Sleepy & Happy (WTB: 5 dwarves)

sleeping polar bearI want you to know that I’m sleeping again.

It’s not that I wasn’t before, I was.  But when you break the internet, you take on certain moral obligations vis a vis its restoration.  We landed bug 401575 today which gives our users a chance to override security warnings if they think they know what they’re doing.  There are people who will dislike this version just as much as the other people who disliked the first thing that landed, but that’s okay, because no one said we were finished yet.  Just like no one said we were finished last time.

I’d like to see us continuing to do better with giving users useful options when they run into a security problem.  Things that keep them away from the whatever button, whenever possible.  If we can redirect our users’ energies, judo-style, in directions that protect them from harm instead of stubbornly stopping them in their tracks, I think we can keep them safe, and happy, at the same time.  That why we’re still working on bugs like 402210 to help give users safe ways out, and bugs like 402207 to let us make safe choices for normal users without making power users cry.

These things, though, all of them: they are the birth pangs of something pretty amazing.

While I’ve been working on my stuff, everyone else has been working on theirs.  And I don’t know about my stuff, but their stuff is good.  We’re getting very very close to getting it all out to you; to knock on, and sniff, and generally assess, like a honeydew melon of awesomeness.  It’s really hard for me to go back to Firefox 2 now, and that’s not a knock against it – I still think it’s the best browser out there, but this new stuff?  Get ready for it.

Location bar auto-complete for example, like Jamaican blue mountain coffee, will change your world if you let it.  The new bookmarking system is an amazing platform for extension authors, and I’m pretty keen to see what happens there, but even the bits we ship in our own UI are changing the way I browse.  And the performance gains across the product are palpable.

When the beta comes out the door, if you’re brave enough to try it, don’t look for fireworks.  Our first, biggest job is to help you get to the web sites you want, so we’re not going to go to great lengths to jump up and down and grab your attention away.  But in a hundred subtle ways, things will just be nicer.

And we’re not done yet.


I really should have just let the post end there, it was sort of a dramatic finish, but this needs saying:

I used the analogy “birth pangs” up there because it was what good analogies are: a way of situating facts or events which may be unfamiliar to readers within a context that is somehow more so.  “Honeydew melon of awesomeness” was maybe less apt, but nevertheless. Recently Tyla (and, in all fairness, Mike too) went through actual birth pangs.  The kind where you have an extra human at the end.  As analogies go, I’m not sure I do understand that context all that well.  Firefox 3 is going to be pretty awesome, but let me tell you, Claire is stiff competition for any would-be miracle.  Congratulations guys.  I promise never to mention my own sleep schedule  again.


  1. Pseudonymous Coward

    Funny stuff, dude, funny stuff.

  2. In all the activity on the SSL issue, I’ve seen several people complain that this breaks the case where you only want encryption and don’t care about identity, but I haven’t seen any responses or efforts made to address this case. Any thoughts on it, or any references I’ve missed?

  3. @Pseudonymous: thanks! Who are you?! 🙂


    Encryption without identity is *nearly* meaningless, since you encrypt to prevent interception, but without identity, the attacker can intercept at will and you’ve got no way of knowing. Now, identity is different than “I paid a CA to verify my domain ownership” – a self-signed certificate can provide identity in that it can be the same from session to session. This is the SSH, or “Key Continuity Management” approach – treat new self-signed certs as valid-but-unattested, and then watch to see from session to session whether the key stays the same, and only make noise when it changes. I opened bug 398721 to ask whether this is something we want to support or not, and I would encourage you to chime in if you think it would be valuable.

    We sort of have KCM right now for self-signed certs, but we have it in the annoying SSH way. First time: error page. Add an exception though, tell us you trust this cert, and it’s smooth sailing unless someone swaps that cert for some reason, in which case we make noise again. That’s what SSH does and geeks are basically accustomed to it, but it’s still more invasive than proper KCM, and maybe needlessly so.

    The thing is, until KCM is in place, until you get to a point where you are remembering the certs for places you’ve been, it’s upsettingly dangerous to just accept self-signed certs quietly, since it allows a man in the middle attack to pretend to be your bank, right down to your https bookmark. Your bank presented a CA-verified identity last time, if we can remember that, we can be much quieter by default, and only get agitated when your bank’s cert changes; without that memory for what happened last time though, we have to rely on the other useful information we have, which CA-signed-certs are, and which self-signed-certs aren’t.

  4. Really good and really interesting post. I expect (and other readers maybe :)) new useful posts from you!
    Good luck and successes in blogging!