May 8, 2008
vietnamese language pack follow-up
For those of you who read the somewhat widespread coverage of the Vietnamese language pack add-on issue and came away wondering if Firefox was indeed infected with worms, demolishing city blocks underfoot, and stealing babies, I've posted a few responses to the common misunderstandings and misreportings around the issue over at the For the Record blog.
May 6, 2008
odd month out update
Ken Kovash has an update on the Net Applications Market Share data for the month of April that reported an across the board drop in not-IE market share and a pretty substantial spike for IE 6.
Long story short, the report was wrong, Firefox did not lose share, IE didn't have a massive spike, and Net Applications will be posting a corrected report.
The April, 2008 market share data has some significant variations from established trends. The following major anomalies occurred on April 18th:A 25% increase in visitors A 3% drop in Firefox share A 4.9% increase in Internet Explorer 6.0 share A 3.4% increase in Windows XP share (with a small drop in Mac share) A .7% drop in Windows Vista share
Since April 18th, all trends have returned to expected values, including an expected uptick in Vista share due to the release of SP1.
Once we discovered the extent of the variations, we have worked diligently to discover the cause. The variations were coincidental to the release of Vista SP1 to automatic updates, so we initially thought there might be a connection. However, our investigation showed Vista SP1 had nothing to do with the problem.
What happened was a distributed collection of sites inadvertently caused the problem. We can't identity the sites responsible, but the nature of the problem is that all the millions of new visitors we saw were part of a massive marketing campaign that only worked on Internet Explorer. This glitch caused respective drops in Firefox, Safari and Opera share.
We are in the process of removing the skewing data. It should be completed by May 7th.
So, one anomalous day that was enough to skew the monthly report. Now, had I subscribed to Net Application's super cool upgraded version, I'd have seen this as a one week anomaly in a specific geography (weekly reports and geo location data being the key parts of the paid upgrade,) and a return to normal trends before the month was over, saving me a few gray hairs. Live and learn :-)
A big thanks to Ken Kovash and Net Applications for getting to the bottom of this.
website identities made easy in firefox 3
Deb's got another great Firefox 3 feature blog post up. This time she's delivering the goods on the Site Identification Button and "Larry" the Passport Officer.
Oh, and after you've read it, go digg it so others can learn.
May 5, 2008
odd month out?
Last month's Net Applications browser market share data looked a bit odd to me. Ken Kovash and the Net Applications folks are on the case.
it's not about the benjamins (yet)
One of my colleagues just pointed me to this blog post where Simeon Bateman calls Mozilla an ungrateful child.
I started to post a reply there but it got a bit longer than what I think fits in "comments" format so I'm posting it here instead (though, this is still more in the "reply" format than the "post" format.)
Simeon's basic assertion is that Adobe is doing a lot to open up some parts of their next-generation platform and Mozilla is a crybaby for suggesting that Adobe might have less than pure motives.
A secondary point, if I'm reading him correctly, is that Adobe deserves to be making lots of money by extending its control of the Web and Mozilla shouldn't be complaining about corporations undermining the free and open Web for profit because Mozilla gave up any say it had when it decided to operate as a public-benefit organization. Stupid Mozilla. You never should have put the interests of a free and open Internet ahead of the corporate bottom line.
So, here's my reply:
For Microsoft and Adobe, it's not about the money (yet.) It's about owning the platform.
Right now, the Web platform doesn't belong to any mega-corporation and the protocols and specifications that underlie the Web are developed in a cooperative process between many of the implementers.
The real issue here is the Web platform (HTML/CSS+JavaScript, plus lots of other cool bits,) that Adobe and Microsoft are challenging and determined to supplant and replace.
It's not that difficult for honest observers to admit that the open Web platform is much harder to monetize over the long run than open Web replacements like Adobe's flex+flash+actionscript or Microsoft's xaml+wpf+.net. (and yes, don't kid youself. Adobe and Microsoft are building replacements for the open Web with Air and Silverlight.)
Both Microsoft and Adobe want to own as much of the post-desktop platform as possible. Adobe has a big short term lead with the ubiquity of Flash, and Microsoft has the medium term advantage of a desktop monopoly with Windows (and whatever they want to label and distribute as a part of Windows.) The Air and Silverlight pushes coming from these companies are all about who will own the biggest piece of the next-generation Web platform pie.
And, don't be fooled by the big giveaways from Adobe and Microsoft. If owning the eventual Web.next platform, or even a large chunk of it, means giving away a lot in the short term, they're happy to give, give, give. It's taken a decade and a half for the Web to advance to where it is today and Microsoft and Adobe aren't focused on 2008 or even 2009. They're looking out at the Web of 2010 and beyond and doing everything in their power to be in control of as much of that space as possible.
As for what they're actually giving away, documenting the protocols and specifications and allowing others to re-implement them is interesting, but it's not open. Open is developing the protocols and specifications in a co-operative and participatory environment and then competing on implementations. Neither Adobe nor Microsoft are being truly open on this front, because doing so would mean giving up their big shot at control of the next generation Web platform.
If I was in Adobe's shoes, I'd give everything away, all of it. Hell, I'd pay people to develop on the Adobe platform and I'd encourage dozens of competing implementations of my platform across every type of device imaginable because, in the end, it'd be my platform and I'd decide how and when it evolved and to what ends.
And I'd do the same if I was Microsoft.
But, I'm neither. So, all I can do in this battle for the future of the Web is to advocate for advances in real open Web standards from groups like ECMA, W3C, and WHATWG. It may be a bit slower to market, (hopefully not too much slower,) via the collaborative and open road, but the end result is a powerful Web platform that isn't, and cannot be, controlled by any one company.
And to those who think I'm some anti-capitalist, I don't think there's anything wrong with people and companies making money. I don't even care if they're making ridiculous amounts of money. But the Web has always been about more than making ridiculous amounts of monkey. The Web has substantial non-commercial aspects including critical educational, social, and civic value that should not be owned or controlled for the purpose of driving corporate profits.
If we cede control of the Web platform to one or two large corporations, we will cede a big piece of what makes the Web so amazing and no short-term sparkle and flash are worth that concession.
Be careful. The first dose is always free.
Photo by Flickr user laughlin and used under a Creative Commons license.
May 2, 2008
add-ons site update
A while back, there was a major update to the Add-ons site. At that launch, it was decided to try to move the site forward with a series of smaller milestones rather than one big one at the end. The first of those milestones is complete and addresses some of the great feedback on the 3.2 release.
Head over to Basil's Bodacious Blog for the detailed rundown.
Photo by Flickr user Roger Smith and used under a Creative Commons license.
May 1, 2008
scribefire 2.1
I'm giving the venerable ScribeFire blogging add-on for Firefox another go.
In many ways it feels like a more solid tool than it did in the pre-2.x days but there are still some bits that still feel kinda clunky to me. Stacked sets of tabs and that ancient seamonkey splitter widgets for resizing the panels are a couple of UI bits that could use some cleanup.
Another area of some clunkyness is the category selection list and post options like timestamp, buried off in some tabbed panel to the side, rather than in the toolbar/title/formatting area with other post-related tools. I think the ScribeFire logo area to the right of the title form would be a much better location for a category select widget for blogs that support one category per post, or an auto-completing, comma-separated tag/category field for blogs that support multiple categories/tags.
Also, the share, configure, and info tabs are just wasting space. Share should just live in a browser context menu and be activated from the blog post itself (or any other page.) Configure and app info should be accessed from the add-ons manager preference.
Finally, the main compose panel needs some min-height and min-widths or something to keep the save/publish/delete/etc. buttons from getting pushed out of view.
What I like about the new version, though, is a lot more interesting than what I don't. Tabbed editing of posts makes managing a few in-progress posts much easier to manage. The YouTube and Flickr integration is quite nice and makes me want more (more sites, more search options, and saved/recent list or something like that.)
Overall, good progress and I hope to see more.
Update: Ugh. Why the <br /><br /> tags rather than, you know, actual paragraphs?
firefox wins again
Not just a victory, but a domination: Firefox wins the LinuxJournal's Readers' Choice Awards once again and this time with 86% of respondents giving the thumbs up to Firefox.
Firefox wins Favorite Web Browser with 86% of your votes. But where, oh where, have the very capable Opera and Konqueror gone? Fewer than 5% of you named them your favorite browser.
Linux is kind of an unknown when we talk about Firefox users. Because most Linux users get Firefox from their Linux distribution rather than from Mozilla, we don't have any decent visibility into how many of them there are. What we do know from this survey, and many others like it, is that Firefox is far and away the top browser on Linux.
This is a testament to the power of "shipping with the OS" and to the strength of Firefox considering that most Linux users are very comfortable downloading and trying new programs.
April 30, 2008
delicious for firefox 3
If you were holding off on using the Firefox 3 betas or nightly builds because your extensions weren't compatible, another one just fell off that list. Today, over at the Delicious Blog, Nick says,
Firefox 3 users, rejoice! Today I’m pleased to announce a beta release of an enhanced version of our Firefox Add-on for del.icio.us that now has full Firefox 3 support while retaining Firefox 2 compatibility. While it is largely similar to the release version of our Firefox Add-on, there are a few nifty new features:
- Jump to Tag feature (press F2) allows you to quickly access tags and bookmarks using the keyboard
- New layout for saving bookmarks
- Preferences now in a separate dialog under Tools (which also can be invoked via the prefs button on the FF Add-ons pane)
- Status bar indicators for network activity, new links for you, and the del.icio.us website
- Classic mode for users who just want simple buttons without the overhead of sync
April 26, 2008
"bad guys, danger, and a rash of firefox holes!" really? really?!
Stuart J. Johnston, over at PC World's Bugs and Fixes column, does a fabulous job confusing and unnecessarily alarming Firefox users, while at the same time conflating the valuable contributions being made by the ethical security researcher community with the malicious activities of "bad guy" hackers.
That's quite an accomplishment in just 500 words.
Getting those column inches hammered out every month can be hard work, but when the obvious result of an article is that readers will walk away less informed than before they read it, it's time to consider a different approach or a different topic.
This particular piece should never have made it off of the author's laptop and definitely shouldn't have made it past an editor's desk. PC World, IDG, and Stuart Johnston are all better than this, and their readers deserve more.
Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.
More users may make a particular program a more inviting attack target for the bad guys, but in the case of Mozilla's Firefox, more users and our open and responsive process also makes it a more inviting research target for the good guys. Yep, there are good guy hackers too, and it's those good guys working in concert with Mozilla developers that are finding and fixing the vast majority of Firefox security issues.
So, in the case of Mozilla's Firefox, more users may actually be helping to shut the door on bad guys, rather than, as Mr. Johnston claims, opening new doors for them.
Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.
If by "hit hard" the article means to communicate something like "this month security researchers and developers contributing to Mozilla's open source Firefox project have found and deployed fixes for several new potential vulnerabilities, shoring up Firefox's defense against malicious hackers and denying them new attack vectors," then sure, Firefox was "hit hard."
Unfortunately, I don't think that's what the article was implying.
So forget the idea that just because you've switched to a new browser, you're magically safer.
There's no magic here at all. Firefox has a long track record of being more secure by design, more responsive to security issues, and less often targeted by bad guys than I.E. Taken together, those factors really do mean that because you've switched from I.E. to Firefox, you are safer -- no "magically" about it.
You may be for a time, but to stay safe with any software, you need to keep current with fixes.
And here we have the only line in this entire article that could conceivably help users. Unfortunately, it's not in a context where it's likely to be taken that way.
This is one more area where just a bit more research would have resulted in an entirely different article or no article at all -- depending on the author's motivations.
With Firefox, users don't have to worry nearly as much about keeping current with fixes as they do with other browsers, I.E. in particular.
Firefox has the best record in the industry, not just for finding and fixing issues quicker, but for getting those fixes in the hands of users faster.
Thanks to Firefox's well designed update mechanism, 95% or more of our users are automatically updated to the latest secure version in less than a week.
That kind of information could have provided the context to make that one informative point actually useful to readers.
In a somewhat dubious recognition of Firefox's growing popularity, hackers have focused their attention on it, leading to a rash of newly discovered holes.
If by "hackers" the article is referring to Mozilla developers and ethical security researchers who work together to keep Firefox users safe, then sure, "hackers focused their attention on Firefox."
If, however, as it appears from the overall tone of the article, it means to suggest that Firefox users should be alarmed and worried that bad guys have discovered a bunch of new Firefox holes and users are in great danger, then no, not so much.
In an actual attack--neither the Safari nor the Firefox bugs have elicited one so far--a bad guy could take over your PC or steal your navigation history.
In an actual attack, Firefox users would be protected because the vulnerabilities were discovered and fixed by the good guys and rapidly deployed to virtually all Firefox users weeks before Mr. Johnston's article hit the Web.
With this paragraph, we also finally get the buried lede and the admission that should have killed this entire story. Bad guys are not attacking Firefox (nor, apparently Safari,) and all of the FUD from the previous four paragraphs falls apart by the author's own admission.
A month ago, with the help of some amazing security researchers, Mozilla found and fixed half a dozen problems and deployed those fixes to pretty much every Firefox user out there. In the time between those discoveries and the appearance of Mr Johnston's article, there have been no reports of any of those flaws being used to attempt attacks against Firefox users -- attacks that would fail thanks to the Mozilla developers and the security researchers that Mr. Johnston calls "bad guys" and "hackers."
What a waste and what a shame for those people who, having read this article, are now more alarmed and less informed about security than they were before.
Security is a complex area and it takes real effort to learn about all of the factors that interact in determining security outcomes. It simply doesn't lend itself to quick bean counting analysis or casual headline-skimming research.
It's also a critically important topic because a fundamental necessity of a safer Internet is that users have a clear understanding of how it actually works.
Security-related articles and headlines constructed with over-simplicifcations, fear-mongering, and out-right misrepresentations, not only don't inform readers, they actually slow the progress to a more secure Internet.
April 23, 2008
launching one of the world's most popular software products
Paul Kim, the architect of Mozilla's global marketing and PR program, explains the foundations of the upcoming Firefox 3 launch.
Best part? Yeah, the parties!
Actually, I shouldn't risk trivializing it. There's just an amazing amount of work that goes into a product launch of this scale. It's really so much more than anyone imagines it to be and there's always so much more that we could do with more community participation.
So head over to Paul's blog, read up on what's in the pipe, and then find a way to get involved. We're going to fly past the 200 million users mark this year and Firefox 3 is gonna be the vehicle. Climb aboard!
mozilla links facelifted
One of my very favorite sources for Mozilla news and reviews, MozillaLinks, just got a facelift and it looks great.
Keep up the awesome work, Percy!
more awesomer all the time
The AwesomeBar keeps getting awesomer all the time.
time to deploy matters
Here's a another great example of why it's not only really important to identify, diagnose, and fix security issues quickly, but equally important to get those fixes into the hands of users quickly.
I predict that if it's not already the case today, that it will soon be the case that unpatched holes in mainstream browsers (where a fix does exist but isn't installed) will be responsible for more real-world security problems than holes that remain unfixed.
The number of browsers out there has gotten to be so huge that you don't need to exploit a large percentage of them to do real damage. With about a billion IE installs out there, and probably a similar number of flash plug-in installs, you only need a few percent that haven't yet updated to compromise a whole lot of machines.
Even worse, the time it takes to develop an attack for a patched flaw is approaching zero much faster than Microsoft's or Adobe's time to deploy is.
This is an area where Firefox really excels. Our update mechanism can move the majority of Firefox users from an insecure version to the new secured version in just a few days. At last measure, I calculated that it took us just 5 days to get over 90% of our users updated.
While that's pretty amazing for updating hundreds of millions of users, I think that we're going to have to find ways to make it even more efficient. Right now, for example, the update check only happens when Firefox is active and it only happens once per day. Those might need to change if we're going to make dramatic improvements on the already fast turnover.
a good thing we didn't (and wouldn't)
A couple of days ago, while looking at the WebWare 100 winners, I noticed that the editor called out Maxthon for sort of cheating, they were driving traffic to the voting by incorporating a pop-up advertising the contest right in the Maxthon browser. Today there's a post up at the Maxthon blog bragging about how effective it was.
That got me thinking about what would have happened if Mozilla used that kind of tactic. Can you imagine the hardware meltdown at c|net that would have resulted from 170 million Firefox users all being directed to hit their WebWare voting site?
I don't really know much about internet loads, but I've seen pretty decent sites get taken down by the digg or slashdot effect which probably only amounts to hundreds, maybe a thousand hits per minute? Now, c|net's not some shared hosting $10/mo solution, but what happens when it's tens of thousands or hundreds of thousands of hits per minute?
Then again, that's all hypothetical for a couple of reasons. First, we wouldn't get in our users face like that for anything less than a critical security update (where we do actually throw a pop-up advertising the availability of the update.) Rallying the community that opts in to visiting Spread Firefox is completely reasonable. Interrupting 170 million Firefox users for a web poll is not. Second, I think most people would consider that cheating and I think we'd mostly all agree.
What do you think? Should Firefox win online polls at all costs ;-)
(Just kidding. I don't actually expect an answer there.)
Finally, while I think it's cool that Firefox got enough votes to be listed as a top 100 application (and apparently registered in the top total 10 vote-getters,) does it really say anything interesting when pretty much all of the browsers made it into the same top 100. It's pretty awesome that c|net was able to get nearly 2 million people to vote and to narrow down from many thousands of apps and sites to 100, but without some kind of public ranking within that 100 or at least within the various categories, it doesn't really inform people as much as it lets all the top players claim "winning" status.
it's saved me many times too
I've linked to several great blog posts on Firefox 3 features lately, but there's one piece of an older feature that doesn't get enough credit. I got a reminder this morning when Firefox crashed (a flash bug that may have just been fixed,) while I was composing a rather long webmail message and just this evening read this blog post.
If you haven't needed to experience Firefox's crash recovery because you're never crashing, great. If you have, though, it sure is nice that it saves your work.
clear list button returns
Wow.
About half a dozen vocal advocates of the Firefox 2 status quo, out of a pool of more than 3 million people using the improved feature in Firefox 3 betas, managed to stall a pretty cool step forward for how the Download Manager presents its much improved value to users. Maybe we can make that progress in 3.next.
Reminds me of some of the dysfunction of pre-Firefox days.
Bonus points to the several seriously f'n rude commenters in the bug. You do us all so proud. (And, to continue the sarcasm, it's great to see that our Bugzilla etiquette guidelines are being so well enforced.
It's a good thing for several of those folks that I'm not living in Bugzilla any more or they'd have been zeroed out of the system pretty f'n fast.)
Somewhat related, I'm sure glad the AwesomeBar and the bulk of places survived their time in Bugzilla. It's sobering to be reminded by what a thin thread feature progress actually hangs.
April 22, 2008
firefox three is gonna be so awesomely awesome, pt. 2
Hot off the success of her recent AwesomeBar is awesome post, Deb's got even more reason to love (or anticipate) Firefox 3.
I won't spoil it with any of my own commentary this time. Just head over to dria.org and read her latest post, Firefox 3 Bookmarks (My god, it’s full of stars…).
OK. I can't not say something :-) . I'll keep it short.
It would be an understatement to say that, like Deb, I've never been a big fan of traditional browser bookmarks. To be more blunt, I've always hated them. They fail in just about every way at helping me accomplish what I want to accomplish -- quickly and easily getting back to a page I've visited before.
With the exception of a few bookmarks on my bookmarks toolbar and a couple others called up by their typed shortcut (bookmark keyword,) I just stopped using bookmarks. If it didn't fit in my toolbar or the limited space I have in the part of my brain that stores shortcut names, I just didn't save it. I found it more convenient to keep a super-long browsing history and just search through there when I wanted to return to any of the sites that didn't fit in those two very finite spaces.
That was before Firefox 3.
Thanks to all the great new features that Deb describes, now I'm bookmarking the hell out of the Web and I'm never more than a couple of clicks or keystrokes away from all the content I want to revisit.
April 20, 2008
help me find the right television
Deanna and I are about to move into the 20th 21st century and purchase our first flat-panel television.
We're looking for something in the 36" or greater and less than 50" (since it's going to be for our bedroom and not our still-unplanned "home theater,") and we're more concerned about cable television watching (through TiVo) -- a mix of standard and HD programming, than we are about movies and boxed sets on disk (presumably that's all going to blue-ray where 1080p makes a big difference?)
I think the format of the programming and the size of the screen we're interested in means that we shouldn't care too much about full 1080p and that 1080i (720p) would be just fine. I think that combination also means that we don't need the most expansive set of inputs either.
What we do care about is picture quality and decent built-in sound. From what I've read, the screen size we're looking for is right at the overlap where LCD and Plasma are competitive price-wise and so we can focus on the desired set of features rather than the cost.
What I'm hoping some of you all can help with are some recommendations for specific models, your experience with LCD or Plasma flat-panels, or any suggestions of where we should look first in terms of honest reviews and comparisons.
Thanks in advance.
April 19, 2008
infoworld sees firefox users, a lot
Despite IE's near omnipresence we still find Firefox running on nearly half (47%) of the systems sampled. This would seem to bolster our above theory about ancillary IE use: Chances are, if you're running Firefox, it's because you chose to do so and simply prefer it to IE. Within our small community, at least, Firefox is sporting "market" share that's better than half of IE's on the same sample group.
