April 2007 Archives
I think the Ubuntu policy is pretty generous. I also think this validates a lot of what we were saying and writing around the time we created our trademark policies. Underlying these policies is that we all care about customers and we want them to understand what they're getting. Avoiding customer confusion requires policy and I think we're likely to see more, rather than less, of this in the future.
We're coming into the final days of the call for Open Source Awards 2007 Nominations. These awards are presented by Google and O'Reilly at the O'Reilly Open Source Conventions and this time they've opened the nomination up to the entire open source community.
The award recognizes exceptional leadership, creativity, collaboration and development in open source.
If you know of people in the Mozilla community that should be nominated, you've got till the end of the month to send in those nominations. You'll need to include the person's name, that they're involved in the Mozilla community, their title or area of work, and a description of why you think they should be recognized. Nominations should be emailed to firstname.lastname@example.org.
If you've got nominations but don't have the time to write them up, drop a note in the comments here and I'll see if I can help. Thanks.
I'm not fully up to speed on this problem yet, and I'll post more as soon as I know, but I've read several descriptions now of a flaw in Apple's QuickTime and how it interacts with Java that could be exploited to compromise Firefox, Safari, and IE 6 and 7 users (and possibly others).
It sounds like you can protect yourself by disabling Java. In Firefox you can accomplish this by going into the Firefox Preferences/Options and unchecking the "Enable Java" item in the Content panel.
Like I said, I'm still getting up to speed on this and all of the details don't yet seem available, but this looks like it is clearly a flaw in Apple's QuickTime so I presume disabling or removing QuickTime would also solve the problem.
More as I learn it.
update From NIST.org, (not the US Government's NIST,)
The Quicktime bug seems to be passed to it by a Java capable web browser using the Quicktime for Java interface (QT4J). Any web browser that supports Java will become a vulnerability vector if Quicktime is installed. If Java support is disabled in the browser it can no longer be used for an attack.
So, if you're using a browser that has both Java and Quicktime, now would probably be a good time to disable or remove those plugins.
update2: Joris, over at cNet is reporting mostly the same information but it's a confirmation from TippingPoint that this is indeed an Apple flaw, in QuickTime, that can be exploited on Mac or Windows. The TippingPoint spokesperson said, "We have now verified that this issue affects both Windows and Mac operating systems, including Windows Vista through Internet Explorer."
For your and your pet's health, you might want to be cautious about foods containing wheat gluten, corn gluten, corn meal, soy protein, rice bran or rice protein.
A few weeks back I was running into a problem in Firefox's text selection. If I try to select text that is inside of a link, I either end up inadvertently clicking the link or dragging the link.
It turns out that selecting text inside a link sort of works in Firefox (modulo a regression bug) if you hold down the undocumented alt key.
Keyboard modifiers to mouse behaviors mostly suck. They're pretty much only discoverable so far as reading the manual can be called discovery.
I went to the other browsers to see how they behaved and was pleased to see that at least one other team had actually put in some thought on this problem and implemented an nice solution.
IE and Safari don't even try. Firefox tries, with a keyboard modifier, but that's mostly lame and it doesn't even work right because of a regression bug. Opera's solution is clearly the best.
In Opera, a click and drag that's mostly up or down triggers the drag and drop behavior while a click and drag that's mostly horizontal triggers the selection behavior.
The only change I'd suggest for Opera is that they actually swap out the hand cursor with the caret cursor as soon as that "decision" is made so that it's more obvious that the mode has changed.
This is a practical and elegant solution to a minor problem, one of those finds that makes developing and software fun. It just works. Our goal should be to make everything about the browser work this well.
There's an interesting article, The Rise of Firefox, over at Macword that show Firefox usage on the Macworld sites steadily growing over the last two years. "So far this month Safari makes up 39 percent of our traffic, with Firefox at 33 percent and Internet Explorer at roughly 21 percent" says Jason Snell.
I'm pretty much full-time Mac these days and I'm probably more aware then most when it comes to the places that Firefox on Mac just doesn't work as well as Firefox on Windows. And I'm also not clueless about Safari, which I'm using more since I moved over to Mac (as the primary of my three platforms.) Still, I'm not surprised at these numbers from Macword. Firefox seems to have quite a strong following among power users, and web design and development professionals. Those folks make up a big chunk of the Mac usage out there.
One other data point is available at BoingBoing.net, the worlds most popular blog, where 23% of their usage is from Mac but only 11.6% of their usage is coming from Safari. That suggests to me that a lot of their Mac usage is coming from Firefox.
What do you think? Could those Macworld numbers be representative of a larger trend among Mac users?
Over at the EMT Blog, jterrill seems to be suggesting that browser makers give up on protecting users from phishing. Well, I'm not ready to give up and neither are the tens of thousands of people working to make Firefox better with every release.
The main argument jterrill is advancing seems to be that none of the three main anti-phishing techniques are completely effective so by offering them to users, we are giving them a false sense of security.
To make the case, he looks at the tree primary anti-phishing techniques and calls them each ineffective.
The first, and currently the most effective approach that the browsers have implemented to prevent phishing is blacklisting. With this approach, the browser compares the site the user is visiting (or about to visit) to a list of known bad sites. jterrill suggests that this can't possibly be effective because the bad guys are creating and using new sites at an alarming and increasing rate. My response to this criticism is pretty simple: without some evidence that the blacklists aren't also advancing at a similarly increasing rate, this doesn't tell us anything about the efficacy of blacklists. As the bad guys get faster at creating and advertising new sites, the blacklists are going to have to advance faster. Until it's demonstrated that cannot happen, something that jterrill hasn't done, this approach will continue to be extremely valuable in protecting users and we'll continue to employ it.
The second approach is pattern matching where heuristics are developed to catch the most common patterns used in phishing attacks. This is a new area for phishing protection but has been used with some efficacy in anti-spam email systems. I can't find jterrill's argument against this approach (unless he's suggesting that the this approach is limited to URL analysis) and his example seems a bit simple to me. But, as I said, this approach has a lot of room to grow (see CANTINA) and while the initial implementation we've seen in IE7 isn't doing very much, future implementations that take into account much more of the page content could become very effective in for many phishing cases.
The final approach that jterrill discounts is whitelisting. In this system the browser compares the site a user is about to visit to a list of known good sites and only allows the visit to happen if the site is on the known good list . jterrill's argument against this approach is that sites are not only impersonated but can also be compromised. He argues that a compromised, whitelisted site is the worst kind of failure. I don't see this as necessary. It would depend on what the actual user experience was in the browser. If the browser tells users that they are always 100% safe when visiting a whitelisted site, yes, that would be bad. If, however, whitelisting was just one of several layers of defense against phishing, and users weren't given false safety guarantees, then this problem is no worse than failures of the blacklist and the heuristic methods. One additional note here is that compromising major services like banks and ecommerce sites is much harder than setting up a phishing site that simply tries to impersonate the real thing. These attacks are going to be few and far between making the whitelist approach a very effective tool in the most common use cases.
But in analyzing each of these three tactics and concluding that we're all doomed, jterrill seems to be missing a few key points. First, while any of these may not be 100% effective, preventing more phishing successes is better than preventing no (or fewer) phishing successes and each one of these approaches can have a dramatic impact on the success rates. Second, these approaches don't have to be used in isolation. Multi-layered approaches offer a security in depth that can be considerably more effective than any one approach alone. And finally, jterrill seems to assume that these are the only three approaches available or possible, ignoring other solutions that are being developed or are already deployed, like petname systems and dynamic security skins, two-factor authentication, EV certs, and finally, improved browser user interfaces.
This is no doubt going to be a lont-term arms race, but I'm not ready to give up. To the contrary, I think that if browser makers continue to focus on this, we can kick some phishing butt and I'm looking forward to that!
This is turning out to be just horrible. With tens of thousands of animals sick or dead, we learn today that corn gluten is also tainted with the poisonous melamine.
Additionally, Royal Canin Canada has added Sensible Choice Diet to the recall list as well as the vet prescribed, Canine Early Cardiac, Canine Sensitivity RC, Canine Skin Support, Feline Hypoallergenic HP, and Feline Sensitivity RD. (This is on top of their earlier recalled Medi-Cal Feline Dissolution Formula.)
With melamine tainted vegetable proteins now the clear problem, there is growing speculation that melamine was intentionally added to the grain proteins to artifically elevate the recorded levels of protein.
Avoiding foods with grain proteins, at least rice, wheat, and corn proteins, would be my advice to pet families.
I realize that a lot of you either read this blog in a feed reader or access individual posts where you don't get my little blogroll so I'm taking this opportunity to promote one of the links.
Cocktail Party Physics is a wonderful science blog. Jennifer Ouellette brings contemporary science subjects into your web browser with engaging and entertaining stories that really can't be beat, inside or out of the science blog world.
As far as I'm concerned, Jennifer's posts are the gold standard for approachable and fun science writing. Please do take a look. No matter what your interests or background, I have no doubt you'll find it more enjoyable then you ever imagined physics could be.
The problem continues to grow. As I noted earlier, it sounds like rice gluten is quickly becoming a widespread problem that the wheat gluten was in the earlier recalls. You can read the latest on the Blue Buffalo recall here.
minor update: Commenter cb is correct that rice doesn't contain gluten. The problem ingredient is actually rice protein concentrate.
I missed it. Last week, the blog turned 5 years old.
Over the last 5 years, I've posted 2,285 times for a total of just over 500,000 words.
Thanks for reading.
Michael Dell uses Firefox, at least that's what they're saying at his bio on dell.com.
I'm not sure how I missed this when Paul put it up. If you're not a developer and you want learn how to get started using Bugzilla, check it out. Nice work, Paul.
Slightly oudated, but still a good reference, Sean's How to find out if your bug is already reported tutorial is a good follow-up.
The Guidelines are aslo a great source of information and if you've already got that internalized, you might find Sean's Text Searching In Bugzilla (including regular expression searching) tuturial to be helpful.
Natural Balance has announced a recall for Venison and Brown Rice Treats for Dogs, Venison and Brown Rice Canned Formula for Dogs, Venison and Brown Rice Dry Food for Dogs, and Venison and Green Pea Dry Food for Cats.
Each of these was previously thought to be safe. Unfortunately that seems to now not be the case. First it was tainted wheat gluten and now it's tainted rice gluten. If your pet is eating any non-recalled food that contains either "wheat gluten" or "rice gluten" (possibly also called wheat protein concentrate or rice protein concentrate,) and is experiencing any abnormal symptoms, you might consider a trip to the vet. It's the grain glutens that are the link between these different recalls. Avoiding any of that would probably be smart. There's no telling how far this is going to go and right now.
Tip o' the hat to Chris for bringing this to my attention.
Michael Graham Richard has posted a fascinating blog entry on Near Earth Asteroids, what we know about them, what we don't know about them, and what can be done to help ensure that they don't wipe out life on earth.
Michael's blog post is a great introduction to the various issues surrounding Near Earth Asteroids and it, like all good writing, is a learning experience for both the author and the readers.
If you're interested in learning more, head over to Michael Graham Richard: Stay Curious and give his post, Near Earth Objects and Asteroids: Are We Whistling in the Dark? a read.
This is a new blog, but not a new blogger and I suspect I'll be a regular visitor. Thanks, Michael!
Menu Foods received complaints of cats dying on February 20. The company's own animals started dying in taste tests on March 2. The recall wasn't ordered until March 16. The FDA was notified only the day before.
How many loved family members died because it took nearly a month for early reports to be acted on.
This is just so sad for the people who have lost or now have extremely ill pets. ABC News is reporting that kidney failures are up as much as 30%.
If we don't have someone in the dev world that helps people like this get their feet wet, then we should make sure we change that. Who will help?
Happy Easter. Best wishes to the Christians reading.
Read/WriteWeb has a new post up by Bilal Hameed discussing what he calls "The Sidebar Syndrome". I think the post has a few problems.
First, the final paragarph is a bit confused -- or maybe I'm just mis-reading it. Either way, I think it's worth clarifying this one thing. The Google Toolbar doesn't ship in Mozilla's Firefox. Google ships a version of Firefox with the Google Toolbar. Mozilla Firefox doesn't ship with any third party toolbars.
What Firefox does ship with is an integrated search field in the primary Firefox toolbar (the toolbar that contains the navigation controls and the address field.) That integrated search field contains multiple search services that the user can choose between and augment if they so decide.
This is very much not a "Google Toolbar". The Google Toolbar contains a wide variety of Google features and access to several of Googles services besides just search. In addition, it defaults as a full browser width toolbar that takes up (in my opinion) valuable content area real estate.
Second, I'd also like to point out that, contrary to what Bilal states in the post, a user most certainly can have multiple sidebars. They just don't all show at the same time. Firefox, out of the box, has two sidebars, one for bookmarks and one for history. Users can switch between sidebars from an item on the View menu or by clicking an optional toolbar icon for the specific sidebars. So, there's no reason that a user couldn't have several sidebars and easily switch between them.
This kind of negates some of what I think that Bilal was trying to say -- that the sidebar space was a zero sum game in a way that toolbars weren't because with sidebars there's only enough space one occupant.
Finally, I wrap up in agreement on one point. Sidebars are a decent way for features to be added to the browser and this space is going to be valuable. There will be more and more services offering up Firefox sidebars. In fact, Mozilla has already partnered with several other projects to ship Firefox sidebars. We call them Firefox Companions and they often extend somewhat beyond just the sidebar, but the idea is mostly the same. See the Firefox Joga.com Companion and Firefox Kodak Companion for a couple of examples.
I'm personally in favor of using more sidebar space rather than more toolbar space given the way widescreen displays are propogating and most web content being taller than it is wide. Then again, sidebars are nothing new and they haven't really taken off like toolbars so maybe I'm in a minority here.
Yahoo! has just released a beta of its new search tool called alpha. (tricky name there.) I'm already a huge fan. Why?
Because my blog is the #6 hit for "asa". The traditional Yahoo! search has me at #15. At Google I'm #13, and at Live Search I'm doing pretty well at #8.
It's been a tough fight to get "asa" ranked because of all of the ASA acronyms out there but I'm making progress ;-) It does seem like I'm doing better on the newer search services. Superior algorithms for sure :D
update: In case it wasn't clear to everyone, I'm just kidding here. I don't judge the quality of a search service by how it ranks my blog. And yeah, I'm doing pretty well with "dotzler" and "adot".
From my quick reading, it sounds like Menu Foods (the first big recall) has expanded its recall and Sunshine Mills has initiated its first recalls related to the same problem ingredient.
In addition to these products which contain the poison tainted wheat gluten, The FDA is also warning of Salmonella in dog chew toys from T.W. Enterprises.
If you've got pets, please head to the pantry and check the manufacturers and labels of all of your foods, treats, and toys. Your pets will thank you for it.
Apparently the contaminated pet foods were a result of food-quality wheat gluten and the FDA knew about it for weeks before the first pet food recalls.
How many needless deaths resulted. And why weren't we warned about our food supply. It wasn't just pet food here. What a mess. What a shame.
We are looking for a group of strong hackers to help us develop the initial set of Parakey applications. You will be working directly with the founders, Blake Ross and Joe Hewitt, in Mountain View, California. The position lasts 3 months and pays a competitive salary. We are flexible with the start and end dates, and particularly the end date. In other words, if you're doing good work, we'd be glad to make you employee #3.
Parakey is a very cool project and Blake and Joe are amazing people. This is a great opportunity. Read more a the Parakey Summer Internships page.
And one more: United Pet Groups Eight in One has announced a recall for it's All Lots of Dingo Chick'n Jerky Treats for Dogs, Cats, and Ferrets treats due to concerns of Salmonella.
Del Monte is the latest to recall pet foods. If your non-human family member is eating Del Monte Jerkey Treats Beef Flavored Dog Snacks, Gravy Train Beef Sticks Dog Snacks, Pounce Meaty Morsels Moist Chicken Flavor Cat Treats, Ol' Roy Beef Flavor Jerky Strips Dog Treats, or Ol' Roy Beef Flavor Snack Stick Dog Treats, then please stop serving that and get to your vet ASAP.
So, we're up to Menu Foods, Nestle Purina, Hills Pet Nutrition and Del Monte Pet Products. This is going to impact thousands, maybe tens of thousands of dogs and cats. How terribly sad. For those affected, my heart is just breaking for you. I am hoping and praying for the best.
The answer should probably be "none of the above" since all of these metrics have their strong points and their weak points and comparing them to each other is not an apples to apples comparison. Geography makes a big difference, as you can see by Xiti's measurement of Firefox at nearly 25% in Europe overall, and as high as 44.5% in Slovenia and 41.3% in Finland. The type of user surveyed makes a big difference too. The latest report from FreshBooks puts Firefox at 38.95% share among small to medium-sized businesses and BoinBoing.net has Firefox at nearly 50%. The time of the survey also impacts the results with the total web using population dropping some in the summer and on or right around holidays like Christmas.
So how should we measure Firefox growth? Well, first, we shouldn't be looking at any single-sourced metric. Second, we probably shouldn't be looking at month to month data and instead look to longer trends that cross seasons or even years. Maybe we shouldn't be looking at usage stats at all and move to some other metric. That's a lot on what we shouldn't do. What should we do?
What do you all think? The trends are clearly going well for Firefox over the last three years and we're seeing consistent increases in browser downloads and trials with each of our new releases. As I've said for quite some time, though, downloads don't all turn into users and as the paragraphs above suggest, usage patterns are quite different depending on geography, the kind of user, and the time of year one measures. So, what and how should we measure so that we can make the most informed decisions regarding our efforts to increase the pace of adoption?
Purina has recalled ALPO Prime Cuts in Gravy (wet) dogfood. Because Purina is not recalling any dry foods, it sounds like this is not the dry food maker that the FDA refused to name on Friday.
update: This Reuters story seems to confirm that the unnamed manufacturer under investigation by the FDA on Friday was indeed Hill's.
The common thread in all of these recalled foods is a tainted wheat gluten. Until this is all sorted out, it might be a good idea to avoid all pet foods with wheat gluten (in addition to those listed in the recalls).