Spam: The Neverending Story

Spam is one of those evils of the modern age. It looks less and less likely that a real 100% effective solution will be found which is a little sad but not a major deal to my mind. I’ve managed to turn off my old junk email accounts and train my filter to clear out 90% of the junk I receive. Surprisingly I’ve had more problems with spam comments on this site than I have in my email lately. Even with comment moderation turned on the Tab Sidebar extension was receiving a silly amount of junk comments. It probably still is but I’m now using a simple blacklist to catch it all.

I tend to think of spam in two categories. You have your normal junk, you know offers to help someone transfer $1,000,000 (ONE MILLION US DOLLARS) out of Nigeria and to enlarge various of my body parts. Then you have the stuff which is from reputable companies which have generally got your email legitimately, maybe I filled in something to download some trial software or maybe I was even interested at one point. Perhaps surprisingly it’s the latter of these types that irritate me more . In particular when I attempt to unsubscribe and I still keep receiving mails.

Take this example. When I left my last job (about a month ago) I cancelled my small business mailings from Microsoft as they weren’t relevant to me anymore. What do I find in my inbox today:

Dear Mr Dave Townsend

As part of a routine data inspection we have noticed you have elected to stop receiving communications from Microsoft.

So umm let me get this straight, you recognise that I have asked to not receive any more mails from you and as such you have decided to email me?

As Microsoft launches exciting new solutions and initiatives, there’s no better time to register for information that will give your business a critical technological advantage. We invite you to consider receiving communications from us again.

Oh well if you are wanting me to start receiving mails again then of course it’s acceptable for you to mail to ask me.

Apparently:

if you still choose not to receive communications from Microsoft, simply do nothing and we will not contact you again

Oh well that’s ok. Of course I haven’t done anything since I opted out and you still mailed me.

Really large organisations should know better. If I tell you that I don’t want to hear from you again, what I mean is “I DON’T WANT TO HEAR FROM YOU AGAIN”.

Firefox Developer Conference: Worth losing sleep over

Last night (or I should say early this morning) I got a chance to watch some of the webcasts from the Firefox Developer Conference in Tokyo. I had been wanting to attend one of the previous developer days but had to pull out due to accomodation problems so it was really great that webcasts were available, I believe this is the first developer day to do so.

I managed to catch most of the sessions on FUEL and XULRunner and some of the presentations on the development environments that extension authors use. The first two were good to watch, simple overviews of topics that can often get too bogged down in details. I won’t say I learned a great deal new from them, but then given my background I wouldn’t expect to. I really hope they make the recordings available so when the next person comes onto IRC asking what XULRunner is we can point them to it.

The presentations on development environments were somewhat more challenging to watch remotely, the webcast didn’t really have the resolution to bring out the detail of what the authors were doing and there was some time lagging on the video so what was being described didn’t correlate with what you could vaguely see on screen. Plus it was nearly 9am here so I had to call it a day at that point and get some sleep.

All in all what I saw of the event looked excellent. Top work by the translators, I don’t know if they were volunteers or hired in but they did a great job of handling all the technical terms that were flying about. I hope to make a dev day soon but till then lets keep up this theme of webcasting them so those who can’t be there still get a chance to be involved. One thought from the future, how about taking questions from the remote viewers over IRC?

Add-on Authors? Do you host your own?

We’re looking at the situation of automatic updates for add-ons and whether or not tightening up the security of such updates is a good idea or not (this is one good reason why it could be). After some initial talking I would like to get a little feedback from the add-on authors out there who host their add-ons on their own websites and not on addons.mozilla.org. Are you such a person? If so then please take a few moments to check out the thread in the forums or on the newsgroup and take a few moments to answer my questions.

Of course nothing is a foregone conclusion at this point and you might have noticed that I host my own extensions, not on addons.mozilla.org so I totally have the self-hoster’s needs at heart :)

Why would you want a decent password? It’s only money!

I guess it goes without saying that I’m fairly technically literate and as such I’m pretty well versed in both what makes a strong password and actually using them. I actually have a pair of passwords, one that I use for what I consider my more important logins (company accounts, servers and the like), and another that is for lesser services that if I lost or it got hacked then it wouldn’t be a major compromise of anything.

Given this it’s always particularly disappointing when I find something that I really want to use a strong password for but can’t, because the service in question can’t handle how strong my password is.

Take my new bank account with Lloyds TSB. The password for the internet banking is 6-15 characters, must contains letters and numbers, but cannot contain any spaces or anything non-alphanumeric. Bang goes about 4 characters from my strong password.

Lloyds aren’t alone either. I also have a savings account with Citibank. To log in to their online banking I am not allowed to type in my password by hand, instead I must use an onscreen keyboard with my mouse. Now I’m not quite sure what this is meant to serve, all it does is enter the characters into a regular html input box, you know, easily readable from an add-on or other form of spyware. And even worse the keyboard gives me just 51 possible characters to choose. At least Lloyds let me use both upper and lower case!

Maybe all these places having quite different restrictions on what characters I can use in my password is a cunning ploy to make me use a different password everywhere, but I find it a little disturbing that I’m able to use a stronger password with my online pizza delivery place than with my bank accounts holding thousands of pounds of savings.

Easy(er) Leak Testing With NTT

David Baron recently put out the call for there to be more leak testing on trunk builds.  We have a number of regressions that we need to find and fix before Firefox 3 goes out the door. The best way to do leak testing has always been to use his excellent leak-gauge script which catches more leaks than the leak monitor extension. Unfortunately the leak-gauge script is not the easiest of beasts to play around with.

Thankfully for some time now Nightly Tester Tools has had the leak-gauge script included in it to hopefully make this process a bit easier. I discovered today that that functionality has actually been broken on trunk builds so make sure you pick up the latest version 1.3b1 if you want to use it (don’t worry i should be pretty stable as betas go). Once installed just go to Tools – Nightly Tester Tools – Analyse Leak Log. Tell it where to find your log and it will create a leak report that you can copy to the clipboard at the touch of a button.

Unfortunately you still need to actually create the leak log, I suggest a script something like this (will need adapting for other platforms):

cp -f nspr.log lastnspr.log
export NSPR_LOG_MODULES=DOMLeak:5,DocumentLeak:5,nsDocShellLeak:5
export NSPR_LOG_FILE=/Users/dave/nspr.log
/Applications/Minefield.app/Contents/MacOS/firefox-bin

Then you can analyse lastnspr.log while still logging the current run. In Firefox you can even set the log analyser as the home page so it automatically loads the last log on startup.

Note that you can’t analyse the log being generated by a currently running app, nor one from a crashed session in an app, both will look hideously leaky. Please be sure to file good memory leak bugs and good leak hunting.

Long Time No Post

Wow, it’s been a month to the day since my last post here, and quite a lot’s happened in that time. Those of you that keep up on Mozilla things might realise that I have changed jobs and I’m now working for Mozilla on the Firefox team under Mike Connor. I’m going to be putting work into the addons side of Firefox 3, in particular taking some of the main requirements as well as tackling some of the really irritating issues that have lain dormant for a little too long for my liking. Most exciting stuff for me right now (yes I know, I’m sad!) is that I’ve been working on doing unit tests for the extension manager component which makes testing new patches far easier to my mind as well as of course allow us to start catching regressions.

Getting this new position has been quite a fantastic achievement in my eyes and it’s allowed me to do other things that I’ve been needing to do for some time, like move house and various other personal goals that I won’t bore you with here.

In case you were wondering how this affects my extensions, well not much in all honesty. They are still all my personal work and all done in my personal time and the amount of time I have spare to work on them is (unfortunately) still about the same. I am however thinking about a fundamental change about how my extensions are available to the general public and in particular one that I think will encourage more outside contribution to my extensions, meaning that the burden is taken off me as a lone developer to add features and fix the bugs. I’m still mulling this over at the moment so watch this space for further news.