Firefox 3: Plugins

Browsers, Firefox, Mozilla, Work 8 Comments

[I use a Mac, so all the images in this post are of the Mac user interface. The UI for other platforms will differ slightly. Click on pictures to view other sizes.]

Plugins are small third-party programs that can be added to Firefox to manage content that Firefox does not handle itself. Popular plugins include Adobe’s Flash player, Quicktime, Windows Media Player, Java, RealPlayer, and Shockwave. Without the Flash plugin, for example, you wouldn’t be able to watch YouTube videos.

In Firefox 2 the only way to get information about what plugins you have installed is to type “about:plugins” in the location bar. This brings up a page of somewhat complicated, detailed information about the plugins that looks like the following screenshot. The page is a simple list of information — there is no way to interact with the plugins through the page at all.

Fx2 about-plugins

Firefox 3 still has the about:plugins page, but also offers a much more useful new feature as part of the revamped Add-ons Manager. In Firefox 3, you can open the Plugins section of the Add-ons Manager by going to the “Tools” menu, selecting “Add-ons”, then clicking on the “Plugins” tab of the Add-on Manager.

fx3-plugins-addon-mgr-rt-click

Here you can see a much simpler and easier to understand list of installed plugins and their version numbers. Each plugin can also be enabled or disabled with a single click, and you can go to the original source of the plugin (if it is specified) by right-clicking and selecting “Visit Home Page”.

In addition, like with other add-ons in Firefox 3, if a plugin is found to contain a security vulnerability, Firefox will automatically disable it and tell you where to get an updated version. This is a significant security improvement for Firefox, which previously had no way to let you know that you had bad plugins installed. The list of blocked plugins is stored locally on your computer, and Firefox periodically verifies that the list is completely up to date. If Mozilla knows about a vulnerable plugin, you’ll be informed and protected automatically within 24 hours.

And there you have it. Another small but vital improvement that makes Firefox 3 significantly safer and easier to use.

20 top add-ons that are ready for Firefox 3

add-ons, Firefox, Mozilla, Software, Work 83 Comments

Being involved with Firefox development and testing is both an honour and a privilege. The one major drawback to being on the bleeding edge of the Mozillaverse, however, is that none of your add-ons ever work. Sure, I’ve had the absolute joy of using the Smart Location Bar (aka: Awesomebar) for ages, but I’ve also been living without any of my add-ons for months. It’s been hard. Very, very hard.

Naturally, when faced with the choice between using the new Firefox 3 features with no add-ons and reverting to Firefox 2 and getting all my add-ons back, I stuck with Firefox 3. I’m not kidding when I say that Firefox 3 is better than Firefox 2 in pretty much every possible way. It’s awesome and there’s no way I’m going back. Now, however, I don’t have to choose one over the other — with the recent delivery of Firefox 3 Release Candidate 1, I get to have my cake and eat it too.

Release Candidate 1, you see, coincides with the addons.mozilla.org (AMO) site adding support for the final add-ons MaxVersion update. This means that all Firefox add-ons can now finally be updated such that they will work with the final release of Firefox 3. Lots of add-on developers have been waiting for this, so a huge number of add-ons are now getting updated. I spent yesterday going through the list and playing with some of my favourites, and it’s like Christmas has come seven months early.

I know a lot of folks are waiting for add-ons to get updated before diving in to help test the Firefox 3 release candidate, but now’s your chance. Dozens of add-ons are being updated to work with Firefox 3 every day, and there are hundreds already set to go. Here’s a list of 20 I’ve installed and checked out (arranged conveniently in alphabetical order):

Adblock Plus – This one does pretty much what it says on the box: Adblock blocks ads, and does so with grace and aplomb. This is one of the universals that pretty much every Firefox user I know has installed, and is one of the hardest to live without. Also updated for Firefox 3 is the Adblock Filterset.G Updater add-on companion for Adblock.

adblockplus

Download Statusbar – While the Firefox 3 download manager has been revamped, some folks have slightly more hardcore download requirements, which is where Download Statusbar comes in. Freshly updated for Firefox 3, this is one of the more popular Firefox add-ons out there.

downloadstatusbar

Faviconize Tab – This is the one add-on I really have a hard time living without, and I’m unbelievably happy it’s finally updated for Firefox 3. I danced a dance of joy when I was finally able to stop overriding my add-ons compatibility check (which is generally a terrible idea) and could actually install Faviconize Tab for real. Such a simple thing, but such an incredibly useful thing. I love this add-on.

faviconizetab

Firefox Companion for Ebay – I’m still a little afraid of Ebay (impulse shopping habits + credit card + 24hr access to a world of awesome things to buy = fear), but I do use the Companion to watch some of the more interesting auctions I run across.

ebay2

Flashblock – One of the more infuriating things about trying to read on the Web are the flippy flashy animated doodads that hover around the margins making it impossible to focus. This is pretty much what Flashblock is created to fix, blocking the animated fiddlybits until you click a button on each to display it. This is a vital sanity saver for me, and I’m really glad it’s updated now.

flashblock

FlashGot – If you do a lot of downloading, FlashGot is a must-have Firefox add-on. This being updated for Firefox 3 is going to save me a ton of time and mouseclicks.

flashgot

Forecastfox – Being Canadian and currently on the edge of summer, I’m a little obsessed with the weather these days. When it’s not raining, or cold, or too windy to stand up, or dark, it’s actually gorgeous out, and keeping close track of when that sun is going to shine is a vital part of day-to-day life in May. Forecastfox being ready for Firefox 3 means I don’t have to obsessive-compulsively reload the Environment Canada website any more.

forecastfox

GooglePreview – This is actually a “new to me” add-on that I discovered yesterday, but it’s really great. Again, it’s simple and unobtrusive, just quietly enhancing your Web experience without getting in your way. What it does is add a small preview thumbnail to your Google search results. It’s just neat.

googlepreview

Live HTTP Headers – This one’s for the Web Developers in the audience, as it lets you view the running stream of HTTP headers of the pages you browse. Very useful, and ready for Firefox 3.

livehttpheaders2

Mouse Gestures – This is another “new to me” add-on that I was playing with yesterday that may change how I use the Web. I never really thought much about mouse gestures until I started using them, and it turns out they’re actually pretty awesome. I’ll definitely be messing around with this one for a while to see if the novelty wears off, or whether it’ll be a long-term sort of add-on for me.

mousegestures

NoScript – NoScript is a hugely popular security-related add-on that gives Firefox users very fine-grained control over what JavaScript, Java, and executable content is allowed to run in the browser.

noscript

ScribeFire – Formerly known as “Performancing”, ScribeFire is a very cool and full-featured blog editor that integrates with Firefox. Now that it’s ready for Firefox 3 I’m going to start using it again — it makes sense to have a blog editor integrated with a browser, in my opinion, because blogging is so absolutely tied to the Web. ScribeFire has come a long way since its original launch, so if you haven’t checked it out lately, you should take it for a spin.

scribefire

Shareaholic – If you’re like me and spend a whole lot of time looking at things on the Web, you end up finding piles of things that you want to share with other folks. Shareaholic is a fantastic add-on for this, integrating with digg, del.icio.us, facebook, foxiewire, friendfeed, google bookmarks, google reader, magnolia, reddit, stumbleupon, tumbler, twitter, and more. Jay Meattle, the developer who also happened to win the Extend Firefox 2 contest with this add-on, has recently updated it to work with Firefox 3. And there has been much rejoicing.

shareaholic

Speed Dial – The Speed Dial feature was originally debuted by the Opera web browser, but several add-ons mimicking the functionality very quickly came available for Firefox. I like Speed Dial in particular because it’s very straightforward, super easy to customize, and is now completely up to date for Firefox 3.

speeddial

StumbleUpon – I didn’t actually start using this add-on until my Dad told me about it one day, and now I’m a bit of an addict. Be wary, however — StumbleUpon is a bit dangerous in that it can eat days of your life if you’re not careful. I’m just glad the toolbar can be toggled on and off, else I’d never get anything done. Fun stuff, extraordinarily popular, very slick.

stumbleupon

ThumbStrips – ThumbStrips creates a browseable graphical timeline of your surfing history that is displayed along the bottom of the browser. Originally I figured it would be like another, fancier version of tabs but it’s not that at all — it makes flipping back and forth through your recent browser history really easy, which can be great in situations when you’re checking out Google search results and so forth. Neat stuff.

thumbstrips

TwitterFox – Being slightly unnerved by social networking in general (FaceBook, LinkedIn, etc.) I generally don’t spend much time on such sites, but I’ve made an exception for Twitter. Twitter is simple and fun. It’s also useful, believe it or not, and (if you keep your “Following” list pared down sensibly) it can be super interesting and informative. TwitterFox is a neat little add-on that integrates Twitter right into Firefox that works well and generally does what you expect it to do.

twitterfox

Video DownloadHelper – If you’re interested in saving Web videos to your local machine — for example, to watch while on a plane or otherwise offline — Video DownloadHelper is a great add-on to use. Sites it works with include YouTube, MySpace, Google videos, DailyMotion, iFilm, and others.

videodownloadhelper

Web Developer Toolbar – Chris Pederick’s Web Developer Toolbar is one of the absolute must-have Firefox add-ons if you’re a Web Developer. It’s been around for years and puts a world of useful utilities at your fingertips, saving time, effort, and frustration.

webdevtoolbar

Wizz RSS Reader – If you’re a bit of a Webfeed junkie and LiveBookmarks aren’t enough, you’ll probably want to check out the Wizz RSS news reader add-on. By way of the sidebar, Wizz lets you subscribe to Webfeeds and quickly flip through new posts or updates to those sites. Wizz is, in my opinion, a great middle ground between LiveBookmarks and a full-featured desktop Webfeed client like Vienna.

wizzrss

So, there you have it — 20 top notch add-ons that are ready to go for Firefox 3. If you’re curious about Firefox 3 and would like to check out the Release Candidate and play with some of these, Friday afternoon seems like a perfectly reasonable time to do it.

Alex Polvi is doing a weekly update about the “State of the Add-ons” that need help getting updated for Firefox 3. If you’re an add-on developer (or would like to be one!) and would like to help, head over to Polvi’s blog and he’ll point you in the right direction.


Firefox 3: Password management

Firefox, Mozilla, Work 10 Comments

[I use a Mac, so all the images in this post are of the Mac user interface. The UI for other platforms will differ slightly. Click on pictures to view other sizes.]

While Firefox 3 includes lots of new features and big shiny changes, it also includes a pile of more subtle, but no less important, changes and improvements. One area that has been revisited (rather than totally redesigned) is Firefox’s password management facility.

In Firefox 2, password management is a bit of a struggle. When you enter a password on a page you are asked whether you want Firefox to remember that password or not. The problem with this particular dialog is twofold: first, it appears before the login is complete so you have no way of knowing whether you have actually entered the correct password; second, it is modal, blocking any other browser actions, so there is no way to verify that the password works without first dismissing the dialog box. It’s a good feature, it’s just sort of poorly designed.

Fx2-modal-dialog

The actual Firefox 2 password manager is also a bit rough around the edges. You can only view the full list of all sites for which there are stored passwords, sorted alphabetically by URL or login name. There is no way to filter or search the list, so to find an old stored password, you have to either remember the URL and scroll down to the item in the list or scan through the full list manually. I have hundreds of passwords, so as you can imagine it’s all a bit of a pain.

Fx2-password-manager

Firefox 3 fixes all of this, and the new password management features are significantly improved and much, much more thoughtfully designed.

The dialog box asking whether you would like Firefox to save a password has been replaced entirely. Now, instead of popping up a modal dialog before the login has succeeded, Firefox 3 presents the option to store a given password using an information bar that slides down from the top of the screen after you have logged in. This allows you to verify that the password is correct before asking Firefox 3 to store that password.

password-remembering-infobar

The information bar is non-modal as well, so you can continue using the Web as normal without being forced to dismiss it first. In fact, the information bar will continue to hang around so long as you’re on that login’s site or manually dismiss it. When you leave the site, the information bar will automatically disappear. Not to worry, however, because if you return to the site and login again, the information bar will reappear.

Additionally, the password manager has filtering and searching capabilities, making it significantly easier to find and deal with passwords for certain sites. For example, here I’m filtering the list so it displays only those sites that include “mozilla.org” as part of the domain:

saved-passwords-filtered

Other password-related features are more or less the same in Firefox 3, including creating and using a master password (which you should all do, really), displaying stored passwords, and so forth. The changes are relatively subtle, but if you’re like me and have hundreds of stored passwords these small changes can make a huge, huge difference over all.

Other posts I’ve written about Firefox 3

The about:mozilla newsletter community survey!

about:mozilla, Mozilla, Work No Comments

about:mozilla newsletter banner

We’ve been publishing the about:mozilla newsletter since November of last year. Having been at this for almost six months, we figure it’s time to gather some reader feedback, which is why we’re running The about:mozilla Newsletter community survey.

If you are a regular reader of the newsletter (or if you used to read it but stopped for some reason), we would really appreciate it if you could take the time to respond to the survey that’s being hosted over on the Mozilla Europe site. At the end of the survey there’s a place where you can enter whatever additional comments, ideas, thoughts or criticisms you may have. The more feedback you can give us about the newsletter, the better the newsletter will be in the future.

The survey will be only be running for a couple of weeks, so the sooner you can head over and help us out, the better. If you would like to know more about the newsletter, sign up for it, or read past issues, check out the about:mozilla wiki page.

Here’s the survey: The about:mozilla Newsletter survey.

Pantry Chili

Cooking, Food, Recipes No Comments

Whipped this up in under an hour (mostly simmering time) using nothing but pantry items. Alternate name would be “Simple Weeknight Chili”.

Ingredients

  • 1 lb ground beef
  • 1 14oz can kidney beans
  • 1 28oz can diced tomatoes
  • 1 tbsp butter
  • Medium white or yellow onion, diced
  • 2 cloves garlic, minced
  • 1 tbsp chili powder (the Penzeys stuff is really good)
  • Pinch dried oregano
  • Salt + pepper to taste

Method

  1. Brown ground beef over medium heat in a medium stockpot, drain and rinse. Drain and rinse beans. Put empty pot back on the heat, add butter, onions, and garlic. Saute for 5-6 mins. Toss in chili powder, oregano, salt + pepper and continue frying for a couple of minutes. Stuff will stick to the bottom a bit, but that’s ok — it will come off later.
  2. Add browned meat, beans, and tomatoes (including juices). Stir and heat until simmering. Turn down the heat to low and simmer for 25-35 minutes (or longer if you want — the longer you simmer, the more the tomatoes will break down). Done.

Serve with crusty bread and a beer.

Firefox 3: Site Identification button

Browsers, Firefox, Mozilla, Work 67 Comments

[I use a Mac, so all the images in this post are of the Mac user interface. The UI for other platforms will differ slightly. Click on pictures to view other sizes. French translation of this article now available!]

Ensuring that users are safe, secure, and protected while they browse the Web is one of the greatest challenges facing browser makers. Browser security involves a delicate balance between protecting the user from the dangers that exist on the Web and overly restricting the user’s freedom to go where she wants and see what she wants while surfing.

One of my favorite new Firefox 3 security features is the Site Identification button. This button replaces and builds upon the ubiquitous “padlock” icon that has for so long been the primary security indicator used in browsers. Firefox 2, for example, indicates that the connection to a site is encrypted by changing the background color of the location bar and displaying a padlock icon.

fx2-paypal-locbar

There is a major problem with the padlock, however, in that a lot of people believe that it means more than it really does. I certainly thought so until I had a long chat with Johnathan Nightingale (Mozilla’s security UI guru and lead imagineer for this feature) who explained to me that the padlock simply means “encrypted” rather than “safe”. Where the padlock has a very specific meaning related to browser security, I had given it a deeper, broader meaning that it didn’t really deserve.

So, what’s the difference between “encrypted” and “safe”? It turns out that it’s not actually that hard to set up a site that will get your browser to display a padlock. In fact, it’s easy enough that essentially anyone can do it, including bad guys who are just out to steal your credit card info, identity, and whatever else they can get. So the padlock means “encrypted” but doesn’t say anything about the validity of the domain, nor about the identity of the people at the other end of the encrypted connection.

It’s even possible to easily spoof a padlock of sorts, as demonstrated here:

fx2-emergentchaos-locbar

The padlock isn’t in the right place, and it isn’t even quite the right padlock, but many users wouldn’t notice, falling back on the learned-but-not-quite-correct “padlock equals safe” assumption. It’s a very simple and imperfect spoof (they just have a padlock favicon for the website), but it’s enough to confuse and trick some users. Clearly things need to be improved.

How Firefox 3 makes things better

This is where the new Firefox 3 Site Identification Button comes in. Rather than just displaying a little padlock somewhere, Firefox 3 finds out as much as it can about the site you’re browsing and makes that information easily accessible through a single click of a button at the left end of the location bar.

site-identification-button2

The button can be one of three colors — gray, blue, or green — and displays the new Site Identification dialog when clicked. The dialog includes a matching gray, blue, or green “Passport Officer” icon, and shows a summary of the information available about the site’s identity.

gray-blue-green-icons

So, instead of having a single indicator that a connection is either encrypted or not (the padlock), Firefox 3 presents you with information that covers a range of different security levels.

Here’s what the various colors mean:

Gray – No identity information

gray-icon

The gray Site Identification button indicates that the site doesn’t provide any identity information at all. Also, the connection between the browser and the server is either unencrypted or only partially encrypted, and should not be considered safe against possible eavesdroppers.

Most of the Web will have the gray button, because most sites don’t involve passing sensitive information back and forth and don’t really need to have verified identities or encrypted connections. So, gray is fine for the majority of sites.

Note: If you’re sending any sort of sensitive information (bank information, credit card data, Social Security Numbers, etc.) the Site Identification button should not be gray.

fx3-gray-dialog

The gray Site Identity button, along with the fact that the Firefox 3 location bar doesn’t display a padlock in the location bar as a security indicator, makes it obvious that this site is spoofing a padlock and isn’t really encrypted or secure:

fx3-emergentchaos-locbar

Blue – Basic identity information

blue-icon

The blue Site Identification button indicates that the site’s domain has been verified, and the connection between the browser and the server is encrypted and therefore protected against eavesdroppers.

When a domain has been verified, it means that the people who are running the site have bought a certificate proving that they own the domain and it is not being spoofed. For example, my bank’s site has this sort of certificate and an encrypted connection, so it displays a blue Site Identification button. When I click on the Site Identification button, it tells me that the easyweb.tdcanadatrust.com site is verified to be part of tdcanadatrust.com, as certified by RSA Data Security Inc. It also assures me that the connection is encrypted so no one can eavesdrop on the connection and steal my bank login information that way.

fx3-blue-dialog

What’s not verfied in this situation is who actually owns the domain in question. There is no guarantee that tdcanadatrust.com is actually owned by the Toronto Dominion Bank. All that is being guaranteed here is that the domain is a valid domain, and my connection to it is encrypted.

If I’m still leery about a site’s identity when it is displaying a blue Site Identification button, I can see more information about the site by clicking the “More information…” button on the Site Identification dialog. Here I can view the site’s identity certificate, whether I’ve visited the site before, and if I have any cookies or passwords stored for the site.

tdct-pageinfo-dialog-cropped

This is the “Privacy and History” section of the security information displayed by the “More information…” button. Firefox 3 is here telling me that I’ve visited the site 94 times since I last cleared my browser history, that my browser is storing at least one cookie for the site, and that I have no saved passwords for the site. All of this information fits with my expectations, so I’m confident that this site is the site I think it is, and can now go about my banking more or less worry-free.

Green – Complete identity information

green-icon

The green Site Identification button indicates that the site provides fully verified identity information about its owner, and that the connection is encrypted.

If a site has a green Site Identification button it means that it is using a new “Extended Validation certificate” (EV). You can read all about EV certificates at the link above, but to make a long story a little shorter, EV certificates are a special type of site validation certificate that requires a significantly more rigorous identity verification process than other types of certificate. So, while the blue Site Identification button indicates that a site’s domain is not being spoofed but does not have any verified information about who actually owns the domain, the green Site Identification button indicates that the domain is valid and that the owners of the domain are who you would expect them to be.

With the EV certificate, the Site Identification button assures you that paypal.com is owned by Paypal Inc., for example. Not only does the Site Identification button go green on the Paypal site, it also expands and displays the name of the owner in the button itself. The Site Identification dialog presents further detailed information.

fx3-green-dialog

To contrast, here’s what Firefox 2 does when it is on the paypal.com site:

fx2-paypal-locbar

If I click on the padlock, it brings up this Page Info:

fx2-paypal-pageinfo

Compared to the Firefox 3 Site Identification information, the Firefox 2 padlock and Page Info dialog aren’t exactly enlightening.

But wait, there’s more!

In other situations the Passport Officer icon appears in two other colors, but not as part of the Site Identification button.

Yellow – Invalid identity certificate

yellow-icon

One thing you may encounter while surfing with Firefox 3 is a page that has a yellow Passport Officer icon. While the Site Identification button doesn’t have a “yellow” state, the Passport Officer icon will appear when there is some sort of problem with a site’s identity certificate.

fx3-selfsigned-warning

The page above is actually generated by Firefox 3 itself, and its purpose is to block you from going to a site that has an invalid identity certificate. Just like driver’s licenses and passports, site identifications need to be renewed or they expire. And just like only you can use your passport, each web site should present the credentials belonging to that site.

In the case pictured above, the problem being warned about is that the site has a “self signed” identity certificate. On the Web, self signed certificates are like passports you made at home — they don’t mean anything, no one’s verified them, and while maybe the information on them is real, Firefox wants you to know that the passport has not been validated.

There are many perfectly valid sites that use self signed certificates simply so they can support encrypted connections to the server, and are not doing anything untoward or nefarious at all. This is why Firefox 3 allows you to add exceptions for sites who have self signed certificates that you know are not trying to trick you. Adding an exception is a simple process that only needs to be done once for each site encountered.

At the bottom of the “Secure Connection Failed” page that is blocking access to the site (shown above), there is a link that reads, “Or you can add an exception…”. Click this, and it shows the following to verify that this is what you really want to do:

fx3-selfsigned-adding-exception-step1

Click the “Add Exception…” button there, and you’ll see this dialog, where you complete the process:

fx3-selfsigned-adding-exception-step2

If you want to add the exception temporarily, make sure the “Permanently store this exception” checkbox at the bottom of the dialog is unchecked. Then click “Confirm Security Exception”, and Firefox 3 will no longer block you from visiting the page.

The yellow Passport Officer icon will appear in other situations as well, all related to there being a problem with the site’s identity certificate. The warning page will clearly explain what’s wrong and what you should do about it.

Red – Reported attack site

red-icon

There is also a stern red Passport Officer icon who carries a little stop sign rather than a passport. This is part of Firefox 3′s Malware and Phishing protection system that protects users against reported attack sites, but I’ll talk about that stuff in a later blog post. For now, be assured that if you encounter the red Passport Officer, he’s protecting you from potential attacks and is only here to help.

The Firefox 3 system — with its Site Identification button, Site Identification dialog, much friendlier security-related Page Information, and invalid certificate warning pages — is vastly superior to older systems that relied so heavily on the padlock. Not only have the security indicators been expanded and improved, it’s also now much easier to understand the levels of security being encountered while surfing the Web. No system is perfect, of course, but Firefox 3 makes some extremely important and valuable strides towards improving user safety and security on the Web.


Icons by N.Design Studio. Designed By Ben Swift. Powered by WordPress and Free WordPress Themes
Entries RSS Comments RSS Log in