Hacking for Christ

I'm Away

I am away from the 30th of October until the 27th of November. Please see before-you-mail-gerv for my FAQ and also the list of alternative people to contact.

All blog comments and trackbacks except this one have been or will be closed, for anti-spam reasons. Please email me any thoughts that you have, and I will peruse them on my return.

IE To Firefox Conversion Rates

Andkon has caused a bit of a stir with a new critique of the www.mozilla.org front page. However, I'm going to leave his comments on the content to one side and concentrate on his mathematics.

His assertion is that "only 50% of IE users who come to www.mozilla.org download Firefox". He works this out by taking the number of IE-user downloads of Firefox per day (estimated at 50% of total by Asa) and dividing it by pageviews per day of www.mozilla.org and www.mozilla.org/products/firefox/, which he classes as "end user pages".

The flawed assumptions in this logic include, but are not limited to:

• all views of those two pages are from people wanting to download Firefox - which is obviously not true for www.mozilla.org, and probably not true for /products/firefox/;
• a particular downloader only views a single one of those pages, rather than both;
• a particular downloader only views a particular one of those pages once - they don't, for example, read about Firefox at work and then download it at home;
• all attempted downloads after viewing a page succeed, and aren't cut off by e.g. network trouble, a little sister picking up the phone extension, or some other reason (the download stats count completed downloads).

But even if we ignore all the above and take his figures as correct, other businesses would kill for a 50% conversion rate of interested people to customers. In the circumstances, I'd say we are doing rather well.

He may well be right that the front page could use improvement - but that depends on your underlying aim for it, which is the real point of controversy. Some believe that www.mozilla.org should be focussed on all that mozilla.org does, not just Firefox, and we should use e.g. getfirefox.com to plug Firefox exclusively. Others think www.mozilla.org should focus on whatever the flavour of the month is. Without agreement on this point, suggested changes to the front page will founder on the deeper disagreement.

He is right on at least one thing, though. The phrase "declaration of independence from a monopolized and stagnant web" has no place in our newspaper advertising. It's meaningless political posturing, and a big turn-off. (I suspect and hope it's not going to be there, and it's just something Blake thought up for his blog post.)

Looking For A Job?

The company I work for, Data Connection, is looking to hire a group of recent graduates as software developers at their offices in Enfield, UK (where I work).

I can't promise you would get to work on or with Free software, but you would get to work with smart people for a company who are very good to their employees, and have a great culture of technical excellence. You don't have to be a graduate in a numerate discipline - we already have classicists, linguists and others.

If you are interested, you can find out more and perhaps apply online. Say that I sent you :-)

False Equality

It seems we're having a controversial week here on Hacking For Christ, so let's continue. [Just to clarify: the following post speaks in generalities - it has to in order to avoid massively cumbersome sentences. So when I say e.g. "men can do X but women can't", I mean "in general, men are much better at doing X than women". I do not mean either "only men should be permitted to do X", or "all women without exception are incompetent at X".]

The UK Trade and Industry Secretary, Patricia Hewitt, has launched a drive against "career sexism".

"Career sexism is about saying that engineering, for instance, where only 10% of employees are women, is really a male-dominated industry. Construction is even worse."

While totally agreeing with the principle of "equal pay for the same job", I think that the feminist hyper-equality agenda is obscuring the fact that men and women are, in fact, different. The underlying thesis of Hewitt's campaign seems to be that equality means men and women being interchangeable, and so we need to keep working "for equality" until these industries have an approximately even balance of men and women.

A book I've heard good things about, but not yet read, is "Why Men Don't Listen and Women Can't Read Maps". Its basic idea, which I agree completely with, it that womens' and mens' brains are wired differently, making each gender good at different things and bad at others.

My ex-housemate, Abbie, thought nothing of simultaneously ironing, talking to someone on the phone, and watching an episode of Friends. She's a great multitasker. When I'm watching Friends, on the other hand, someone can loudly ask me a question and I simply won't notice for 30 seconds, after which my brain will process the backlog and I'll look up and say "Er, what, sorry?" This is what's actually happening in a "Why Men Don't Listen" situation. My brain is very serial indeed - I am not good at multitasking. My task-switching latency is measured in seconds.

Now, it's fairly obvious that there are not many female computer programmers. I suggest that this is because single-minded concentration for long periods is a vital attribute for a programmer. You need to simultaneously think of the correct name for a local variable, while keeping in your head what you are doing in the scope of that function, that module and that application, and continuously zoom in and out mentally between those levels without losing track of any of them. And the very features of mens' brains which makes them bad listeners makes them particularly good at this skill.

Great female programmers certainly do exist. I know - I work for one. But it is misguided to argue that there's something wrong with the IT industry until 50% of programmers are women, and such an attitude will only lead to misery for the women coerced into a job they aren't suited for.

Stem Cell Debate

Mitch Kapor just posted a blog on the stem cell research funding debate in California. Comments are closed, so it looks like I'll have to use a trackback to respond.

It seems like there's a lot of heat and not much light in the US "stem cell research" debate. What I can't understand (apart from the general principle that any more than two sides is too complicated for the media to handle) is why people are not making more clearly the distinction between adult and embryonic stem cell research. Wikipedia explains the difference well. Adult stem cell research is more advanced, has had actual therapeutic successes, and allows one to obtain the consent of the donor, but it doesn't seem to get much of a mention.

Can anyone name one of these purported miracle cures for every problem under the sun (Cancer, Alzheimers, Diabetes, Heart Disease, the Premiership being too one-sided) which cannot be researched using adult stem cells?

(Over here in the UK the debate is more nuanced, but stem cell research has been permitted by the HFEA.)

88% And Rising...

Correlating the language statistics from glreach with the Mozilla-l10n Tinderbox, we can see that Firefox 1.0 RC1 will have official localised builds in the native languages of over 88% of the world's Internet users.

The big ones we are missing are Korean (3.9%), Malay (1.8%) and Arabic (1.7%). The Korean Firefox l10n website redirects back to mozilla.org, and their main website links to English builds. We don't yet have a Firefox effort in Malay at all...

By the same measure, Internet Explorer is at 94% - they have Korean and Arabic, but no Malay. But they only offer 24 languages, while we are already at 26. Proof that open source caters well for minorities?

Bugzilla "Limitations" 4: Comments can't be auto-quoted

It might be somewhat surprising that I'm discussing this limitation, because the latest releases of Bugzilla (including 2.18) don't have it. So why am I talking about it? Well, I think that implementing the feature in question was a mistake :-)

For a long time, we've had requests to allow people to "reply" to Bugzilla comments - i.e. to provide an automatic paste of a particular comment, with ">" marks, into the Additional Comments box. Kiko finally implemented this feature about this time last year in bug 207754. (I should hasten to add that there's nothing wrong with the implementation technically.)

As you may notice, I wasn't too keen on the idea, but there you go. In a project with more than one developer, you aren't going to win them all :-) But why don't I like it? Well, Joel, as often seems to happen, wrote an article which mentioned in passing why he thinks quoting is a bad idea.

Since then, I've become even more devoted to the idea of the value of good social interface design: we bring in experts like Clay Shirky (a pioneer in the field), we do bold experiments on the poor citizens of the Joel on Software discussion group (many of which are so subtle as to be virtually unnoticeable, for example, the fact that we don't show you the post you're replying to while you type your reply in hopes of cutting down quoting, which makes it easier to read a thread), and we're investing heavily in advanced algorithms to reduce discussion group spam.

His point applies even more to Bugzilla than to the discussion forum software he's talking about. In a medium like Bugzilla which is non-threaded (another feature-not-limitation, which I might talk about another time), and is both email and web-based, discussions are easier to follow with less quoting. This means that, for maximum usability we shouldn't add features to Bugzilla which encourage it.

This post isn't a bitter moan in disguise - I'm very happy with the Bugzilla project's method of making decisions, and I'm not pushing to have the feature backed out. But I felt it was a worthy addition to this series, for the light that the discussion sheds on how one can (potentially at least) decrease usability by adding features which at first glance appear to improve it.

Hope In The Patents War

nosoftwarepatents.com is what the FFII Software patents site should have been all along. (Some of you may remember that I ranted about its poor usability and navigability back in May ("Why We Will Lose The Software Patents Battle"). It's well-designed, visually pleasing, very readable, and clearly outlines both the problems and what people can do about it.

According to The Sydney Morning Herald, the site is sponsored by MySQL, Red Hat and a German company called 1 & 1, and run by activist Florian Müller. Kudos to them and the rest of the team behind the site.

Parties on Seven Continents

Up until a few minutes ago, the mozparty webtool currently offers parties on six continents:

• Asia
• Africa
• North America
• South America
• Europe
• Australasia

But now, I'm pleased to announce that, courtesy of Ethan Dicks at South Pole station, we've got the full set. It's gone worldwide!

(And how's this for a sig?)

Ethan Dicks, A-130-S      Current South Pole Weather at 19-Oct-2004 19:50 Z
South Pole Station
PSC 468 Box 400       Temp   -66 F (-54.5 C)    Windchill  -101.9 F (-74.40 C)
APO AP 96598          Wind  11.3 kts Grid 062   Barometer 675.8 mb (10784. ft)

Advance Warning Of Absence

From 30th October to 27th November I will be away and, for all practical purposes, uncontactable. As this is a relatively long period to be away, I thought people might need a heads-up. So if you have something you need me to do, now's the time to ask :-)

As If Usability Testing Wasn't Hard Enough...

People lie on surveys and focus groups, often unwittingly.

(This is from Raymond Chen's blog, "The Old New Thing", which is a fascinating insight into the quirks and foibles of an environment where backwards-compatibility has to be preserved at all costs. Of course, not everyone at Microsoft thinks that way.)

Google Search Reveals Algorithms?

[Google seems to be featuring a lot on my blog recently, so I've created a new "Google" category, and added the previous posts to it.]

Google launched a Desktop Search product today, which indexes your hard drive and gives you a unified search interface for local and web content. People have already commented on how cunningly well-integrated it is (it sets up a webserver on your local machine so it can give you the familiar Google interface but with an extra tab for your stuff).

One interesting thing about this which hasn't been mentioned is that, for the first time, Google's secret indexing and search algorithms aren't stored away on some remote servers, or inside some expensive appliance bought by corporations, but are in software on your desktop. Of course the EULA forbids reverse engineering, but that prohibition isn't valid in all jurisdictions.

It'll be interesting to see what gets discovered over the next few months...

Google Under Attack?

Does anyone else get the following "403 Forbidden" error when following this link?

We're sorry...

... but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected.

We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software.

We apologize for the inconvenience, and hope we'll see you again on Google.

It only appears for me if I use exactly those parameters in that order, including both the ie and oe parameters. A search from the main Google page now doesn't add those two.

Anyone know what's going on?

Nvu In The News

There's a short article on Nvu in this week's LWN (subscribe! subscribe!).

Draft Trademark Policies For Review

We have several draft trademark policies available for review:

• A trademarks FAQ
• A general trademarks policy
• A policy for distribution partners
• Extra details for localisation group websites

Please let us know what you think. We are particularly interested in inconsistencies and discrepancies between the different documents - I'm sure there are many - and unforseen effects that they might have. I'm sure you are all aware of our overall aims with these documents - to protect the Foundation trademarks while keeping trademark issues, as far as is possible, out of the hair of our partners, contributors and distributors. I would greatly appreciate help in making sure that our attempts to codify those aims actually does the job.

Having discovered from the earlier posts on Bugzilla changes that blog comments are not really the right place for an extended discussion, I've decided to use the right tool for the right job - i.e. something which supports threading, flagging and marking messages as read/unread - and started a newsgroup thread in netscape.public.mozilla.seamonkey for feedback. Let's see if that works any better.

Aviary 1.0 Parties

That's right, folks - we're close to the release of Firefox and Thunderbird 1.0 and, just like our last 1.0 release, we want to organise worldwide parties to celebrate.

Thanks to Dominik 'Aeneas' Schnitzer, we have an all-new and improved Mozilla Party Webtool 2.0. You can create your own party, or sign up for one already in progress - and, in an improvement on Webtool 1.0, organisers can now edit and update party details. The tool allows you to organise a celebration in any of 243 countries, principalities, dominions and islands around the world. Never let it be said that we do things by halves around here.

I can exclusively reveal that the weekend of the 19th-21st of November has been chosen as Party Time. That's after the currently-planned release date for Firefox 1.0 - the 9th - and allows for a little slippage too, without crashing into some American thing called "Thanksgiving". (Well, we have to humour them.) So if you want to feel part of the global collective, pick a date in that weekend.

The Mozilla Foundation isn't organising a big public party, so those of you in San Francisco have an opportunity to join the rest of the world and roll your own this time around. And I'm not organising the London party, so there's at least one more vacancy.

What are you waiting for? Get organising! :-)

Yahoo Toolbar for Firefox

Yahoo appear to be making a toolbar for Firefox. Obviously trying to stay ahead of the competition...

Download Mozilla 1.8a4

Still using the Mozilla Suite? Then please upgrade to Mozilla 1.8a4 if you haven't already, and you are the sort of person who uses alphas.

Download numbers:

• 1.8a1 - 146,673
• 1.8a2 - 104,974
• 1.8a3 -  88,122
• 1.8a4 -  40,026

If these get any worse, we will start to suffer from not getting enough Talkback data. (Talkback's up and running again now, BTW - thanks to all the Oracle DBAs who volunteered.)

I suspect the decline is a combination of interest in Firefox, "alpha exhaustion", and the lack of promotion (e.g. on www.mozilla.org). So this is an attempt to fix that last point :-)

SANS Report - Mozilla/Firefox More Secure

The SANS Institute (a respected information security research and education organisation) has released a new version of its "Top 20 Internet Security Vulnerabilities" document (via Slashdot).

It's pretty good news. The introduction to the "Web Browsers" section gives an excellent summary of the current problems with IE. And, at first glance, Mozilla/Firefox beats IE 7 to 15 in the vulnerabilities list.

In fact, it's even better than that. One of the seven is a MIME problem in Mozilla Mail - it's hardly fair to include that when looking at browser function. The claim that "all these vulnerabilities also apply to Firefox 0.9.x" - I'd be impressed if that one does :-) And the last one (Cross-Site Scripting) was also never a problem in Firefox or Mozilla 1.7. So we actually win 5 to 15. Of course, some of the IE ones may be similarly bogus. Feel free to comment if you feel that's the case.

But that's not the whole picture. Security is not just about the vulnerability count, it's also about (among other things) the development methodology, the application architecture and the speed of response to problems. Fortunately, we're ahead in those areas as well - as the SANS report notes.

AOL Browser

I hear AOL is developing a browser based on IE, with "extra features" for "Power Browsing". Let's see how it compares to Firefox:

• tabbed browsing - Check
• "tear-off tabs" - OK, not yet.
• a "clear my footprints" feature - Check (in Options, or via an extension)
• pop-up blocker - Check
• display thumbnail images of pages as users hover over the back and forward buttons - no, but sounds like a UI nightmare
• zoom in and out on a page - Check (although an extension improves matters)
• force a Web page to display in high-contrast for the vision-impaired - Check (Stylesheet Switcher)
• highlight or list links on a page - Check (Page Info has a list)
• frequent security problems - Er... no.

BT Sucks

Sit down, dear listener, and I will tell you the sad tale of my ADSL connection.

I called BT three weeks ago to get the billing name changed on our phone line, as the person who paid the bill (my ex-flatmate) moved out. According to BT, that meant completely cancelling everything and re-provisioning it. Sure, whatever floats your boat, I said. They said my free answering machine service would get re-initialised, and I said fine. They didn't mention ADSL at all. I assumed it was all separate - after all, I'd bought it from (and was billed by) a totally different company.

Three weeks later, my ADSL connection dies. I don't relate this back to changing my billing details at all, so I call my ISP's faults people. They take three days to investigate, and then tell me my line has been cancelled by BT. This means that the only way I can get it back is to be reconnected from scratch - which costs £64, and takes 7 days!

I call BT customer service to complain. My call is taken by a rather insolent man who tells me he is sorry (but doesn't sound it) but can do absolutely nothing to rectify the situation apart from send a reprimand to the manager of the guy who handled my name change. His excuse for this is that he is in BT Retail, the people who handle voice accounts, and they can't talk to BT Wholesale, the people who provide the ADSL and speed things up. This is because BT Retail provide their own broadband service and so are in competition with my ISP. This means they aren't allowed to have any contact with BT Wholesale whatsoever, because BT Wholesale is supposed to be ISP-neutral!

So, they can cancel my ADSL without telling me, but they can't re-provision it.

This is completely unacceptable. I don't need to say that in future I will do everything humanly possible to avoid purchasing services from BT again. If anyone can recommend better companies who provide phone service (and which allow me to have ADSL on the line as well), then please add a comment.

Google Print URL Params Analysis

I know you can have too much of a good thing, but I do find Google Print pretty interesting :-) Here's a quick run-down of the URL parameters they are using, and what they do. (Note that the service currently appears to be Slashdotted, with 502 Server Errors popping up everywhere. Surprising to get that from a company of their size, but there you go.)

Sample URL:

http://print.google.com/print?id=ULQSG0Zs7vcC&lpg=3&pg=3&sig=QD6xDOsosnwh8uXQuXRJL5old88

• id: specifies the book.
• pg: specifies the page number. If you remove it, you get a list of all the pages in the book. But you can't just increment it, because...
• sig: some sort of hash which also uniquely identifies the page. This is presumably to stop robots spidering the site and just monotonically increasing the page number.
• q: query - the words in this parameter will get highlighted in yellow. This indicates that they are generating the JPEG graphics on-the-fly from a computer-readable source on the back end. I suspect they've implemented display engines for several common book print formats.

Earlier today, URLs requires "img=<something>", but they don't seem to now. Instead, an lpg parameter has appeared. I'm not sure exactly what that does (why does it need two page numbers?), and I can't investigate until they fix the server...

So What Can Google Do?

Having spent some time deconstructing Google's careful attempts to protect the content of their Google Print partners, it seems only fair that I also give my thoughts on how they can improve the restrictions without affecting the usability. One could argue that I shouldn't help them with this - but then, I think people will vote with their feet when it comes to DRM-like features. And anyway, it's an interesting technical challenge.

The best method would probably be an extension of what they are doing now. Have ten nested <div>s, each of which has a background-image set, and each of which has a near-identical URL - the only thing wrong being the signature which they already incorporate into their URLs. The "print" servlet should serve up a clear GIF when it receives a bad signature. So, given that there's no programmatic way (short of reverse-engineering the signature algorithm) to choose between:

• http://print.google.com/print?id=ULQSG0Zs7vcC&lpg=3&pg=3&sig=QD6xDOsosnwh8uXQuXRJL5old87
• http://print.google.com/print?id=ULQSG0Zs7vcC&lpg=3&pg=3&sig=QD6xDOsosnwh8uXQuXRJL5old88
• http://print.google.com/print?id=ULQSG0Zs7vcC&lpg=3&pg=3&sig=QD6xDOsosnwh8uXQuXRJL5old89
• http://print.google.com/print?id=ULQSG0Zs7vcC&lpg=3&pg=3&sig=QD6xDOsosnwh8uXQuXRJL5old80

a user would have to resort to checking each one by hand to see which was the real image. (Or writing a specialised extension to sort through and pick out the one with the largest size.) That would defeat at least some of the methods we've come up with so far, or at least make things a lot slower.

But when it comes down to it, they'll probably be content with the current clue barrier.

Update: Having now read some Slashdot comments, you could combine the above technique with image slicing (where the true image was at a different stack position in each slice) to multiply the number of possibilities. Manually searching 10 possibilities for a non-blank image would be OK. Searching 100 sets of 10 slices to find the valid strips would be a lot nastier.

Google Print (again)

So it seems some other people have also become interested in Google Print's DRM features.

From the Google Print FAQ:

Pages displaying your content have print, cut, copy, and save functionality disabled in order to protect your content.

Cut and copy obviously aren't relevant, because there is no text, only an image.

You can invoke the Print function, but the book page image doesn't come out because it is a CSS background. In Firefox, you can turn on printing of background images and colours in Page Setup, but it still doesn't work, because the <div> with the image also has a background-color of white. Someone's thought of that one :-) Presumably changing the Firefox print code to prioritise background images over background colours would make it possible to print the pages.

Save Page, choosing "Web Page, complete" actually does work in Firefox - you get all the images, including CSS background ones, and the copy of the page is perfect.

The Google Print FAQ also says:

In addition, you can choose how much of your book users will be able to view over a 30 day period, from 20% of your content up to 100%

This must be using cookies. They can't be doing it by IP address - proxies and so on make that unworkable. The only Google Print cookie I have is a session cookie, although I have a couple of google.com-wide ones which expire a very long time from now. They could be using either of those. Still, clearing cookies would get around the restriction. I don't know if they'd prevent access if you had cookies disabled...

Google Print Hacking Ideas

Wow :-) So there's more than one way to skin a cat. (Actually, there are 50 ways, some of them hilarious, but that's not important right now.)

Suggestions so far include:

• A special-purpose bookmarklet
• Save As on the Page Info dialog in the Suite (which, it is claimed, does work with Background images, although it doesn't for me in Mozilla 1.6)
• DOM Inspector sidebar
• CSS editor sidebar
• Drag the entry in the Media tab to a new window (doesn't seem to work in either Firefox 1.0PR1 or Mozilla 1.6 for me)
• Image Zoom to shrink the covering clear GIF
• Mouse Gestures to shrink the covering clear GIF
• Print Screen (not so good, because it's going to degrade image quality if you then re-compress as a JPEG)

But the winner is:

• Copy and paste from Detail section of Media tab

There's no indication that you can do this, but it does work. Select the entry and press Ctrl-C. It works in both Firefox and the Mozilla Suite without even changing the JavaScript settings. Congratulations to Irongut :-)

ADSL Down

My ADSL at home is down. The company has a 72-hour response time for looking at faults. :-( So this has reduced my ability to reply to email rather significantly. I can do so from work, but not all evening. So if you are expecting a reply from me, please be patient. Thanks :-)

Google Print, And Clue Barriers

It's long been stated that if you put your images up on the web, there's no real way of stopping people downloading them and using them for their own purposes. That's still basically true, although one of the interesting things about the new "Google Print" service is the unusual lengths it goes to to prevent the average web user from doing exactly that.

Google Print allows you to search "printed books" (although Google obviously has the data in electronic form). Here's a sample results page that you can play with as you follow along.

The first thing that prevents you from saving the JPEG of the printed page to disk is that right-click is disabled. They've used the standard JavaScript tricks (for Gecko, returning false from the oncontextmenu handler) to disable the context menu for the entire page. This is no problem for those taking back the web. Go to Tools | Options | Web Features | Advanced JavaScript and uncheck "Disable or replace context menus". Score one for Firefox.

The next obstacle is that View Image on the newly-working context menu seems to show you a blank page. Actually, the printed page consists of a clear GIF <img> overlaying the actual page image, which is a CSS background on a container <div>. So if we just click View Image, all you end up with is a large transparent GIF. And because there's a foreground image, Firefox suppresses View Background Image on the context menu, for reasons of usability and brevity.

OK, so let's use the Media tab of the Page Info dialog. This lists all the media on the page, and has a "Save As..." button which allows you to save any media to disk. Except that it doesn't - it currently works for images inserted using <img>, <input> and <embed>, but not backgrounds or <object>.

The next idea was to copy and paste the URL out of page source. However, Google likes to serve pages without newlines, and there are a lot of similar URLs in it, so this seemed like a pain to track down the right one by scrolling two and a quarter miles to the right. I did note, however, that they are using <style> inside the <body>. Tut tut.

So instead, we can try and delete the clear GIF from in front using the DOM Inspector. We inspect the URL, locate the GIF and press Delete. Bang! The entire image disappears! How did that happen? Well, the <img> was providing a size for the <div> - so when the <img> disappears, the <div> collapses. No problem: we manually edit the CSS style rules to give it a width and a height. This allows us to view the background image again. However, the DOM Inspector doesn't support the content area context menu, so we still have no way of saving it!

Next idea: use the DOM Inspector to inspect the entire browser XUL. This means that the context menu will still work. It's more difficult to do, because you can't locate elements by clicking in the content area - it only works for the chrome. Still, we finally track down the clear GIF <img> and delete it. Boom! This time Firefox crashes (taking with it an earlier version of this blog post.) :-(

OK, let's try another approach. Let's find the surrounding <div> in the DOM Inspector, look at its computed style, and copy the URL out of it. Except that the Computed Style view doesn't support copying. Undeterred, and feeling close to the goal, we view the applied styles for the <div> and try and copy the URL out of the individual background style rule.

Success! This works. We can chop off the CSS gubbins, paste the result into a web browser URL bar, and finally get an image we can save.

In fact, you can also get the URL of the page graphic by viewing the source. It turns out that it's not as hard as I made out, because currently, the <div> in question has a sensible class name:

.theimg { background-image:url("http://print.google.com/print?id=ULQSG0Zs7vcC&pg=3&img=1&sig=gv2nFptEf0dj7Gzb8eZ4U8UdtUo") }

so it's easy to find.

So what's the point? Well, this is an example of what I call raising a clue-barrier. At my university, they didn't have the resources to chase after everyone playing online games, but needed to prevent them from becoming a bandwidth problem. So, they blocked the port used for a popular online game's "server discovery" mechanism. Those without clue fired up the client, tried to find servers, didn't find any and gave up. However, if you bothered to research server IP addresses and type them into the client manually, you could play to your heart's content. The clue barrier filtered out a large proportion of the population, thereby preventing bandwidth problems.

The key characteristics of a clue barrier are that it's easy to put up, and it's not perfect, but it's good enough to solve the problem. Google's techniques won't prevent anyone technical from saving their images to disk, but it will prevent 99.99% of people (at least until someone writes a specialised Firefox extension). And for Google, that's good enough.

What's Wrong With This Picture?

Firefox just won another award. I'm not sure what it's for, though - the writing on the graphic is a bit small...

Bugzilla 2.18 Release Timing

Normally, we test a Bugzilla release by upgrading bugzilla.mozilla.org to the release candidate. However, there is concern that we don't want to have extended Bugzilla downtime (which is always a risk when doing an upgrade) while trying to release Firefox and Thunderbird 1.0.

On the other hand, we've been trying to release Bugzilla 2.18 for the past six months, and we don't want another two months of delay (a month to Firefox 1.0 and then a month recovering and dealing with other related crises) now that we are so close.

So do we:

• Upgrade anyway and hope we don't break anything too badly?
• Don't upgrade, wait until after 1.0, and have a delayed 2.18?
• Release anyway, and let other sites find the bugs?

Answers on a postcard...

Oracle DBA Found

Thanks to all those who volunteered their Oracle expertise to help us with the Talkback database. chofmann says he's got enough offers, and he's now working out how best to use the help :-)

about:config in Thunderbird

Top tip: to access about:config in Thunderbird, open the Options dialog, set your Thunderbird State Page to chrome://global/content/config.xul and then click Go | Mail Start Page. (Just setting it to "about:config" doesn't work.)