Jan 09



I think “memes are fun” and “I hate memes but this one’s okay” and “I’m a grumpy buzzkill” have all been taken as reactions to this thing already.  I guess “we are social little monkeys whether we acknowledge it or not, and it’s okay to do silly things which feed that need” is what I’ll go with, though I believe it overlaps with some existing responses too.  I do think I’m the first one on planet to mention monkeys in this context, though, so I’ll cling to that shred of originality.

The Rules

  • Link to your original tagger(s) and list these rules in your post. I have the distinct honour of having been pinged by veritable titans of the internet age. You may know them as Beltzner, Campbell, Finette, and Slater, but to me they’ll always be Mike, Rob, Jane and John.
  • Share seven facts about yourself in the post. Yes well, there are sections for that, you know.
  • Tag seven people at the end of your post by leaving their names and the links to their blogs. Likewise.
  • Let them know they’ve been tagged. Quite.

The 7

  1. I used to have my own television show.  It was called The Voice on Rogers Cable 10, Brampton.  It was a teen affairs show and I was the host.  I actually had no particular interest in it, but I ran with a crew that included a lot of television nerds, who took courses in television production, and since all the fun was behind the camera, they shoved me out in front.  This is where I first learned that in television, “The Talent” has a meaning opposite to the one you’d expect.  We did 3 shows, the last featuring a live performance from a local grunge band.  Awesome.
  2. I have a reasonably excellent keloid on my right arm as the result of a scald from a cup of tea. I was probably 10 or 11 at the time, and I flomped down on the couch one evening when a cup of tea, erstwhile sitting pleasantly on the armrest, leapt from its resting place in the ensuing compression wave and came to rest on my arm and stomach getting what I can only describe as my undivided attention. I remember rushing to the shower to douse it with water. I remember being in shock, shuddering about every 5 seconds; vibrating, really. No hospital, no skin graft, although I did wear a Jobst™ compression sleeve for most of grade 6 to keep the scarring down. These days, it’s just a gnarly scar, but in high school I had about half my friends convinced that I’d tried to bite my arm off, as a baby.
  3. When I left university, I weighed a hair under 300lbs. I’m 6’4″ or so, which makes that slightly less egregious than it might otherwise be, but under no circumstances can it be understood to be particularly healthy.  I have no idea how it happened.  I lost it through boring old “eat less, exercise more” so don’t expect any winning diet tips here.
  4. Over the years my parents have furnished me with, in addition to a mother and father (implicitly): 2 step-fathers, 1 step-mother, 5 step-brothers, 2-step sisters, 2-step-brothers-in-law, 2 step-sisters-in-law, plus a brother and sister that, while nominally “half-siblings,” I grew up with and disregard any supposed half-ish-ness.  This has allowed me, in various contexts, to be the oldest child, the youngest child, the middle child and an only child.  Stick that in your pipe and smoke it, Alfred god-damned Adler.
  5. Me, with Sibs

  6. I grew up in a little house in the suburbs which, despite being a little house in the suburbs, housed over 100 animals.  We had, at one point or another: cats, dogs, rats, mice, gerbils, hamsters, degus, chinchillas (chinchillae?), parakeets, budgies, love birds, cockatiels, grey parrots, rabbits, guinea pigs, baby Russian tree squirrels, baby feral black squirrels, sugar gliders, anoles, salamanders, snakes, plus an 85-gallon freshwater fish tank with red tailed sharks, plecostamii (plecostamuses?), tetras (neon and otherwise), guppies, angel fish, texas cichlids, kuhli loaches, goldfish and, of course, snails. This is not because our parents were over-indulgent of our whims, rather the reverse, we kids indulged mom; we also loved it. She is down to 4 cats, 1 dog now, but also up 5 chickens.
  7. Mom with Chicken

  8. I read a lot, on a variety of subjects, but I have a profound inability to resist books which tell the history of the world through the lens of a single commodity or substance, e.g. Cod, Salt, Horse, Oak, The Secret Life of Lobsters, A Perfect Red, Pigeons, A History of the World in 6 Glasses, Crows, Parasite Rex. I am similarly drawn to books that document usually invisible subcultures, like Body Brokers, The Island of the Colorblind, Word Freak, Gang Leader for a Day, The Game, and Candyfreak. I’d say less than 20% of my reading is fiction, for which I sometimes feel bad, like I’m letting my literary brain die, but the mind wants what it wants.
  9. I, like a surprising number of people here, married my highschool sweetheart. Amy Nightingale (née Lush, yes really) and I started dating in grade 10, less than a month after she stopped dating my best friend (saucy!).  I continue to be astonished at the amount of patience she exhibits in our day to day lives (“I just bought a new bench grinder to help make my own lockpicks!”, “I’m going to make homebrew beer in the kitchen!”, “I’m going to walk to the auto parts store, because I just drained the car of oil and now I can’t get the filter off!”, “I’m going to stop shaving for a month, and get the other guys at the office to similarly annoy their wives!”) and intimidated by her ability to show her emotions more honestly and more bravely than I am capable of doing.  I have been blessed to have a lot of really amazing women in my life (you know who you are), but I hope none of them will object to me pointing out that she is my favourite.


The Tagging Who’s left?  I mean, honestly.  I am basically gliding down the stale end of this adoption curve, aren’t I?  Here are some people more laggard than I.

  • gen – Not only do we need more Mozilla Japan representation, but Gen is also so awesome he’s illegal in 14 states.
  • thunder – Because I never get to see Dan any more.
  • pav – Honestly, how has Stuart been allowed to slack this long?
  • sayre – I know it violates some new york aloofness statute, but your public wants to know.
  • mary – Because I like her glasses and her moxie.
  • neil – What spirits haunt the mind of a man who chooses to work on focus bugs, and also writes comedies for Second City?
  • davidb – David just started in the Toronto office, and while he’s giving away our secrets, it’s only fair he should share some of his own.
  • and Amy – who can spread this pox to whole other populations, if she ever decides to blog again. 🙂

Dec 08

Word bubble memery

Courtesy of Wordle, via Shawn.

Sorry about the Java – I would love to see someone amazingly awesome do this using SVG maybe, or JS+Canvas. I would give that person a bottle of reasonably nice wine, in fact!

In other news: NSID continues on apace, and is getting delightfully scruffy! Join the revolution!  If you’ve quit, rejoin!  Who dares oppose?

Dec 08

Firefox Malware?

A crappy thing happened last week – someone wrote some malware that infects Firefox. We obviously don’t like that very much at all, but I wanted to at least make it clear what is and isn’t happening, since there’s some confusion out there.

What is going on?

Basically for as long as there has been software, there have been nasty people out there who get you to download and install software which turns out to have hidden cargo.  Security folks use names like “virus,” “trojan,” “worm,” and “malware” to describe different types, but the point is that if a person can be tricked into running nasty programs, they can do nasty things.

In this case, rather than wiping your hard drive or turning all your icons upside down, this particular jerk has decided to mess with your Firefox. Once you run the program, it hooks into your Firefox and watches for you to visit certain sites, at which point it will steal your username and password.

How Can I Tell If I Have It?

You can open up your Firefox addons manager (Tools->Add-ons) and go to the “Plugins” section.  If you have a plugin called “Basic Example Plugin for Mozilla” you should disable it.

Original credit to TrustDefender Labs’ blog post on the subject

Does This Mean that Firefox is Insecure?

No, and here’s why:

  • This particular malware targets our program, but once you have malicious software running on your system, it can just as easily attack other programs, or harm your computer in other ways.
  • This isn’t contracted by just browsing around the web with Firefox 3. In fact, the Malware Protection features in Firefox 3 are designed specifically to prevent sites from being able to attack your computer.

The people getting infected here are either downloading enticing files that have the malware hiding inside (which is why Firefox 3 hands off all downloads to your computer’s virus scanner once downloaded) or, as some sites are reporting, people who have already been infected in the past having their computers forced to download this file as well.

Typical Firefox 3 users who avoid downloading software they don’t trust are unlikely to ever see this, and even the sites reporting it describe its incidence as “rare”.

What’s this I hear about GreaseMonkey?

There are some mentions of greasemonkey in a couple of the early reports based on some analysis of the code used by this malware, but I want to be clear that the (legitimate, and awesome) Greasemonkey Addon is not involved in this malware in any way. It is not involved in the installation or execution of the attack.

As always, the best defense is vigilance.  Use a browser with a solid security record and modern anti-malware defenses built in, and be very careful about downloading and running programs you find online.  If a bad guy is able to get you to run a program on your machine they will be able to do bad things, so we’ll keep trying to stop them and you keep trying to as well.

More details are also available on the official Mozilla security blog.

Nov 08

On Freedom

NSID 2007 MosaicI don’t often get personal in this blog.  Mostly I talk about Firefox things, security things, or how to make reasonably awesome bread.  I don’t want to inundate my reader(s) with too much sap; surely the blogosphere has enough emo in it already.

This is different though, because I’m talking about something really important. Not just to me, but to people everywhere who think ideas like “freedom” and “adventure” are more than just words.  People who think that it is the duty of a responsible citizenry to resist injustice, and to throw off the shackles of polite society when they reach too far into our world, when they transgress too much.

Last year, I introduced people to this struggle, and the response was overwhelming.  This year, we aim to do more.  To reach more people. To change more lives.

We need you to be a part of it.

Tomorrow is the first day of December.  If you are someone who lives with the hegemony of social pressure, someone who is compelled to hold knives against your own flesh defying every instinct evolution has given you: NSID is your emancipation.  We don’t care if you’re male or female, young or old, unix-hacker bearded or barely able to grow hair, NSID is your chance to stand with friends and get shaggy.

Join the flickr pool, post updated pictures, fill the #nsid twitter stream, blog the news out to the masses.  Be part of the revolution.

And don’t worry, in January you can shave it all off again.  It stops itching around the 8 or 9th day.

[UPDATE: NSID now has a tracking page: noshavingindecember.org (Good idea, Humph!)]

Nov 08

Performance Dashboard (v2)

Way back when, (almost exactly a year ago, actually) I built a dashboard for getting at-a-glance views of our performance metrics, to make it easier to spot regressions and assess the state of the tree.

And so, of course, days later we decommissioned those boxes and that whole way of reporting performance, and the dashboard fell into disrepair.

A couple days ago I rebuilt it.

It’s in its infancy right now.  It only pulls data for the 1.9.1/Firefox3.1 branch, and it only pulls a couple tests thus far, but those are easy to add.  It has no fun widgets or user-preference memory or any of that, but patches are accepted.

The code is in a public hg repo here in case you want to beat me to any particular feature.  To run your own copy, just clone the repo, run the scrapedata.py script to get some up to date stats, and then open index.html in a suitably awesome browser.

The graphs are built with google’s really excellent charting API.  It’s reasonably flexible, and great for quick stuff BUT I’m not looking to replace our existing graph server.  That thing has all kinds of charting goodness that I absolutely don’t aim to reinvent.

This is a quick, dumb dashboard; not an immersive data navigation environment.  It isn’t complicated, it’s just something I thought would be useful.  How would you make it better?

[UPDATE: It’s not just coincidence that Rob has been thinking about these issues too, but it is kind of funny to me that we posted within hours of each other.  Clearly it was an idea whose time had come. ]

Nov 08

New in Firefox 3.1: Linkified View Source

Look what Curtis just did:


Curtis Bartley is the newest member of the Firefox front end team and, to get his feet wet, he made the world a better place by fixing a very old bug. And its 7 duplicate bugs.

Specifically, he set it up so that resources which are referenced in source are now clickable links.  Want to know what that external javascript does?  Click the link, and it will be loaded in the source viewer.  Likewise CSS.  Maybe you clicked “View Source” only to discover you were looking at a frame set, and actually wanted the source for a frame – that works too.

And yes, back and forward keyboard shortcuts work. And yes, both relative and absolute links work. And yes, you can have this in a tab instead of a separate window, either by sticking view-source: on to the front of your URLs (see?), or by finding one of the addons that does it for you.

Way to go Curtis, keep ’em coming!

Nov 08

SSL Error Pages in Firefox 3.1

If you’re using Firefox 3.1 nightlies or the upcoming Firefox 3.1 beta 2, you might notice some changes in the way we handle SSL errors. I landed them last week, and since it’s a topic that readers of this blog have historically wanted to talk about, I thought I would highlight some of the changes here. Continue reading →

Oct 08

SSL Infoquickie (with Bonus Firefox Pro-Tip!)

There is less public information out there about SSL certificate usage than one might like to see. Netcraft has a for-pay report with some interesting figures, and occasionally makes some of that data public, and I’ve blogged about other sources in the past, but in general, it’s pretty sparse. I keep meaning to do something coordinated about that, I have some ideas, but they keep getting back-burnered.

So it came to pass that when someone idly remarked that it would be nice to know what percentage of certs on the top sites were valid, I pounced upon it as a way to quickly release some pent-up info-gathering angst.

It’s profoundly unscientific, but so was the question. Are the Alexa top 500 sites even a good reflection of the most popular SSL sites? Not really. I think it will bias the data towards higher counts of untrusted certs (since the admins aren’t expecting them to be used) and towards lower overall cert counts (since many of those sites won’t answer SSL hails, whereas presumably a list of the top 500 SSL sites all would). Is blindly connecting to their main page on port 443 the best way to harvest their certs? Probably not, lots of them use secure.frobber.tld constructions, so that will also bias the data lower. Let’s just agree that it’s a sort of fun number to have as an order-of-magnitude style signpost.

Of the 500 top sites on Alexa, October 15, 2008:

  • 217 responded to an SSL query on port 443
  • 199 of those replies used valid certs chaining to trusted roots
  • The other 18 were a mix of self-signed, bad chains (likely from trusted roots, though I didn’t investigate), and expired certs.

If you prefer pretty pictures:

SSL Certificate Stats

Any conclusions you want to draw from this data will be only as good as the aforementioned biases within it, but don’t say I never do anything for you in a feeble attempt to vent my own info-lust urges.

Bonus Firefox Pro-Tip: If you are on Firefox 3.1 Nightlies or the upcoming Firefox 3.1 Beta 2, you now have the ability to turn off link-visited colouring.  David Baron recently landed a fix for bug 147777 that adds a new about:config preference to control the behaviour, layout.css.visited_links_enabled.

“Great!” I hear you all saying, “We’ve been hoping for a way to turn off an occasionally useful feature!”

And who hasn’t, really? But the thing of it is that colouring links can give away information to tricky sites about where you’ve been. It’s up to you whether you think that privacy/functionality trade-off is worth making, and the bug is still open while more universal solutions are contemplated, but in the meantime, you have the choice.