The roads I take...

KaiRo's weBlog

May 2021
12
3456789
10111213141516
17181920212223
24252627282930
31

Displaying recent entries tagged with "bugbounty". Back to all recent entries

Popular tags: Mozilla, SeaMonkey, L10n, Status, Firefox

Used languages: English, German

Archives:

March 2021

April 2020

March 2020

more...

November 27th, 2007

Weekly Status Report, W47/2007

Another week has passed, and here's a short summary of the SeaMonkey/Mozilla-related work I've done in week 47/2007 (November 19 - 25):
  • SeaMonkey Releases:
    Started the 1.1.7 release process with candidates and all other required stuff with a target release date of today, but had to pull back and prepare for a respin right when I wanted to push it due to a <canvas> regression. We still hope to release this week.
  • Directed Donation Program:
    In collaboration with MoFo, I prepared the SeaMonkey side of the directed donation program recently, pushed it to the public this week, and announced it on my blog and the SeaMonkey website.
  • SeaMonkey Website:
    I did rewrite the news parts of the new SeaMonkey Website so that they are driven by a single XML file - this affects the news page, the news section of the main page and the Atom 1.0 feed I added in that process (currently only linked as alternative view to the news page, will link it more publicly soon).
    I also created release notes for 1.1.7 and did some small improvements on other places. And there's a bug report now for changing URLs in SeaMonkey to directly point to the new website.
  • SeaMonkey Project Structure:
    Was too busy to drive this forward in that week, will pick it up again soon.
  • Smaller SeaMonkey Changes:
    Thanks to Mark Banner, we're now building PalmSync again on trunk, so Palm users on Windows can sync their address books with SeaMonkey trunk.
    Discussions continued about launching 1.1.x branch/release builds of SeaMonkey from read-only installations. Neil has fixed the main issue in 1.1.7, but the issue with launching directly from Mac DMG images is still there, we investigated further how to fix that last case.
    I created a first patch to split error page strings into a generic and a app-specific part, so that SeaMonkey could just override the app-specific file and be able to provide hooks for adding SSL certificate exceptions similarly to Firefox trunk. We found a minor problem, but this looks good.
    After some comments of the first draft, Basil Hashem from Mozilla Corp. created an updated AMO design that should fit SeaMonkey as well as Firefox and the other products well. Due to some discussion around our linking of AMO in the main menu of our new website, some bugs were filed to improve the SeaMonkey AMO experience and getting SeaMonkey users to the right place should also be possible for the next AMO release. I hope this can improve the situation for SeaMonkey Add-Ons users, along with our SeaMonkey 2 rework and whatever improvements they can make to the review process (apparently that's being discussed in the AMO team as a general problem).
  • KaiRo.at Bug Bounty Program:
    The Bug Bounty Program I set up from my corporate money is progressing nicely, as Teune van Steeg has now introduced browser notification bars used for blocked extension installs as well as the plugin finder service. By collecting those bounties, Teune has helped us a major step forward in the SeaMonkey 2 user experience. Thanks a lot!
  • Source L10n:
    We have 6 localizations in addition to en-US generating nightly builds on trunk, so far this seems to work fine
    I also fixed a security source file to be more friendly to localizers, both for those manually editing them as well as those using tools.
    CVS-based ChatZilla langpacks are stuck a bit, I need to get more input about one unclarity I still have.
  • German L10n:
    Some more work to keep up with trunk, but reviews are pending. I started a thread in our newsgroup about how to find a way out of this non-greenness we have most of the time.
  • Various Discussions:
    Window icons, Send-mail crash, cert override UI, feed discovery and support, login manager, dictionary licensing, etc.
I start realizing there's a bad thing with releasing as often as we do lately: I spent much more time in the release process for stability, correctness and security updates than working for the future of SeaMonkey. I hope that trend will reverse again soon...

By KaiRo, at 21:03 | Tags: bugbounty, L10n, Mozilla, SeaMonkey, Status | no comments | TrackBack: 0

November 14th, 2007

Progress and help-wanted on SeaMonkey 2

I just received a link to a screen shot of SeaMonkey 2 with customized toolbars (this is work in progress, not in nightlies yet, see bug 394288), so I decided to give you a (probably incomplete) overview of current in-work items for SeaMonkey 2 (in no particular order) - and some we'd need help on.
  • As mentioned above, the work on customizable toolbars is done by Philip Chee, and his work is nearing a state that could possibly be included in our development codebase. At first, this will only be available for the browser component, work on other parts will possibly follow later.
  • Teune van Steeg is working on notification bars for the browser, which are basically already included in current nightlies, just not used by anything yet. Teune is currently working on making use of this feature, e.g. for installing extensions from blocked sites, missing plugins or popup blocking.
  • Another quite active area currently is feed support. Justin Wood is leading that effort, our module owner Neil Rashbrook is helping with some parts there. The first target is to get browser support, mainly for discovery and preview of feeds as well as hooks to subscribe to them. At a later stage, we might even get livemarks support, but probably after getting a feed reader in the mail/news component, which will probably be Justin's next target after initial browser support.
  • The preferences migration, targeting to base the SeaMonkey preferences window on the toolkit-style <preferences> family of XUL elements though keeping the familiar look and feel of the suite preferences window, is led by Karsten Düsterloh. The initial work of providing the new window is done already, until migrating all panels is done, we have two menuitems in the browser component, one leading to the new window with the already-migrated panels, one to the legacy window with the not yet migrated ones. That area of migrating pref panes should be a relatively easy one for newcomers to help out.
  • Vista users might have noticed that SeaMonkey 1.1.x integration with the new Microsoft OS is not ideal, Frank Wein is working on this among other things when replacing the old "winhooks" code with a new shell service implementation, fitting the style of other toolkit applications. This will also fix an area where localized nightly build show problems.
  • Mark Banner is currently working on our migration from wallet to LoginManager for password management, the toughest part of which is that the mail/news code needs to use the new password manager, which is in turn blocked by core LoginManager code not supporting all we need yet. Once Mark has fixed that core code, we should be able to throw another old unmaintained code module away and replace it with cleaner, new code. That will also fix another current case of problems with CVS-based localization.

Some areas still would badly need help though:
  • Using the sqlite-based places backend provided by the Mozilla toolkit would probably be a good idea, at least for browser history. After we now can use XUL templates with mozStorage templates, it should not be too hard to get our history UI hooked up with that.
    If that works well, it might even be an interesting idea to use the places bookmarks backend, though without changing the UI we use in the suite for that feature (the backend change would make up the way for extension to try other UI there).
  • The download manager should pick up at least the new backend provided by the Mozilla toolkit, which supports goodies like cross-session resuming of downloads. This also will/should fix the probably biggest remaining problem with CVS.based localized builds - and note that there is a KaiRo.at bug bounty to fetch for this work.
  • Calendar support is something many people would like from an Internet suite like ours, so making the Lightning extension work on SeaMonkey is another thing we'd really like someone to help out with - and where someone could earn a KaiRo.at bug bounty.
  • I think there's no bug filed on it yet, but getting Firefox' session restore ported to SeaMonkey would also be a great feature, esp. as restarting from the extension manager wouldn't make you lose all open web pages.
  • Last not least, I once again need to mention the dynamic UA spoof mechanism, which has the largest KaiRo.at bug bounty of all waiting for whoever does the work, and which could help lots of users, multiple browser projects as well as make the web itself a better place.

I may left out some notable areas of current work or some areas we need help, if you feel I have omitted something worth mentioning, please comment on this blog entry!

All in all, I think there's a bunch of interesting stuff happening at the moment, but still some important things to be done before SeaMonkey 2 gets where we want it to be. Thanks for everyone already actively working on the future of the suite (those are all volunteers doing this in their free time!) - and to everyone who wants us to get even better and has some time and work to offer: please help us, either with the items mentioned above or in other ways of getting involved. There's something to do for everyone and we appreciate any help we can get!

By KaiRo, at 17:21 | Tags: bugbounty, Mozilla, SeaMonkey | 1 comment | TrackBack: 0

September 21st, 2007

New Page Info Has Landed!

A nice feature improvement for SeaMonkey 2 has landed today: The new page info window ports functionality that has been coded for Firefox during last year's Google Summer of Code and makes it available in SeaMonkey's reworked page info dialog.

Image No. 17096

This nicely ties in functionality from other parts of the browser, like permissions, password viewing and cookies, but is also the first place where SeaMonkey recognizes feeds as something special and at least can list them. I still hope someone will pick up the work for a feed reader in SeaMonkey.
Note that this also tries to tie in with history to show if and how often you have visited the page, but that only works correctly with places support turned on, which is not the default for SeaMonkey trunk yet.

Thanks to Daniel Brooks for his work on porting over and improving this code (and to Florian Quèze as well for originally doing those improvements for Firefox).
Oh, and this is also the first completed task in the earlier mentioned KaiRo.at Bug Bounty Program - I hope more will follow this one.

By KaiRo, at 18:48 | Tags: bugbounty, Mozilla, SeaMonkey | no comments | TrackBack: 0

August 10th, 2007

Progress on "Bug Bounty" items

It was nice to see a first patch for an item of the Bug Bounty Program just one day after announcing this program! :)

Daniel Brooks has picked up the page info improvements, and his newest patch looks really good. We're getting a reworked, more polished page info window with more functionality (without losing any compared to the old one, the forms and link tabs are still there) - oh, and this is probably the first part of SeaMonkey that will see some feeds support as well (by listing feeds available on the page).

Just a day and a half later, Teune van Steeg attached a first patch on another bug from this list, adding browser notifications / info bars to our software. This is an important feature for use with other code, and I'm happy to see something moving there as well.

Thanks to both contributors for picking up those items!

While nobody has started to work on it yet, I had some talk about feeds support on IRC: Robert Sayre (sayrer), who worked on toolkit's feed parser (which we should use), is willing to help anybody working on our code when questions arise, Myk Melez (myk), who did the Forumzilla extension, is willing to answer such questions as well. As there are two different ways of integrating feeds with mailnews out there (Thunderbird's and Forumzilla's), we got into some talk about that, but both our SeaMonkey mail owner Karsten Düsterloh and me think the Thunderbird solution of having them in special accounts is the cleaner solution, which we prefer.

I hope someone pick up this and the other items on the list soon, so that we see even more good progress for a better SeaMonkey 2.

By KaiRo, at 14:33 | Tags: bugbounty, Mozilla, SeaMonkey | 2 comments | TrackBack: 0

August 6th, 2007

KaiRo.at Announces Bug Bounty Program

I've been thinking about this project for some time, and working on it behind the scenes for a few weeks now - finally it's ready to be announced publicly:

The KaiRo.at Bug Bounty Program is being launched today!

This program, launched by KaiRo.at - Robert Kaiser IT-Services, aims to "encourage developers to get involved with SeaMonkey by rewarding them with some hard dollars for contributing important code to the SeaMonkey project", as stated on the program's pages.

The program is currently awarding a total of 2700 USD to work on a list of 7 critical bugs/features on the path to SeaMonkey 2, including dynamic UA spoofing and feed reading, as well as download manager, Lightning integration, page info, plugin finder and browser notifications. That's the current set of bug bounties for 2007, there's still a slight possibility that KaiRo.at may even extend this program though as we see fit. Any developer completing the work as described on the program's pages is eligible for the bug bounty assigned to the specific task.

I hope those bug bounties will be an additional motivating factor for people to work on those features for SeaMonkey, but also hope they will continue to stay with the project after completing those immediate tasks.

And here's a short Q&A about this program, to sum it up once again:
  • Who is KaiRo.at, what is their interest in this and where is this money coming from?
    OK, that's 3 question at once, but the answers cumulate for the most part: KaiRo.at - Robert Kaiser IT-Services is the one-man-business of me, SeaMonkey Council member Robert Kaiser. The money comes from my earnings through Google AdSense on the SeaMonkey German website - and as that income rises with SeaMonkey adoption in German-speaking countries and my business is mainly around SeaMonkey, my interest is in improving SeaMonkey so that more people will use it. Sounds too good to be true? Well, it isn't. It is the whole truth. Believe me.
  • What tasks will be awarded with which amounts of money?
    Look at the bug bounty list for 2007 for which tasks are currently in the program, and the detail pages linked there for the amount and detailed description of the work to do there.
  • Who will get the money?
    As stated on the main program page, the developer who implements the vast majority of the task described in the detailed per-bug work description page will be awarded with the sum stated in that latter page. If multiple developers worked on the task or something else out of the ordinary happens, the ultimate decision is up to KaiRo.at (Robert Kaiser).
  • What is the motivation behind the program?
    What's driving this program is the idea of rewarding people for their work on important parts of SeaMonkey and to give an additional motivation for developers to implement the listed features. The money is earned through the community using SeaMonkey, it's only fair to give something back to those who work on improving this software.

With that, happy hacking on an improved and much better than ever SeaMonkey 2 codebase!

By KaiRo, at 02:38 | Tags: bugbounty, business, Mozilla, SeaMonkey | no comments | TrackBack: 2

July 9th, 2007

Specification for a "Dynamic UA Spoofing Mechanism"

Following my blog post about a UA propsal and the continuing discussion to make the SeaMonkey UA suck, I've created a specification document for the "Dynamic UA Spoofing Mechanism" I think is the only really useful solution to this situation.

It specifies both the client and server sides of the mechanism and can now be found on the Mozilla wiki under User:KaiRo:Dynamic_UA_Spoofing_Mechanism.

By KaiRo, at 15:58 | Tags: bugbounty, Mozilla, SeaMonkey, UA String | no comments | TrackBack: 1

Feeds: RSS/Atom