Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
Re:why does it have to be so damn slow under linux
file a bug. http://bugzilla.mozilla.org/
-
Leak MonitorLeaking? Try the "Leak Monitor"[1] extension... And I wonder if it's really working.
-
Re:The source is a fucking mess!
From http://lxr.mozilla.org/ :
"SeaMonkey (updated hourly)
This module is SeaMonkeyAll, the trunk of the Mozilla browser project."
So really, it is the firefox codebase. Seamonkey lives here:
http://lxr.mozilla.org/seamonkey/source/suite/
while firefox lives in the similar, but different:
http://lxr.mozilla.org/seamonkey/source/browser/
Ooops. -
Re:The source is a fucking mess!
From http://lxr.mozilla.org/ :
"SeaMonkey (updated hourly)
This module is SeaMonkeyAll, the trunk of the Mozilla browser project."
So really, it is the firefox codebase. Seamonkey lives here:
http://lxr.mozilla.org/seamonkey/source/suite/
while firefox lives in the similar, but different:
http://lxr.mozilla.org/seamonkey/source/browser/
Ooops. -
Re:The source is a fucking mess!
From http://lxr.mozilla.org/ :
"SeaMonkey (updated hourly)
This module is SeaMonkeyAll, the trunk of the Mozilla browser project."
So really, it is the firefox codebase. Seamonkey lives here:
http://lxr.mozilla.org/seamonkey/source/suite/
while firefox lives in the similar, but different:
http://lxr.mozilla.org/seamonkey/source/browser/
Ooops. -
Re:No, it's not "losing its way"
Try the iFox theme. With that Firefox doesn't feel as out of place. Still, no theme fixes the Windows 95-ish form controls that every non-Windows system gets. XP gets native-looking forms. Why can't Linux and OS X?
-
Re:The source is a fucking mess!
> Look for yourself: http://lxr.mozilla.org/seamonkey/source/.
You just linked to the source code of an entire web browser and called it "a mess." If broad generalization warning lights don't flash now, we really should change the batteries. What code file do you think is a mess? As someone who's seen a lot of code review, patches get thoroughly reviewed and nitpicked (for indentation, spacing, line breaks, variable naming, you name it). To suggest the codebase went down the toilet between the 1.5 and 2.0 release is a preposterous argument.
> But the end result is that it's very difficult for most programmers to come up to speed with the code even just to fix a small bug, let alone implement entirely new functionality...
Which programmers? Do you have names? Or is it just "most" of them? I've seen plenty of small bugs that were minor changes in an XML or JS file somewhere that weren't difficult to understand at all. And, yes, implementing a new feature in a mature web browser project is hard. This shouldn't be news to anybody. -
Re:The source is a fucking mess!
I looked through the source he linked to and I couldn't find a single C file
Maybe you should be looking for cpp files? I thought about rendering pages, and decided to go to layout and the base, which has a bunch of rendering files for you.
http://lxr.mozilla.org/seamonkey/source/layout/bas e/
The code is right there, doesn't look too bad. I can't tell you what it does just yet, but with any large project, it takes a little while to become acclimated to the code.
I've never looked at this code before, and I was instantly able to find whatever functions I was looking for, and I think I could even debug it given some time to look things over. It actually looks fairly good. -
Re:The source is a fucking mess!
We hear that reasoning a lot from open source advocates. But when it comes to Firefox and Mozilla in general, it just isn't a case. Their code is a mess, regardless of whether it's C++ code, or whether it's JavaScript code. Look for yourself: http://lxr.mozilla.org/seamonkey/source/.
It's not entirely fair to compare SeaMonkey with Firefox. One of the drivers factors behind the foundation of Firefox (then Phoenix) was that the Mozilla inherited from Netscape was borked beyond redemption, and recoding from scratch was the only way forward.SeaMonkey, whose repository you linked to. is a continuation of the old Mozilla codebase. It was brought back from the dead after the mozilla project decided to junk it. Part of the reason for that was that a few old fossils like myself have a certain affection for the mozilla suite, but mainly it happened because a ot of corporate players had a significant investment in the old Mozilla package, and since this is open source they don't have to migrate if they don't want to.
The tone you take in your post leads me to suppose that you should have known all this already. I'll just add that if you want people to take you seriously (as opposed to just another AC astroturfing for Microsoft) then you should at least link to the correct repository. Don't you think?
-
Re:The source is a fucking mess!
-
Re:The source is a fucking mess!
-
Re:The source is a fucking mess!
-
Re:The source is a fucking mess!
-
Re:The source is a fucking mess!
-
Re:The source is a fucking mess!
I don't follow the project closely enough to know why the quality of their code is so low
I would not agree with that at all. A not insignificant amount of the code is a mess, yes, but it's not low-quality. Being a mess never implies low quality, it just means that a decade or so of cruft has built up. There are several ongoing efforts at the moment to clean up Gecko, with the reflow branch being a major one.
The poor quality of the Firefox and Gecko codebases could be indicative of why we've seen to many quality and security problems with Firefox as of late. Firefox does suffer from pretty horrendous memory leaks, even when not using any non-default extensions.
As has been discussed on Slashdot before, I'm sure you know that any large and complex project will suffer memory leaks and security holes until they're all plugged. (That's not to say this is good, though.
:-P ) If you try to abstract away all the possible causes of such annoyances so that they cannot happen, you just end up with bloated and slow code, which nobody wants. I would agree that the messier parts of Gecko's codebase may contribute more to memory leaks and security holes, but they're also (coincidentally) the bits which are the oldest, and therefore have had the most time to be hacked into shape. -
Re:No, it's not "losing its way"
That printing bug is a bummer. It's Bug 154892.
-
Re:I'm quite happy with 2.0
Get Tab Mix Plus, it will solve all your tab woes and then some:
https://addons.mozilla.org/firefox/1122/ -
The source is a fucking mess!
Last time I checked, Firefox was still open source software. If they're not fixing bugs fast enough for your liking, by all means, download the source and fix them yourself.
We hear that reasoning a lot from open source advocates. But when it comes to Firefox and Mozilla in general, it just isn't a case. Their code is a mess, regardless of whether it's C++ code, or whether it's JavaScript code. Look for yourself: http://lxr.mozilla.org/seamonkey/source/.
I don't follow the project closely enough to know why the quality of their code is so low. It may be due to inexperienced or untalented developers. It may be due to rushed development. It may be due to a lack of refactoring. But the end result is that it's very difficult for most programmers to come up to speed with the code even just to fix a small bug, let alone implement entirely new functionality.
The poor quality of the Firefox and Gecko codebases could be indicative of why we've seen to many quality and security problems with Firefox as of late. Firefox does suffer from pretty horrendous memory leaks, even when not using any non-default extensions. The number of serious 0-day security glitches has increased dramatically, as anyone on any notable security bulletin mailing list can attest to.
Quality software builds upon a quality codebase. And until the Mozilla project can obtain that quality codebase, we will continue to see them produce poor-performing applications that suffer from frequent security flaws. -
No, it's not "losing its way"
Here, allow me to post a short summary of the article to save you some time:
I think the new theme and start page is ugly, and there are a few weird bugs that haven't been fixed yet, and they haven't implemented a feature I want in a way that I want it. Therefore, it sucks.- Don't like the default theme that comes with Firefox? Go get another that you like better. Don't like the first run page? Who cares? You only see it one time!
Last time I checked, Firefox was still open source software. If they're not fixing bugs fast enough for your liking, by all means, download the source and fix them yourself. That's not meant as a smart-ass excuse for not fixing a bug, but the article's author says:
If I have the time, I'll go through the source, but I think the best way to help is to bring it to attention.
No, the best way to help is to go through the source and fix the bug! Don't talk about it, do it, and solve everyone's problem with having it!
- The feature the author wants implemented better is an RSS feed reader. I have some news for you: it's supposed to be a basic implementation that gives you the bare essentials. If you want one with bells and whistles, go get an extension that suits your needs better. This isn't a sign that Firefox has lost its way, its a sign that it's principles haven't changed much at all.
- Last, but not least, I'm not sure what the author of this article is proposing we all do. Switch to IE7 or Opera? Yeah, that will help the open source community.
Point is, while Firefox 2.0 was never pitched as the last version of Firefox that we'll ever need as a result of its attaining perfection. Personally, I wish that they would fix the bug that causes only the first page of web pages with absolutely positioned elements to be printed. I wish I had the skill to fix it myself; I would if I could. But I'm sure they're working on it, it doesn't change the fact that Firefox 2.0 is, in my humble opinion, the best damn browser out there right now, and the last thing I'm going to do is undercut the extraordinary efforts of its developers and contributors by posting a whiny blog entry about how because there are still a few things I don't like about it, it's somehow "lost its way somewhere."
Sheez. Talk about ungrateful.
-
No, it's not "losing its way"
Here, allow me to post a short summary of the article to save you some time:
I think the new theme and start page is ugly, and there are a few weird bugs that haven't been fixed yet, and they haven't implemented a feature I want in a way that I want it. Therefore, it sucks.- Don't like the default theme that comes with Firefox? Go get another that you like better. Don't like the first run page? Who cares? You only see it one time!
Last time I checked, Firefox was still open source software. If they're not fixing bugs fast enough for your liking, by all means, download the source and fix them yourself. That's not meant as a smart-ass excuse for not fixing a bug, but the article's author says:
If I have the time, I'll go through the source, but I think the best way to help is to bring it to attention.
No, the best way to help is to go through the source and fix the bug! Don't talk about it, do it, and solve everyone's problem with having it!
- The feature the author wants implemented better is an RSS feed reader. I have some news for you: it's supposed to be a basic implementation that gives you the bare essentials. If you want one with bells and whistles, go get an extension that suits your needs better. This isn't a sign that Firefox has lost its way, its a sign that it's principles haven't changed much at all.
- Last, but not least, I'm not sure what the author of this article is proposing we all do. Switch to IE7 or Opera? Yeah, that will help the open source community.
Point is, while Firefox 2.0 was never pitched as the last version of Firefox that we'll ever need as a result of its attaining perfection. Personally, I wish that they would fix the bug that causes only the first page of web pages with absolutely positioned elements to be printed. I wish I had the skill to fix it myself; I would if I could. But I'm sure they're working on it, it doesn't change the fact that Firefox 2.0 is, in my humble opinion, the best damn browser out there right now, and the last thing I'm going to do is undercut the extraordinary efforts of its developers and contributors by posting a whiny blog entry about how because there are still a few things I don't like about it, it's somehow "lost its way somewhere."
Sheez. Talk about ungrateful.
-
*sigh*
Got duped to this one in about 30 seconds... and it's over 10 months old.
-
Hey
I was poking around a few days ago trying to get a userContent.css file to use a local filesystem png file as a background, without having to resort to huge data: URIs.
Eventually I'd thrown enough random ideas at the problem that I ended up finding out about this nightmare waiting to happen. Just for kicks I tried putting some code in the CSS to alert() all the (supposedly hidden) password values on the page. It worked. -
Re:If it affects Firefox and Internet Explorer...
I tried the testcase with Konqueror (KDE 3.5.5) and it wasn't vulnerable (username/password are only autofilled on the "real form"). But don't trust me, check yourself. And I recommend to have Konqueror always ask for permission to use the wallet.
-
Internet Explorer 6/7, Why The Proof Was for FF
Here is a quick clarification about Internet Explorer 6/7.
The attack at MySpace worked against IE users because many were lured into typing their passwords into a form. I saw this in action. It was almost indistinguishable from the legitimate version.
The Bugzilla reference to IE 6/7 was not a comment on the info-svc proof, but the proof at
https://bugzilla.mozilla.org/attachment.cgi?id=245 426
That form does some interesting things in both browsers, but it does not reflect a normal client/server situation. IE's password manager behaves differently from Firefox when dealing with forms on more than one page, as in the info-svc proof.
In my opinion, both browsers should raise a warning when a cross-site form is loaded, or have that option.
Enjoy
Robert Chapin
Chapin Information Services, Inc. -
Re:Changing a system
Back in 2005 Firefox briefly disabled its support for IDN after The Shmoo Group demonstrated the ease of using Internationalized Domain Names (IDNs) to spoof existing domains, including those for major retailers or banks. At the time, Mozilla said domain registrars were ignoring ICANN guidelines on IDN, and developed a list of problematic Unicode characters that could be banned in domain names to limit homographic attacks. Not sure if this is still current.
-
Re:Ideas
sack Javascript and replace it with something better, like an iteration of Python
You mean like JavaScript 2?
-Dom
-
Re:Ideas
sack Javascript and replace it with something better, like an iteration of Python
You mean like JavaScript 2?
-Dom
-
Re:Ideas
sack Javascript and replace it with something better, like an iteration of Python
You mean like JavaScript 2?
-Dom
-
It's here already
It supports rich applications like Firefox and Thunderbird using XUL and XPCOM. Cross-platform (and unlike Microsoft's implementation of the term "cross-platform", it doesn't just mean several versions of Windows). It supports themes and plugins.
Why get rid of Web version x.x? The web is a hypermedia document service, get the applications out of it.
-
Re:AWstats, Google Analytics, and custom reporting
Plenty of us block Google Analytics in our browsers. You are missing information.
I'll be sure to make a mental note that my stats are now 0.000125% inaccurate.The percentage may not be so insignificant. For instance, the very popuplar AdBlock Plus add-on for Firefox (among the recommended add-ons) includes several blacklists to which you can subscribe. Most of these blacklists include the site google-analytics.com and patterns for blocking scripts such as urchin.js.
I guess that a fair share of Firefox users have AdBlock Plus installed. It is up to you to decide if you care about these users or not.
Note that a good web statistics package that analyzes your own server logs should be able to tell you how many visitors block JavaScript, block cookies or use tools like AdBlock that selectively block some URLs. Good web statistics packages will provide this information while taking into account the effects of client caches, proxies and even multi-hosted proxies (resulting in multiple IP addresses for the same visitor). You cannot use Google Analytics to know how many visitors block Google Analytics.
So if you were using a good (local) web statistics package, you would be able to come up with a more realistic percentage than 0.000125%. Of course the actual number depends on the target audience for your site, whether they care about privacy issues, etc. Do not be surprised if you find out that the percentage is closer to 5% than to 0.000125%.
-
Re:AWstats, Google Analytics, and custom reporting
Plenty of us block Google Analytics in our browsers. You are missing information.
I'll be sure to make a mental note that my stats are now 0.000125% inaccurate.The percentage may not be so insignificant. For instance, the very popuplar AdBlock Plus add-on for Firefox (among the recommended add-ons) includes several blacklists to which you can subscribe. Most of these blacklists include the site google-analytics.com and patterns for blocking scripts such as urchin.js.
I guess that a fair share of Firefox users have AdBlock Plus installed. It is up to you to decide if you care about these users or not.
Note that a good web statistics package that analyzes your own server logs should be able to tell you how many visitors block JavaScript, block cookies or use tools like AdBlock that selectively block some URLs. Good web statistics packages will provide this information while taking into account the effects of client caches, proxies and even multi-hosted proxies (resulting in multiple IP addresses for the same visitor). You cannot use Google Analytics to know how many visitors block Google Analytics.
So if you were using a good (local) web statistics package, you would be able to come up with a more realistic percentage than 0.000125%. Of course the actual number depends on the target audience for your site, whether they care about privacy issues, etc. Do not be surprised if you find out that the percentage is closer to 5% than to 0.000125%.
-
wtf
What jurisdiction does the FCC have over the internet?
If users are not tech savvy enough to use Firefox & Permit Cookies, then they get exactly as much protection as they deserve. Cookies aren't the problem, stupid users are.
Here's where I go slightly off topic. Stop reading if you want.
I accept that advertisers are scum and will do whatever they can to make money off of me, so I fight back. I use Firefox, Permit Cookies, Flashblock, Adblock Plus, and Filterset.G Updater.
I no longer have cable (tv) - the only things I watch are things I downloaded and then put on my XBox with XBMC. I'm happy to say that commercials are no longer a part of my life! After shutting off cable for a while I can't stand to watch the TV in the break room or a friend's house because there are so many commercials. You don't realize just how many there are until you stop seeing them for a while. Try it! I do not subscribe to any advertisement packets calling themselves magazines. I use Gmail almost exclusively for personal mail and it's spam filters are pretty good.
I recommend trying all of the above. -
wtf
What jurisdiction does the FCC have over the internet?
If users are not tech savvy enough to use Firefox & Permit Cookies, then they get exactly as much protection as they deserve. Cookies aren't the problem, stupid users are.
Here's where I go slightly off topic. Stop reading if you want.
I accept that advertisers are scum and will do whatever they can to make money off of me, so I fight back. I use Firefox, Permit Cookies, Flashblock, Adblock Plus, and Filterset.G Updater.
I no longer have cable (tv) - the only things I watch are things I downloaded and then put on my XBox with XBMC. I'm happy to say that commercials are no longer a part of my life! After shutting off cable for a while I can't stand to watch the TV in the break room or a friend's house because there are so many commercials. You don't realize just how many there are until you stop seeing them for a while. Try it! I do not subscribe to any advertisement packets calling themselves magazines. I use Gmail almost exclusively for personal mail and it's spam filters are pretty good.
I recommend trying all of the above. -
wtf
What jurisdiction does the FCC have over the internet?
If users are not tech savvy enough to use Firefox & Permit Cookies, then they get exactly as much protection as they deserve. Cookies aren't the problem, stupid users are.
Here's where I go slightly off topic. Stop reading if you want.
I accept that advertisers are scum and will do whatever they can to make money off of me, so I fight back. I use Firefox, Permit Cookies, Flashblock, Adblock Plus, and Filterset.G Updater.
I no longer have cable (tv) - the only things I watch are things I downloaded and then put on my XBox with XBMC. I'm happy to say that commercials are no longer a part of my life! After shutting off cable for a while I can't stand to watch the TV in the break room or a friend's house because there are so many commercials. You don't realize just how many there are until you stop seeing them for a while. Try it! I do not subscribe to any advertisement packets calling themselves magazines. I use Gmail almost exclusively for personal mail and it's spam filters are pretty good.
I recommend trying all of the above. -
wtf
What jurisdiction does the FCC have over the internet?
If users are not tech savvy enough to use Firefox & Permit Cookies, then they get exactly as much protection as they deserve. Cookies aren't the problem, stupid users are.
Here's where I go slightly off topic. Stop reading if you want.
I accept that advertisers are scum and will do whatever they can to make money off of me, so I fight back. I use Firefox, Permit Cookies, Flashblock, Adblock Plus, and Filterset.G Updater.
I no longer have cable (tv) - the only things I watch are things I downloaded and then put on my XBox with XBMC. I'm happy to say that commercials are no longer a part of my life! After shutting off cable for a while I can't stand to watch the TV in the break room or a friend's house because there are so many commercials. You don't realize just how many there are until you stop seeing them for a while. Try it! I do not subscribe to any advertisement packets calling themselves magazines. I use Gmail almost exclusively for personal mail and it's spam filters are pretty good.
I recommend trying all of the above. -
wtf
What jurisdiction does the FCC have over the internet?
If users are not tech savvy enough to use Firefox & Permit Cookies, then they get exactly as much protection as they deserve. Cookies aren't the problem, stupid users are.
Here's where I go slightly off topic. Stop reading if you want.
I accept that advertisers are scum and will do whatever they can to make money off of me, so I fight back. I use Firefox, Permit Cookies, Flashblock, Adblock Plus, and Filterset.G Updater.
I no longer have cable (tv) - the only things I watch are things I downloaded and then put on my XBox with XBMC. I'm happy to say that commercials are no longer a part of my life! After shutting off cable for a while I can't stand to watch the TV in the break room or a friend's house because there are so many commercials. You don't realize just how many there are until you stop seeing them for a while. Try it! I do not subscribe to any advertisement packets calling themselves magazines. I use Gmail almost exclusively for personal mail and it's spam filters are pretty good.
I recommend trying all of the above. -
Re:Why I usually don't RTFA...
-
Re:Firefox antiphising is far from perfect...
Just tried both sites you are listing (in that order), and apparently firefox 2.0 blocks them both - looks like it is fixed
:)
https://bugzilla.mozilla.org/show_bug.cgi?query_fo rmat=specific&order=relevance+desc&bug_status=__op en__&id=356355 -
Re:Firefox antiphising is far from perfect...
Well, duh, Google probably tried adding all possible combinations of a single URL to the blacklist while they fix the issue.
But they certainly didn't include *all* of them. Fe: I just tried to change a single number in the encoded address
http://200.0x77.0x87.0x63/ebay/login5878/
The phising filter doesn't kicks in *surprise*
The bug is certainly there: https://bugzilla.mozilla.org/show_bug.cgi?id=35635 5 -
Re:That's wonderful
Say that the next time one of your clueless relatives gets their CC details phished.
If the not crashing all the time is still more important to you then why not go to http://developer.mozilla.org/ and lend a hand? -
Re:Requires javascript. Thumbs down.
So whitelist it, it's Google for fuck's sake. I can understand wanting to browse securely, but get with the times. Complaining that a site requires JS is about as bad as complaining that it won't work in lynx.
The search doesn't work in lynx.
The only way to completely prevent scripting vulns is to disable script. Also google is a large attack vector, I can't think of a better place from which to seed a malicious script.
-
Re:What the hell
Am I the only person who hates advertisements?
No, there are at least two of us. I hate them too, for ads rot one's brain. That's why I find Adblock such an irreplaceable extension. -
Re:Huh?
To be used to confusion. Install this https://addons.mozilla.org/firefox/31/
-
Nice with the wikipedia links
Very nice with the wikipedia links. I have been using googlepedia (https://addons.mozilla.org/firefox/2517/) but with something like this I could skip that all together.
-
Re:Will this ever see the light of day?
Gecko 1.9 will be shipped in Firefox 3, currently scheduled for the May or November 2007, depending on which part of the Mozilla Wiki to belive*. From what I understand there are plans to release a Firefox 4 off Gecko 1.9, much like Firefox 1.5 and Firefox 2 are built off Gecko 1.8. So that would put these changes in Firefox 5 time frame, yes this is quite some time away.
* http://wiki.mozilla.org/Firefox3/Schedule
* http://wiki.mozilla.org/ReleaseRoadmap -
Re:Will this ever see the light of day?
Gecko 1.9 will be shipped in Firefox 3, currently scheduled for the May or November 2007, depending on which part of the Mozilla Wiki to belive*. From what I understand there are plans to release a Firefox 4 off Gecko 1.9, much like Firefox 1.5 and Firefox 2 are built off Gecko 1.8. So that would put these changes in Firefox 5 time frame, yes this is quite some time away.
* http://wiki.mozilla.org/Firefox3/Schedule
* http://wiki.mozilla.org/ReleaseRoadmap -
Re:What javaScript needs
What javaScript needs is optional strong typing and name spaces.
It's getting that, and a bunch of other cool stuff, in the ECMAScript 4 version that Tamarin will implement.
To see the current working proposals for ECMA for, go here: http://developer.mozilla.org/es4/ -
Bug priorization
Chris: We're always evaluating and prioritizing the most important bugs. Thousands of bugs are of next to no consequence for most users and those will be prioritized below the bugs that affect large numbers of users.
There is a bug, that affect all their Linux users (and probably some other platforms too) outside North America, that have been sitting there untouched since 2002. How many affected users does it take to get a relatively simple bug fixed within five years ?
-
7) Add In Validation - "Remora"
I'm really not convinced by a team of contributors keeping a "close eye on recommended extensions". I'd personally never heard of Remora (http://wiki.mozilla.org/Update:Remora_Requiremen
t s/) before.
There's really no way to verify an extension without walking through the source, and even then it's not impossible to obfuscate something nasty. And any extension that uses XMLHttpRequest can download its own code.
There are a lot of extensions at https://addons.mozilla.org/, some of them quasi-commercial, and the review process required to have an extension hosted isn't (cannot be, in fairness) thorough.
Perhaps addons.mozilla.org need to be a bit more explicit that you can't _quite_ trust the extensions hosted there. Perhaps they could digitally sign 'popular' extensions that they 'trust'?
Imagine what a PR disaster a malicious extension would be.
Andy
[yeah, I hacked a previous post of mine on the same topic.] -
7) Add In Validation - "Remora"
I'm really not convinced by a team of contributors keeping a "close eye on recommended extensions". I'd personally never heard of Remora (http://wiki.mozilla.org/Update:Remora_Requiremen
t s/) before.
There's really no way to verify an extension without walking through the source, and even then it's not impossible to obfuscate something nasty. And any extension that uses XMLHttpRequest can download its own code.
There are a lot of extensions at https://addons.mozilla.org/, some of them quasi-commercial, and the review process required to have an extension hosted isn't (cannot be, in fairness) thorough.
Perhaps addons.mozilla.org need to be a bit more explicit that you can't _quite_ trust the extensions hosted there. Perhaps they could digitally sign 'popular' extensions that they 'trust'?
Imagine what a PR disaster a malicious extension would be.
Andy
[yeah, I hacked a previous post of mine on the same topic.]