Indistinguishable from Jesse

In 2006, Mike Beltzner filed a bug saying that Firefox's about:config should have a warning. Chris Thomas wrote a patch adding a warning page, and it was checked in with a playful title suggested by the same Mike Beltzner: "Be careful, this gun is loaded!".

Some people thought the reference to guns made Firefox too violent. After much discussion, Beltzner changed the title to "This might void your warranty!", which was a suggestion from Phil Ringnalda.

Today, Christopher Aillon of Red Hat filed a bug about the "warranty" string. He says it has caused several users to contact legal departments or IT departments with questions that should have been unnecessary.

My suggestion is "Caution: Firefox internals may be hot". As a bonus, it fails to make sense in Iceweasel-branded versions.

Additional suggestions may be hidden in the Firefox source tree. When Beltzner made the change from "gun" to "warranty", he also added a note to localizers, suggesting that the title need not be a direct translation from English but "should be attention grabbing and playful". At least three localizers substituted their own phrases. I'm curious what the strings say when translated back into English.

Firefox 3 added support a new CSS color keyword, transparent. Surprisingly, this broke some sites, many of which had rules like table { color: transparent; } due to a Microsoft FrontPage bug.

The strangest part: Firefox wasn't the first major browser to support transparent. Safari was.

These sites were broken in Safari too — until the webmasters got emails from Firefox users. Is Safari's market share really so low that even when Safari is the first to make a change that affects compatibility, Firefox helps Safari more than Safari helps Firefox?

After five years in hiding, NS_ABORT_IF_FALSE has returned. Please use it instead of NS_ASSERTION in situations where failure is likely to lead to memory corruption. By aborting rather than asserting, you ensure that debug-build users focus on the cause of the corruption rather than whatever random crash results from the corruption. This leads to happier debugging and better bug reports.

Of course, sometimes it's better to prevent the memory corruption entirely, e.g. by adding a run-time check or by making all builds abort (not just debug builds).

Microsoft has announced interesting new security features that will be in Internet Explorer 8 Beta 2. They are following other browsers such as Firefox on some issues, and taking bold new steps on others.

• IE8 Security Part I: DEP/NX Memory Protection
• IE8 Security Part II: ActiveX Improvements
• IE8 Security Part III: SmartScreen® Filter
• IE8 Security Part IV: The XSS Filter
• IE8 Security Part V: Comprehensive Protection

Firefox users are already filing bugs asking for us to match some of these features.

Last week, John Resig created a Twitter Quick Reply bookmarklet. I wanted to make replying even faster, so I created a Greasemonkey script that adds a reply box to each tweet. If you follow a Twitter feed and reply frequently, this script could save you some time.

My script uses several advanced Gecko features. First, it uses getElementsByClassName, which was added in Firefox 3, so it will not work in Firefox 2. Second, it uses a transparent iframe background to hide the fact that there is an iframe present. (By the way, did you now that the default background for iframes is transparent? In the past, I have argued that this default is a security hole. But most sites specify a background color, so it's almost moot.)

Aza Raskin's Algorithm Ink is really neat. Hand Spirals and Kishkush balabush create beautiful pictures with just a little bit of code, while Underground and Morse Code Forever look like real things. Algorithm Ink can even be tricked into performing pure animation, as shown by my example Gears.

Asa has published my answers to the questions you asked me. They include my opinions on full disclosure, what makes security hard, and more.

I've updated Tidybox to work on the Mozilla 2 tree. If you want to use Tidybox there, just install the new version.