Announcing Cheevos for Firefox

23 December, 2011 § 9 Comments

Today is the release of version 1.0 of the Cheevos for Firefox add-on!

Cheevos for Firefox is an addon for Firefox that makes learning about different parts of the browser fun, as well as giving you the opportunity to brag to your friends about your pro-level web surfing.

With Cheevos for Firefox, you will gain achievements for using Firefox. Whether it’s finding hidden Easter eggs within the product, or taking advantage of the power of the world’s fastest, most extensible, most personalizable, and most friendly web browser, Cheevos for Firefox will surprise and make using the web browser more fun than ever.

Varying levels of points are awarded based on the difficulty of acquiring an achievement. See how many points you can collect!

Thanks go out to all the people who have helped test, add features, and recommend ideas for new achievements:

Download Cheevos for Firefox today and let everyone know what you think of it!

My contributions to today’s Firefox release

20 December, 2011 § 3 Comments

Today (12/20/2011) marks the release of an update for Firefox that brings improved JavaScript performance using Type Inference (making Firefox about 20-30% faster), among other great updates. I didn’t work on the JavaScript engine improvements, but I did contribute a couple patches for HTML5 videos and the Web Console.

“Dimming the lights” for videos

Starting today, we now have greatly improved the viewing experience of watching HTML5 videos. See this short screencast for a demo of the feature at work.

This feature is perfect for the next time you come across an HTML5 video and want to “dim the lights”.

Web Console

Another feature I helped work on was the Web Console. Firefox contributors have been working really hard to provide the best set of developer tools out there. What you see today is the foundation for the future (hint: the developer tools in future versions are sweet!). The Web Console is a great tool to use to watch network activity, test a JavaScript snippet, and view JavaScript & CSS error logs.

Let’s go through a short tutorial of the Web Console in Firefox:

  1. Open the Web Console
    • On Windows and Linux, press Ctrl+Shift+K
    • On Mac OS X Lion, press Cmd+Shift+K (Cmd+Option+K starting in Firefox Aurora)
  2. Click in the command-line part of the Web Console (the text entry area at the bottom of the console)
  3. Type console.log(“Hello, web console!”)

Great! You’ve just used the Web Console to execute a line of JavaScript. If you’re looking for something even cooler that you can do with the Web Console, venture over to Frank Yan’s blog post where he talks about animating Firefox’s tabs using the Web Console. Firefox’s Web Console can be a great Swiss-army knife tool to keep in your back pocket as you navigate the web 🙂

Hooking up a second machine to your Comcast internet connection

7 September, 2011 § 5 Comments

I signed up for Comcast internet a few months ago and was quite disturbed to learn that connecting to the internet required installing their Comcast Internet software.

Visually, their software doesn’t do anything except for change your Firefox homepage (and if you are on a Mac, then it will make it so you can’t change it back) and add a bunch of shortcuts to your desktop.

I brought my work computer home today and tried to connect to my wired Ethernet connection. While my desktop computer had a good connection, my laptop didn’t. No matter what, I wasn’t going to install the Comcast crapware on another machine. After much digging through preferences, I couldn’t find anything that Comcast actually changed related to networking. My other idea was that their software simply registers your MAC addresss with their server.

After copying my desktop machine’s MAC address to my laptop, the connection succeeded.

TLDR; if you are trying to connect another machine to your Comcast connection (or a router for that matter), just clone the MAC address.

Improving the Core Usability of Software

22 June, 2011 § 1 Comment

What do you mean the software is confusing? We just added a new feature to the software, can’t we fix it in the next minor release? If we stop and fix it, will we slip on feature X? If we leave out that feature, will the users still purchase?

Often times, these are the questions thrown around when usability concerns are brought up. When these questions begin, it is easy to tell that the discussion of the software usability is quickly getting thrown out the window.

It is now 2011 and development teams need to fully understand what it means to implement a feature. In the early 90’s software could ship and if it wasn’t that usable, the customer would purchase and live in suffering. There is too much competition to continue that trend today.

Sometimes it is the little (or major) tweaks that can make or break the user experience. The ROI on user testing is huge, and it may take a team multiple releases or sometimes infinite to understand this.

A Quick Story

I begin with a story of a customer in a rush. This customer, lets call her Jo, uses Amazon frequently, and just got off the phone with her mother. Her mother’s birthday is coming up and Jo forgot to purchase a gift, but she is in a hurry (as always), and needs to run out the door to get to her 8 a.m. Monday meeting.

Jo logs on to Amazon, finds a nice little trinket and goes to check-out. She wants to purchase in the morning to make sure it gets shipped same day. If she doesn’t purchase before she leaves, she won’t have time until after work.

Quickly, Jo adds the trinket to her cart and is off to check out. But wait, the site wants her to:

  1. Log in (30 seconds)
  2. Select her mailing address (10 seconds)
  3. Choose her credit card (10 seconds)
  4. Confirm her order (15 seconds)

That’s a total of 1 minute and 5 seconds, probably 1 minute too-many. Jo jumps in her car and is now off to work in a hurry.

Amazon 1-Click

What if Jo could have purchased the trinket in only one click? She could have saved that painstaking minute and been on her way to work. Amazon 1-Click solves this, and it wasn’t easy. Amazon had to do a ton of work to make purchases non-atomic, as well as keeping them just as secure as they were before.

What does this mean?

While Amazon 1-Click sounds like a new feature, Amazon simply improved the core usability of their product. Making good software isn’t always about supporting the newest standards or adding more features, sometimes it’s about making the ones that you already bought into better.

I’m currently working on a couple bugs in Firefox that probably won’t be advertised in our next release, and that doesn’t bother me. I hope to increase the clickable area of the back button as well as add support for using the video content area as a giant play/pause button with the HTML5 video tag.

What are some things in Firefox (or other software) that you think could be improved?

The (lack of) security at PayPal

18 June, 2011 § 2 Comments

PayPal has had a tough week in the news. Earlier this week, a user claimed to find a way to reset an arbitrary account’s password through the Forgot Password workflow. From his description, it seemed like a low-sophistication attack (aka something he accidentally stumbled upon).

Much of the reaction on Hacker News was to quickly remove your bank account from your PayPal so an attacker wouldn’t be able to steal your money.

As I saw the news, I quickly logged in to PayPal to remove my bank account. I had about $25 sitting in my PayPal account, so I decided to transfer the remaining funds to my bank account before disassociating it. Except it turns out when you do this you lock the association of your bank account for up to 3 to 4 days.

In the meantime, I decided to update the primary email address on the account to one that I check more often. I typed in my newer email address, they sent me a confirmation to the new email address, and I was done. Wait… I was done? It was that easy?

They never gave my older email address an opportunity to cancel this new primary email address. I logged in to my older email account and saw an email from PayPal saying that my primary email address had been changed and if this was a problem to call them. Huh?

So not only can someone claim a way to get access to any PayPal account, they can also change the primary email address of the account without giving the owner any opportunity to stop it before it’s too late?

PayPal needs to make a lot of changes

There is no way that I can cover all of the things that PayPal should do to protect their customers, but I can try a few.

First, they need to give account owners an opportunity to guard themselves against people changing crucial account information. It shouldn’t be so easy to add/remove an email address from the account.

Second, they need to advertise their Security Key feature (aka two-step authentication) more prominently. I didn’t know that they had one until I started writing this blog post.

Third, they should set up a secret passphrase that is included in all emails from them. The bank that I use does this, and it is a very low-tech but successful way to know if an email is from a phishing scam.

Fourth, it turned out that the security vulnerability the original user claimed wasn’t the security vulnerability that had been found. PayPal doesn’t require you to confirm your email address before you can continue with creating your account. Some user signed up with this guys email address and that is how he got access. None of this would be news if they required you to confirm your email address.

Last, PayPal needs to do a better job responding to these allegations. At least let people know that you are looking in to the issue.

Where Am I?

You are currently browsing the Technology category at JAWS.