Indistinguishable from Jesse

Three hours before Firefox 0.8 was released, I found a security hole in Mozillazine: you could see the titles of unpublished articles (e.g. http://mozillazine.org/talkback.html?article=4283) in the titlebar. Using this hole, I accidentally discovered the name change before the release. The hole has been fixed.

jesus_X informs me that long ago, MozillaZine let you see the full text of unpublished articles. I guess the original hole was partially fixed, leaving only the title of the article visible.

The goal of the Pornzilla project is to make Mozilla into a great porn browser. We contribute to Mozilla directly, promote bookmarklets and extensions that enhance porn surfing, and maintain a list of bugs that impact porn surfing.

Firebird 0.8 should be out soon on Monday, Feb 9.

Update: Firefox 0.8 (note the new name) was released on Feb 9.

Here's some of what's new:

New features

• Windows installer
• New download manager
• Work Offline
• Add Bookmark dialog: recent-folders dropdown and folder-selection tree (replacing a single dropdown listing all folders)
• DOM Inspector is now included in zip builds
• IDN support
• IPv6 support on Windows 2000/XP/2003

Major improvements

• 220807 - prompt user about invalid text/plain content. (Solves most problems like "Firebird tries to display some .rar files instead of downloading them.")
• 214266 - Find should wrap by default
• 217286 - Cookie whitelist should override session cookie option.
• 142459(?) - Shift+click and middle-click on scroll bar should jump to that location
• 214260 - XPInstall UI improvements
• 33282 - enable external scheme handlers (like aim: and telnet:) in Linux
• 6% faster page loading (comparing December to September on a Tp (pageloader time) graph)

Important bug fixes

• 210910 - Right-clicking a file within a bookmarks folder in the bookmarks menu or toolbar makes that folder inaccessible.
• 203102 - URL typed into address bar lost after switching tabs; "Open in new tab" should prefill URI in address bar.
• 222157 - View Source: Find and Save don't work.
• 213250 - Autoscroll prevents middle clicking on links in XML (XHTML) documents.
• 224416 - Tabs don't remember focused element.
• 216170 - Send Page (as Link) omits query string
• 98564 - caret overlaps the last character in textfield (if positioned after the last char).
• 212366 - Make -moz-opacity apply to descendants as a group, as required by CSS3 opacity
• 219705 - Linux: Blackdown Java crashes, saying "Internal error on browser end".
• 102578 - Linux: Clicking wrongfully fires onmouseout (breaks some dhtml menus, css/edge menus)
• 201209 - GTK2: -moz-opacity makes things invisible.

Zarro Boogs = Oll Korrect?

Update Jan 30: see also What's new in Firebird 0.8.

alanjstr listed 11 bugs he thinks should be fixed before Firebird 0.8 is released. I agree with him on 3 bugs:

• 229600 - Installing 2 extensions without restarting re-launches extension-installer for previous installed extensions. (regression)
• 228988 - XPInstall - "Installation complete / restart" message always shown. (regression)
• 230271 - Form autocomplete only works in the first tab. (regression)

I have 2 more bugs that I think should be fixed before 0.8:

• 217410 - bump skin version. (This would prevent "no scrollbars after upgrade" problem.)
• 228672 - Installer deletes unrelated folders. (Dataloss. New because Firebird 0.7 didn't have an installer.)

The installer bug is particularly scary because of the potential PR impact. The Firebird installer deletes all files in the installation directory if you check the "Safe Upgrade" box. A few users who installed nightlies into "C:\Program Files" lost that entire directory. I don't know if any users have lost data since the Dec 23 change to make the "Safe Upgrade" box unchecked by default, but if Firebird 0.8 is released with the bug, I'd expect at least a few users who install to weird directories to check the box.

A bug in the iTunes installer that wiped hard disks earned a Slashdot story. If Firebird 0.8 is released with this bug, I would expect it to lead to an even bigger backlash on Slashdot because:

• The iTunes installer tried to delete iTunes.app (a specific application folder), while the Firebird installer tries to delete whatever directory you were installing to. "Nuke from orbit" upgrades are inherently dangerous, but they're even more dangerous when the user gets to choose the target directory.
• The iTunes installer deleted more than it intended because of what is arguably a misfeature of the Bash shell: if you don't use quotes carefully, a script's behavior can change unexpectedly when a parameter contains a space. The Firebird installer deletes more than it intends because its developers didn't anticipate users installing Firebird directly to "C:\Program Files". Firebird has nobody else to share the blame.
• Firebird's development process is open enough that anyone can see that we knew about the problem since at least December 30.
• "Safe Upgrade" is the worst possible name for a misbehaving nuke-from-orbit feature.

My preferred solution for 0.8 is to relabel the checkbox from "Safe Upgrade" to "Delete all files in [installation directory]". (cf bug 197274, which changed "Enable Automatic Image Resizing" to "Resize large images to fit in the browser window".) I looked at some code but couldn't tell how hard it would be to change the checkbox label to include the installation directory.

I'm not sure what the installer "should" do. It would be nice if installing on top of an old build didn't cause random-seeming problems. Then nuking the installation directory from orbit would not be necessary. If fixing those problems is not feasible, maybe the installer should have a list of files or subfolders to delete, and only delete those.

Flag queries: blocking0.8+ (blocking), blocking0.8? (nominated), blocking0.8- (not blocking). Anyone may nominate bugs, but only a few people may plus or minus. Bugs that are plussed are usually recent regressions or newly discovered security holes. Don't renominate a minused bug unless you're sure you've added something the minuser didn't know.

"Netscape" (the new ISP) is auctioning off 200 netscape.com e-mail addresses. I found out by clicking on this ad. The ISP is auctioning jess@netscape.com, jessica@netscape.com, and jessie@netscape.com, but not my old address, jesse@netscape.com.

I searched eBay to find out what names have the highest bids. So far, "john" ($112.50) is beating "michael" ($105.50) and "mark" ($102.50). Most of the names are still at the opening bid of $9.95.

Track the popularity of the Busniess Plan meme over time by searching for Mozilla bug reports that say "3. Profit".

So far, 27 bugs have been reported with the phrase. The first report was in December 2001, and the meme's popularity seems to have peaked around March 2003. Its popularity is now declining slowly.

This USPS page uses the expression (browserName == "Mozilla" && browserVersion >= 1.0) to recognize acceptable versions of Mozilla. The string "1.6b" becomes NaN when coerced to a number, so the expression is false if you're using Mozilla 1.6b. If you're using Mozilla 1.5 instead of 1.6b, you won't see the warning. Ironically, "1.0.1", the minimum version they claim to support, coerces to NaN.

If the site had used parseFloat instead of implicit coercion, it wouldn't have hit this problem. parseFloat("1.6b") returns the number 1.6.