Archive for September, 2007

Firefox 3 will include several heavy-hitting changes to extension development, some of which will cause existing extensions to break. Let’s take a look at what’s changing, to get an idea of what to expect from a development point of view:

New APIs
One big change that will likely break some existing extensions are the new Firefox APIs being introduced in 3.0. All of the bookmark and history APIs are changing radically, with the introduction of the new Places architecture. As such, any extensions that make use of these will need substantial work to run properly in Firefox 3. Similarly, any extensions that use the Password storage functionality in Firefox will need changes (a new login manager will be used to handle stored passwords). It remains to be seen how one will develop an extension that will be compatible across all versions of Firefox. I haven’t seen any mention of simply deprecating the existing API calls, though I would hope that’s what the developers would do.

Secure Updates
Firefox 3 will require that all extension updates be provided over a secure channel, to avoid man-in-the-middle attacks. This means that if you are not using the official addons.mozilla.org website to host your extensions, you must provide your own secure method of distributing updates. One has several options for doing this:

1. The updateURL must either use https or not be provided at all.

This method assumes that you either host with the official site (thereby not using an updateURL value at all), or you are willing to host your extensions from a secure location using https. The latter option will likely cost you money, while the former forces you to use a website beyond your personal control.

2. The updateURL uses http and the updateKey entry is specified.

This second option seems a little easier to swallow, though it will involve a little extra effort on the behalf of extension developers. First, an updateKey value must be provided in your extension’s install.rdf file. Second, a digital signature must also be included in the update manifest; otherwise, the update will be rejected. Your updateLink value can either use https, or it can use http while providing an updateHash value. The updateHash value can be generated using either a sha1, sha256, sha384, or sha512 hash algorithm. But take note: you should not use sha384 or sha512 as of this writing. This forum thread mentions bug 383390, in which both sha384 and sha512 values are incorrectly truncated by Firefox 2.x (making backwards compatibility a problem).

Some further information about this new signing process can be found here.

Other Changes
The two items above aren’t the only changes coming down the pipeline for extension development, but they are the largest changes that I can see. A document detailing the new items is available, and should (hopefully) be updated as 3.0 nears an actual release date. It looks like extension developers will have a fair amount of work coming up, but I think these changes will be beneficial in the long run. How well the community accepts these changes remains to be seen.

As I mentioned briefly yesterday, I recently bought my first iPod (the 80 GB, generation 6 model). I haven’t gotten much time to play with it due to constant interruptions at work (which really sucks), so I’ll be coming back to it later this week. For now, I’d like to share some thoughts on iTunes 7.

Read the rest of this entry »

A recent article at Indistinguishable from Jesse gives some updates on the current state of memory management in Firefox. There are some exciting improvements coming in Firefox 3, which should be a boon to many users. One of these days, when I get a free chance, I’d like to examine my extensions with the leak-gauge.pl script. I’m not 100% sure that there isn’t a leak or two in Googlebar Lite, though I’ve done my best to be careful.

In entirely unrelated news:

• WordPress 2.3 has been released. I’ll probably upgrade sometime this week.
• I just got a new 80 GB iPod. Pictures, reviews, and thoughts will appear throughout the week, so stay tuned.

Another new recurring feature I’m going to try out here at the site are programming tip ‘grab bags.’ These will often feature a few tips I’ve picked up over the years, which I find highly useful. We’ll start out this inaugural article with a few Perl tips:

Read the rest of this entry »

Earlier today I mentioned the xkcd web comic. If you aren’t familiar with the comic, I highly recommend it. It’s well worth subscribing to or bookmarking. I’ve gone through all of the comics, and have compiled a list of my favorites. Make sure you read the hidden jokes in each strip, by hovering over them with your mouse for the title attribute. Enjoy:

• Scientists
• Love
• Valentine - Heart
• Abusive Astronomy
• Family Circus
• Clark Gable
• Pointers
• Sandwich
• Donald Knuth
• Regular Expressions
• Ghostbusters Marathon
• The Problem with Wikipedia
• Open Source
• A New CAPTCHA Approach
• Keyboards Are Disgusting
• Linux User at Best Buy
• Compiling
• Shopping Teams
• With Apologies to Robert Frost
• Braille
• Loud Sex

One nice thing about the xkcd web comic, is that each comic’s image has an additional joke or tidbit of information hidden away in an HTML title attribute. Hover your mouse over it for a second or two, and you’ll see the joke. Sometimes, the text is fairly lengthy, as in this example. Unfortunately, Firefox only shows one line of text in a title tooltip, so any lengthy amounts of text get cut off with an ellipsis.

Thankfully, bug 218223 was filed way back in 2003 (as a Firebird equivalent of a bug posted in 2000). Now, 7 years later, a fix has been implemented. Firefox 3.0 will include this fix, much to my delight. This just might be enough to make me switch to the alpha builds of 3.0 for my daily browsing habits.

Update: I’ve found an extension that fixes this problem. Woo-hoo!

Among all of the computer games I have ever played, one game has stumped me for as long as I have played it: the “Expert” difficulty level of Minesweeper. I have never, to my knowledge, beaten the game at that level, though I’ve tried a number of times. Granted, Minesweeper is a game that I rarely play, but you would think that I could have beaten the Expert level by now.

I’m happy to say that I’ve finally conquered this foe. Here’s my result: