Firefox 17 ESR EOL Today

Firefox 24 ESR should be officially released today which means Firefox 17 ESR users will be automatically upgraded to Firefox 24 ESR. I want to take this opportunity to remind everyone of a major change that happened in Firefox 21 that will impact everyone upgrading to Firefox 24 ESR.

The location of a number of important files that are used to customize Firefox has changed. Here's the list:

  • defaults/preferences -> browser/defaults/preferences
  • defaults/profile -> browser/defaults/profile
  • extensions -> browser/extensions
  • searchplugins -> browser/searchplugins
  • plugins -> browser/plugins
  • override.ini -> browser/override.ini

If you find that anything you've customized is not working anymore, these changes are probably the reason.

Early CCK2 is here

I've made an early version of the CCK2 available for testing. I made an earlier version available to my newsletter subscribers last week, so I've already fixed quite a few bugs and addressed some issues.

I'm looking for feedback on general functionality and on import. Also, I'd love some feedback on how to best organize the stuff in the Services and User Interface panels. I'm having trouble coming up with ideas.

Do NOT use this for deployment purposes yet. It is for testing.

Problems should be reported at cck2.freshdesk.com.

My planned release for this is before the end of the year.

What's new with CCK2?

While the video of the new CCK2 Wizard shows a lot of changes to the UI, the biggest changes are under the hood.

Previously, the CCK Wizard generated an extension on the fly, with all of the various modifications cobbled together. With the new CCK2, I've created a core Firefox modification module that can either be preinstalled into a Firefox distribution or bundled into an extension.

That means that if you preinstall the module into Firefox, you can then customize Firefox from an AutoConfig file. That's right, ALL of the customizations that were previously only available by using an extension built by the CCK Wizard are now available via AutoConfig.

And because a JSON file is used to configure all the modifications, it opens up the possibility of using other tools besides the CCK2 Wizard or AutoConfig.

But don't worry! You can still use the CCK2 Wizard just like you did in the past - to create a standalone extension.

It's everything you had before, and more.

I'm making great progress, hoping to have an alpha this week. Stay tuned.

Subscribers to my newsletter got this info early, and they'll also be the first to get an alpha build of the CCK2.

The Java Debacle

In case you weren't aware, last week, on Friday October 18, all versions of Java were marked as unsafe in Firefox 24. You can see the details in bug 914690.

When Monday rolled around reports of problems started coming in. Companies unable to use their software. People unable to do their banking. Citizens unable to access government sites. Hundreds of millions of users affected.

It took three days for the decision to be made to remove the block, and since the blocklist is cached, even more for users to see the results.

Looking back, I'm surprised out how lightly this change was taken. Marking Java as unsafe is a major change that affects millions of users; it should have been handled much better. Here are some of the things that were wrong with this decision:

  • The decision was made without involving the major stakeholder (Oracle). The change took them completely by surprise.
  • The decision was made out of band. There had just been an upgrade to Firefox 24 with no problems. Then all of a sudden Java stopped working.
  • The decision was made with no communication. There were some articles a few months ago (none official from Mozilla), but there was no discussion or notification of this specific change. (And please don't call the platform newsgroup communication.)
  • The change was made without proper testing. After it was rolled out, it became pretty clear that there were quite a few cases where users were not being notified about the block. People were also having trouble navigating the UI when it appeared.
    • The saddest part about this entire change is that the latest version of Java IS click to play! Oracle already has warnings that are better than what Firefox displays.

      I understand the need to protect users, but when major decisions like this are made, developers need to think about ALL of the implications. Otherwise, the fallout can be disastrous.

All versions of Java blocked by default in Firefox

UPDATE: This change has been reverted for now. It will take a couple days for the blocklist to be updated on everyone's machine.

A while back, Mozilla had announced a plan to block all versions of Java by default. While that didn't happen when Firefox 24 shipped, it has been done via an update to the blocklist. See bug 914690.

It's unfortunate that this happened on the ESR, since Java is still essential for some enterprise applications (and apparently the entire country of Denmark).

I don't have any information yet if you can use the permissions API to enable Java for necessary sites. For now, you might just have to turn off the blocklist by setting extensions.blocklist.enabled to false.

UPDATE: You can also use the Click-To-Play Manager add-on to update the domain whitelist. I'll be adding support for this into CCK2.

Mozilla Summit - Reframing the Enterprise Discussion

Recently, hundreds of Mozillians from all over the world gathered in three different locations for the Mozilla Summit. I had the opportunity to attend the summit in Toronto.

While I was there, I attended a couple sessions where the Firefox UX team talked about Firefox User Types in North America. The UX team did an incredible job framing the various types of Firefox users. It made me realize that the same thing is important to do for the types of people that need an "enterprise Firefox."

When I say "enterprise Firefox," the only use case that most people think about is big companies limiting what end-users can do. But there are very valid reasons why someone would need to configure Firefox in a very specific way.

Sometimes the reason is physical safety. Think about a browser on medical equipment or a factory floor.

Sometimes the reason is online safety. Think about a browser at an elementary school or shared by members of a family with different ages.

Sometimes the reason is legal or regulatory. Think about a browser at a bank or a securities firm.

Sometimes the reason is simply that the computer is shared by a lot of people. Think about a browser at a library or a nursing home or a web cafe or a homeless shelter.

I think for a lot of us, we tend to see other computer users exactly like ourselves. We need to realize that people (and organizations) use computers in completely different ways, ways that most of us don't even know about. As long as we build software primarily for ourselves, we're going to completely miss out on opportunities for Firefox.

Sometimes the user of Firefox is not the end-user. It's the administrator or company that wants to deploy Firefox to their end-users. We need to make sure that Firefox is a great browser for them as well.

We need to balance end-user desires with administrator constraints.

Maybe what we need here is a new word? Enterprise doesn't really capture the spirit of what I'm trying to do. Anyone have any ideas?

Getting ready for CCK2

The first version of the CCK Wizard was released on AMO on May 11, 2006. It was designed for Firefox 1.5 and copied the original Netscape CCK. Back then, I was just getting my feet wet in writing Firefox extensions and the CCK Wizard shows it. The core CCK Wizard hasn't even changed much over the past seven years. It's time for a change.

I'm excited to announce today that I'm working on a brand new CCK that is completely rewritten from the ground up. I'm calling it CCK2. It incorporates many requested features and most importantly, it allows just about everything that previously could only be configured via an extension to be configured via autoconfig (assuming the core CCK2 management extension is loaded into the Firefox distribution directory.)

As part of this move, I'll be creating a CCK support mechanism which I'll be detailing in the next few weeks.

I'm also setting up a newsletter for CCK2 as well as for Firefox enterprise news in general. This newsletter will be the only place I announce betas for CCK2. I will also be asking for feedback on various aspects of development. I strongly recommend you sign up if you have any interest in the future of the CCK or Firefox in the enterprise.

So please sign up and stay tuned for some great stuff.



Extension Update UI

If you're upgrading your users and you don't want the extension update dialog to show, just set the preference extensions.showmismatchUI to false.

The Return of Operator (sort of) and other Mobile Add-ons

I did a few add-ons for the Amp Your Firefox Contest. I was waiting to publicize them just in case I needed to beg for votes. Sadly, I don't.

The first one is Total Title. It allows you to easily see the full title text for images. It's primarily for comic sites like xkcd that hide additional jokes in the title attribute.

The second one is Site Shaker. If you go to a web site, you can shake your phone and it will take you to a random link on that site. It's a fun way to navigate through Wikipedia.

The third one is Operator Mobile. Using Glenn Jones' awesome microformat-shiv, I was able to implement microformat support on Firefox Mobile. It allows the export of contacts and calendar events to your mobile device, as well as the opening of addresses into whatever mapping app you are using. I'm investigating a new desktop version of Operator as well, but it's taken a back seat to other efforts. Hopefully I'll be able to put something together soon.

Enjoy.