I [recently added][1] the needed markup to enable Feed Autodiscovery on my site. This is the mechanism that powers Firefox’s [Live Bookmarks][2] feature, and allows sofware such as an aggregator to automatically find your feed. At the time, I made the following observation:
For now, every page contains an autodiscovery link for the main RSS feed. However, Blosxom provides RSS feeds for all categories as well (RSS is just another flavour to Blosxom). I could have category indexes provide autodiscovery links to category RSS feeds, but I doubt this is what most users would want.
I’ve never made any attempt to directly publish per-category feeds, although a user in the know could get them due to the nature of Blosxom. RSS is just another flavour as far as Blosxom is concerned. To get a feed for the category X/Y/Z, just pull example.com/weblog/X/Y/X/index.rss and you’re done. By default, your category feed’s title, link, and category will be the same as your main feed. There are many ways to address this with Blosxom; but I was always more concerned with how to offer them. I didn’t really want an orange XML icon next to each category, and a feeds page seems excessive. Autodiscovery makes it easy to only offer the feed that applies to the category being viewed, but it doesn’t make sense to replace your standard feed.
A few days later, I was reading Ben Goodger’s [Inside Firefox][3]. I read [a post about Live Bookmarks][6] in which Ben wrote (emphasis added):
…hope more sites will start using the <link> tag - sites that do, please give your feeds meaningful title attributes! I hate seeing “Subscribe to ‘RSS’” in the popup menu!
This got me thinking, and a couple of days later, I went back and re-read Mark Pilgrim’s [Important change to the link tag][4] article from a couple of years ago, which solidified the autodiscovery mechanism. In it was this bit:
Tips for site authors:
- The title does not have to be “RSS”, but keep in mind that some browsers (iCab, Mozilla, Lynx) will expose the title to the end user, so it should be descriptive.
- If you have multiple RSS feeds, define one LINK tag for each of them. (I’m doing this now for my category-specific feeds; view-source on diveintomark.org for an example.) Presumably next-generation news aggregators (and the way things have been going, we’re talking maybe by Friday here) will display a list of all available feeds and let the user choose one or more. Give each LINK tag a different title, so users know what they’re selecting.
Mark doesn’t seem to be doing this anymore, but I’ve since seen sites using multiple links to offer multiple formats. I’m using it now to offer category-specific feeds from the category indexes (and from permalinks), alongside the regular feeds. If you’re using Firefox, click a category link on the right and then click the XML statusbar icon to see it in action. The relevant part of the <head> looks like this if you view source:
<link rel="alternate" type="application/rss+xml"
title="jclark.org - All Posts (RSS)"
href="http://jclark.org/weblog/index.rss" />
<link rel="alternate" type="application/rss+xml"
title="jclark.org - All Posts in WebDev/Blogging (RSS) "
href="http://jclark.org/weblog/WebDev/Blogging/index.rss" />
I accomplished this in my head.html flavour file using my [updated storystate plugin][5] along with interpolate_fancy. The relevant bit:
<link rel="alternate" type="application/rss+xml"
title="jclark.org - All Posts (RSS)"
href="http://jclark.org/weblog/index.rss" />
<?$storystate::category>
<link rel="alternate" type="application/rss+xml"
title="jclark.org - All Posts in WebDev/Blogging (RSS) "
href="http://jclark.org/weblog/WebDev/Blogging/index.rss" />
</?>
<?$storystate::permalink>
<link rel="alternate" type="application/rss+xml"
title="jclark.org - All Posts in WebDev/Blogging (RSS) "
href="http://jclark.org/weblog/WebDev/Blogging/index.rss" />
</?>
The only thing left was to fix my head.rss to accomodate category feeds intellegently:
<?$storystate::blogroot>
<title>jclark.org</title>
<link>http://jclark.org/weblog</link>
<description>the weblog at jclark.org - All Posts
Version 0+2i of my Storystate plugin is available here. For full details on the uses for this plugin, see the original writeup. This version adds a single new variable, $storystate::rqst_category. This is similar in use to the standard $path variable, except that it’s built from the request URL and not the path of a given post, so it’s available in the header flavour file. This allows you to display the current category in directory style (i.e., WebDev/Blosxom/Plugins) in the header. Since it’s really only useful on category index pages, you can mix it with Rael’s interpolate_fancy plugin to do something like:
<?$storystate::category>
<h2>Viewing Post Category: WebDev/Blosxom/plugins/storystate</h2>
</?>
For display purposes, the breadcrumbs plugin is probably a better choice. I added this primarily for use with per-category RSS feed autodiscovery (link to come).
If you see any bugs around the site (especially for the next day or two), shoot me an email (link is on the right). I’m in the process of implementing per-category RSS feeds, as well as Autodiscovery for the new feeds. Of course, Blosxom provides per-category feeds naturally if you request the correct URL, but unless your RSS template is aware of the possibility, your category feeds will be titled just like your site feed.
Autodiscovery is sorta working; if you’re in Firefox, go to a category index page (click a category on the right, or the story category at the bottom of this post), and then click the RSS icon on the toolbar. You should see two options… one for the main site feed, and one for the category feed. If I ever add comment feeds, they could be handled the same way.
At any rate, it’s been a little harder than I expected, since I haven’t hacked on Blosxom in a while. I’ve forgotten some of the finer points. I’ve also had to update my storystate plugin to get this working. Anyway, it’s still in flux, so appologies if something is broken. Not sure I’ll get finished tonight. Once the kinks are ironed out, I’ll post a rundown on all the newness, along with some instructions for those who want to do the same. I’ll also post the updated storystate if I keep the changes.
My list of installed Firefox Extensions has grown recently. In an effort to document what I’m using for future reference (the next time I need to setup FFx on a new machine), here’s a list of what’s currently installed, along with a brief blurb about what it is and what I think of it.
ChromEdit 0.1.1
Lets you edit userChrome.css, userContent.css, prefs.js and user.js without having to hunt for (or create) them. Quick tip: Go to Floppymoose.com, open their custom userContent.css, and paste it into your own. This creates User Stylesheet rules to hide images from many common ad sites. Update: A newer version of the ad blocking list, based on the floppymoose list, is available from mozilla.org.
del.icio.us 0.3.2
Adds context menu with entries to post current page or link to del.icio.us, find current page there, or to open your del.icio.us links/tags/inbox. Compatible with nutr.itio.us. Also adds a toolbar button for posting to del.icio.us (not displayed by default - Customize Toolbars to get it).
Feed Your Reader 0.7.1
Changes the Live Bookmarks ‘RSS’ icon to subscribe to the feed instead of creating Live Bookmarks. Can subscribe via more than 15 different aggregators, including Bloglines and any application that supports the feed:// protocol.
fireFTP 0.83.2
While still a little rough around the edges, this graphical FTP client that runs via Firefox (in a separate window) is exciting - I’ve been looking for a good, cross-platform, open-source graphical FTP client for a while. I even submitted a (1 line) patch to get it working on OS X… thanks in part to a debug build that author Mime Cuvalo sent me. I plan to spend some time contributing on this if I can find any.
ListZilla 0.5
Exports a list of all installed themes or extensions as text, html, or vBulletin codes. I used this to start this list. I have a few improvements I’d like to see in this one; I might even try submitting a patch when I can find two spare moments to rub together. Top of my list- let me ‘export’ to clipboard instead of a file, and let me edit the HTML template. Markdown output would also rock.
LiveHTTPHeaders 0.9
The first indispensible debugging aid I found for Firefox. Displays a trace window of all request and response headers. Perfect for debugging web services.
Print It! 0.2
Simple little plugin that adds context menu entries to Print and Print Preview. The single biggest feature I missed from IE. Don’t have to miss it anymore. Gotta love the ‘Fox.
Tabbrowser Extensions 1.11.2004092801
I’ve been using this since Firefox 0.6, and installing TBE is still the first thing I do to a fresh FFx install. Possibly not for the timid, it does have more options then you can shake a mouse at. I use it mainly to get the following features: Tab bar always visible, close icon on each tab, open new tabs in background, and colored tab groups. Indispensible. Thanks Piro!
User Agent Switcher 0.6
Lets you change the User Agent information reported by Firefox. Let your browser pretend to be IE or Opera, for stupid sites that care. You can also setup custome UA strings; I have one for Googlebot that I try sometimes if I think a site is cloaking. Haven’t caught one yet though.
Web Developer 0.8
The plugin no web developer should be without. Too much wholesome goodness to cover here, but as I’ve said before, it’s A Party in a Toolbar.
So there you have them. Links go to the extension’s homepage. You can also find extensions at Mozilla Update and Texturizer.net’s Firefox Help. Moz Update is the ‘official’ place to go, but I find Texturizer to be so much easier to browse. You can also subscribe to MozUpdate’s New Firefox Extensions RSS Feed. You’ve seen my preferences; leave me a comment with your list of favorites- or any you found to be a bust.
This will likely be of use to nobody but me, but then, it’s my site. Since I’ve been too lazy to implement a site search feature (even a lazy “search this site via Google” type gadget), several months ago I created a Firefox search plugin to search Google for just my site. If you don’t know what I’m talking about (and you’re using Firefox), look at the Google search box next to the address bar. If you click the “G” icon, you can select other places to search. You can also install other engines. There are hundreds available- I use the Dictionary.com engine all the time. The one I made searches Google for jclark.org pages (using Google’s site: search directive).
Of course, when I upgraded Firefox versions, it disappeared, and when I use other computers (there are 4 active in my home, plus a couple at work) it’s not available unless I take the files with me. So, I’ve set up an installer script. Click here to install the jclark.org/Google search plugin.
As I recently reported, I’ve been disappointed by the differences in the Firefox 1.0PR default theme on Windows and OS X. Using both platforms daily, I value Firefox’s cross-platform voodoo more than any other feature… but that means it really has to feel the same. As I stated last time:
The Win and Mac default themes are similar, but different enough to really bug me. I prefer the Windows default theme. Also, Piro’s TabBrowser Extensions made weird looking tabs under the default Mac theme. Changing themes fixed that (I tried pinball for a while). Of course, you can’t download the Windows default theme (or any default) from the update website. Today, I finally got tired of the issue, and tried to overcome the problem. I copied classic.jar from the chrome folder of my windows install, and used it to replace the version in my OS X install. It’s almost perfect. The only problem is the scroll bars… they don’t appear. There’s room for them, and If I click in the right place, they function, they just aren’t displayed.
Of course, I couldn’t leave well enough alone. After digging around for a while, I found that the scrollbars.css file in the OS X version was much smaller than in the Windows version, apparently delgating functionality to the OS scrollbars. So, I patched up my copy of the Windows jar file with the original OS X scrollbars.css, and it worked. Beautifully.
Screen shots. First, the “Before”:
This is the true default OS X theme. I’m running Piro’s TabBrowser Extensions, which accounts for the tab bar being fubar… it doesn’t mix with the default OS X theme. Also, compare the toolbar icons and the Bookmark Bar’s bookmark folders with the next screen shot- the “After”:
As you can see, the toolbar icons are a little different; to my eye they’re much better. The bookmark folders in the bookmarks bar contain folder icons, which makes it easier to visually separate the folders from each other. These feature were gained just by dropping in the windows version of classic.jar. But also notice the visible scrollbar; this was made possible by modifying the jar as described above.
If you’re using OS X and like the second screenshot better than the first, you’re welcome to download my modified classic.jar, however: I take no responsibility if it breaks your browser, your computer, or your leg. You’ve been warned.
Instructions: Download it, say to your Desktop. Shutdown Firefox (print these instructions, memorize them, or open this page in Safari while you work). In Terminal, go to Firefox’s application (not profile) chrome directory. Assuming a default drag-n-drop install to Applications, should look like this:
cd /Applications/Firefox.app/Contents/MacOS/chrome
Don’t be a shmuck. Back up the original: :
cp classic.jar classic.jar.orig
Put the shiny new one in place:
cp ~/Desktop/classic.jar .
Fire up the ‘Fox. Bask in the glow of your monitor.
Eventually, I need to just extract the thematic elements of the windows version from the jar file, and bundle it as an installable theme. For now, this is working.
On Saturday, I reported on the first Critical Update for Firefox. In addition to being pleased with the rapid response and integrated update notification, I was concerned about the fact that almost no detail was given on the vulnerability, either in the update tool or on any of several Mozilla websites. At the time, I said the following:
So there’s some kind of file download exploit possible, but the details are omitted. I’m no security expert, but I though best practice was to release as much information as possible. I don’t mind that Firefox has a vulnerability; no software is perfect. I’m impressed by the level of response and the integrated update system. At the same time, I’d rather see more information about the problem and solution (or even a link to same) than statistics spin.
On Sunday or Monday, I came accross the Bugzilla Bug# for the vulnerability (probably via Burning Edge). When I tried to click through to view the bug report, I got a big red screen with a message indicating the bug was permissioned, and I didn’t have perms to view it. This was something I’d not seen before at Bugzilla, and I’d intended to blog about it here.
Today there’s more information. Early this morning, Burning Edge reported “Bug 259708 fully disclosed”. I’ve now read bug 259708 and the comment thread, and I have to say I was wrong. The bug in question was pretty nasty, and would allow a download link on a web page (assuming you choose to save the file) to delete every file in the target directory. Ouch! The Mozilla folks decided to restrict access to the specifics while a patch was cranked out. They also decided to wait a couple days for the patch to be downloaded before disclosing the bug, allowing users to put a fix in place. The team acted quickly in the best interest of the users, and released all of the information in a timely manner without further jeopardizing users’ data.
Nice Job, Guys.
This morning, my copy of Firefox (1.0PR on OS X) was sporting a new icon. A small red icon with an arrow, next to the throbber.
After a moment, I recognized it as Firefox’s Update icon. This appears when updates to Firefox or your installed extensions become available. Clicking the icon, I learned that a Critical Update was available, and was warned “You should install these updates immediately to protect your computer from attack.” There was one update listed, “data:Downloading Fix from: ftp.mozilla.org”. Aside from being impressed that the browser was being proactive in warning me of a problem, I was intrigued: what exactly is the nature of the vulnerability, and what would the update do to correct it?
Unfortunately, I couldn’t determine this. The update dialog is application-modal, and the options options offered were “install now” and “cancel”. No additional information or links to same. Deciding to risk it all, I cancelled the dialog and went looking for answers. My first stop was the Firefox homepage. No information was there. I tried the support tab, which is actually the Mozilla.org master support page- with no luck. Undaunted, I tried the Firefox Support Forum link on that page, but the forum had no information either. My next stop was the Firefox Help site, which is familiar to anyone who’s been using the ‘Fox since before 0.9. Still no luck. After Google provided no answers, I tried the Mozilla.org homepage, and was rewarded for my perseverance. At the bottom of the page, in the Announcements category, was an entry date Oct 1, “Important Security Update for Firefox…“.
The Security Update Announcement offered an explanation, sort of, in a Question and Answer format:
How does this security vulnerability expose the user?
A malicious hacker who could trick a user into saving a file could delete files from a user’s download directory.
How serious is this vulnerability?
While this is a potentially severe security vulnerability, user interaction is required to trigger potential harm. This security update is also another example of the Mozilla Foundation identifying and fixing security vulnerabilities before they are exploited by malicious hackers. This type of security vulnerability is very different from cases where a hacker could take advantage of a vulnerability to obtain valuable information from a user’s computer.
Doesn’t this case illustrate that all browsers are equally insecure?
The Mozilla Foundation continues to have a very strong track record on security. According to Secunia, an independent security monitoring organization, Firefox currently has 1 open security issue, out of a total of 13 security advisories filed in 2003 and 2004. 0% of these are labeled “extremely critical”, 15% are labeled “highly critical”. For the same period, Secunia lists 16 open security issues out of 44 advisories for Internet Explorer 6.0, 14% of which are labeled “extremely critical”, 34% are “highly critical”.
So there’s some kind of file download exploit possible, but the details are omitted. I’m no security expert, but I though best practice was to release as much information as possible. I don’t mind that Firefox has a vulnerability; no software is perfect. I’m impressed by the level of response and the integrated update system. At the same time, I’d rather see more information about the problem and solution (or even a link to same) than statistics spin.
Also of note, there are two solutions to the problem: download the patch via the Update Icon, or download a new build (0.10.1). This highlights something else that’s been on my mind… The Firefox Homepage should really mention the version number next to the “Download Now” link. I can never tell when a new point release is out.
Concerns over communications aside, Firefox is still the best browser for my money (well, if it cost money), and far, far more secure than Internet Exploiter. I’m off to install the update.
UPDATE: Please read the followup to this post for more information.
When I first got my Mac, I used IE as my browser. A short time later, Safari was released, a I discovered tabbed browsing. I loved Safari, and loathed going back to IE when at work (Windows). I was happy.
Then I decided to start my own website (you’re soaking in it). My hosting company’s web-based site admin panel didn’t work correctly in Safari or IE/Mac. They suggested Firebird (formerly Pheonix, and soon to be Firefox). I resisted, but eventually tried it. A week later it was my primary browser - at version 0.6.1. This was due in very large part to Firefox’s cross-platform nature. Using a Mac at home and a Windows PC at work, I value any useful app which looks and feels the same in both locations (probably why I’m using emacs much more these days).
Then something happened- version 0.8. The Mac version got a new default theme, to make it more Mac-like. While I applaud the sentiment, what it really did is make it less Firefox-like. With a different theme on Windows and OS X, my seamless cross-browser experience had suddenly grown some huge, ugly seams. I was never very successful finding an independant theme I really liked, but eventually I settled on Qute by Arvid Axelsson. This was the default windows theme, and was also available for the Mac. I got to really like Qute.
Then something else happened- version 0.9. Gone were Pinstripe on Mac and Qute on Windows; we got a new, standard theme. Good plan, although I missed Qute, and I couldn’t install it- it didn’t work with the OS X version of 0.9. Since both platforms were the same, I eventually got used to the change, and all was good. (Note: At least I think so. Until today, I would have sworn that the Mac and Win versions of 0.9 had identical default themes. Tried running an old copy of 0.9 today on my Mac, and the default theme matched the OS X 1.0PR default theme. Don’t know if this is a profile thing, or If i just never noticed the difference).
Then something else happened - 1.0 Preview Release. I noticed a difference on the Mac when I installed the new version (At least i think so, see prior paragraph). The Win and Mac default themes are similar, but different enough to really bug me. I prefer the Windows default theme. Also, Piro’s TabBrowser Extensions made weird looking tabs under the default Mac theme. Changing themes fixed that (I tried pinball for a while). Of course, you can’t download the Windows default theme (or any default) from the update website. Today, I finally got tired of the issue, and tried to overcome the problem. I copied classic.jar from the chrome folder of my windows install, and used it to replace the version in my OS X install. It’s almost perfect. The only problem is the scroll bars… they don’t appear. There’s room for them, and If I click in the right place, they function, they just aren’t displayed. I’ve seen this with certain themes in older releases (I think Qute used to do it), and the current Qute release does the same thing. For now, I’m dealing with it, but eventually, I need to see if I can edit the theme and fix it.
I really hope that when the final 1.0 gold release of Firefox is released, all platforms will share a single, identical default theme. Firefox is one of the best cross-platform apps I’ve ever seen. It should look that way.
Among the new features in Firefox 1.0 Preview Release is Live Bookmarks, which lets you view an RSS or Atom feed as a bookmark folder. Firefox takes advantage of RSS Autodiscovery to determine the availability of a feed for your page. Implementing autodiscovery is a cinch, just add an extra <link> to you page’s head. For an RSS feed:
<link rel="alternate" type="application/rss+xml" title="RSS"
href="http://www.example.com/yourrssfilename.xml" >
And for an Atom feed:
<link rel="alternate" type="application/atom+xml" title="Atom"
href="http://www.example.com/youratomfilename.xml" >
When a feed is present, a little orange XML icon will appear in your status bar; clicking the icon allows you to add a Live Bookmark. Personally, I’d rather be able to use it to add a Bloglines subscription, more on that in a moment.
The presence of the XML icon on the status bar can be instructive. For example, while viewing the Newest Firefox Extentions page on Mozilla Update, the XML icon appeared. Searching the page, I could find no link to the feed. This feed seems to be autodiscoverable only. By using view source, I was finally able to subscribe to feed (see blogroll for link, category Techish).
The absence of the XML icon can also be instructive. Turns out I never added an autodiscovery link to my site. Shame on me. I’ve added the link, if you’re using Firefox 1.0PR (or newer), you should see the XML icon in your status bar. For now, every page contains an autodiscovery link for the main RSS feed. However, Blosxom provides RSS feeds for all categories as well (RSS is just another flavour to Blosxom). I could have category indexes provide autodiscovery links to category RSS feeds, but I doubt this is what most users would want.
Nice as the feature is, Live Bookmarks are no replacement for a good aggregator - Bloglines is my pick. I had given some thought to developing an extention to change the behavior of the icon (I’ve been meaning to learn how to write extentions for a while), but now I don’t have to. Michael Koziarski has released version 0.7 of Feed Your Reader, a Firefox extension. Originally designed to support desktop aggregators using the feed:// scheme, the new version adds support for many web-based aggregators, including Bloglines. I’ve downloaded it but not yet restarted Firefox, so I haven’t given it a try, but I will soon. More later.