Archive for July, 2009
July 17th, 2009
As part of the Mozilla Corporation’s ongoing security and stability process, Firefox 3.5.1 is now available for Windows, Mac, and Linux users as a free download from www.firefox.com.
We strongly recommend that all Firefox 3.5 users upgrade to this latest release. If you already have Firefox 3.5, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu.
For a list of changes and more information, please see the Firefox 3.5.1 release notes.
Please note: If you’re still using Firefox 2.0.0.x, this version is no longer supported and contains known security vulnerabilities. Please upgrade to Firefox 3.5 by downloading Firefox 3.5.1 from www.firefox.com.
July 16th, 2009
Today the Firefox Add-ons team announces the pilot release of its “Contributions” program. Contributions will give developers the opportunity to request an optional dollar amount for their Firefox Add-on. Along with requesting this amount, Mozilla is helping developers tell their stories with its new “About the Developer” pages, which explain to prospective contributors the motivations for creating an add-on and its future road map. Since contributions are completely optional, users will have ample time to evaluate an add-on to determine whether or not they want to help a developer.
Mozilla will be working with PayPal on this initial pilot to provide a secure and international solution for facilitating payments. Developers can optionally create a PayPal ID for each of their Firefox Add-ons. Users will be presented with a “Contribute” button that gives them the option of paying the suggested amount or a different amount.
Add-ons Director Nick Nguyen explains more in his blog post, excerpted below:
Our aim with this pilot is to help support a growing ecosystem by providing our users with the opportunity to support their favorite add-on developers. We’re asking for feedback from our community to drive the future of this pilot and we look forward to learning as much as we can.
For more details on Contributions, please see the blog post FAQ. The Add-ons team will be evaluating this pilot as they receive feedback to incorporate into future revisions. To share your thoughts and ideas, please contribute via the AMO newsgroup.
July 16th, 2009
We’ve noticed that a majority of users who complain about not being able to change their password or even login are unable to do so because Weave treats usernames in a case-sensitive manner. If you don’t happen to remember the exact capitilization of your username at the time of registration, there is very little you can do short of creating a new account. We recognize that this is an important issue and are looking to address it. Case-insensitive usernames should result in fewer confused users and an all-round better experience for anyone dealing with Weave accounts.
As Weave is continously growing, doing this is no longer a trivial task. We service thousands of users everyday, so our main goals for making the switch are to minimize distruptions, not cause any data loss and have the change be completely transparent to end-users.
Let’s take a look at what needs to happen to implement this — this also presents an opportunity for us to talk about how Mozilla’s servers are architected to provide services.mozilla.com. Currently, we have one “cluster” of servers servicing around 28,000 users. Each “cluster” consists of an OpenLDAP instance – a replica of our master LDAP server which stores user information, and a set of database servers running MySQL that store user data. The frontend to each cluster runs the weaveserver code, while authentication against LDAP is managed by internal scripts. We’re going to merge these two into the weaveserver codebase for 0.5, but until then, we’re managing authentication (including account creation) and storage seperately.
This cluster approach allows us to scale — users are assigned clusters based on a hash of their usernames. Though we’re running just a single cluster now, we’re going to be adding more as we push towards a 1.0 release for Weave, and as the number of users grow.
In order to migrate all of our users to case-insensitive usernames, we need to:
- Update the registration script to generate correct LDAP entries upon account creation.
- Update existing LDAP entries by lowercasing usernames.
- Update existing MySQL entries by lowercasing usernames.
- Update the authentication and weaveserver code so that it lowercases all usernames in incoming requests.
We chose this strategy because it means we can make usernames case-insensitive without changing any client-side code — no updated versions of the Weave Sync extension are needed and the server-side changes will be transparent to our users. We do need to take the service down for a couple of hours while we perform changes on the database(s). Based on activity logs we’ve determined that the service is least active on weekends and thus, we are going to perform the switch this Sunday, 7/19 from 10:00A.M. PDT.
We’re tracking the process in this bug. Feel free to chip in with comments here or on the bug, we’d love to hear what you think!
– Anant Narayanan, on behalf of the Weave development team
July 16th, 2009
During a recent State Department town hall meeting, Secretary of State Hillary Clinton was asked the following question:
I just moved to the State Department from the National Geospatial Intelligence Agency and was surprised that State doesn’t use this browser. It was approved for the entire intelligence community, so I don’t understand why State can’t use it. It’s a much safer program.
Apparently it is a cost issue. Although Firefox is free; Under Secretary Pat Kennedy says the cost of deploying, training and supporting a new piece of software would cost too much. Should the US State Department get a bail out for their browser?
Add me on Twitter! Come follow my daily antics, links, tips and more @mitchkeeler on Twitter!
© Mitch Keeler 2008 | Check out my personal blog and my hosting podcast too!
July 15th, 2009
Mozilla Labs will be hosting an open design lunch this Thursday at the Mozilla offices in Mountain View. In line with previous editions of the event, we will be soliciting topics from attendees at the beginning and then discuss each problem (or idea!) in turn.
The Weave team has been working on refreshing the user experience for users on the desktop as well as on mobile devices. We’ll be presenting a few mockups of the team’s work so far and hope for feedback from the community.
If you have a design problem that you’re facing, have a design idea that you’d like to discuss, or simply like to offer feedback to other folks looking for design help – we’d love to have you!
Our office is located at 650 Castro Street, Mountain View, CA 94041 and we will start promptly at noon on Thursday, July 14. Let us know if you’re coming by commenting on this post so we can make appropriate preparations.
Hope you to see you then!
– Anant Narayanan & Brandon Pung, on behalf of the Mozilla Labs team
July 15th, 2009
There is a new unpatched memory corruption flaw in the latest version of Firefox. What this means is that hackers could drop malware onto vulnerable systems.
Chances are this will be fixed sooner, rather than later – here is a little more about the story from The Register:
Security notification firm Secunia reports that the security bug (which it describes as extremely critical) stems from errors in handling JavaScript code. The flaw has been confirmed in the latest 3.5 version of Firefox, released in late June.
Older versions of the popular alternative browser might also be affected, Secunia warns.
Exploit code has been uploaded onto recently revived security exploit website milw0rm, a factor that could hasten the development of more attack code.
Secunia advises Firefox users to avoid browsing untrusted websites or following untrusted links pending the availability of a fix from Mozilla (there’s nothing in the pipeline just yet).
Best advice I can give to you is to browse safely, don’t go to web sites you don’t trust, and be sure to keep your security programs up to date.
UPDATE:
Found this via Mashable:
Until Mozilla addresses this vulnerability, here’s a temporary fix: Type about:config in Firefox address bar, and set “javascript.options.jit.content” to “false.”
So there is your fix for now. Thanks to everybody who sent this in!
Add me on Twitter! Come follow my daily antics, links, tips and more @mitchkeeler on Twitter!
© Mitch Keeler 2008 | Check out my personal blog and my hosting podcast too!
July 15th, 2009
Does it seem that Firefox 3.5 is a little sluggish when it starts on your Windows-powered machine?
Due to some unknown reason, Firefox on Windows pulls certain file locations for security reasons. In turn, having too many temporary, history or recent document files will slow down Firefox 3.5’s data generation process. A bug has been filed about this, but in the mean time – the best thing you can do to help fix it is to do a little house cleaning.
The fix here is to browse through and clear both Internet Explorer’s history and cache and Firefox’s history and cache as much as you can. You can find more help with this process at these resources:
I had not noticed this problem too much – then again, I have my Firefox temp files set to clear every time I close the browser and I hardly ever use Internet Explorer. How about you?
Add me on Twitter! Come follow my daily antics, links, tips and more @mitchkeeler on Twitter!
© Mitch Keeler 2008 | Check out my personal blog and my hosting podcast too!
July 15th, 2009
Last month our artful collaboration with Infectious produced some awesome Firefox inspired art for our community to enjoy as laptop and iPhone skins, wallpapers, t-shirts, and Personas.
Today the community will have a chance to get involved and get creative. We’ve launched an Infectious design challenge around the theme: “People & Robots: Best Friends Forever” to give everyone an opportunity to showcase their work and a chance to win some great prizes!
The Mozilla community is all about people and technology working together, and we’ve already seen some cool robot art during the beta releases of Firefox 3 and Firefox 3.5, so the People & Robots theme was perfect… and the design challenge is a great way to introduce our community to the Mozilla Creative Collective.
So get involved as a creative contributor and show the world why you love robots!
July 15th, 2009
We are excited to give an update on the progress that we’ve made on the guiding principles for the Test Pilot program.
Since we announced the concept of Test Pilot last year, we’ve had hundreds of discussions and a great deal of feedback from a wide range of contributors. While the core concept outlined in that vision continues to guide the project, today we are setting out a proposed set of guiding principles for wider review and feedback.
Guiding principles
Mozilla is an open source community that aims to make the Web a better place by creating an open, participatory and transparent environment. Aligned with this mission, the Test Pilot program wants to build an opt-in platform that encourages people to improve the Web experience by conducting or participating in various studies and tests. Here is the draft principles to guide our project development:
- We will run Test Pilot as a standalone opt-in program and not as part of Firefox.
- We will never collect user information without first having the participant’s explicit permission.
- We will only transmit and store anonymous and sanitized information in order to protect individual privacy.*
- We will respect participants and their privacy by making test data knowable, manageable and safe for individuals.
* Note: IP addresses will be transmitted to Mozilla servers (as part of regular internet communications), but they will NOT be associated with test data. We may keep IP addresses as web log data, but only for a certain minimal amount of time, and only for the purposes of optimizing the service and preventing abuse.
What’s Next
As an organization dedicated to the public good, Mozilla treats user privacy and security with the utmost importance. We are now working with engineers and legal experts to figure out best practices to protect individual users’ privacy during testing. If you’re an engineer or legal expert interested in this project, we’d love to hear from you.
We are also starting to plan the first couple of studies, in collaboration with Mozilla’s user experience community. We’ll be posting detailed information on this in the coming weeks as we continue to work through establishing the initial framework for Test Pilot.
Get Involved
- Provide feedback and help with the design and develop of Test Pilot in the discussion group
- Join us on #labs on irc.mozilla.org
–Jinghua Zhang, on behalf of the Test Pilot team.
July 15th, 2009
Two months ago we launched our second Mozilla Labs Design Challenge – this time in cooperation with IxDA and Johnny Holland. Together we invited UX-interested people from all around the world to design their solution to the question: “Reinventing Tabs in the Browser – How can we create, navigate and manage multiple web sites within the same browser instance?“.
The participants submitted a mockup and video, explaining the concept and the proposed solution. Nearly 130 concepts were submitted and our nine expert strong panel selected the following four “Best in Class” entries:
Best in Class: Innovation
For the solution that has the newest / most original interaction models.
- TabViz by Liz Blankenship, Jakob Hilden & Kerry Kao
Best in Class: Execution
For the solution that has the most expressive prototype, a combination of polish as well as functional availability.
- Collapsible Tab Groups by Martin Polley
Best in Class: Interaction
For the solution that feels provides the best human-computer interaction model.
- Wave Concept by Darby Thomas, Danielle Kanastab & Alex Mattice
Best in Class: Producible
For the solution that would be the easiest to ship to users immediately.
- Favitabs by Grady Kelly
People’s Choice Award
For the first time we invited the wider community to vote on their personal favorite – the “People’s Choice” award for the Design Challenge: Summer 09 goes to
- CubeZilla by Faber Ludens
Congratulations!
On behalf of all of us a very big thank you to everyone who entered this Design Challenge. The standard of entries was incredibly high – well done to everyone who took part! Head over to our Design Challenge landing page for more information on the selected concepts, a complete list of all submitted concepts, information on the panel and much more.
What’s next?
We are currently working with universities around the world to create a series of Design Challenges, Design Jams and Design Sprints. If your school is interested in joining us – please contact us at conceptseries@mozilla.com. We also work with an international group of engineering students to turn some of the ideas from this Design Challenge into functional prototypes. Stay tuned…