Mozilla

Tabbing Through Elements in Firefox on Mac

Standard

This weekend my laptop decided to die after the latest batch of Apple system updates. Not sure why, but on the first startup after the update, it wanted to randomly shut off (hard power-down) and could not get out of that cycle. Thanks, Apple.

So I did my first successful restore from a Time Machine backup. However, while I was waiting, I used a vanilla install of Firefox. I noticed that I couldn’t tab through form elements and it would jump straight from the page to the address bar. WTF?

Here is how you enable this tab behavior that you’re used to on Windows:

  1. Go to System Preferences… in the apple menu
  2. Open Keyboard & Mouse
  3. Go to the Keyboard Shortcuts tab
  4. Check All controls

This will let you tab through individual web elements normally. Screenshot below, in case it helps.

screenshot of keyboard pref pane in mac os x

Update: Alex Faaborg noted that you can track Bug 437296 if you’d like to follow overriding OS keyboard settings to maintain a consistent user experience in the browser across platforms.

Update: Chris Ilias pointed out so kindly that this is already in the Mozilla Knoledge base.

Firefox Keeps You Safe In Ways Other Browsers Don’t

Standard

You might know about some of the more glamorous Firefox 3 security features, but behind the scenes Firefox is protecting you from malicious extensions and plugins through its blocklisting service.

Depicted below is a diagram of how Firefox talks to its blocklist service. This is how it works:

  1. Every day Firefox downloads an XML document from our blocklist service.
  2. This tells Firefox if there are any malicious plugins or extensions out there.
  3. If Firefox detects any of these items on your system, it disables them so you can surf the web safely.

Flow chart for Firefox's blocklist service

What is remarkable about this is that it covers you from things Mozilla doesn’t even release. One of the things I’ve always been proud of is Mozilla’s dedication to its users, and I think this is a good illustration of how we’re finding ways to make the web better and safer. We don’t just care about Firefox, we care about you — and if you are put in a bad position because of poor security in a third-party plugin, we will be there to cover for you — on our dime.

Extension blocklisting has been available since Firefox 2, and we’ve used it in the past to blocklist extensions that cause major crashes or have security problems. Plugin blocklisting is new in Firefox 3, and this is a pretty big feature given recent security news involving plugins.

All major plugins have had arbitrary code execution issues at some point. Plugins like Quicktime or Flash have had some popular cases where hackers could execute code on your system just by having you load a corrupted Flash object or Quicktime movie. Usually vendors are pretty good about updating once these exploits are disclosed, but with Firefox 3 we’ve added plugin blocklisting so we can protect you if vendors aren’t quick enough to respond or don’t provide an easy way for you to upgrade.

Screenshot of a blocklisted item.

Mozilla doesn’t want to leave you out in the cold, and Firefox’s blocklist service is another tool we can use to look out for you.

It’s important to use this tool responsibly so we have discussed a policy for quite some time. The blocklist policy is in our public wiki, and we welcome any questions about it. Any time we consider blocklisting, we contact the vendor or author of the add-on in question to encourage a quick update and let them know we are considering blocklisting. Decisions to blocklist are made by committee to make sure we are not using this service incorrectly or blocklisting things prematurely without just cause.

To show you what the XML document looks like, here is an example of what we are currently serving:

<?xml version="1.0"?>
<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist">
  <emitems>
    <emitem id="fdm_ffext@freedownloadmanager.org">
      <versionrange minVersion="1.0" maxVersion="1.3.1">
        <targetapplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}">
           <versionrange minVersion="3.0a1" maxVersion="*"/>
        </targetapplication>
      </versionrange>
    </emitem>
  </emitems>
  <pluginitems>
    <pluginitem>
      <match name="name" exp="Yahoo Application State Plugin"/>
      <match name="description" exp="Yahoo Application State Plugin"/>
      <match name="filename" exp="npYState.dll"/>
    </pluginitem>
  </pluginitems>
</blocklist>

What this does:

  • Tells firefox to blocklist the Free Download Manager extension, versions 1.0 thru 1.3.1 for Firefox 3.0a1 and higher.
  • Tells firefox to blocklist the Yahoo Application State plugin, for all Firefox versions loading npYState.dll.

Information about the blocklist is always found on mozilla.com’s blocklist info page. To learn more about the service itself, feel free to read more about its specifications.

Overall, the blocklist service is another way Firefox is watching out for you, and even though it doesn’t get much press coverage, it’s a remarkable thing and speaks volumes about how serious we are about keeping Firefox users safe — even from stuff that wasn’t Mozilla’s fault.

Profiling PHP with Xdebug and Webgrind

Standard

Using Webgrind and Xdebug, you to tack on ?XDEBUG_PROFILE=true to any URL and view profiling information for that particular URL instantly.

One of the main criticisms of profiling PHP applications has been how difficult it is to manage different kcachegrind or wincachegrind windows — assuming you’re a pro at pointing them to your Xdebug output directory and all that good stuff. I am excited about how easy webgrind makes things because easier profiling will help prevent a lot of stupid performance mistakes (for those of us not using the Zend IDE and its sexy profiler, which is a lot of people).

Webgrind screenshot.

This is really quite simple to set up, and is best used on a dev box behind a firewall with port 80 closed. People can file surf your web server if you leave webgrind on an open port, don’t do it.

So, you’ve read the last paragraph, right? Ok, good. Let’s go.

Use pecl to install the json and xdebug packages

pecl install json
pecl install xdebug

You’ll run into a possible missing phpize issue, in which case you’d need the php-devel package for building PHP extensions.

Configure Xdebug

A simple configuration to get you what you need is below. Read the Xdebug docs if you want to get crazy.

; Enable xdebug extension module
zend_extension=xdebug.so

; Turns it off by default
xdebug.profiler_enable=0 

; Turns xdebug on when ?XDEBUG_PROFILE=true is in GET or POST
xdebug.profiler_enable_trigger=1

; Your output directory - you'll eventually point webgrind at this
xdebug.profiler_output_dir=/tmp/xdebug

If you’re not on PHP 5.2.x, you’ll also need the json extension.

; Enable json extension module
extension=json.so

Restart Apache.

Download and install webgrind

Webgrind is easy to setup, download it and follow the instructions. The main thing you’ll want to do is make sure your Xdebug directories are the same. In this case, it’s /tmp/xdebug

Load any PHP app with ?XDEBUG_PROFILE=true

Now you’ll want to hit your web server with the appropriate GET argument set up. So, you could hit localhost/helloworld?XDEBUG_PROFILE=true and it’d create a new cachgrind.out for that request.

Open up a tab with webgrind in it and enjoy

Webgrind will do a find on your Xdebug output directory and have a list of all your cachegrind.out files up on the top right. Now all you have to do is choose one. Webgrind’s use of jQuery and AJAX makes the app a great example of what you can do with JavaScript and a little motivation. Check it out.

Update: You should use “zend_extension” in your .ini file, not extension. I had a typo above, but it’s corrected.

MySQL Workbench Rocks

Standard

In April MySQL Workbench 5.0.x reached GA status. I had a chance to try it and wow — it rocks.

It’s super-easy to use and I’ll just copy its feature list:

  • Cairo based diagramming canvas which allows output to different targets such as OpenGL, Win32, X11, Quartz, PostScript, PDF etc
  • visual representation of tables, views, stored procedure/functions and foreign keys
  • live database and SQL script file reverse-engineering
  • database/model synchronization
  • SQL script generation
  • extensible architecture
  • export as SQL CREATE script
  • import DBDesigner4 models
  • support for MySQL 5 features
  • selectable notations for diagram

For me, it’s a very useful tool for importing an SQL script, visually modifying it, and exporting a working SQL script. It’s also a cinch to just create ER diagrams in 5 damn minutes that look decent and map out foreign key relationships.

I’ve used DBD4 in the past as well as Aqua Data Studio and this tool gets me more excited. If you design or work with MySQL databases, you should check it out (see screenshots). Right now it’s Windows-only but they plan on releasing Linux and OSX in June, 2008.

Overall, very nice work MySQL — this tool is light years ahead of its predecessors.

And now for something completely different

Standard

My Spurs rant wasn’t meant for planet — put the wrong category on that by accident last night, so sorry about that.

I wrote it after the game from a craptastic bar in SJC as I waited for my plane — it was delayed 3 hours because of weather in Chicago.

I did work on a diagram for upgrading the graph server architecture last night, so I’ll offer that as a nugget of truce to planet.mozilla.org readers:

Goal is to make the graph server snappier. Comments welcome.

One of these things is not like the others…

Standard

In a recent bug fligtar was nice enough to run some stats for me on platform strings passed in extensions.update.url via the %APP_OS% client variable in Firefox. He found some interesting results:

WINNT
Darwin
Linux
linux-gnu
SunOS
FreeBSD
linux
winnt
darwin
OS2
OpenBSD
NetBSD
BeOS
DragonFly
IRIX64
AIX
HP-UX
NTO
solaris2.10
OSF1
penis

Fixing bug 407211 will be a long and hard process, but I think I’ll be able to handle it.

Deconstructing Mozilla Add-ons

Standard

So I didn’t sleep that well after reading some of the 3.2 feedback. Even they admit — some of these posts are just ridiculous but in many cases they make a lot of sense. We hear you.

Since the release of AMO 3.2, our team has been working hard to gather up all the feedback to make sure our next dot release will fix major pain points introduced by the reskin.

Jumping through the post-release blog posts, I did realize that most of the posts about AMO 3.2 were positive, and I relate to many in the community who either feel they weren’t heard or we were trying to shamelessly plug our own work. Not the case, but I understand the concern.

Truth is, 3.2 was just too big. This should have been AMO 4.0, and it overwhelmed a lot of people. We will be working on scaling back the amount of drastic changes we put out in our next dot releases. Also, to remind everyone, here are some places to track changes or plans for future releases so they aren’t surprises:

From a UI perspective, not much energy has been spent discussing exactly what we were trying to do, so I’ll try to explain. A primary goal was to make the site simpler for new users. Problem was that we sacrificed some functionality in key spots in order to achieve that simplicity — and this caused some veteran AMO users some headaches. We’re rolling most if not all of these changes back in 3.4.

This brings us to the root of our UI problem — there is an identiy crisis with AMO. The site is many things to many people:

  • A place where new users try to find add-ons to improve their browsing experience
  • A hub for advanced users to pick up on the lateast and greatest add-ons
  • An incubator for new features
  • A place where developrs can get feedback and statistics for their add-on
  • A tool we use to help QA popular extensions and ensure they meet quality and security guidelines

Trick is, and will continue to be, meshing these different identities together effectively without overcomplicating or oversimplifying the site. In our latest attempt, we oversimplified it and it was a mistake. Our next dot release, which will come out before Firefox 3, will sway things back the other way and address many of the concerns brought up by long-time AMO users.

Looking forward, many of our issues are cosmetic and fixable by updating our views. The backend and scalability work done in 3.2 is still there, and despite the obvious imbalance in the UI, our feet rest on a more stable platform.

So lastly — just a quiet and humble thank you to everyone who commented on our blogs, the forums or the wiki — we look forward to honoring your feedback with changes in 3.4 as we ramp up for the biggest Firefox release ever.

Top ten signs you might be addicted to Bugzilla

Standard

Letterman wouldn’t get it, so I’ll do it.

You might have a Bugzilla problem if…

  1. You have multiple Bugzilla email accounts, and you read them all even though you say you don’t.
  2. You check your bugmail on the way to the _________ and end up sitting there for 2 hours.
  3. You watch more than 5 people or components even though you don’t actively write code for them.
  4. You dream of Buggie magically fixing all your bugs.
  5. You can’t sleep when you have reviews in your request queue.
  6. You would cancel a hot date or pass on sex to fix a blocker.
  7. You stay up late at night verifying bugs that are already RESOLVED.
  8. You have more than 30 saved searches.
  9. You have famous bugs bookmarked so you can quickly link to them when people talk about funny bugs.
  10. You correct OS and platform information on random bugs 24 hours a day.

All I want for Christmas is Ken Kovash

Standard

This year as the holidays roll around I find myself asking tough questions. Things like, “how many people use Firefox?” or “are these the right statistics?” or “should I fold my hand or go for the inside straight draw?”. The answer to all of my questions: Ken Kovash

You might not know Ken, but he’s the brain behind Mozilla metrics, and he’s growing — seriously, yesterday he was 5′ something now he’s 6’2″. He’s helped me with many things, illustrated by this graph:

Check out the metrics blog if you’d like some science dropped on you. And Ken, thanks for being you.

Selecting into a CSV file in MySQL

Standard

Often times you’ll get requests for a CSV dump of something in your database. From the CLI, I often just run a SELECT statement by hand to see what it is that I want then I get stuck thinking, “now how do I get this to CSV again?”.

Selecting into a CSV outfile isn’t hard, and I’ve done it many times, but everytime I do it I have to look it up so I’ll just blog it here for next time.

SELECT a,b,a+b INTO OUTFILE '/tmp/result.txt'
  FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'
  LINES TERMINATED BY '\n'
  FROM test_table;

When in doubt, blog it out.