« Bundled software in security updates
Continuous Daylight Saving Time »

San Diego Firefox party

I had a great time at the San Diego Firefox party, organized by numist. Most of the people at the party were a lot of UCSD computer science students, but there was also at least one Cog Sci major and an English major. Many of the computer science majors were juniors who had just finished struggling with difficult OCaml assignments in a Programming Languages course.

Not everyone who was at the party uses Firefox as their main browser. While some of them use nothing but Firefox trunk builds, the host uses Safari for most of his browsing.

Lawrence Eng, a market researcher at Opera Software's San Diego office, also joined the party. We discussed differences in anti-phishing approaches: Opera's default protection involves contacting the server with URLs you visit, but Opera promises to only use the URLs it collects due to the feature in specific ways. He also admitted to having tried out Thumbs, saying that "Firefox has Opera beat there".

Some people at the party were disappointed at the lack of Firefox t-shirts, but said they weren't going to switch to Opera or Safari as a result. I replied that it was a good thing Lawrence hadn't brought along any Opera shirts.

I brought my copy of Apples to Apples. It is one of my favorite party games, along with Taboo and Scattergories. About half an hour into the party, I tried to start the game. Not many of the partygoers knew the game, so we started with four players and let others join gradually.

Like any good party game, Apples to Apples is fun even if you're not winning; it's possible to play without keeping score at all. This was good for me because I'm not an especially strong player and many of the other players had the advantage of already knowing each other.

Perhaps in part due to my overall low score, I was very satisfied with how I won the last round. The adjective to match was "Frightening" and I played "A sunrise", initially hoping to win on irony. But after seeing that my "sunrise" was up against the Anne Frank card, I had a flash of insight. I explained: "You've been up all night working on a project, you're not even close to done, and you look out the window and see the sun rising." Another player had been in exactly that situation the morning before the party, and the judge picked my card.

This entry was posted on Saturday, October 28th, 2006 at 1:31 am and is filed under Mozilla, UCSD. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

11 Responses to “San Diego Firefox party”

  1. Asa Dotzler Says:
    October 28th, 2006 at 3:00 pm

    I tried to overnight the shirts and other swag to get it there in time for the party. Sorry it didn’t make it there in time. We’ll do better next time.

    – A

  2. Dao Says:
    October 28th, 2006 at 3:58 pm

    Actually, Opera doesn’t send the entire URL but the domain name and a hash value of the URL.

  3. Jesse Ruderman Says:
    October 28th, 2006 at 7:26 pm

    Dao, I see how that’s nice if you have a “secret URL” on your local or https site and don’t want to bother with encryption, but doesn’t it make it hard to protect against Geocities-hosted phishing sites?

  4. Dao Says:
    October 29th, 2006 at 2:18 am

    In the end, encrypted data is intended to be decrypted. So if you don’t trust your service provider to respect your privacy completely, that’s not really what you want. I think hashing isn’t only nice but even better than encryption.
    Re Geocities, what particular problem do you see? Could a phishing site have varying URLs and thus varying hashes? Or could multiple sites share a hash value?

  5. Jesse Ruderman Says:
    October 29th, 2006 at 2:35 am

    Yes, a phisher could easily have a bunch of pages under http://www.geocities.com/phisher/ and they’d all hash to different values. So Opera would have to block all of Geocities or none of it. Unless Opera was clever enough to hash each directory prefix of the URL, but it sounds to me like the entire URL is hashed.

  6. Dao Says:
    October 29th, 2006 at 4:11 am

    I guess they hash the entire URL, which means every single page would have to be reported. I thought that’s good enough. It could be improved by doing a remote check *and* using a local black list, so geocities.com/phisher/* could be part of that.

  7. Jesse Ruderman Says:
    October 29th, 2006 at 5:16 am

    Or visiting any geocities page could give you a geocities-specific blacklist. That way, I only have to download the pieces of the blacklist that are relevant.

  8. Lawrence Eng Says:
    October 30th, 2006 at 6:10 pm

    Hey Jesse, thanks for the mention. Here’s some more info and discussion regarding our fraud protection feature, currently only available in the latest weekly build of Opera: http://my.opera.com/desktopteam/blog/2006/10/17/opera-9-1-includes-fraud-protection

    I also blogged about the party here: http://my.opera.com/Lawmune/blog/2006/10/31/firefox-party

    See you around!