Pirates in spaaaaaaaace…

One aspect of software piracy that’s always interested me is the way protection schemes always seem to end up causing nothing but trouble for legitimate users — while pirates happily release 0-day cracks to use the software trouble-tree (albeit illegally). The issue’s been around since at least the early 1980s, and continues to spread into other forms of IP, like DRM. This has all been discussed endlessly elsewhere.

But an article today caught my eye, and reminded me of how absurd the problem can become:

“Yuri Malenchenko, a veteran cosmonaut and flight engineer aboard the International Space Station, had the unenviable job this week of wrestling with a glitchy computer laptop in the outpost’s Russian segment. […] ‘It says software license warning,’ Yuri told Mission Control.”

Nice. Given the, err, sky-high costs of a space program, I can only assume that astronaut/cosmonaut time is worth millions per hour. I wonder if they’ll send that software vendor a bill? 🙂

User perception of SafeBrowsing

I’ve rarely hit the Google SafeBrowsing (malware) warning page, but last week it flagged a few sites that caught my attention. One was example.com (a reserved domain, which amusingly caused our test suite to fail :). The others were real web sites, both for popular Firefox extensions — joehewitt.com and downthemall.net.

Blocking the user when they’re familiar with the site (and expect it to be safe) is rather annoying. Doubly so because there’s no obvious way to bypass it (other than disabling the feature entirely in the preferences). There’s some discussion on this point in bug 400731, and I think there’s a strong argument to be made for *not* having an easy bypass.

But what I find really frustrating is that there’s no specific, useful feedback on *why* the site is being blocked. That is, it does a good job of explaining what “attack sites” are, but not why this specific site is one of them. I think this could lead to distrust of the feature, especially when “legitimate” sites get flagged. For example, here’s the page I currently get:

The “request a review” link goes to a rather unhelpful page on stopbadware.org, intended for the site owner (who is almost assuredly not the person sitting in front of the browser). If you search around on the Stop Badware site, you can get a vague report which says:

“This site is currently (as of 02/17/2008) being reported to StopBadware by the following partners: Google: reported bad.” … “joehewitt.com/ contains or links to badware or otherwise violates Google’s software guidelines.”

So, uhh, completely not helpful. As a user, I’m now inclined to believe that it’s just some kind of screwup, and now I’m grumpy at Firefox and Google.

Of course, I may be completely wrong. The other warning I saw, for downthemall.net, turns out to have been real. A notice on their site now says: “After a complete check up of the site structure, we’ve found that an attacker had exploited a WordPress vulnerability to inoculate unauthorized code into our theme. This code contained links to a site which tried to install malicious code on visitor’s computer.” So, score one for Firefox / Google, and chalk this up an example of the difficulties security prompts face when you’re blocking the user from doing something they want to do. [edit: well, then again, http://www.downthemall.net/howto/ is still being blocked, so I’m left wondering if there’s a new problem, or if the SafeBrowsing database isn’t up to date.]

But I think it’s important to give the user a specific indication of why they’ve been blocked, and that’s not being done here. I’d like to see the browser warning page link to the actual site report, and the report should have specific information that can help me trust its claim. For example:

• Why exactly is the site “bad”? What guideline(s) does it violate?
• What’s going to happen if I visit it anyway?
• Is the whole site bad, or just part of it?
• Does it have a history of problems? Might it just be a recent hack?
• If I was there last week, should I worry that it did something bad before the block started?
• Has the report been verified/confirmed, perhaps by a Real Human? When was it last checked?

Capital N, small y…

David Baron reminded me on IRC that there have been throbber design contests in the past…

There’s this Netscape page for a 1995 (?) animation contest (holy 16-color flashback, batman!), which conveniently has images for each frame for the winner and top 5 entries… APNG time!

(Update: Unfortunately due to a WordPress bug, the APNG images shown blow get converted to static images. Click on the images to get view the originals on dolske.net, where they should work properly. Sorry!)

Here’s the winner (left), and the final version that made it into Netscape:

And the 5 runners up:

There was also a second contest in 1999, but I can’t find the entries anywhere online… These two throbbers are in the old Mozilla 1.7 tree, perhaps they were the winners?

(I love that tile-flipping effect!)

All Glory To The Hypno-Throbber

As you might have heard, the theme for Firefox 3 has been undergoing a refresh. Alex Faaborg has been blogging about most of the big changes, but I thought I’d mention one little piece of remaining work — the throbber — and see what other ideas people had.

Here are the two throbbers used in Firefox 2… They’re pixelated and don’t work well on different backgrounds:

(Windows and Linux)

(OS X)

Firefox 3 includes support for Animated PNG images, so now we can make an animation that looks better and is more flexible. Our first APNG throbber has arrived with the recent landing of the theme-formally-known-as-Proto. It’s a cleaned-up version of the old OS X throbber, and looks much better:

We’ve also dabbled a bit with a different throbber design for OS X, keeping with the simple circular curves elsewhere in the theme. I did some tweaking — changing color, size, line thickness, rotation speed/angle (thankfully this was all automated by JavaScript in APNGedit, so it wasn’t tedious to do) — and came up with a version like this:

(just for fun, a Vista-esque flavor)

So… I think the execution of the original idea is good, but now we’ve noticed that it’s very, err, active. The old throbber was perhaps slightly too subtle, but this new version really catches your eye. Too much. (*sigh* Design is hard, let’s go shopping!) Alex suggested a variation based on a reticle; the whole thing could rotate, or maybe each arc could grow/shrink. Looks interesting to experiment with, and should reduce the “too active” problem, but I haven’t animated it yet:

Speaking of experiments, here’s an older trick I did, which would be hard to do with the GIF format… The idea was to stack multiple APNGs running at different rates/lengths, to help eliminate the glaring periodicity caused by simple looping. In these examples, there’s one image with a red arc spinning clockwise, and another image with a blue arc spinning counter-clockwise. I wasn’t trying to make it look pretty, but it’s still an interesting effect:

I know we have an amazingly creative Mozilla community, so I’m curious to see about shaking out some other great ideas for a new throbber. If you’re feeling creative, grab APNG Edit, do a mockup (talk is cheap!), and attach it over in bug 326817. No unhelpful kvetching, please.

(P.S. There is no validity to the rumor that the native Linux throbber will look like this: )