With the number of emails I’ve been receiving, I thought I should offer an explanation as to why Wizz RSS is being shutdown.
There has been an ongoing security issue with regard to the Wizz RSS code. The problem was first reported by Wladimir Palant in December 2008, and a Security Vulnerability Report was lodged by Nick Freeman of Security-Assessment.com in February 2009. The vulnerabilities were addressed by myself in accordance with Nick Freeman’s report (Which also covered the original vulnerability reported by Wladimir Palant), and a patched version of Wizz RSS (I can’t remember the version number) was made public.
In Wladimir Palant’s original report (Which I suspect very strongly was motivated an ulterior agenda – Which of course he denies) the recommendation was made that I use nsIScriptableUnescapeHTML.parseFragment() to plug the vulnerability. I tired unsuccessfully to apply nsIScriptableUnescapeHTML.parseFragment(), but being satisfied that the vulnerabilities reported by Nick Freeman had successfully been plugged, I didn’t worry about it.
Because the original report by Wladimir Palant was never closed, on 11 November Wil Clouser asked Jorge Villalobos to look into the matter. I responded to Wil Clouser’s request, saying that Wladimir Palant, as the original reporter of the problem, should check my reported vulnerability fix, which he eventually did. The result of Wladimir Palant’s check turned up another vulnerability, and another recommendation that I apply nsIScriptableUnescapeHTML.parseFragment(). Once again I unsuccessfully attempted to apply nsIScriptableUnescapeHTML.parseFragment(). Even though my attempt to apply nsIScriptableUnescapeHTML.parseFragment() was unsuccessful, I still managed to plug the new vulnerability and I made a patched version of the code available for further testing.
On 12 November Wladimir Palant offered a snippet of code explaining the implementation nsIScriptableUnescapeHTML.parseFragment(). Being very grateful for the snippet and explanation, I was about to apply it to the code when I read this comment by Jorge Villalobos (The final straw): -
After reviewing these comments and the extension code, it is clear to me that
the current effort to secure the add-on is misguided. You can’t just rely on
‘sanitizing’ input and expect it to be “safe enough”, specially when there are
clearly safer alternatives.I have sandboxed all versions of Wizz RSS News Reader except the latest one,
and all versions of Reader Lite, including the latest. Its trusted status has
been revoked as well.Mike, you have 2 weeks to correct your extension code to make it safe. You
should upload the update on AMO and let us know so that we can review it. If
you don’t comply by then, your latest version will be sandboxed as well. I also
recommend you read our latest add-on policies
(https://addons.mozilla.org/en-US/developers/docs/policies/) and make sure you
comply with all of them. For example, your current version doesn’t follow our
namespacing guidelines, which makes your add-on a likely cause of compatibility
problems.
And here is my response to Jorge’s comment: -
@Jorge: Five years ago, when I first started working on this extension, there
were no namespacing guidelines. As far as I’m aware, there has never been any
request for older extensions (i.e. Those that don’t comply with the namespacing
guidelines) to be updated to conform with the namespacing guidelines. Perhaps,
if you want to be consistent with the namespacing guidelines that you want to
now enforce of me, you should take a look at all of the older extensions?To be perfectly honest, I have much better things to do with my life than to
waste anymore of it on Firefox.
I will not uninstall Wizz ever ! It’s part of my life !
I don’t normally post comments, but I wanted to offer a quick vote of support; an affirmation of sorts. I would hope & expect that I’m not alone. Sadly, I know how you feel; I’ve been there / done that, and find myself more & more frequently in this awkward, unappreciated position. Namely, a handful of worker-bees doing the work, and a whole lot of friggin’ queen bees out there thinking they rule the hive. Perhaps not a great analogy. Regardless, the egos have outgrown the software; & even though I’m an avid firefox *user*, and think wizzrss is a dang nifty old-time favorite add-on — there should be a hall-of-fame of the “classics”, I think — I totally appreciate your perspective & respect your position. Maybe, some day, given enough distance (and enough positive feedback?), you’ll be able to pick it back up. But, the “software” ain’t the priority — it never was. It’s about people. The “egos” never really got that (and are farther from it now than ever).
Cheers,
-m
ps: this is a minor revision to my previous comment (just the meta-data). If you could, scratch the previous comment. Thanks…
I won’t pretend to understand all of this, but to me it looks and sounds like “bollocks”.
Wizz RSS is the ONLY decent RSS Feed reader for Firefox. The others are in my view next to useless as they clutter the window, the toolbars etc. and are far too complex to set up and maintain.
I for one am not going to uninstall Wizz, and I’ll take my chances with it (if indeed that’s what’s involved, which I doubt) as long as it works with 3.5 and forward versions of Firefox.
I’ve written a small extension myself, and eventually got to the stage of telling the idiots at Mozilla to get stuffed after they turned something simple into ridiculously elaborate.
I hope that something sensible can be sorted out, as I WANT WIZZ!
Cheers
Peter
(in once-Great Britain aka the Disunited Kingdom)
Hi – I like reading these feeds. If I delete the extension do I lose them? And if I don’t delete the extension what’s going to happen? As of right now I’m leaving it on. You may email me. Ray
Too bad,
Wizz RSS is my favorite !
Is my favorite TOO!!!
Wizz RSS is the best !
@Michael and others: Thanks for the support. It does help
Unfortunately the big egos of small people is usually and insurmountable problem.
@Peter: Unfortunately, Wizz RSS 3.1.0.4 will not work with Firefox 3.6. Maybe over the next few days, once I’ve calmed down a bit and got my own ego under control, I’ll apply the recommended nsIScriptableUnescapeHTML.parseFragment() fix to the 3.2.0.0 beta code and make it available through this blog.
@Ray: When you uninstall Wizz RSS, it will ask if you’d like to remove the Wizz RSS folder. If you choose to not remove the Wizz RSS folder, you will retain the feeds.
Ray, you can get peace of mind by exporting your feed list, so that you can be sure you won’t lose it if you delete the extension. I think the OPML Export item in the Options etc. menu on the toolbar should be what you need. After using that you can presumably import the OPML file to another feed reader. I haven’t done this myself yet, but I would expect that it would also be wise to not uninstall Wizz until you make sure the new reader is working correctly and has all of your feeds imported.
As for what happens if you don’t delete the extension, presumably you are in principle exposed to whatever this security vulnerability is, and in addition no new updates will be forthcoming. Mike, will the Wizz server will continue to provide access to feed lists backed up there?
Anyway, I’m rather reluctant to switch myself. I don’t really know of anything else with comparable functionality, so I keep hoping that there will be some last minute salvation here. But assuming that doesn’t happen, good luck to you, Mike. It sounds like an unpleasant situation, so I guess maybe there’s no reasonable alternative, but I’ll be sorry to see Wizz go.
I can but second Peter’s words: Wizz RSS is the best RSS reader for Firefox so I’m not going to uninstall it, period.
BTW, there’s a new extension, Add-on Compatibility Reporter, available at https://addons.mozilla.org/en-US/firefox/addon/15003 which turns compatibility check off; it enabled me to install Wizz RSS 3.2.0.0 on Fx 3.6b2 and I can say it (Wizz RSS, I mean) works perfectly, it read my saved feeds so export turned out to be nothing more than just precaution. (I don’t use fancy features, though; my normal version I used previously was Wizz RSS Lite.) Will it make 3.1.0.4 work with Fx 3.6? I don’t know.
Mike, anger is not, and never was, a good advisor, I can tell you that from my own experience. If you must kill Wizz RSS, do it in cold blood. I for one would ask for granting it pardon, though.
Thank you for your great extension. Take care!
Well, I’ll take the risk and continue to use it even if it’s not considered 100% secure.
It’s the best RSS extension I tested.
Thanks for your work!
I am not likely to remove the WizzRSS extension. I have been using it for years now and an acceptable alternative is not available.
I would like to know however what kind of security issues are present (preferably in layman’s terms). So I can decide for myself whether or not I want to accept the risks involved.
Since I use WizzRSS on a Mac the risks might not be there at all?
Keep on the good work. Your efforts are appreciated. Strictly following Mozilla’s guidelines shouldn’t be anyone’s first priority.
Hi Mike
Really disappointed to see this going on. I love Wizz and feel lost without it. There’s nothing else that gives the same service.
Hope to see you back up and at it again.
Lincoln
I agree with all of the above comments – small minded, self interested idiots distroy so much that is good. Your excellent plug-in is going to stay in my Firefox as long as possible.
Thanks for all your efforts and so sorry to learn that Mozilla is/has been taken over by the political asses.
Cheers,
Charles
There is no decent replacement to WizzRSS, and I indeed will not deinstall it ether. Please try your best, hold out
and settle down with those EGOs.
Sincerely O.
Wizz RSS is a great extension, and I am sure like me, hundreds of other users appreciate the time you freely spend adding value to Firefox. It is only the great extensions like Wizz RSS which prevents thousands using IE8 instead.
I hope you can rise above people who get a bit above their station and continue this worthwhile extension, not for Jorge Villalobos, but for us, your fans
I’ll keep using my excellent Wizz.
Greetings from Rio.
- c.a.t.
Nooooo! :’(
We need Wizz RSS! It’s the most useful and comfortable-in-use add-on for reading RSS in FF!
We need u
P.S.
Sorry for my English if there is some mistakes.
Cheers,
KK
Mike,
Please take this as another message of support. I have been using Wizz RSS since I cannot remember when. Thank you very much for such a ‘wunderschön’ add-on. I tried almost all the RSS Feed readers out there and Wizz stands out of the lot.
I definitely have no intention of uninstalling. Here’s hoping the knowledge of this helps you cool down a wee bit.
Regards.
I’d like to have Wizz Rss 4.x installed one day!
Please don’t stop working for your extension.
Wizz RSS is so useful to me that I will not be turning it off. Thank you for such a functional piece of software. I hope you can summon up the motivation to keep going.
Pity it has to go this way. I almost can’t without this fine plugin! I hope you can “follow the rules”
Good luck!
I do understand your point of going on with your life and not wasting your time due to these kinds of “threats”.
I fully support the comment about the reader, I tried several and since yesterday looking for an alternative but so far there is NONE. I am wondering which real threat staying with WizzRSS is, as far as you use it. Will it only be not supported in the next release or also expose you computer.
Hope you can continue the reader through development.
WIZZ RSS is awesome. I’m not uninstalling it.
I just found Wizz recently, and let me say this: It’s going to stay. Period. Please keep up your good work.
I am also throwing my hat into the “won’t install till there’s something better out there.” Your reader is outstanding and I really want to thank you for what you’ve done with it. Please tell us exactly what the vulnerability is so we can access how much of a threat this is if we do continue to use it. Thank you again for your hard work on this!
I agree with the previous posters. There’s nothing comparable to WizzRSS & I have no intention of deleting it. I can’t survive without it.
I think Przemyslaw Jackowski’s advice in re anger is really apt. At the risk of being presumptuous, I would like to urge you to follow it. You’ve got something really special here that means a lot to many people. I would hate to see you make a decision like this based on emotion, regardless how understandable your frustration over all the technical ankle-biting seems (to this non-web programmer) to be.
I am devastated. Have used Wizz since electrons were invented and am not going to stop now! I agree with all the above comments and would hope that you can move on and resurrect this wonderful creation of yours.
Wizz RSS is the READER.
Sorry – I ain’t going to uninstall it either Mike. Best FF reader I’ve seen so far – and I’ve looked at a few.
Neil
DUDE!! Do not kill WizzRSS! I’ve been using it for years now. Open source it? WizzRSS becomes the ‘community’ edition and then create a ‘plus’ edition that is paid? There’s really nothing like it out there, it’s quick, easy and stable.
Please please please!
Don’t shut down Wizz!
Makes us happy every day,
We don’t want it go away!
I’m quite overwhelmed by all all of the support that has been expressed
Thanks to all of you.
To those who want to uninstall Wizz RSS without losing their feeds: Use the OPML export functionality, which is explained here – http://www.wizzrss.com/helpwiki/index.php/OPML_Export – You should then be able to import that OPML into another feed readers.
To those who have asked for more details of the vulnerability: It would be extremely irresponsible for me to disclose details of the vulnerability. The scum of the Internet would swoop on it in seconds, potentially exposing thousands of people to malicious attacks. Seeing as so many are refusing to uninstall, and thus exposing themselves to potential malicious attack, I undertake to secure the 3.2.0.0 code and make it public through this blog early next week. Unfortunately, Wizz RSS 3.2.0.0 will require that you upgrade to Firefox 3.6b2.
So what exactly are the security vulnerabilities? I don’t understand the problem here at all. I really love your extension Mike – by far the best newsreader – nothing else even comes close – but I don’t know why this has turned into such an “issue.”
I guess maybe you have to be a web developer to understand, which I’m not. I’m just a consumer. If these security issues are just somebody’s private war with the developer, I think we’re entitled to know that. Where is Mozilla’s statement about this?
I’m confused. Is Wizz suddenly going to open me up to viruses and other nasty things? Is uninstalling it the only answer? I hate to lose this most valuable extension, but I hate to get infected even more.
Help us!
I will not be uninstalling WizzRSS. I will also not be upgrading FireFox to a version incompatible with WizzRSS. Wizz RSS is too important a business tool for me and the many users at my company to simply walk away. Mike and Firefox, given the combined history of your respectively valuable innovations, you now have a responsibility to a large and satisfied user community to continue supporting each others products as you have done for many years and solve this issue. Keep moving forward. Keep pushing the envelope. It’s too important.
@ric: The security vulnerabilities have always been in the Wizz RSS code, but they have only been discovered recently. Using Wizz RSS is not going to suddenly expose you to anything, unless someone discloses details of the vulnerabilities – hence the issue. I have done what I can to make all Wizz RSS users aware of the vulnerability, and will provide beta code early next week that closes the holes for good… I hope.
I’ve been trying many RSS extensions for Firefox, and Wizz is the best for my needs and taste. I have no intention to uninstall it. Gonna keep using it until it’s still compatible with new releases of firefox, and when it will become incompatible I hope there will be a new release around, either on mozdev or on your blog.
There is simply not another feed reader that compares to WizzRSS. Please keep it going. I do sympathize with your frustration and I hope the Firefox people will read these responses and get their act together. Meanwhile, I will continue to use WizzRSS as long as I can.
WizzRSS is the best reader. Don’t let them win. You have created something really good. It takes no talent to criticize. It takes talent to create something for the world to use.
I will not uninstall.
#SaveWizzRSS http://wizzrss.blat.co.za/2009/11/14/an-explanation/
Tweet it out!!!
Here’s another voice in support. Thank you for setting the personal feelings about how you’ve been treated aside, and indulging your user base — users, who, in my experience, will only ask for more features and barely ever express their appreciation for whatever free service comes their way — until, that is, their favorite toy almost gets taken away! Thank you again.
Something I’ve just realized that I should explain: Wizz RSS’ non-compliance with the Firefox namespacing guidelines has to do with the vulnerabilities. However, bringing the Wizz RSS code inline with the namespacing guidelines is a job. A job that I don’t have time for.
Another please keep it going message, keeping on top of blog posts would be a nightmare without it.
I’m really disappointed to hear this. I refused to even get into RSS until I found this add-on, with its Watch List being exactly the reason RSS was invented.
I must add my name to the rest of your supporters! I really like WizzRSS as there is nothing as good either Firefox compatible or standalone out there. I’m not going to say that i understand what this “name spacing” thing is about or what it does. I’m wondering if you can just put this program out on your own. With all us supporters out there we can maybe help you keep this program patched. Or we can maybe can start a Forum where you can tell us what we can do to protect ourselves. Maybe i have know idea what i’m talking about here. what i do know is i like and need this program and i’m not likely to un-install it any time soon. If we absolutely must shut WizzRSS down can you recommend an alternative reader? i’ve tried so many and i don’t like them at all.
Really, Wizz is an indispensable tool for tracking the feeds I read daily. The others I tried are garbage (I’d use more colorful language but it would probably get yanked). I’m not entirely certain that the guys at Mozilla have any right to tell anyone how to write their code. Sure they may elect not to advertise the product on their site – that’s their option. We all know and love Wizz and as a result will refrain from refraining.
As for the security issue – that’s a load – seriously. It’s another excuse to coerce people into doing things “their way”. Tell em to sod off.
-e.
Another voice of support for WizRSS — it is one of my most-used pieces of software, and have no plans to uninstall. If I have to upgrade to Firefox 3.6b, well, then so be it!
To be blunt, this doesn’t bode well for Mozilla Firefox. The more difficult it is to author add-ons (either technically or for “process” reasons) the less likely it is that people will author them and/or the less attractive Mozilla Firefox will be to authors and end-users. Mozilla Firefox needs to make authoring add-ons more transparent – not less. This is a major reason for it’s success vs Microsoft et al.
So, I believe that all of this can be traced to one thing: money. Someone wants to make a buck by (essentially) squashing the competition or doing the “bait and switch”, etc. (I suspect everyone in this regard).
But, I have enjoyed Wizz RSS. Good Luck Mike.
p.s. There’s an obvious replacement add-on (I won’t mention it’s name); it’s almost a copy of Wizz at first glance, but, it is dumbed down (vs Wizz) and simply not as good. I wonder if there’s any connection between Wizz’s demise and this thing?
I wonder if anyone can tell me if this is a “Windows only” vulnerability or if this can affect a Linux Box? I use Linux and don’t believe it would affect me. I haven’t seen any particulars on how this vulnerability works.
I’been using WizzRSS for a long time. I discarded many RSS readers because they didn’t fill my expectations. WizzRSS was the only one. A true shame to loose it.
Hey, maybe you reached a momentum where you have to change. Changes are two faces, good and bad. Don’t give up up, take it easy. You’re looking one side of the coin.
WizzRSS is a GOOD WORK. I know it. You know it. I think everybody does.
I, like so many others, experiment with many apps before deciding on the one I will use. I have been doing this for 25 -years.
Wizz is my RSS reader of choice for FF and I will very disappointed if you choose to abandon the project.
Thanks for all the effort to-date and please reconsider your decision.
It’s a shame, but this is the second major complaint I’ve heard from Firefox add-in authors, about how difficult and tedious it is to write to Firefox.
I have been having problems lately with the raw amount of memory that Firefox has been leaking in recent releases (50KB/second with only 2 webpages open on my system), and the only thing holding me back from switching was the extensions I use – 2 of them. This one and one other. Guess which 2 authors I heard frustrations from ?
SO, come on over to Chrome where writing extensions seems quite a bit more straightforward and the platform itself is substantially more stable and efficient. I can’t wait to see Wizz RSS for Chrome ! (We need something like this)
wizz rss is the best rss reader i’ve found. would be a shame to see it not get updated in the future.
i’ve only got six feeds to update, and still i don’t know how i would endure without my wizzrss!
i’ll be keeping my version installed even if it has security issues.
I like most everyone else will not uninstall Wizz nor upgrade Firefox to a version that will not support it.
Mike,
The expectation to update the software with new “namespacing” requirements is ridiculous, counterproductive and frankly indefensible. This type of “existing items have to meet brand new standards” expectation is not inflicted in housing, cars, computer hardware, etc. unless there’s a safety issue. If namespacing has nothing to do with security then this issue should be appealed to a higher authority. This is the kind of bureaucratic stupidity that is becoming far to common in our society.
Good luck and hang in there! Wizz is great! They’ll have to pry it out of my cold, dead fingers!
Very Sad – I was using WizzRSS for years…
Suited my needs perfectly.
Thanks for all your effort and all the best.
I like wizz and don’t think I will uninstal. Is there a better RSS?
Mike, I really hope you can find the energy to go on with Wizz Rss. I use your add-on now for years (first wizz rss, later the light edition). I tried almost all other RSS readers for Firefox but all of them stayed miles away from Wizz Rss. Simply there is no replacement for Wizz Rss. So I will not uninstall Wizz Rss. I cannot live without it.
i will not uninstall either
Oh no … this is a terrible blow … I have been using WIZZ as my newsreader for about 3 yrs and am hopelessly dependent on it … guess I should have shown my appreciation with a donation – sorry about that.
I do hope that something can be worked out.
After using Wizz since for so long that I can’t remember when I first installed it, I saw the alert page that popped up yesterday. Without researching the issue, I figured that it must be important, and uninstalled Wizz. Boy, am I sorry I did.
I’ve tried other FF reader extensions before, but nothing is as clean and easy to use. In less than 24 hours since I deleted it, my normally heavy RSS use has tanked because it’s so damn hard to use anything else.
Please, re-release Wizz on your own. I really want it back.
@Ongytenes: The vulnerabilities are cross platform.
@Adam: I also understand the need for adherence to the namespacing guidelines. It is something I started working on many years ago, even before the namespacing guidelines were published. So I know full well what a nightmare job it’ll be. The Wizz RSS code, as it stands today, is the product of years of “evolution.” The code is not nicely structured, and is probably best described as spaghetti (A term that gives all programmers cold shivers). I also know that any attempt to get the code into nice neat classes will, at first, cause numerous bugs – And believe me, just testing all of the functionality in Wizz RSS is a task.
Another vote of confidence from a very happy Wizz user, with no intention of uninstalling it. There is a Dutch proverb saying “the soup is never eaten as hot as it is served”, and I hope it will apply here too – that a solution can be found…
The technicalities are a bit beyond me, but I was wondering whether anything would stop me continuing to use Wizz if I refuse to uninstall it. Can I keep on using it if I upgrade to subsequent version of Firefox, or will it eventually stop working?
@Koen: Mozilla does run a blocklist mechanism that, as far as I know, can be used to disable add-ons in Firefox. Apart from that, there is nothing that can force you to uninstall Wizz RSS.
@Mike: Thanks for that clarification, Mike. I found some details on this here http://kb.mozillazine.org/Extensions.blocklist.enabled – “If blacklisted extensions are already installed, disable them, and prevent blacklisted extensions from being installed in the future.” One solution might be to set this preference to “false” (although that might facilitate the installation of malicious extensions, of course, and any user would need to ensure that any current and new extension is safe).
Seriously, the only reason why i don’t switch to chrome (wich is better) is cuz the great extensions like this one. And if this continue im going to abandon firefox.
I love Wizz RSS.
I’ll never uninstall it!!!
Hello Mike,
count also me on the list of people supporting you and your extension.
I’ve been using it since a couple of years (or even more), RSS goes back to irritating stuff without WIZZRSS!
Your code might be spaghetti, but I guess in the sw world it is the main dish we eat everyday
Try what you can to plug the holes and go on!
Thanx!
Max
Hi,
I am not going uninstall Wizz. As I usually don’t care about the usual crescendo and noise created occasionally about the security vulnerabilities as far as my home computer is concerned. As home, I never keep any personal or sensitive info info my computer and at my company they have all security related infrastructures like firewall, network isolation mechanisms, VLANs, VPNs etc. So they will (and they must) take care of that.
So, as I normal user at home (in fact I am a power user), I am not worried about that. (Yeah, I know the capabilities of hackers, and the only thing I used to check is that my computer is being used as a ‘stepping stone’ to other systems. But I take precautions and I Port Blocking Software, Firewalls, (I feel Commodo is a good one – also Norton 360 (and everything is constantly updated)), Also, Anti-Spyware etc.
One last thing. At home I can switch of my computer whenever I like. (I can even switch it of without logging off – Just pull the power ! And I am becoming a master of this thing );
I also hope this thing will be sorted out. Not going to uninstall it. Thanks for the great extension.
One more who will NOT uninstall Wizz. It’s excellent. Period.
One more who will NOT, no Sir, uninstall Wizz. It’s an excellent add-on.
Thanks for the excellent job with this add-on, you made a great tool for all of us. I will not uninstall Wizz RSS to!
I WANT WIZZ
best regard’s to Mike.
Please, do not shutdown the project. It is one of my favorite extensions…
There are a lot of people all over the world that actually enjoy and appreciate your work. And I am one of them.
Not going to uninstall. Good luck and hope you can reconsider and appeal to a higher Mozilla authority. Maybe a petition drive?
I’ve spent two hours following an friend’s advice and transferred all my Wizz RSS feeds to Thunderbird.
ThunderBird is not a substitute for Wizz RSS.
So I have come here and read these comments.
Back to Wizz RSS (with vulnerabilities) it is. Given the nature of the sites I take RSS feeds from (BBC, job sites, major web presences) I do not feel terrible concerned about said vulnerabilities.
Wizz RSS is undoubtedly the best RSS feed Reader I’ve come across- big egos at firefox can shove their egos where the sun dont shine – I’ll keep using Wiz RSS and probably wont bother upgrading firefox if /when it becomes un-supportive of Wizz RSS ( Since thats the only reason i have firefox running -i prefer chrome so much except for its lack of add-ons)
Mike, I am yet someone else who refuses to uninstall Wizz RSS. Thanks for all your work and please do think this over. This is a great rss reader.
Funny old world…Wizz RSS is actually the reason that I still use Firefox, except for testing. I now use Chrome for most of my searching and general browsing.
With Wizz, I start much of my browsing in FF. Without it, I would move my RSS feeds to Google.
I _really_ appreciate all the work that you have done on this over the years, Mike!
@Adam: Thanks for the offer but I’m going to decline.
I’ve chained myself to Firefox for far too long. Believing, rather stupidly, that I was contributing to a worthwhile cause. Over the years I have jokingly referred to the Firefox “crew” as a bunch of little boys building a tree-house. Of course the irony is that my joke probably comes closer to the truth than I have realized
I guess the root cause of the Firefox dilemma is probably found somewhere in the fact that Mozilla is (Or was) a non-profit organization. Non-profits seem to have a very “governmental” approach to things, and (please forgive me if this sounds harsh) seem to attract those who can’t cut it in the “for profit world.” Please don’t get me wrong, I don’t mean to imply that they are stupid. On the contrary, some of the smartest IT type people I’ve met, I’ve met during my association with Firefox – It’s just their undying need for red tape that gets me.
I don’t usually do “me too” posts, but hey, Wizz is THE rss reader, and I will be using it for as long as possible. It is one of the three extensions that keep me from using Opera full time.
As far as I can tell from the available info, there is no real security issue here – unless the user adds feeds from sites that host malicious code or get themselves 100% compromised.
I just refuse to uninstall – no other reader has the three-pane layout WizzRSS has, and besides… others aren’t even close in terms of usability!
Mike,
Please stick with it, you have a loyal following and fill an important void for FF.
I can sympathize with the spaghetti problem as I have several production apps online that have turned into that. One of them (a Usenet News photo web archiver) took 60 hours to rewrite from scratch and is still more tangled than I like. Another (majordomo email list photo extractor/web archiver) is an even bigger mess, but is so functional I haven’t bothered to start a rewrite.
I wish you the best of luck in whatever way you choose to go with this!
Mike:
due to many things going on in life, I just found this thread. You know how much I like and used Wizz RSS reader, or at least I hope you do, especially since that blog post I wrote about the utility.
If nothing else, convert Wizz RSS to OpenSource and say “Be damned AMO!”
Greetings to all you creative sorts who have left messages regarding this WISS RSS. My not being a tech wizard — and because I didn’t read this blog first, I uninstalled the reader. If I have a problem with my OS, I need help to find the solution. Even so, reading what everyone has said, I regret having deleted the folder. I didn’t consider what feeds I might not be able to access… So if you manage to devise a solution, I hope I will be on the list to download the new version. Sadly…
I wrote comments. Have these been lost? I filled in the blanks for the previous Anti-spam word… Don’t know what is the trouble that the message appears to have not gone thru.
I thanked everyone for comments, admitted I am not a tech wizard, and regretted that I had followed instructions and uninstalled the reader before having read comments.
Sad. Please email me or notify me if you write a new reader.
Thank you for everything and am sorry to see people do this to others.
I’ll take my chances with the “vulnerabilities” as its stays “as is”.
The service you provided is outstanding and certainly not deserving of this.
Larry C.
@: Wizz RSS has always been Open Source. The source code is included in the XPI distributable. In fact to say that the source code is “included” is even incorrect – It is the uncompiled source code that executes at run-time. So without the source, nothing would work
Wizz RSS is licenced under the GNU GENERAL PUBLIC LICENSE Version 3 of 29 June 2007 – Which is included in the Readme.txt file, which is also part of the XPI distributable.
Wholeheartedly agree with the first two comments, couldn’t have put it better myself. Wizz was, sorry IS the best reader for Firefox and if paranoia gets in the way and no assistance is added to a commited supporter of firefox especially in it’s early stages and which has been one of the contributors to it’s popularity then it looks like a lot of add-ons are going to suffer from the paranoia and over reactive egos of a few heads. I also am keeping it and will take my chances. It’s an RSS reader for God’s sake.
I am saddened that Wizz Rss has fallen out of favor with the powers that be at Mozilla. As many others, I have come to depend on your extension and will be looking forward to the 3.2 version. I’ll gladly upgrade FireFox to be compataible with Wizz Rss.
Thanks for all your efforts.
jdg
I’d be happy to work on the namespacing requirements, if that’s the main thing holding you back. I know there are other considerations, including the way you’ve been jerked around, but there are a whole lotta people out here who appreciate your work. I’d be glad to contribute gruntwork.
I have to correct myself immediately: gave IE8 a test-drive at least for RSS. There is indeed a nice OPML import/(export) facilty: Got all my WIZZ-exported feeds back. The explorer view is not as good, especially the helpful feed item window lower/left corner is missing, but o.k.
I too have been using wizz RSS for as long as I can remember, and can’t imagine a day without it – please keep up the great work!
It has been what ? Years using and finding very comfortable wizz rss and all of it’s simplicity to the need itself.
It changed my way of using RSS feeds, and I will simply take my chances to that vulnerability issue, once these days mozilla is crazy about whatever does whatever in the most complicated ways.
Anyway, good luck, thanks to you for such extension since about some years ago. Its been since a long i just got too used to it to let it go too. And i got some better anti-hijacking tools myself, if some of these vulnerabilities decides to bother ….
Hope these Stupidzilla guys wake up to what it means being human someday, and hopefully before they turn totally into machines, hehe.
I’ve tried others before, and found that WIZZ is the perfect choice for me.
I will not uninstall either.
Wizz is the least bad RSS app there is! Please don’t abandon it ‘cos of us eejits…
Mike,
PLEASE do NOT kill Wizz RSS – I am using it on a daily basis and NOTHING (absolutely nothing) can replace its speed, ease of use, etc. Please challenge Firefox when they say that there are alternatives…They are WRONG!. Ask them to name one alternative that can load the feed without clicking on the mouse, just by scrolling on the lists….Ask them to name one alternative with the same speed, ease of use and support from its user base! Show them this blog! Please make a safe version compatible to 3.6. Many (many thanks) for improving the productivity of thousands of people!
Mike, I followed the instructions and uninstalled Wizz, thinking I would then go back to the addons page and get the latest version. This was before you posted your reasons. Surprise! There are no versions. How can I get it back?
I too would like to express my regret that you have
decided to discontinue this tool. I have found it to be the least obtrusive and easy to use news reader, and i have
been using it for over a year.
Whatever your reasons, your contribution to free software
and the firefox community were invaluable. For what it’s worth, thank you very much.
I read the explanations of what’s going on. I’m a software engineer of many years and have also worked on some mozilla extensions.
What has happened (in my never so humble opinion) is mozilla is trying its best to clean up its code and the code of its satellite apps for many reasons (google/bing up articles on mozilla’s security problems and its efforts for next releases)
I’m not sure of the best practices, coding standards, etc but if they were never published it does make it difficult to follow them. I will agree with the name space convention though. It’s the only way to separate objects in the domain architecture.
Would be great to see a secure version that meets with Mozilla’s approval. I will watch this space …
okay – scrap that last comment. Seems like a fix is out – just need to go to next version of FF – sigh.
Hi,
Thanks to Mike for years of good work.
To all the “me too” and “please keep working on Wizz” posters -
Please consider donating to Mike:
http://www.wizzrss.com/donate.php
Even if it does not cause him to continue his work, at least it would be a nice thank-you, in addition to all the verbal thank-yous.
cheers
Oliver
PS: I have donated to Mike in the past. No big sum, but at least something.
Hi again,
For those who have decided to uninstall Wizz: I am now using the “Feed Sidebar” extension. Might be something worth to try out.
Not quite the same functionality but good enough for my simple use of news feeds.
cheers
Oliver
@Warren: I have absolutely no problem whatsoever with Mozilla trying to clean up the extension codebase, but I’m sure that there are more intelligent ways of dealing with the problem. Rather than pulling out the big stick, it would be much better to plan a structured approach, which developers are made aware of and asked to become part of, where over a period of time (Using well defined milestones) all code is cleaned up and made more secure.
I can also assure you of this – and I’m pretty sure that the same applies to all Firefox extension developers – I have always done my best to provide functionality that is useful, stable and bug free. I don’t have a malicious mind, so when I develop code, I think in terms of functionality, and not in terms of how vulnerable it might be. In the real world we have systems architects that consider application security, and their recommendations get built into the functional design. The real world also offers systems analysts, business analysts and testers who are able to test functionality against a given set of test cases. Firefox extension development offers none of these luxuries, unless you happen to be a large corporation developing extensions for Firefox.
Another thing I feel compelled to mention: In all the years that I have been associated with Firefox, there has been a feeling (Real or imagined) of double standards. One set of standards that applies to those who are members of the “old boys club” (If you know what I mean), and another set of standards that applies to the Plebs.
@Oliver Doepner: Thanks for trying to stir up financial support, but I should tell you that financial reward has never been a very big motivational factor in my life. I guess that is the main reason why I’ll never be rich, but more important than riches, I’m more than likely to be happy
Of course if you offer something that would make my 17 year old child a genius at school, I’d be putty in your hands!
Mike:
thank you for doing all the right things for us Wizz RSS fans out here. I wholeheartedly agree with all the messages of support! WizzRSS is the only reader I use because it’s so user friendly and doesn’t get in the way.
Not being a security expert, I don’t know the real risk of keeping it running, but for now I will keep it and trust that my firewall & anti-virus software will keep things under control.
I don’t have the expertise to fix code, but please call on me as a beta user to help test any upgrades.
Chris.
I can’t believe this is happening. This is by far the best RSS reader I have ever used on any platform. You will have to pry this from my cold, dead hands cause I wont willingly part with it.
i love Wizz RSS
and i don´t unistall
@Mike: Maybe your 17 year old could take over Wizz RSS maintenance … He/she would probably learn some good job skills in that role … ;^)
Mike,
Very sad to see this happening. I hope there might be a way of getting things back on track though…Would it be possible to fix the safety loopholes and make the software available as is on a site outside of Firefox/Mozilla???
I will not uninstall – It seems that the issue was always there and I never had a problem!
- This utility is too useful!
I’M SPARTACUS!!!
I mean I’m not uninstalling either … hopefully this will work out; so that we don’t lose Wizz …
Thanks a lot for WIZZ so far.
It’s one of my daily used tools and I don’t want to miss it.
Think about some Aikido – take the force coming to you, get it under control, turn it around and stay upon. Keep your good work.
Mike, I think that your software is the best feed manager on the net, and when I found it, I suddenly understood that I was Firefox’s and Firefox was mine, forever!
So, I’ll never remove the add-on, I’ll take my chances.
The warning page does not bother me at all, I’m wathcing it every morning, in order to be aware when the problem will be fixed.
Please, consider the appreciation to your work as a medicine for your ego.
Long Life and Prosperity!
This is as prove that You have quality tool that people like it.Please stay on Your legs and continue working on Your project…don’t give up!!!
I love Wizz, it is by far the most important addon (with session manager) to me. I won´t uninstall it. Thanks for your work.
For those who are concerned about Firefox security, I think you’ll find this interesting – http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
Mike, Wizz RSS is the best reader around and I will take my chances and leave it installed because to remove it would dramatically alter the way I use FF. You make a great script and it would be a shame to see it come to an end. I for one appreciate all the hard work you put into it.
Thank you.
When I found out about RSS I immediately looked for a way to access them in Firefox (and we’re talking about a long time ago, here). Looked at what was available and found WizzRSS fitted every requirement I had. No matter what some moronic set of rules try and say I will not stop using WizzRSS – there is no better, simple as that.
Mike, Wizz RSS is the best reader around and to uninstall it would dramatically alter the way I use FF. I will leave it installed and take my chances. I really appreciate all the hard work you have put into the Wizz RSS reader.
Thank You.
Wizz RSS is simply second to none.
One of the best FF Addons I know of. If not the best.
Please do not discontinue Wizz RSS, please …
It just deserves a better destiny.
Please stop bothering me with the “Please uninstall Wizz RSS” pop up page because I will not uninstall Wizz RSS :p
I have 3.0.11, largely due to my reluctance to add new things. Is this an issue of concern for me regarding the problems cited with uninstalling Wizz RSS? Thanks for your reply.
@chowmein: Yes, it is very definitely a concern. 3.1 was patched to close vulnerabilities, and details of those vulnerabilities have been disclosed. This means the whole world (Well that part of it that read security notifications – Which I’m sure includes many of the despicable crud who infest our planet) knows about security holes in Wizz RSS pre 3.1.
Thank you for working on and developing this fantastic tool. Its too bad that its being shut down. Good luck with the future.
Mike
I will sandbox Firefox in a VM to just go ahead using Wizz!
Great work Mike and hope you calmed down a bit
Well this is unfortunate. Mike, I’m that guy in Atlanta who said he’d buy you a beer for making the notification box clickable again, and that offer still stands
Thanks for all the hard work!
@Benson: So you mean I didn’t make the notification box clickable? Or do you owe me a beer?
Nope, I definitely owe you a beer
I’ll never remove this program! It’s way too awesome for following my friends on Digg.
there’s just *no way* i’m going to remove wizz rss from my firefox install. good software is hard to find, smart software is even harder. long live wizz rss.
so – you only publish/answer posts that please you – I listened now and I removed you’re annoying ‘please remove…’ piece – thank you
Mike,
Thanks for all the hard work. Wizz has been one of my most used add-ons for a very long time now.
With very best wishes from Bangkok
@mike (The zippomail one): If you open your eyes might see that I replied to the comments you made here – http://wizzrss.blat.co.za/2009/11/17/vulnerability-safe-versions/ – TWICE! I even wrote this blog post – http://wizzrss.blat.co.za/2009/12/16/steps-to-stop-the-nag-page-from-displaying/ – just for you and others who want to turn the nag page off.
I guess it’s attitudes like yours that get people like myself pissed off!
Hi Mike.
Wizz RSS is the best RSS addon for Firefox I found, I have been using it for almost 4 years and it’s been always great.
I hope that those trolls won’t get you down.
Long live to Wizz RSS!!!!
O.K. where is the beer money link
Hi, Mike.
Is it too late for me to request my list of feeds from your server? I’ve inadvertently upgraded FF so now can’t try again to see if you’ve enabled that again.
Just tell me what’s best for you. Emailing me if great.
Thanks, again for all your help.
-Roy
@Roy: If you upgraded to Firefox 3.6, install Wizz RSS 3.2.0.0 and you’ll be able to restore your feeds from the server.
Hi Mike,
Love the program. I have one request. The old version permitted marking every item in a single feed as read in one click (via “mark this item as read”), but that option is now ghosted out. Any chance of restoring that functionality?
Thanks!
Rich
@Rich: From what I can see that functionality still works just fine. The option is grayed out when right-clicking the feed title in the items pane, but on the Found Items tab (as far as I can remember, it only worked on the Found Items tab) it works and marks all items from a particular feed.
Mike,
Thanks for the fast response. Yes, that’s exactly what I was talking about. In the last version, one could right-click the feed title and mark all the feeds within that title as read by selecting “mark this item as read.” I’m not sure how many people used that, but I used it a lot (I use Wizz RSS to manage my 200+ Digg.com friends). Perhaps others did as well.
Regardless, it’s still an awesome RSS reader.
Thanks!
Rich
It’s another one of the many well hidden features of Wizz RSS that many people don’t know about
So are you saying that it no longer works for you on the Found Items tab?
Or, was there similar functionality on the Wizz RSS tab?
Mike,
It no longer works in the Wizz RSS tab. When I go there and attempt to mark all items within a feed as read by right-clicking the feed itself, the option to “mark this item as read” is now grayed out.
Here’s a screen shot: http://i182.photobucket.com/albums/x223/TheEngineer2007/wizzrss.jpg
Thanks!
Rich
I know that my memory is really bad, but I’m pretty sure that that functionality only ever worked on the Found Items tab.
I even documented it as such in the online help: – http://www.wizzrss.com/helpwiki/index.php/Marking_all_items_found_in_a_specific_feed_as_read/unread
Mike,
Thanks again for checking.
It actually used to work. Not sure if anyone even knew, as it wasn’t designed to, but I used it every day for a year.
Regardless, it’s fine. Thanks again for replying.
Rich
@Rich: I’ve just dug into the code, and… You are quite correct
In the process of digging into the code, I also discovered a few bugs with marking items on the Found Items tab. Duplicate element IDs, which have obviously been lurking in the code for years and years.
1. I have fixed the duplicate element IDs.
2. I have stopped the context menu from being displayed when an item isn’t selected.
3. The option to open the feed title on a new tab is now grayed out.
4. The option to share the feed title via email is now grayed out.
5. I have reinstated the “Mark This Item as Read/Unread” functionality for feed titles on the Wizz RSS tab.
Thanks for being persistent about the missing functionality!
Give me an hour or two, and I’ll put a patched version of 3.2.0.0 online.
Mike,
I installed the new version. Your fix did the trick. Thanks!
Rich
WIZZ RSS IS BACK!!!! I HOPED FOR THE MOMENT I COULD MOVE MY RSS FEEDS BACK TO WIZZ RSS AND TODAY IS THAT DAY!!!
MANY, MANY THANKS!!!
@Sander: It never really went away
I just got pissed off with “mini-me Adolf Hitler” and the rest of his “crew” on AMO. I have calmed down a tad since then. Wizz RSS will no longer be available through AMO, but it is available here – http://blat.co.za/XPIs/wizzrss3200.xpi – and here – http://www.wizzrss.com/XPIs/wizzrss3200.xpi
It is made available on the understanding that it contain vulnerabilities. While I have done my very best to ensure that vulnerabilities are plugged, there is still no guarantee that no vulnerabilities exist.
@Mike: Thx for the explanation!
Hello, Mike, Having followed instructions to delete the earlier RSS feed I just now clicked on the option to download the new version. Firefox prevented this site (wizzrss.blat.co.za) from asking (me) to install software on (my) computer.
So what is the problem now, I wonder? I am provided the option to “Allow” but thought to ask first what this might be about.
Thank you for any explanation.
@Joanne: It’s a normal security feature which prevents unscrupulous people from slipping add-ons into your installation of Firefox without your knowledge.
Just click the Allow button, and Wizz RSS will be downloaded and installed.
More information is available on the Mozilla support site – http://support.mozilla.com/en-US/kb/Unable+to+install+add-ons#Firefox_prevented_the_site_from_asking_you_to_install_software
Is there a way to probit the annoying message in firefox wich advises me to remove the wizz rss link?
@Sander: I assume you are talking about the nag page?
You have two options: -
1. You can “buy” a nag free version by making a donation. See http://www.wizzrss.com/dlnn.php
2. You can make the code change outlined in this blog post – http://wizzrss.blat.co.za/2009/12/16/steps-to-stop-the-nag-page-from-displaying/
I had trouble when attempting a PayPal donation.
I then tried to implement the code changes. When reopening Firefox, the WizzRSS toolbar and the Google toolbars both failed to open. I restored the unedited wizzrss.jar file and everything reopened fine (except I still get the nag message, of course).
On a separate note, I wonder if a continuing message warning of security vulnerabilities isn’t counterproductive. No one wants their products remotely associated with security problems, so actually forcing such a message seems like a net negative. Perhaps a more positive nag message would be better.
@Rich: If everything disappeared after making the code change, it probably means that you didn’t repack the zip/jar file correctly. Look at the internal structure of the working zip/jar file before you unpack it, and make sure that after repacking, the zip/jar has the same structure.
Yeah, I’ve been thinking about changing the content of the nag page for a while. Problem is, I know for a fact that most people simply ignore it, and it wouldn’t surprise me to find that some people are still unaware of the fact that they are using a version that has vulnerabilities.
Maybe I’ll change it tomorrow
I won’t stop using the best… Long life to Wizz RSS!
Mike -
Thanks for the new version – I’ve put my money where my mouth and purchased a nag-free version.
Again, thanks for your continuing efforts and a great little add-on.
jdg
There is a typo as well. When deleting a feed, the prompt states: “Are you sure that you want to delete this category and all of it’s feeds?,” when it should read, “….all of its feeds?”
@Rich: I’m pretty sure that that won’t break anything
Of course not. I only mention it because you’re updating things.
K… Fixed it. Next time I push out a change/fix, you’ll get it.
Hi Mike,
Although I like Firefox and appreciate the security approach I also like Wizz RSS. If what you say is correct regarding an agenda then this is unfortunate and must irritate you substantially. Worry not for your product is good and I am sure the base of users you have will continue to speak highly of your product.
Cheers,
Rob
Hi Mike: just an e-mail for support. Thanks for Wizz RSS.