Strong feelings are being expressed...
You, sir, have no business being in charge of making bug prioritization decisions, bemused dolt that you are. Deciding to close bugs because the Bugzilla reports aren't being updated is the choice of a fool who has no concept how robust code is created and maintained, a beancounter mentality choice, not a software developer choice. That you have made this choice despite the protests of wiser heads working on Mozilla code show that you are not merely a fool, but an invincibly ignorant one, so sure of yourself when in error that you cannot even heed wise counsel.Such persons are best removed posthaste from the gene pool, as a danger to all and everything around them.
vs.
Allow me to repeat and to underline that I support very much this initiative/measure/feature of robo-resolving 12,342 inactive unconfirmed bugs. This feature includes a 2 week grace period: that is a sane, sound and absolutely fair period of time.I am 100% convinced that such measure will do overwhelmingly more good (much more good) than do bad. The balance of benefits versus inconvenients and implied trade-off in this feature will bring a lot of fresh air into a deeply rotten mass of bugreports which no longer made any sense.
Again, you have my unconditional one thousand percent (1000%) support in this initiative.
I've written another small unobtrusive JavaScript library. This one applies a class to the element which was the target of the most recent intra-page link (ones like <a href="#chapter3">). This allows you to style the target to make it more visible. It's called THL - Target Highlighting Library.
I wrote it to solve the problem that currently, browsers don't handle such links very well. When you click one, the page jumps rather than scrolls, which is disorienting, and the new content appears at the top of the viewport - except when it's near the bottom of the page, when it could actually be anywhere in the viewport. This problem creates uncertainty, and makes intra-page navigation less usable than it need be.
There's a test page so you can see it in action.
There's been a bit of confusion about the point of the process for auto-resolving old UNCONFIRMED bugs. This is mostly my fault, as is what people see as the lack of notice - we'd been discussing this for so long that when it finally happened, I didn't lift my eyes up enough to see that I should have made more noise about it than just posting on my blog. Apologies for that.
So, why are we doing it? The logic goes as follows:
So what does this mean?
One quick clarification: the bugs will be RESOLVED EXPIRED, so they are easy to find if you need to.
As a side effect, the implementation of the first part of the plan has (re)thrown up a need for workflow improvements to Bugzilla. Ideas for this are being tracked in the wiki. It's now part of my day job to make developers' lives easier, and so I'm going to be looking at those suggestions very carefully indeed, with a view to doing something about them. Please contribute to that page if you have ideas.
I want to have a good go at convincing skeptic module owners that this is a good thing. So email me if you think it isn't, and I will. However, if I can't convince you, then I will exclude your module(s) from the second part of the plan. After all, they are your modules.
Remember our aim at the beginning of the year was to try and get Firefox usage up to 10% by the end? Well, it's only September, and XITI Monitor's latest figures show that there are only two countries in the EU that they measure data for which have Firefox usage of under 10%. Come on Lithuania and Malta!
Yes, I know, this doesn't mean we have over 10% worldwide yet.
I've just finished changing 12,342 bugs :-) Bugmail was temporarily turned off, and Bugzilla chewed through them in just over half an hour, which is pretty impressive. In about an hour's time, the daily "send unsent bugmail" job will run, and find itself with rather a larger task than normal...
As I sat there watching the list of people-to-be-emailed scroll by, I thought "Poor timeless" ;-) For some unknown reason, he seems to watch just about everyone. But then I realised that he has a Gmail account. As demonstrated by the JavaScript counter on the home page, Gmail has an ever-expanding mailbox quota. We calculated that we could send him a bugmail every two minutes indefinitely and he'd never run out of room! (No, this is not a call for someone to write a script...)
An interesting thought: if you read the counter's JavaScript, you can work out that it's designed to reach 2950MB on exactly January 1st, 2006, and pause there. I suspect they will wait until there's a good PR opportunity to announce that they've upped the limit to 3GB :-) Justdave's theory is that they want to hit PI GB (3.14159GB) on April 1st next year...
This rather relevant ad from the ACLU gives a glimpse as to what the future might hold in a database state. It involves a man trying to order a pizza from a company who appears to know everything about him. At the end, there's a big "Take Action" link, which opens this page on the ACLU website in a popup window. It has a form called "Urge your Members of Congress to Protect Your Privacy!", which asks for Title, Name, Address, Zip, Phone Number and Email Address, and has the "Yes, sign me up for email spam!" box ticked, and the "No, don't remember any of this information" box unticked by default!
A touch hypocritical? :-)
The police decided that wearing a rain jacket, carrying a rucksack with a laptop inside, looking down at the steps while going into a tube station and checking your phone for messages just ticked too many boxes on their checklist and makes you a terrorist suspect. How many other people are not only wrongly detained but wrongly arrested every week in similar circumstances? And how many of them are also computer and telecoms enthusiasts, fitting the police's terrorist profile so well?
This man was arrested, his house searched and his possessions confiscated, and was detained overnight on the flimsy evidence listed above. His name is now permanently in police records. And the police are asking for yet more powers.
For those doing usability studies on Windows software, DemoStudio is a free software screen and audio recorder which can output as AVI or Flash. Sounds like it would be great for recording what a user does during a test so you can play it back later in sync with your video camera to do your analysis. (Via NewsForge).
I know we've had several attempts at this; here's another.
Now that Firefox and Thunderbird 1.5beta1 have been released, and so a recent Gecko is available to the general public, the auto-resolution of UNCONFIRMED bugs proposal is going to be put into effect. On Tuesday 27th of September the initial warning will be issued, and on Tuesday 11th of October we'll be doing the actual resolution of bugs untouched in the previous two weeks.
It will happen in the following products: Core, Toolkit, Firefox, Thunderbird and Mozilla Application Suite.
Opera just drove into town ;-) The fully-functional, ad-free version of the browser is now available at no charge. Now there's no excuse not to have it installed and test your websites with it.
It's still not Free, of course...
This article has everything. An ex-IE team member explains why he no longer uses IE, switches to Firefox - and then gives us some UI advice so we don't get too complacent. :-) Most of his comments are great; one thought:
IE intentionally brings the browser history into the new window: the bet being that users who want to continue from where they left off can, and those that want to go their home page can do that with one click.
...but if you have a Java applet in that page which is communicating with a server, it can really stuff things up because you then get two of them. Having worked on such a product, this behaviour is actually one of my pet hates about IE. I love Firefox's New Tab behaviour - Ctrl-T and I have a nice blank canvas, with the location bar focussed, ready to go whereever I please. It's as satisfying as turning to a new, crisp, white page in a notebook. Mmm. :-)
The "continue from where you left off in a new window" model for Firefox is "open in background tab"; you don't open new windows with copies of the current page and then navigate in multiple directions, you navigate directly in those directions from the original copy. Much nicer, IMO.
CentralNic has started using wildcard DNS (from The Register). In other words, domains which don't exist still resolve to an IP address rather than returning NXDOMAIN. The drawbacks of this are well-documented elsewhere.
But even before this, they were playing around with their DNS configuration. Our family has a domain that we use for email, markham.uk.net. We used CentralNic because by the time we got around to looking for a domain, "markham" was taken in all the suitable TLDs. Recently, a vitally important family email went astray due to a typo in the domain. Did it bounce? No - it disappeared into a black hole, causing a lot of stress because one party assumed the other had read it. And the problem still occurs today. Send email to test@markhamxxx.uk.net and see what I mean? Does one get a bounce message? No :-( Grr...
Take my advice - avoid CentralNic. Aside from the above tomfoolery, there's no competition in the uk.com/uk.net DNS market. They are the sole supplier, and that's why they are 7x more expensive than a .com/.net domain.
A nice chap called Rhys Blakely interviewed me the other day for an article which has just appeared in the Times (online version only, I think). It's pretty accurate, apart from perhaps implying in the lead paragraph that the three of us at the Foundation are all there is of the Mozilla project! :-)
The interview wasn't recorded, so all the quotes are from his memory - so if I "said" something which doesn't quite sound like me, chances are that's not quite the way I put it at the time.
The IE Blog has a post about the new Phishing Filter which will be built into IE 7. Basically, there's a client-side whitelist and a server-side blacklist; if you turn the filter on, every URL you visit which is not on the whitelist gets sent off to Microsoft's servers to be checked. And if you suspect a site is a phishing site, you can click "Report Phishing Site" on the Tools menu to send that URL off into a queue to be verified.
However, for privacy reasons, IE strips off the URL parameters before sending off URLs. And this is where the problems with such an approach start to become apparent. What guarantees that the web page the manual URL checker person views (requested without URL parameters) is going to be the same one that the original reporter saw?
The URLs phishers distribute by email can be mangled and made unique in many ways; DNS wildcards, mod_rewrite and query parameters are just three. Really smart phishing site implementations would continue to server the phishing content for a given unique URL to the same IP address or class C range, but send innocent content back to any different IP address. Or they could use cookies to achieve the same effect. Microsoft engineer Peter Torr lists quite a few methods of URL mangling while explaining why the phishing filter doesn't use hashing. However, he doesn't say that they are all quite effective at making the filter's life difficult even without hashing.
Server-blacklist-based anti-phishing implementations put you in an arms race, and one in which the phishers hold all the cards. They have 20,000-strong botnets with automatic deployment tools; you have to check every submitted URL by hand. They can invent new ways of obfuscating and redirecting URLs; you are limited by the tools built into your deployed client. They have a large financial incentive; you are giving away a free product.
There's no magic bullet, but I believe the correct route to take is a combination of greater SSL use (which means we need SSL vhosting), stronger certificate field verification and OCSP, combined with in-browser standalone heuristics and a sprinkling of user education. A minimal amount of the latter is IMO, sadly, unavoidable - it's very hard to protect people who will put their credit card number into just any web form which asks for it.
I was more angry on Saturday than I have been for a long time. I heard on the news that the Israeli Parliament is debating whether to knock down the synagogues in the Gaza Strip (the alternative presumably being waiting to see if the Palestinians do it when they move in). The report went on to explain the pros and cons of each course of action. At the end, in a rather offhand way, it said "they've already knocked down the settlements, now they just have to decide about the synagogues."
I'm sorry? They've done what?
You are about to hand over some land to a group of people who are extremely poor, and you knock down the houses on it before giving it to them, even though they are of no use to you? How can anyone be so horribly spiteful?
There will always be poor people in the land. Therefore I command you to be openhanded toward your brothers and toward the poor and needy in your land.(Deuteronomy 15:11)
The Lord says: "These people come near to me with their mouth and honor me with their lips, but their hearts are far from me. Their worship of me is made up only of rules taught by men."
It would be kind of interesting for someone to see what happened (or rather, the magnitude of the losses incurred) if you bought $1000 of every stock which you received a stock spam about, and held on to it for 1 month. Would you make money out of any of them at all? Or would every single one be a loser?
Of course, you would do this using the web and a bit of paper, not with real money :-) If anyone wants to try it, I have a multi-hundred-megabyte file of spam they could use...
There's a fine line between determination in the face of adversity, and stubborn bloody-mindedness.
After September 11th, when terrorists knocked down the two tallest buildings in the USA, the prevailing view seemed to be "Let's build another massive building! That'll show those darn terrorists!" I have a feeling that a similar idea is forming over in America relating to the flooded city of New Orleans - "Let's build it right back up again! That'll show that darn storm!"
The site of New Orleans has been suffering from serious subsidence for decades, and it's only going to get worse. OK, so the old version had to stay there for historical reasons. But now most of it is gone - any building flooded for more than a couple of weeks is going to have to be condemned - and America has a chance to get it right. You have two options: spend billions of dollars on flood defences like the Dutch (who don't really have a choice about it), or do the sensible thing, treat the old, flooded city as the buffer zone you are otherwise going to have to artificially create, and build New2 Orleans further inland. Think about if - if you were picking a site to build a city, would land that is below sea level and subsiding rapidly, sandwiched between a lake, a river and the sea, in an area historically prone to flooding and hurricanes, be on your shortlist?
It would be great if, after mature reflection, it was decided to do the sensible thing. But I don't hold out much hope. Political expediency will prevail, the current site will be cleared and reused at eye-watering expense, and the next generation will get flooded out of their homes again in forty years time, when the current crop of politicians are safely retired.
There's an article on the IE Blog about the CSS parser bugs they've fixed for IE 7. It's interesting that they are having to choose which parser bugs to fix, and in which modes, because people rely on those bugs as ways to "detect" particular CSS problems which only occurred in IE 6. Worse, there isn't generally a 1:1 match between parser bug and CSS bug (although there are some objections, such as the Box Model Hack).
Why is taking advantage of particular parser bugs any better than conditional comments, or user agent sniffing, which has long been considered harmful?
This hymn by Samuel J. Stone was printed in a biography I read recently, and it really struck me. It's inspired by Paul's vision of the man from Macedonia in Acts 16. I've made a few modifications to soften the impact of the dated language, and to "sharpen the point" a little bit. Can any of my Christian readers suggest an appropriate tune?
Through midnight gloom from Macedon,
The cry of thousands as of one;
The voiceful silence of despair
Is eloquent in fervent prayer:
The soul's imploring, bitter cry,
"Come here and help us, or we die."
How mournfully it echoes on,
For half the earth is Macedon;
These brothers to their brothers call,
And by the Love which loves them all,
And by the whole world's Life they cry,
"O you that live, behold we die!"
By other sounds the world is won
Than that which wails from Macedon;
The West drowns out their desp'rate plea
Rejoicing in security
And does not heed the distant cry
"O hear and help us, lest we die!"
Yet with that cry of Macedon
The Great Commission echoes on.
"I come; who will go forth today,
In desert lands prepare My way?
My voice is crying in their cry,
Go help the dying, lest you die."
Jesus, triumphant risen Son,
The cry is yours from Macedon;
Oh, by the kingdom and the power
And glory of your advent hour,
Wake hearts and wills to hear their cry;
Help us to help them, lest we die.
If you say of a computer-assisted tomography scan of a cat: "This is a cat scan", it would be doubly truthful. Such a statement is called a "diontologia". Can anyone come up with a triontologia, on that or a different theme? (Source: New Scientist's "Feedback" section)
We've been working on making it possible to turn off SSL version 2 (an older, more insecure version of the SSL protocol) in Firefox. We've already had one big success, with the number of SSL2-only sites dropping from around 10,000 to around 2,000 after a large ISP reconfigured their servers. But there are no more big wins.
I've obtained a list of the most popular sites which are SSL2-only. I am looking for volunteers to help with the task of checking that the list is correct, grouping it by company, ISP and netblock, and getting in touch with the relevant admins to ask them to fix the configuration of their servers. Please email me if you can spare a few hours for this.