Ayman Hourieh's Blog

The main piece of news for day 2 in the Firefox Summit 2008 is that everyone is now trapped in the small town of Whistler after a rock slide cut off the highway that connects Whistler to Vancouver. Fortunately, nobody was injured because of this. However, clearing the massive boulders that are blocking the highway will take 5 days according to official sources. Since the summit ends this Thursday, most attendants need to go to the Vancouver Airport on Friday to catch flights to their home countries. The cause of this rock slide is unclear at the moment, but there are people in the summit who are speculating whether a company whose name starts with an 'M' is behind all of this. A bug was filed in Bugzilla to track the issue, and some of the currently-proposed solutions involve riding bears, taking boats, or taking helicopters. In reality however, we will most likely end up going through a different route that takes around 8 hours in bus.

Upcoming Mozilla Products

Back to the events of the summit itself, day 2 started with presentations on the next release of Firefox. Version 3.1 is planned to be released in the 4th quarter of this year. It brings several interesting capabilities to the rendering engine of Firefox, and improves the overall performance of the browser. One important addition is the implementation of the JavaScript Selectors API. This API provides a better and more efficient method of getting elements from the DOM tree. If you are familiar with jQuery or Prototype, you probably know that these libraries provide a function to get a group of DOM elements by matching against a set of CSS selectors. These libraries implement such functionality using JavaScript. Since traversing DOM elements and matching CSS selectors can be expensive operations in JavaScript, it would be much better if this functionality is implemented in the JavaScript engine using native code. And this is exactly what the selectors API is about: provide a standard set of JavaScript functions to get DOM elements using CSS selectors. Firefox 3.1 will contain this API, and even in the current alpha release, the improvements in performance are significant.

Firefox 3.1 also brings improvements to the canvas element, and provide support for the OGG Theora video technologies. Demos were presented to show off these new features, and the results looked very nice. However, I'm not sure how the adoption is going to be for these features, given that other browsers may or may not support them.

Next, an interesting and relatively new project called Fennec was presented. Fennec is about bringing Firefox to mobile phones. Even through the project is still in the early stages, there is already a very functional build which was demonstrated.

Thunderbird 3 Localization

The next talk I attended was about Thunderbird localization. Thunderbird 3 is currently in alpha stages. Beta 1 is expected in September 2008, Beta 2 is expected in November 2008, and the final release will happen in January 2009. Thunderbird localization now has a new coordinator, Simon Paquet, and he's very enthusiastic about getting new locales (including Arabic). This is an excellent opportunity to finally have an official release of Arabic Thunderbird, and I think a good timing to start importing the current localization to version 3 is around the beta 1 release in September.

Security and Malware

Security is very important for a web browser, and one of the selling points for Firefox is the security it offers. I attended two talks on this topic. The first one was a demonstration of the current trends in malware. With malware detection and blocking technologies becoming more advanced, malware authors are finding more sophisticated techniques to trick browsers and/or users to install malware on computers. I haven't used a Windows computer in a very long time, so I wasn't aware of what's going on these days in the world of malware. One interesting attack that was demonstrated was a website that masqueraded as an anti-virus application and tried to convince the user that a virus was found on their computer. Technically, this malicious website consisted of a series of animated images that looked like an anti-virus program starting up, scanning the local hard disk, and then offering the user an executable program claiming that it will clean virus infections, while in reality it will infect the computer with malware. All of this was done in the main window of the browser, without any popups. This is a form of social engineering attack, but it is very difficult to detect and block. How would one detect and block such an attack? This was the open question during the talk, and it resulted in a very interesting discussion on various approaches to handle such issues.

The second talk was about writing secure software. It went through a series of practices that help in designing and building a secure application. It also used examples from actual vulnerabilities that were found in Firefox, which I found particularly interesting.

Wrap Up

Another day, another set of interesting talks. I'm excited about the final day of the summit. Hopefully, it will be as interesting as the previous two days. In addition to the talks, this summit has been a wonderful opportunity to meet interesting people from various parts of the Mozilla project, and from all over the world.