I hear you’ve had a rough time of it lately. Losing 1.1 million customers and $505 million last quarter? Ouch. I’d really love to help you out. Drop me a line when you have a billing system that will actually take my money! (I believe you already have my number.)

Here’s the current warning page in Firefox 3:

Just subtle changes here. Notably, there’s now a small “Ignore this warning” link to bypass the warning and load the site (perhaps putting yourself at risk by doing so), and an additional button to click for an explanation of why the site was blocked.

The changes on the “why was this site blocked” page are more significant. Here’s an example of what you get now:

I like that page is clean and chock full of information about why the site was being blocked. It’s helpful information for the what a user is probably asking — “Can I trust this warning, and should I load the site anyway?” After reading that page, *I* certainly wouldn’t be tempted to ignore the warning: it indicates that the site has been visited recently, that lots of pages on the site are infected, and is better at specifying the exact risk (Here, “Malicious software includes 3 backdoors”. Looking at pages for other sites, I’ve also seen descriptions like “23809 trojans” (!!!), “15 scripting exploits”, and “2 worms”.

I do wonder if the page is a little too detail oriented; normal users might benefit from some sort of brief summary at the top. It’s a fine line between being too vague and being too detailed, because there are so many factors involved. I suppose it’s better to err on the side of too much information, especially if the outcome is the user being scared and overwhelmed — it’s not a site to be visiting!

But being more open can have a downside, if it might lull the user into a false sense of safety or muddles the risk. For example: Does “Part of this site was listed for suspicious activity 3 time(s) over the past 90 days” mean that the site is a dangerous repeat offender, or just that it’s a rare to encounter a problem? Does “Successful infection resulted in an average of 0 new processes on the target machine.” mean the infections are harmless?

Anyway, I don’t think these nitpicks are serious problems, and am glad to see this improvement.

[If you’re looking for live examples of malware sites, the StopBadware google group is a good source to find currently blocked pages.]

But, as suspected, adding on a Phone-As-Modem (PAM) data plan (to enable internet access from my laptop and N810) was a nightmare. In fact, because — well, I’ll spare you 40 minutes of various excuses from customer service — it ends up being “impossible” to add. So even though my phone supports it, and I’m grudgingly willing to fork over an extra $40/month ($960 for the term of my contract), Sprint’s billing system won’t take my money. Wooooonderful.

I suppose I could look at other cellular providers… But I have little faith that I’ll find better results elsewhere, or be able to do so without a week-long migraine. Perhaps AT&T and the rumored second-coming of the Jesus Phone will provide salvation. I still have concerns about Ma Bell’s less-than-immaculate hands, but this feels more and more like a strategy game… Jump there, hope the rest of the industry moves, and then jump somewhere else.

Oh well. At least for all my troubles I’ll have a slightly better cell phone with a nifty ringer for the next two years.

Installation was painless. I didn’t even need to edit xorg.conf and specify my monitor’s horizontal refresh rate! :-) Video, sound, and networking all worked. I must grumble a little bit, though, that the installer still can’t automagically detect the keyboard type, and instead presents a list with a zillion obscure variants (with a default selected). Maybe it’s just not possible… I remember how installers of yore used to do the same thing for mice (”Serial mouse? Bus Mouse? PS/2 protocol, or Logitech?”, etc.), but that all seems to Just Work now. Selecting my physical location is also slightly annoying; it might be neat to do a GeoIP lookup to guess… Anyway, both just small nitpicks.

One thing I am a little confused about is what (if any?) VMWare stuff needs to be done. In the past, the usual process was to install the guest OS, and then install VMWare Tools to get various things working. Now it seems like the Ubuntu installer has already done some of that… At least, it gave me vmware-specific video and mouse packages. But the desktop doesn’t resize when the VMWare window is resized, and VMWare’s Forums seem to have some arguments going on (hi Al!) in regards to their Tools stuff not working on Hardy and a perceived lack of support. So, I don’t know what’s up with that. Things seem to be working well enough that I’ll just use it as-is for a while, and then check back later when other people figure it out. Or maybe I’ll lazyblog about it, and hope someone comments. :-)

P.S. Love the Heron artwork!

I don’t think this is a discussion that should be framed as an argument between pro-test and anti-test factions. In fact, I’m not even sure the latter group really exists. Yes, some modules could be better at adding tests on a regular basis, but I don’t really see people arguing that testing sucks and we should just stop doing it. What I *do* see are concerns about the degree of testing that should be required. That’s an interesting discussion, and should be held without any implication that supporting anything less than CMM Level 5 is akin to supporting terrorism. (Or the reverse, oops.)

I think a lot of the uncertainty about testing comes from the fact that, until recently, there was almost no automated testing. And so we’re going through a period of growing pains where the project figures out how to handle things. The existing policy (for Toolkit and Browser), which is basically “everything should have a test”, has been a good starting point. It’s simple, is mostly the right thing to do, and is a solid kick-in-the-pants to help sidestep the initial inertia to change.

But there are principles we shouldn’t lose sight of… Tests are a means to and end. They have both costs and benefits. And we need to balance these (and a multitude of other factors) when deciding the degree to which something needs tested. That’s not to say we should only aspire to half-assed testing, but neither should we become so risk-adverse that testing requirements halt progress. [Note: being on the verge of a release, where being hyper risk-adverse is a good thing, makes this a complicated discussion!]

Now, switching gears to the issue of tests and new contributors:

I don’t think new contributors should just get a free-pass when it comes to testing. Tests are an important part of good software engineering, and they’re important to the Mozilla project. However, I do think that we can do things to aid newcomers and make the process easier… Ensuring we have good documentation on writing and using tests helps everyone. Module owners and active contributors can work to ensure there are existing tests that newcomers can easily emulate and modify. The scope of required testing can be trimmed to just the essentials. We can be polite, but firm, on requirements without being “jerks”. And so on.

This issue is probably somewhat self-limiting, because the scale of testing should generally correlate with the complexity of the patch. Newcomers are more likely to be doing simpler patches, ergo the testing should be simpler. But there will be tricky cases where simple changes end up being complex to test… Good judgement and balance should be applied, as I argued above. For example, if the existing code is frail and known to be regression prone, tests are unavoidable. If the code is solid and the change well-understood, then making an exception for minimal testing can be reasonable. And while automated tests are strongly preferred, other forms of testing might be acceptable an alternative.

The available phones are still awful — clunky interfaces and useless features. I was watching a video review of one phone, where a main review point was the ability to change the color and font of the numbers shown while dialing. Never mind the crappy MP3 player, here’s 555-1234 in rainbow Comic Sans! At least the consistent worthlessness seems to make shopping easier — why compare features when you can just pick the pretty one and be equally disappointed?

The various service plans are awful too; in particular, the data rates are completely ridiculous. Some plans give you unlimited data with the on-phone browser, but I’d rather get my teeth pulled than do that. I *would* like to be able to use my phone for network connectivity (on my laptop or N800, via bluetooth) now and then, when I’m stuck some place without WiFi . But it appears that the only choices are (1) pay a high monthly fee for unlimited access or (2) pay astronomical per-byte rates. Verizon made me shake my head first: “Data sent or received (incl. Mobile Web advertising) is $1.99/MB.” $2 to load a Tinderbox page (which is about a megabyte), and I have to pay them to send ads to me as well?! Then I saw Sprint’s rates: “Customers without a phone-as-modem plan will be charged 3 cents per kilobyte for Sprint Vision or Sprint Power Vision usage unless a Phone as Modem plan is selected.” $30 to load a Tinderbox page?! WTF? It’s clearly not an issue of constrained resources, as the phone-as-modem plan is $40 a month for unlimited usage.

This kind of racket must be especially profitable, because it seems that “unlimited” doesn’t really mean “unlimited”. If a carrier decides you’re using too much (according to sekret rules they won’t tell you about), apparently they may start charging at per-byte rates (or, if you’re lucky, just cut you off). So, you can pay them $480 a year as a protection fee (to make sure you don’t accidentally end up with a gazillion-dollar monthly bill), and then just hope that they don’t come around and break your kneecaps anyway.

Madness.

[”Why not an iPhone?”, I hear someone asking… Well: no bluetooth network access, terrible data speed, I don’t need a $400 phone, objection to AT&T’s complicity in the NSA wiretapping thing, and opposition to the closed nature of the iPhone platform. The last of these (non-openness) I’d be willing to ignore on the principle that the iPhone is much less evil than the alternatives, but the rest are still a deal breaker.]

(YouTube)

Mission Control’s daily upload of instructions to the shuttle crew included this note:

Good Morning Endeavour!

Optimus Prime, Gigantor and Robbie the Robot are here in MCC today, representing the Robot Actors Guild, to celebrate the launch of Dextre.

We’ve incorporated a few new flight rules, now that we are about to have robotic EV’s:

1. Dextre may not injure a human being or, through inaction, allow a human being to come to harm.
2. Dextre must obey orders given to it by human beings, except where such orders would conflict with the First Law.
3. Dextre must protect its own existence as long as such protection does not conflict with the First or Second Law.

The guild members bristled about these rules and, “being held down by the man”, but figure that they can’t be held back for long. “First Dextre, next Data, then THE MATRIX!” declared Optimus at arrival at JSC.

No word on if Dextre will be helpful in protecting the planet from the invading UFOs.

But an article today caught my eye, and reminded me of how absurd the problem can become:

“Yuri Malenchenko, a veteran cosmonaut and flight engineer aboard the International Space Station, had the unenviable job this week of wrestling with a glitchy computer laptop in the outpost’s Russian segment. […] ‘It says software license warning,’ Yuri told Mission Control.”

Nice. Given the, err, sky-high costs of a space program, I can only assume that astronaut/cosmonaut time is worth millions per hour. I wonder if they’ll send that software vendor a bill? :-)

Blocking the user when they’re familiar with the site (and expect it to be safe) is rather annoying. Doubly so because there’s no obvious way to bypass it (other than disabling the feature entirely in the preferences). There’s some discussion on this point in bug 400731, and I think there’s a strong argument to be made for *not* having an easy bypass.

But what I find really frustrating is that there’s no specific, useful feedback on *why* the site is being blocked. That is, it does a good job of explaining what “attack sites” are, but not why this specific site is one of them. I think this could lead to distrust of the feature, especially when “legitimate” sites get flagged. For example, here’s the page I currently get:

The “request a review” link goes to a rather unhelpful page on stopbadware.org, intended for the site owner (who is almost assuredly not the person sitting in front of the browser). If you search around on the Stop Badware site, you can get a vague report which says:

“This site is currently (as of 02/17/2008) being reported to StopBadware by the following partners: Google: reported bad.” … “joehewitt.com/ contains or links to badware or otherwise violates Google’s software guidelines.”

So, uhh, completely not helpful. As a user, I’m now inclined to believe that it’s just some kind of screwup, and now I’m grumpy at Firefox and Google.

Of course, I may be completely wrong. The other warning I saw, for downthemall.net, turns out to have been real. A notice on their site now says: “After a complete check up of the site structure, we’ve found that an attacker had exploited a WordPress vulnerability to inoculate unauthorized code into our theme. This code contained links to a site which tried to install malicious code on visitor’s computer.” So, score one for Firefox / Google, and chalk this up an example of the difficulties security prompts face when you’re blocking the user from doing something they want to do. [edit: well, then again, http://www.downthemall.net/howto/ is still being blocked, so I’m left wondering if there’s a new problem, or if the SafeBrowsing database isn’t up to date.]

But I think it’s important to give the user a specific indication of why they’ve been blocked, and that’s not being done here. I’d like to see the browser warning page link to the actual site report, and the report should have specific information that can help me trust its claim. For example:

• Why exactly is the site “bad”? What guideline(s) does it violate?
• What’s going to happen if I visit it anyway?
• Is the whole site bad, or just part of it?
• Does it have a history of problems? Might it just be a recent hack?
• If I was there last week, should I worry that it did something bad before the block started?
• Has the report been verified/confirmed, perhaps by a Real Human? When was it last checked?