Tag Archives: Mozilla

Firefox 1.5

Posted on November 29, 2005 by Kelson

The waiting is over!

Most of the changes since 1.0 have been under the hood. The most noticeable are probably the vastly-improved update system, rearrangeable tabs, a one-button function to clear all private data, and a new preferences setup. There are also improvements to Mac OS X integration (though not as much as one might have hoped for), performance, pop-up blocking, etc. From a web developer’s POV, there’s a lot of neat stuff including partial SVG support and the new <canvas> element from WHATWG (and of course improved HTML/CSS/JavaScript support).

If you’ve already installed Firefox 1.5 Release Candidate 3, this is exactly the same program. Nothing’s been changed except the name on the installer.

On the annoying side, they’ve temporarily closed Spread Firefox to prep for their video marketing campaign. I hate it when people close down a site to prep for a relaunch. It’s not like a building, where you have to keep people away so you can remodel. You can do all the remodeling on a copy, and just drop it into place when it’s done.

Then there’s the drag-n-drop/save-as bug in Linux, where the first time you try to rearrange tabs or bring something up with a file picker, it decides the GTK theme has changed and hangs while it redraws everything. They’ve fixed it for the long-term, but the fix just went in yesterday, so it’s not in the 1.5 release. I’d guess the Linux distros will apply the patch when they build their own packages, and with luck the fix will show up in 1.5.1.

And on a completely unrelated note, this is the 1,000th post on this site. *whew*!

Upgrade to Firefox 1.5!

Posted in Mozilla | Tagged , , , , | Leave a comment

How Thunderbird’s Scam Detection Works

Posted on October 28, 2005 by Kelson

Since upgrading to Mozilla Thunderbird 1.5 beta 2, I’ve seen a number of messages slapped with a warning label that “Thunderbird thinks this message might be an email scam.” It appears at the top of the message, in the same style as the junk mail notice bar or the warning that remote images have been blocked, and there’s a button to mark the message as “Not a Scam.”

There’s only one problem. Since SpamAssassin and ClamAV do such a good job of catching the phishing scams before they reach my inbox, Thunderbird has yet to catch any actual phish. But there’ve been a lot of false positives. It’s hit LiveJournal reply notices, newsletters from IEEE and Golden Key, a Spam Karma notice from my own blog, and I’ve seen it on both outbid notices and updates to saved searches from eBay.

I found myself wondering just how Thunderbird’s phishing detection decides that a message is suspicious—and how to teach it that the next LJ notice isn’t a scam.

The Thunderbird support website doesn’t seem to have been updated yet. Most of the articles I’ve found only talk about TB adding the feature, not how it works. The best information I found was this Mozillazine forum thread, which included a link to the actual code that makes the decision, in phishingDetector.js. Thunderbird looks at the following:

  • Links that only use an IP address, including dotted decimal, octal, hex, dword, or some mixed encoding.
  • Links that claim to go to one site, but actually go to another. (Phishers do this to fool you into going to their site. Legit mailing lists sometimes do this with redirectors for tracking purposes.)
  • Forms embedded in the email. (This explains the LiveJournal notices.)

It also appears to trap text URLs containing HTML-escaped characters, which explains the Spam Karma reports. In this case the report includes a spammer’s link with &#8203; in the hostname. The message is plain text, so Thunderbird leaves the entity as-is when displaying it…but decodes it when it creates the link. Result: a link where the text and URL don’t match.

The easiest way to prevent it from freaking out over the next message? Add the sender to your address book. I’m not sure that’s a great idea, since a phisher could guess which addresses you have saved and spoof them, but it’s at least simple. I guess I’ll find out whether it works the next time I get a reply notice from LJ. Update: Adding the sender to your address book doesn’t seem to have any effect.

Update 2 (July 12, 2006): The comment thread’s gotten long enough that I can see people might miss this, so here’s how to disable it:

  1. Open Options or Preferences (this will be under the Tools menu on Windows, Thunderbird on Mac, or Edit on Linux).
  2. Click on Privacy (there should be a big padlock icon).
  3. Click on the E-mail Scams tab.
  4. Disable the “Check mail messages for email scams” option and click on Close.

That’s it.

Posted in Mozilla, Spam, Troubleshooting | Tagged , , , , , , | 31 Comments

75m Firefoxes!

Posted on July 26, 2005 by Kelson

Whew! The Mozilla Foundation has logged 75,000,000 downloads of Firefox!

Take that number with a grain of salt, of course. At least some of those are manual upgrades (from people who don’t want to wait for the auto-update to kick in), and some are one person downloading it in three places. But it can’t count the copies pre-installed with Fedora Core or Mandriva Linux, or downloaded via P2P—and some of those downloads are immediately pushed across a LAN or stuck on a USB keychain to be installed on a dozen or more computers.

It does show that Firefox continues to hold people’s interest, and the continuing rise in Gecko percentage in web traffic stats shows that, Bill Gates’ comments notwithstanding, people do use it.

(via Mozillazine & Blake Ross)

Posted in Mozilla | Tagged , , | 1 Comment

Spinning Beach Balls of Death!

Posted on June 21, 2005 by Kelson

The Mozilla-based Camino web browser for Mac OS X has just launched 0.9 alpha 1, and the release notes* include this item:

Rarely see “beach balls of death”.

I don’t remember whether I’d heard the term before (I recall the “spinning pizza of death,” or maybe of doom), but I knew exactly what it meant.

*In spring 2007, they restructured the website. The release notes for the 0.9 series have been incorporated into the notes for 1.0.

Posted in Apple, Humor | Tagged , , , | Leave a comment

Last of the Lazy Lizard

Posted on June 6, 2005 by Kelson

While cleaning the apartment this weekend, we found a long-forgotten bag of “Lazy Lizard” Mozilla Coffee. RJ Tarpley’s, the company which sold it (and donated a percentage of profits to the Mozilla Foundation) disappeared last summer. By September, I couldn’t even find a whois record. The domain name has since been picked up by a link farm.

It was decent coffee, and it helped support some good software. And I got a nifty mug while they were still in business. There was maybe half a pound left, but 12-month-old decaf coffee just isn’t fit to drink anymore, so instead of brewing one last pot in salute, we tossed what was left.

Posted in Food, Mozilla | Tagged , | Leave a comment

Simple Browser Categorization

Posted on April 24, 2005 by Kelson

Sometimes you want to know exactly what software people (or bots) are using to view your website. Sometimes all you want to know is which rendering engine’s quirks you need to cater to. To that end, I have here the ultra-simple browser detection algorithm. Just check the User-Agent string for each of the following words, in order:

  1. Opera — they spoof IE by default, so check here first. If they ever change this to something else, you’ll be glad you started here.
  2. KHTML — this will catch Safari, Omniweb and Konqueror. They mention Gecko, so if you need to treat them differently, check for KHTML first.
  3. Gecko — this will catch Mozilla, Firefox, Camino, Netscape 6+, etc.
  4. MSIE — this should Internet Explorer and anything else that uses its engine.
  5. bot, spider, crawler, or compatible — filter out robots and anything unknown.
  6. Mozillajust about everyone uses Mozilla in their UA string these days, but the rules above should filter most of them out and leave only old-school Netscape.

Of course, Mozilla, Opera and Safari have put much more effort than IE into following the standards, so most of the time you can write your code using the spec and just build in work-arounds. The way I look at it, there are three main categories:

  1. Standards-compliant(ish) browsers: Gecko, Opera, KHTML
  2. MSIE
  3. Everything else

I write for group 1, work-around for group 2 (and sometimes other browsers in group 1), and figure that group 3 (with the exception of Netscape 4, which has a tendency to do things like make links unclickable or hide entire chunks of the page if it doesn’t like your CSS) should at least be able to figure out how the text and graphics break down. It may not look perfect in randombrowser, but it should at least be comprehensible.

Posted in Web Design | Tagged , , , , , | Leave a comment

Perspective on the browser wars

Posted on April 21, 2005 by Kelson

At the end of a post on SSL/TLS and just how much security a “secure” site really gives you, Eric Lawrence of IEBlog posted an interesting thought:

The so-called “browser wars” have fundamentally changed. It’s no longer Microsoft vs. Mozilla vs. Opera et all. Now it’s the “good guys” vs. the “bad guys.” The “bad guys” are the phishers, malware distributors, and other miscellaneous crooks looking for a quick score at the expense of the browsing public.

We’re all in this together.

I’m not sure I agree entirely. It’s more like a second war has started, one in which former enemies are (or at least should be) allies. I do still think competition is necessary, as evidenced by Microsoft’s sudden reversal on updating IE once Firefox became popular—but more cooperation on security may be something MS/Moz/Opera/Apple should consider.

Posted in Browsers | Tagged , , , , | 1 Comment

Trusted Site, Untrusted Browser

Posted on March 3, 2005 by Kelson

I installed the just-released Netscape 8 Beta. It imported most of my settings from Firefox, including bookmarks, cookies and even history. One of the first things I always check with a new browser is how it identifies itself, which in this case is as Firefox 0.9.6. (Presumably they’ll get on this by the time the final version is out.)

First impressions: importing was clean and worked well. UI is a bit freaky, as things are spread all over the place—like the main menu, which is in the upper right and in line with the title bar instead of where the menus are on every other Windows application. The multiple toolbars seem confusing at first (it took a while to dig up my bookmark bar, for instance). Then I looked at the site trust/rendering choices, the big exciting feature of this release. And I’m not impressed. Or rather I am, but not favorably.

The current tab shows a shield icon indicating the trust level of the site: Green if it’s been verified by a “Netscape Security Partner,” yellow if not, and I would presume red if it’s a known phishing/virus/etc. site. There’s also an icon indicating the trust level: a check mark if it’s trusted, an ellipsis for “not sure” and an exclamation point for not trusted. Unverified sites are, by default, in the “not sure” category. So far this makes sense.

Clicking on the shield icon opens a site controls dialog box enabling you to choose to what extent you trust the website, and below that, whether to display the site using the Mozilla Netscape or Internet Explorer engine: Continue reading

Posted in Browsers | Tagged , , , , , | 1 Comment

Firefox 101

Posted on February 25, 2005 by Kelson

Or rather, Firefox 1.0.1 has been released. It fixes several bugs and security holes found in the 1.0 release, including the frame/pop-up injection and a workaround for the the IDN (internationalized domain names) spoofing flaw (which I thought I’d posted about, but can’t find).

Anyone using Firefox should upgrade. Anyone curious about Firefox should check it out.

Get Firefox!

Update: Looks like the site’s getting swamped again. Continue reading

Posted in Mozilla | Tagged , , , | Leave a comment

Netscape: Re-Clutter the Web

Posted on November 30, 2004 by Kelson

CNET has posted a write-up of AOL’s new Netscape prototype based on Firefox, as well as a screenshot. It seems to be a combination of Firefox + theme + bundled extensions… plus a mode that embeds Internet Explorer for compatibility.

There are some nice ideas: adapting Firefox’s RSS capabilities to create a headline ticker, for instance, and the Firefox team has been talking about bundling extensions since it was called Phoenix. As for the embedded IE mode… on one hand it provides a convenient solution to the biggest criticism laid on all non-IE browsers: they don’t render pages exactly the way IE does. But it comes at the cost of all the security risks inherent in IE itself. It does remind me of the “View with Gecko” option Konqueror used to have (and probably still does on some systems).

But the clutter… The sheer number of buttons, icons, widgets etc. in that screenshot is staggering. Even after installing the web developer extension I don’t think I have that many buttons on Firefox. 3+ buttons on the tab bar, 3 icons on each tab…. I hope that CNET was just enabling every feature they could find to get them all in one screenshot, but if AOL is trying to bill it as “easier” than Firefox (which was created with a simple user interface as a design goal), they’ve got to try another approach.

Update (via WaSP): It seems BetaNews has more information on the dual-engine setup. Apparently they do have security settings to mitigate the IE issues… but then so does IE, and we all know how well that’s worked. Also, another screenshot, which looks even more cluttered than CNET’s. I think this will be a browser that requires you to run it maximized at 2000×1500. (Also of note: Firefox developer Blake Ross’ Open Letter to Netscape and Henrik Gemal’s collection of screenshots.)

Further Update: MozillaZine has posted a more thorough review.

Posted in Browsers | Tagged , , , , , | Leave a comment