Mozilla Open Source Software

Top Windows Programs Open Source

CNet has a slide show with it’s top Windows programs. It’s a pretty good list. I’d agree with it for pretty much everything. What I found really interesting is that of the 9 listed, 7 are open source. Here’s the rundown with the license for the source of each:

Interesting to see the penetration of open source here.


Who Dropped The Soap?

Thanks to Bug 332174 and the advanced warning system (sarcasm), reporter had been broken on the trunk for several weeks. Since I believe in debriefing (both before a shower, and after an event where one or more lesson can be learned), here’s the play by play:

2007-07-18 – Robert Sayre fixed Bug 332174 breaking reporter.
2007-07-21 – I realize what’s going on and file bugs (Bug 389128, 389131) against myself.
2007-09-29 – Rev 1 patches posted (rough, but really not to bad).
2007-10-06Hurt my wrist, cut down on typing outside of work to give it some rest for a few days.
2007-10-20 – I’m certified an idiot, it’s broken (nice fracture actually) not sprained. My defense: Didn’t swell, no protruding bone, really wasn’t that painful unless it was under force (holding something, or opening a door). Anyway, in a brace getting the rest it deserves.
2007-10-20 – What to do (Bug 400563)?
2007-10-28 – Still in a brace, still slightly sensitive (no opening doors with it) but able to get back in the saddle. The code cowboy rides again (warning: comment referencing any cowboy not played by John Wayne punishable by death).
2007-10-30 – Officially blocking Firefox 3 (being on the radar is a good thing). Nuclear option on the table (contributing to the “80%“. Where’s Jack Bauer when you need him?
2007-10-30 – receive r= (x2) and checkin(x2) on server/client. Requesting push to live (Bug 401816). Threat neutralized. Doomsday Clock goes back 3 minutes. Jack Bauer? Crying under a desk.
2007-11-01 – Pushed server side live, late at night. Thanks to Dave Miller, Michael Morgan, and Carsten Book for staying up. Clock goes back another 2 minutes. Jack Bauer? Post Traumatic Stress Disorder. Code Cowboy? Cool and relaxed.

Added soon there after is support capturing the character set (Bug 324291). This will hopefully provide good data for fixing bugs. Thanks to Gavin Sharp for that. Also thanks to Reed Loden for checking in that and a few of the other bugs.

Code Cowboy

I’ve had my back broke once, and my hip twice, and on my worst day I could beat the hell out of you. ~ John Wayne (The Cowboys, 1972)

On a related note, I’m now typing brace free. Just no push-ups or other weight bearing (pulling is ironically ok) things for pretty much the rest of the year.

A few people recommended titles for this blog, I forget who came up with this one, but it was the one that made me laugh the most. So credit to whomever that was.

Apple Security

Calculator Phoning Home? Not Really

Wasn’t sure what this is all about, but according to Little Snitch 2.0 (which is awesome by the way) the Calculator in Mac OS X 10.5 (Leopard) apparently phones home. Based on the URL one would assume that’s checking for updates (wu typically stands for web update). Though I find this somewhat odd considering Mac OS X has an update system that’s all encompassing. I decided to take a closer look. Earlier it was said that 10.5 was phoning home, though that turned out to not be the case.

Calculator Phoning Home

So I did a little sniffing around (literally packet sniffing), and here’s what I found. On load it sends the following (seemingly blank) request to apple for currency conversion info. The response is the exchange rate. I’ve got a copy for reference below for anyone who wants to see. Calculator seems to use CFNetwork to communicate (not surprising). What’s interesting is that this info doesn’t seem to be cached, every time you load calculator it’s requested.

So yes, it does technically ping the mothership, but no it doesn’t seem to send back any data worth being concerned about. The only thing noteworthy is the cookie. The cookie itself is characteristic of Omniture, an analytics company (who provides analytics services to Apple among many of the largest sites on the web). This seems like a side effect of the implementation (likely sharing stuff from webkit). I don’t think Omniture is pinged during this transaction, so unless Apple were recording that cookie and matching it against web analytics data. I’d consider that extremely unlike even if I put a tin foil hat on my head. I guess Apple could further neutralize any privacy concerns by modifying the implementation to not send a cookie. At that point they would only have your IP to go by (which could be behind a proxy and therefore isn’t very reliable). I don’t think think this is a privacy risk, but also don’t think it would be so bad for Apple to modify and drop the cookie to make it more anonymous. Or at least give the option to not request data every time.



I hate when misinterpretations become seen as fact. Supposedly 80% of Firefox bugs won’t be fixed. That’s said to be a bad thing. Here are some realities:

  • In every release cycle, everyone wants every bug to block a release and therefore everyone is “blocker-happy”, and later in the cycle, all are changed to non-blocker status except the most critical as perceived by developers, drivers, and testers.
  • Every release of Firefox, like every release of every large software project ships with thousands and thousands of documented bugs. The overwhelming majority of which nobody encounters, or are so minor you don’t even notice.
  • This process isn’t new, it’s been happening since the early days of software development.
  • If this process didn’t work like this, there would never be a release of major software products.

A bug is either a defect or an “unintended feature”. Complex products like browsers have thousands. This isn’t a surprise to anyone who works with software on a daily basis. Why? Because every bug you fix, feature you add introduces new code, which potentially causes new bugs in other places. Even if you devote 100% effort to fixing bugs, you’ll likely never get there. That’s the nature of the game. So what makes one bug worthy of blocking? Well generally they must meet some requirements:

  • Must be reproducible and clearly a bug (not a Firefox doesn’t load ActiveX).
  • A fix must be identifiable and achievable.
  • Must be in a more visible location. It’s not effective to allocate large amounts of effort for something so obscure 1 in 10 million people will ever encounter such a testcase.
  • Must be severe in some sense (data loss, security, usability, performance, etc.)
  • Fix must not be beyond risk tolerance threshold.

or, it must be a project requirement, meaning a feature that is deemed necessary to ship the release and worth holding for (artwork for UI for example).

Every project involves deciding what bugs ship, and what holds a release. Every single one. If there’s someone who doesn’t, it means their QA is likely flawed or inadequate. Firefox has the advantage of thousands of nightly testers. This helps quite a bit not only finding bugs, but seeing how prevalent a particular bug is, and what it’s impact is.

One should note that just because something isn’t blocking, that doesn’t mean it won’t get fixed. It simply means the release won’t be held for that bug. Should someone fix it, and it’s approved, it can still potentially make the release. The key is that the fix be low enough risk that the benefits outweigh the risk of potential regressions.

If you’re still shocked by this, let me alert you to something: the product (browser, feed reader, etc.) you are using to read this has thousands of bugs. The OS it runs on, has thousands of bugs. Any alternative you pick will be the same. Pick your poison.

I should note these bugs do not get marked as WONTFIX or INVALID. They remain open. They may be fixed in a subsequent release or they may just become outdated and fixed through some other means (code is depreciated and replaced with something else, feature dropped, revamped).


The Shape Of Firefox 3.0

Alex Faaborg has an awesome post on UI changes for Firefox 3.0. It’s a little lengthy, and most pics are wireframes but it’s a rewarding read for anyone in the browser space, or has an interest in user interface.

Overall I like most of the changes. I’ve been ranting about a need for a better bookmarking interface since 2005. Not sure if I was ahead of my time, or just impatient (likely the ladder), but it’s finally becoming a reality which I’m thrilled about. I’ve got some ideas on where it could go from here to make it even better, but that’s another post I hope to get to sometime.

One change that caught my eye is this:

-The lock is being removed from primary UI, and Firefox will now use a metaphor based on identity, rather than security, which will appear on the site button if an SSL or EV certificate is available. The super short explanation for this change is that the user might have an encrypted connection to criminals, so telling them that they are safe is a false cue. For an in-depth discussion of why we are moving away from the metaphor of a lock, watch Johnathan Nightingale’s Mozilla24 presentation Beyond the Padlock.

I’m not sure if this is really the best solution. I’d personally like to see the lock stay in the UI, but it’s meaning redefined. For a decade or more, the public has been told that the best way to tell if your information is safe is to look for the lock. I’d venture 99% of the general population doesn’t really know it symbolizes the use of SSL. They just know that it means your information is “safe”. My thinking is that it would be the most graceful transition to map that to the new identity system. Essentially the information it reveals would be the new identity information, but it provides backwards compatibility with previous versions, and other browsers. One less learning curve. Still in regards to safety, look for the lock.

Regarding the iconic form:
Iconic Form

Image from Alex Faaborg The Shape of Things.

I could make a rather infantile joke, but I’ll leave that as an exercise for the reader.

Overall it’s some great progress. I think these changes allow for a much more functional user interface with added features and less UI. The native appearance will also be excellent for Mac and Linux users who have longed for a UI that looked “right” on their systems.

Mozilla Open Source

Android SDK Released

We knew it was coming, and it’s now here. I haven’t looked at it too closely, but a few things I’ve noticed:

Yet another XML UI? Clearly it’s becoming a popular way to do things, but do we need so many? XUL, MXML, XAML, now Android? Surely there must be another way. XUL as a standard sadly never materialized.

There’s a mention of 3D libraries, but notes:

…the libraries use either hardware 3D acceleration (where available) or the included, highly optimized 3D software rasterizer…

We all know how well graphics drivers have historically been on Linux. Hopefully the embedded/mobile market will prove better than the desktop.

One thing I do wonder is all the variables. The platform seems to have a fair amount of potential, but there’s no real standard regarding what you can be assured will exist on a handheld (for example 3D acceleration) or even what restrictions might be imposed by the carrier (firmware lockdown). At least with the iPhone you know they all ship with certain CPU’s, graphic capabilities, etc. It’s a very predictable platform. Android reminds me a lot of programming for the PC, there’s a ton of variations out there on the web to account for. Even if most run the same OS. Mobile has the added complexity of carriers who are notoriously restrictive. I wonder if this will really change. This is why the web as a platform is so great. It overcomes most of these limitations.

In general I have to agree with most of what Robert Scoble says (vaporware, unimpressive UI, etc.) but it’s still very early on, and you can’t judge much based on this early preview. Right now, the iPhone is a clear winner, but I wouldn’t discount Android just yet.

My general feeling is that it’s too early to make much of a judgment. There many things that can happen in the next several months that can drastically alter the fate of Android for better or worse both business and tech wise.

The next key moment in the mobile landscape will be the release of the iPhone SDK due early next year.

Then there’s always the underdog OpenMoko.


24 In 1994

What would 24 be like if it was aired in 1994? Just check the pilot. People didn’t really live with that primitive technology did they 😉 .

Hardware Security

Improving Storage And Backups

I work on multiple computers (Mac/PC) and have various assets online including this blog and quite a bit of code lying around in svn, and just on the file system. My backup solutions so far have been pretty ad hoc but rather effective. Everything important is replicated somewhere else at varying frequencies. The downside is that it’s not very efficient and even partially manual. I’ve decided over the next several weeks I’m going to re-evaluate how I do all my data storage and backups. Here’s the list of goals:

  • Improve how data is organized and stored both primary storage and in backups. Organizing and clean up.
  • Make sure all data has at least 1 backup (I pretty much do this already and have for a long time).
  • Automate as much as possible.
  • Keep costs low. Backup more for less.
  • Use tertiary offsite backups for most critical data.
  • Maintain solid encryption practices where necessary for transmission and storage (already do this).
  • Decrease time to restore from backups.
  • Backup more often, so time between backups is minimal for frequently updated data.
  • Give myself room to grow.

At $0.15/GB Amazon’s S3 is very affordable for my needs. A dollar or so a month gets you a fair amount of storage considering most data doesn’t get touched that often (it’s data transfer that gets a little more costly). I’ve been using Amazon with a few backup scripts for a few months to see how it works and how I can best use it. I’m planning to ramp that up a little more. I also want to do more with incremental backups (perhaps use rsync more) to save time and disk.

Ironically I kick off this little project when reports indicated hard drive prices have been dropping (obvious right?). I’m not sure if would make sense to purchase additional storage, or if I can get by with just better utilizing what I already have.

I’m doing this for a few reasons. Considering the cost of storage, there’s no excuse to not have solid backups, or to even waste your time with data loss. I also want to improve my use of offsite backups for more important things to make sure that I keep costs low and keep backups fresh. Accident, fire, flood, theft, are always possibilities no matter how careful you are in life. The great thing about digital vs. paper is that it’s easier to have several copies.

I believe my practices are pretty good, and likely better than the vast majority of the population, but I think I can still do better. I think I can make better use of what I have and maybe for a slight cost add another layer of protection if necessary. I’ll post again with my findings.

Apple Google Mozilla Open Source

The Illusive Gphone

So the illusive Gphone is finally announced, but not as a phone but an alliance.

One should note it coincides very nicely with last months announcement of Firefox Mobile becoming a priority. Firefox has a nice share of the Linux browser market. Extending it to mobile seems somewhat natural. A real win for developers. The same browser on all major PC platforms, and many mobile devices (on multiple carriers by different manufacturers) creates one of the largest platforms on the planet for a high level language like JavaScript. It also means it will be easier to port existing web applications to mobile devices knowing the browser is of the same lineage and honors true standards. It’s also nice to know that other mobile browsers like Safari on the iPhone are also very standards friendly.

Obviously absent on the list of members in the alliance is Verizon, AT&T, and Apple. I’d be curious to know what Apple is thinking. Could this be another Mac vs. PC? Or will Apple “Think Different” this time when faced with a pending platform war? I know what I would do. I’d start hacking up a Wine-like API for running Linux applications on Mac OS X. Since Linux doesn’t need to be reverse engineered like Windows, development should be much easier. Mac OS X having strong UNIX roots would also likely be helpful. At the end of the day, you would then be able to run Android applications on top of the thin(ish) compatibility layer. Casual users wouldn’t know any better. I guess in a sense Apple has started down this road. There is X11 for Mac OS X. They can of course keep it all under the radar for a while, just like Mac OS X for x86 until they need to play that card.

Om Malik makes an interesting point:

  • Google (GOOG) says it’s open source, letting you download it and do whatever — except that carriers can create their own locked-down versions of the software with Android. That doesn’t seem very open to me.

It does make me wonder if Google is doing the heavy lifting and carriers will just fork it when done and ship a closed version of the software and take advantage of not needing to pay licensing.

Very interesting stuff, but still doesn’t answer my question regarding bandwidth becoming fast enough, and affordable enough to hit critical mass. It still seems that mobile data services are just too expensive for many people to justify. Will this encourage enough competition in the mobile space to drive prices down? Or is there going to be some incentives to offer lower priced data services?


Family Guy 100th Episode Special Easter Egg

Not sure how many noticed it, but the Family Guy 100th episode special contained a scene from the upcoming episode (aired directly after). Described by Fox in the press release as:

The FAMILY GUY tribute special celebrates the side-splitting irreverent humor of this fan-favorite animated series by taking a look back at some of the funniest moments, satirical spoofs and music numbers of the past 100 episodes.

Emphasis Mine

You see the Kool-Aid Man breaking down the wall in the courtroom, then slowly backing out realizing the situation. Then, when the 100th episode (Stewie Kills Lois) actually airs, sure enough, this is in there.

I guess this was an obscure joke making fun of special episodes, since the entire thing was somewhat of a spoof considering the interviews with panel participants. Very funny.

I don’t think this was a glitch since Fox put out the press release nearly a month ago (October 8 ) mentioning the order of those episodes. So the order was planned. I think they would have had more than enough time to edit had that not originally been slated to be episode #100.

Anyway, the special was OK, but I’ve never been a fan of those recap, best of, funniest moments, or anniversary episodes on any show. Stewie Kills Lois of course is looking to become a classic (damn cliff hangers).