things always seemed to get in the way, you're in luck. It's not too late! You still have time to follow me on Twitter and perhaps be witness to my first 'tweet'.

Join the tens! of people who are already following me on Twitter in anticipation of my first post and you might just get to see me type something somewhere else some time!

Then again, if past performance is any kind of indicator of future results, probably not.

vietnamese language pack follow-up

For those of you who read the somewhat widespread coverage of the Vietnamese language pack add-on issue and came away wondering if Firefox was indeed infected with worms, demolishing city blocks underfoot, and stealing babies, I've posted a few responses to the common misunderstandings and misreportings around the issue over at the For the Record blog.

odd month out update

Ken Kovash has an update on the Net Applications Market Share data for the month of April that reported an across the board drop in not-IE market share and a pretty substantial spike for IE 6.

Long story short, the report was wrong, Firefox did not lose share, IE didn't have a massive spike, and Net Applications will be posting a corrected report.

Here's what they had to say:

The April, 2008 market share data has some significant variations from established trends.  The following major anomalies occurred on April 18th:

A 25% increase in visitors

A 3% drop in Firefox share

A 4.9% increase in Internet Explorer 6.0 share

A 3.4% increase in Windows XP share (with a small drop in Mac share)

A .7% drop in Windows Vista share

Since April 18th, all trends have returned to expected values, including an expected uptick in Vista share due to the release of SP1.

Once we discovered the extent of the variations, we have worked diligently to discover the cause.  The variations were coincidental to the release of Vista SP1 to automatic updates, so we initially thought there might be a connection.  However, our investigation showed Vista SP1 had nothing to do with the problem.

What happened was a distributed collection of sites inadvertently caused the problem.  We can't identity the sites responsible, but the nature of the problem is that all the millions of new visitors we saw were part of a massive marketing campaign that only worked on Internet Explorer.  This glitch caused respective drops in Firefox, Safari and Opera share.

We are in the process of removing the skewing data.  It should be completed by May 7th.

So, one anomalous day that was enough to skew the monthly report. Now, had I subscribed to Net Application's super cool upgraded version, I'd have seen this as a one week anomaly in a specific geography (weekly reports and geo location data being the key parts of the paid upgrade,) and a return to normal trends before the month was over, saving me a few gray hairs. Live and learn :-)

A big thanks to Ken Kovash and Net Applications for getting to the bottom of this.

website identities made easy in firefox 3

Deb's got another great Firefox 3 feature blog post up. This time she's delivering the goods on the Site Identification Button and "Larry" the Passport Officer.

Oh, and after you've read it, go digg it so others can learn.

odd month out?

Last month's Net Applications browser market share data looked a bit odd to me. Ken Kovash and the Net Applications folks are on the case.

it's not about the benjamins (yet)

One of my colleagues just pointed me to this blog post where Simeon Bateman calls Mozilla an ungrateful child.

I started to post a reply there but it got a bit longer than what I think fits in "comments" format so I'm posting it here instead (though, this is still more in the "reply" format than the "post" format.)

Simeon's basic assertion is that Adobe is doing a lot to open up some parts of their next-generation platform and Mozilla is a crybaby for suggesting that Adobe might have less than pure motives.

A secondary point, if I'm reading him correctly, is that Adobe deserves to be making lots of money by extending its control of the Web and Mozilla shouldn't be complaining about corporations undermining the free and open Web for profit because Mozilla gave up any say it had when it decided to operate as a public-benefit organization. Stupid Mozilla. You never should have put the interests of a free and open Internet ahead of the corporate bottom line.

So, here's my reply:

For Microsoft and Adobe, it's not about the money (yet.) It's about owning the platform.

Right now, the Web platform doesn't belong to any mega-corporation and the protocols and specifications that underlie the Web are developed in a cooperative process between many of the implementers.

The real issue here is the Web platform (HTML/CSS+JavaScript, plus lots of other cool bits,) that Adobe and Microsoft are challenging and determined to supplant and replace.

It's not that difficult for honest observers to admit that the open Web platform is much harder to monetize over the long run than open Web replacements like Adobe's flex+flash+actionscript or Microsoft's xaml+wpf+.net. (and yes, don't kid youself. Adobe and Microsoft are building replacements for the open Web with Air and Silverlight.)

Both Microsoft and Adobe want to own as much of the post-desktop platform as possible. Adobe has a big short term lead with the ubiquity of Flash, and Microsoft has the medium term advantage of a desktop monopoly with Windows (and whatever they want to label and distribute as a part of Windows.) The Air and Silverlight pushes coming from these companies are all about who will own the biggest piece of the next-generation Web platform pie.

And, don't be fooled by the big giveaways from Adobe and Microsoft. If owning the eventual Web.next platform, or even a large chunk of it, means giving away a lot in the short term, they're happy to give, give, give. It's taken a decade and a half for the Web to advance to where it is today and Microsoft and Adobe aren't focused on 2008 or even 2009. They're looking out at the Web of 2010 and beyond and doing everything in their power to be in control of as much of that space as possible.

As for what they're actually giving away, documenting the protocols and specifications and allowing others to re-implement them is interesting, but it's not open. Open is developing the protocols and specifications in a co-operative and participatory environment and then competing on implementations. Neither Adobe nor Microsoft are being truly open on this front, because doing so would mean giving up their big shot at control of the next generation Web platform.

If I was in Adobe's shoes, I'd give everything away, all of it. Hell, I'd pay people to develop on the Adobe platform and I'd encourage dozens of competing implementations of my platform across every type of device imaginable because, in the end, it'd be my platform and I'd decide how and when it evolved and to what ends.

And I'd do the same if I was Microsoft.

But, I'm neither. So, all I can do in this battle for the future of the Web is to advocate for advances in real open Web standards from groups like ECMA, W3C, and WHATWG. It may be a bit slower to market, (hopefully not too much slower,) via the collaborative and open road, but the end result is a powerful Web platform that isn't, and cannot be, controlled by any one company.

And to those who think I'm some anti-capitalist, I don't think there's anything wrong with people and companies making money. I don't even care if they're making ridiculous amounts of money. But the Web has always been about more than making ridiculous amounts of monkey. The Web has substantial non-commercial aspects including critical educational, social, and civic value that should not be owned or controlled for the purpose of driving corporate profits.

If we cede control of the Web platform to one or two large corporations, we will cede a big piece of what makes the Web so amazing and no short-term sparkle and flash are worth that concession.

Be careful. The first dose is always free.

Photo by Flickr user laughlin and used under a Creative Commons license.

add-ons site update

A while back, there was a major update to the Add-ons site. At that launch, it was decided to try to move the site forward with a series of smaller milestones rather than one big one at the end. The first of those milestones is complete and addresses some of the great feedback on the 3.2 release.

Head over to Basil's Bodacious Blog for the detailed rundown.

Photo by Flickr user Roger Smith and used under a Creative Commons license.

scribefire 2.1

I'm giving the venerable ScribeFire blogging add-on for Firefox another go.

In many ways it feels like a more solid tool than it did in the pre-2.x days but there are still some bits that still feel kinda clunky to me. Stacked sets of tabs and that ancient seamonkey splitter widgets for resizing the panels are a couple of UI bits that could use some cleanup.

Another area of some clunkyness is the category selection list and post options like timestamp, buried off in some tabbed panel to the side, rather than in the toolbar/title/formatting area with other post-related tools. I think the ScribeFire logo area to the right of the title form would be a much better location for a category select widget for blogs that support one category per post, or an auto-completing, comma-separated tag/category field for blogs that support multiple categories/tags.

Also, the share, configure, and info tabs are just wasting space. Share should just live in a browser context menu and be activated from the blog post itself (or any other page.) Configure and app info should be accessed from the add-ons manager preference.

Finally, the main compose panel needs some min-height and min-widths or something to keep the save/publish/delete/etc. buttons from getting pushed out of view.

What I like about the new version, though, is a lot more interesting than what I don't. Tabbed editing of posts makes managing a few in-progress posts much easier to manage. The YouTube and Flickr integration is quite nice and makes me want more (more sites, more search options, and saved/recent list or something like that.)

Overall, good progress and I hope to see more.

Update: Ugh. Why the <br /><br /> tags rather than, you know, actual paragraphs?

firefox wins again

Not just a victory, but a domination: Firefox wins the LinuxJournal's Readers' Choice Awards once again and this time with 86% of respondents giving the thumbs up to Firefox.

Firefox wins Favorite Web Browser with 86% of your votes. But where, oh where, have the very capable Opera and Konqueror gone? Fewer than 5% of you named them your favorite browser.

Linux is kind of an unknown when we talk about Firefox users. Because most Linux users get Firefox from their Linux distribution rather than from Mozilla, we don't have any decent visibility into how many of them there are. What we do know from this survey, and many others like it, is that Firefox is far and away the top browser on Linux.

This is a testament to the power of "shipping with the OS" and to the strength of Firefox considering that most Linux users are very comfortable downloading and trying new programs.

delicious for firefox 3

If you were holding off on using the Firefox 3 betas or nightly builds because your extensions weren't compatible, another one just fell off that list. Today, over at the Delicious Blog, Nick says,

Firefox 3 users, rejoice! Today I’m pleased to announce a beta release of an enhanced version of our Firefox Add-on for del.icio.us that now has full Firefox 3 support while retaining Firefox 2 compatibility. While it is largely similar to the release version of our Firefox Add-on, there are a few nifty new features:

• Jump to Tag feature (press F2) allows you to quickly access tags and bookmarks using the keyboard
• New layout for saving bookmarks
• Preferences now in a separate dialog under Tools (which also can be invoked via the prefs button on the FF Add-ons pane)
• Status bar indicators for network activity, new links for you, and the del.icio.us website
• Classic mode for users who just want simple buttons without the overhead of sync

"bad guys, danger, and a rash of firefox holes!" really? really?!

Stuart J. Johnston, over at PC World's Bugs and Fixes column, does a fabulous job confusing and unnecessarily alarming Firefox users, while at the same time conflating the valuable contributions being made by the ethical security researcher community with the malicious activities of "bad guy" hackers.

That's quite an accomplishment in just 500 words.

Getting those column inches hammered out every month can be hard work, but when the obvious result of an article is that readers will walk away less informed than before they read it, it's time to consider a different approach or a different topic.

This particular piece should never have made it off of the author's laptop and definitely shouldn't have made it past an editor's desk. PC World, IDG, and Stuart Johnston are all better than this, and their readers deserve more.

Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.

More users may make a particular program a more inviting attack target for the bad guys, but in the case of Mozilla's Firefox, more users and our open and responsive process also makes it a more inviting research target for the good guys. Yep, there are good guy hackers too, and it's those good guys working in concert with Mozilla developers that are finding and fixing the vast majority of Firefox security issues.

So, in the case of Mozilla's Firefox, more users may actually be helping to shut the door on bad guys, rather than, as Mr. Johnston claims, opening new doors for them.

Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.

If by "hit hard" the article means to communicate something like "this month security researchers and developers contributing to Mozilla's open source Firefox project have found and deployed fixes for several new potential vulnerabilities, shoring up Firefox's defense against malicious hackers and denying them new attack vectors," then sure, Firefox was "hit hard."

Unfortunately, I don't think that's what the article was implying.

So forget the idea that just because you've switched to a new browser, you're magically safer.

There's no magic here at all. Firefox has a long track record of being more secure by design, more responsive to security issues, and less often targeted by bad guys than I.E. Taken together, those factors really do mean that because you've switched from I.E. to Firefox, you are safer -- no "magically" about it.

You may be for a time, but to stay safe with any software, you need to keep current with fixes.

And here we have the only line in this entire article that could conceivably help users. Unfortunately, it's not in a context where it's likely to be taken that way.

This is one more area where just a bit more research would have resulted in an entirely different article or no article at all -- depending on the author's motivations.

With Firefox, users don't have to worry nearly as much about keeping current with fixes as they do with other browsers, I.E. in particular.

Firefox has the best record in the industry, not just for finding and fixing issues quicker, but for getting those fixes in the hands of users faster.

Thanks to Firefox's well designed update mechanism, 95% or more of our users are automatically updated to the latest secure version in less than a week.

That kind of information could have provided the context to make that one informative point actually useful to readers.

In a somewhat dubious recognition of Firefox's growing popularity, hackers have focused their attention on it, leading to a rash of newly discovered holes.

If by "hackers" the article is referring to Mozilla developers and ethical security researchers who work together to keep Firefox users safe, then sure, "hackers focused their attention on Firefox."

If, however, as it appears from the overall tone of the article, it means to suggest that Firefox users should be alarmed and worried that bad guys have discovered a bunch of new Firefox holes and users are in great danger, then no, not so much.

In an actual attack--neither the Safari nor the Firefox bugs have elicited one so far--a bad guy could take over your PC or steal your navigation history.

In an actual attack, Firefox users would be protected because the vulnerabilities were discovered and fixed by the good guys and rapidly deployed to virtually all Firefox users weeks before Mr. Johnston's article hit the Web.

With this paragraph, we also finally get the buried lede and the admission that should have killed this entire story. Bad guys are not attacking Firefox (nor, apparently Safari,) and all of the FUD from the previous four paragraphs falls apart by the author's own admission.

A month ago, with the help of some amazing security researchers, Mozilla found and fixed half a dozen problems and deployed those fixes to pretty much every Firefox user out there. In the time between those discoveries and the appearance of Mr Johnston's article, there have been no reports of any of those flaws being used to attempt attacks against Firefox users -- attacks that would fail thanks to the Mozilla developers and the security researchers that Mr. Johnston calls "bad guys" and "hackers."

What a waste and what a shame for those people who, having read this article, are now more alarmed and less informed about security than they were before.

Security is a complex area and it takes real effort to learn about all of the factors that interact in determining security outcomes. It simply doesn't lend itself to quick bean counting analysis or casual headline-skimming research.

It's also a critically important topic because a fundamental necessity of a safer Internet is that users have a clear understanding of how it actually works.

Security-related articles and headlines constructed with over-simplicifcations, fear-mongering, and out-right misrepresentations, not only don't inform readers, they actually slow the progress to a more secure Internet.

launching one of the world's most popular software products

Paul Kim, the architect of Mozilla's global marketing and PR program, explains the foundations of the upcoming Firefox 3 launch.

Best part? Yeah, the parties!

Actually, I shouldn't risk trivializing it. There's just an amazing amount of work that goes into a product launch of this scale. It's really so much more than anyone imagines it to be and there's always so much more that we could do with more community participation.

So head over to Paul's blog, read up on what's in the pipe, and then find a way to get involved. We're going to fly past the 200 million users mark this year and Firefox 3 is gonna be the vehicle. Climb aboard!

mozilla links facelifted

One of my very favorite sources for Mozilla news and reviews, MozillaLinks, just got a facelift and it looks great.

Keep up the awesome work, Percy!

more awesomer all the time

The AwesomeBar keeps getting awesomer all the time.