June 8, 2017

A Security Question

To my shame, I don’t have a certificate for my blog yet, but as I was flipping through some referer logs I realized that I don’t understand something about HTTPS.

I was looking into the fact that I sometimes – about 1% of the time – I see non-S HTTP referers from Twitter’s URL shortener, which I assume means that somebody’s getting man-in-the-middled somehow, and there’s not much I can do about it. But then I realized the implications of my not having a cert.

My understanding of how this works, per RFC7231 is that:

A user agent MUST NOT send a Referer header field in an unsecured HTTP request if the referring page was received with a secure protocol.

Per the W3C as well:

Requests from TLS-protected clients to non- potentially trustworthy URLs, on the other hand, will contain no referrer information. A Referer HTTP header will not be sent.

So, if that’s true and I have no certificate on my site, then in theory I should never see any HTTPS entries in my referer logs? Right?

Except: I do. All the time, from every browser vendor, feed reader or type of device, and if my logs are full of this then I bet yours are too.

What am I not understanding here? It’s not possible, there is just no way for me to believe that it’s two thousand and seventeen and I’m the only person who’s ever noticed this. I have to be missing something.

What is it?

FAST UPDATE: My colleagues refer me to this piece of the puzzle I hadn’t been aware of, and Francois Marier’s longer post on the subject. Thanks, everyone! That explains it.

SECOND UPDATE: Well, it turns out it doesn’t completely explain it. Digging into the data and filtering out anything referred via Twitter, Google or Facebook, I’m left with two broad buckets. The first is is almost entirely made of feed readers; it turns out that most and maybe almost all feed aggregators do the wrong thing here. I’m going to have to look into that, because it’s possible I can solve this problem at the root.

The second is one really persistent person using Firefox 15. Who are you, guy? Why don’t you upgrade? Can I help? Email me if I can help.

April 7, 2017

Planet: Secure For Now

Filed under: digital,fail,interfaces,mozilla,work — mhoye @ 9:25 pm


This is a followup to a followup – hopefully the last one for a while – about Planet. First of all, I apologize to the community for taking this long to resolve it. It turned out to have a lot more moving parts than were visible at first, and I didn’t know enough about the problem’s context to be able to solve it quickly. I owe a number of people an apology for that, first among them Ehsan who originally brought it to my attention.

The root cause of the problem was that HTTPlib2 in Python 2.x doesn’t – and apparently will never – support Server Name Indication, an important part of Transport Layer Security on shared hosts. This is probably not a big deal for anyone who doesn’t need to make legacy web-facing Python utilities interact securely with modernity, but… well. It me, as the kids say. Here we are.

For some context, our particular SSL problems manifested themselves with error messages like “Error urllib2 Python. SSL: TLSV1_ALERT_INTERNAL_ERROR ssl.c:590” behind the scenes and “internal error” in Planet proper, and I think it’s fair to feel like those messages are less than helpful. I also – no slight on my colleagues in this – don’t have a lot of say in the infrastructure Planet is running on, and it’s equally fair to say I’m not much of a programmer. Python feature-backporting is kind of a rodeo too, and I had a hard time mapping from “I’m using this version of Python on this OS” to “therefore, I have these tools available to me.” Ultimately this combination of OS constraints, library opacity and learning how (and if, where and when) SSL works (or doesn’t, and why) while working in the dated idioms of a language I only half-know didn’t add up to the smoothest experience.

I had a few options open to me, or at least I thought I did. Refactoring for Python 3.x was a non-starter, but I spent far more time than I should have trying to rewrite Planet to work directly with Requests. That turned out to be harder than I’d expected, largely because Planet code has a lot of expectations all over it about HTTPlib2 and how it behaves. I mistakenly thought re-engineering that behavior would be straightforward, and I definitely wasn’t expecting the surprising number of rusty edge cases I’d run into when my assumptions hit the real live web.

Partway through this exercise, in a curious set of coincidences, Mike Connor and I were talking about an old line – misquoted by John F. Kennedy as “Don’t ever take a fence down until you know the reason why it was put up” – by G. K. Chesterton, that went:

In the matter of reforming things, as distinct from deforming them, there is one plain and simple principle; a principle which will probably be called a paradox. There exists in such a case a certain institution or law; let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, “I don’t see the use of this; let us clear it away.” To which the more intelligent type of reformer will do well to answer: “If you don’t see the use of it, I certainly won’t let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it.”


One nice thing about ancient software is that it builds up these fences; they look like cruft, like junk you should tear out and throw away, until you really, really understand that your code, and you, are being tested. That conversation reminded me of this blog post from Joel Spolsky, about The Worst Thing you can do with software, which smelled suspiciously like what I was right in the middle of doing.

There’s a subtle reason that programmers always want to throw away the code and start over. The reason is that they think the old code is a mess. And here is the interesting observation: they are probably wrong. The reason that they think the old code is a mess is because of a cardinal, fundamental law of programming:

It’s harder to read code than to write it.

This is why code reuse is so hard. This is why everybody on your team has a different function they like to use for splitting strings into arrays of strings. They write their own function because it’s easier and more fun than figuring out how the old function works.

As a corollary of this axiom, you can ask almost any programmer today about the code they are working on. “It’s a big hairy mess,” they will tell you. “I’d like nothing better than to throw it out and start over.”

Why is it a mess?

“Well,” they say, “look at this function. It is two pages long! None of this stuff belongs in there! I don’t know what half of these API calls are for.”

[…] I know, it’s just a simple function to display a window, but it has grown little hairs and stuff on it and nobody knows why. Well, I’ll tell you why: those are bug fixes. One of them fixes that bug that Nancy had when she tried to install the thing on a computer that didn’t have Internet Explorer. Another one fixes that bug that occurs in low memory conditions. Another one fixes that bug that occurred when the file is on a floppy disk and the user yanks out the disk in the middle. That LoadLibrary call is ugly but it makes the code work on old versions of Windows 95.

Each of these bugs took weeks of real-world usage before they were found. The programmer might have spent a couple of days reproducing the bug in the lab and fixing it. If it’s like a lot of bugs, the fix might be one line of code, or it might even be a couple of characters, but a lot of work and time went into those two characters.

When you throw away code and start from scratch, you are throwing away all that knowledge. All those collected bug fixes. Years of programming work.

The first one of these fences I hit was when I discovered that HTTPlib2.Response objects are (somehow) case-insensitive dictionaries because HTTP headers, per spec, are case-insensitive (though normal Python dictionaries very much not, even though examining Response objects with basic tools like “print” makes them look just like they’re a perfectly standard python dict(), nothing to see here move along. Which definitely has this kind of a vibe to it.) Another was hitting what might be a bug in Requests, where usually it gives you “200” as the HTTP “Everything’s Fine” response, which Python will happily and silently turn into the integer HTTPlib2 is expecting, but sometimes gives you “200 OK” which: kaboom.

On the bright side, I did get to spend a few minutes reminiscing fondly to myself about working with Dave Humphrey way back in the day; in hindsight he warned me about this kind of thing when we were working through a similar problem. “It’s the Web. You get whatever you get, whenever you get it, and you’ll like it.”

I was mulling over all of this earlier this week when I decided to take the best (and also worst, and also last) available option: I threw out everything I’d done up to that point and just started lying to the program until it did what I wanted.

This gist is the meat of that effort; the rest of it (swap out the HTTPlib2 calls for Requests and update your error handling) is straightforward, and running in production now. It boils down to taking a Requests object, giving it an imaginary friend, and then standing it on that imaginary friend’s shoulders, throwing a trenchcoat over it and telling it to act like a grownup. The content both calls returns is identical but the supplementary data – headers, response codes, etc – isn’t, so using this technique as a shim potentially makes Requests a drop-in replacement for HTTPlib2. On the off chance that you’re facing the same problems Planet was facing, I hope it’s useful to you.

Again, I apologize for the delay in sorting this out, and thank you for your patience.

February 10, 2017

Planet Migration Shakeout

Filed under: mozilla,work — mhoye @ 11:51 am

This note is intended for Planet and its audience, to let you know that while we’re mostly up and running, we’ve found a few feeds that aren’t getting pulled in consistently or at all. I’m not sure where the problem is right now – for example, Planet reports some feeds as returning 403 errors, but server logs from the machines those feeds live on don’t show those 403s as having ever been served up. A number of other feeds show Planet reporting “internal server errors”, but again, no such errors are visible elsewhere.

Which is a bit disconcerting, and I have my suspicions, but I won’t be able to properly dig into this stuff for a few days. Apologies for the degraded state of the service, and I’ll report back with more information as I find it. Tracking bug is #1338588.

Update: Looks like it’s a difference of opinion between an old version of Python and a new version of TLS. I expect this to be resolved Monday.

Second update: I do not expect this to be resolved today. The specific disagreement between Python and TLS describes itself as the less-than-helpful SSL23_GET_SERVER_HELLO:tlsv1 alert internal error whose root cause can be found here; HTTPlib2 does not support SNI, needed to connect to a number of virtually-hosted blogs here in modernity, and it will take some more extensive surgery than expected to get Planet back on its feet.

Third update: The solution we have for this problem is to excise some outdated but vendored-in dependencies on Planet and move it to a recent version of Python. The combination of those things resolves this in staging, but it will take a few days before we can move this to production.

February 6, 2017

The Scope Of The Possible

Filed under: digital,future,interfaces,life,lunacy,mozilla,want,weird,work — mhoye @ 5:34 pm


This is a rough draft; I haven’t given it much in the way of polish, and it kind of just trails off. But a friend of mine asked me what I think web browsers look like in 2025 and I promised I’d let that percolate for a bit and then tell him, so here we go. For whatever disclaimers like this are worth, I don’t have my hands on any of the product direction levers here, and as far as the orgchart’s concerned I am a leaf in the wind. This is just my own speculation.

I’m a big believer in Conway’s Law, but not in the sense that I’ve heard most people talk about it. I say “most people”, like I’m the lone heretic of some secret cabal that convenes once a month to discuss a jokey fifty year old observation about software architecture, I get that, but for now just play along. Maybe I am? If I am, and I’m not saying one way or another, between you and me we’d have an amazing secret handshake.

So: Conway’s Law isn’t anything fancier than the observation that software is a collaborative effort, so the shape of large piece of software will end up looking a lot like the orgchart or communication channels of the people building it; this emerges naturally from the need to communicate and coordinate efforts between teams.

My particular heresy here is that I don’t think Conway’s Law needs to be the curse it’s made out to be. Communication will never not be expensive, but it’s also a subset of interaction. So if you look at how the nature of people’s interactions with and expectations from a communication channel are changing, you can use it as a kind of oracle to predict what the next evolutionary step of a product should look like.

At the highest level, some 23 years after Netscape Navigator 1.0 came out, the way we interact with a browser is pretty much the same as it ever was; we open it, poke around it and close it. Sure, we poke around a lot more things, and they’re way cooler and have a lot more people on far end of them but… for the most part, that’s it.

That was all that you could do in the 90’s, because that’s pretty much all that interacting with the web of the 90’s could let you do. The nature of the Web has changed profoundly since then, and like I’ve said before, the web is everywhere and in everything now. But despite that, and the fact that browsers are very different beasts now than they were when the Web was taking its first tentative steps, that high-level interaction model has stayed pretty much the same.

But if the web is everywhere and in everything, then an interaction that involves opening an app, looking through it and closing it again seems incredibly antiquated, like you’re looking out a porthole in the side of a steamship. Even the name is telling: you don’t “browse” the web anymore. You engage with it, you interact with it, and with people, groups and businesses through it.

Another way to say that is the next generation of web browser won’t look like a browser at all: it will be a service.

More specifically I think the next generation of what we currently call a web browser will be a hybrid web-access service; like the current Web, it lives partly on a machine somewhere and partly on whatever device or devices are next to you, and act as the intermediary – the user agent – that keeps you connected you to this modern, always-on Web.

The app model is almost, kind-of-partway there, but in so many ways it makes life more complicated and less interesting than it needs to be. For the most part, apps only ever want to connect you to one place or set of people. Maybe that’s fine and that’s where your people are. But maybe you have to juggle a bunch of different communities in your life across a bunch of apps that go out of their way to keep those communities from discovering each other, and they all seem to want different slices of your life, your time and data depending on what the ad revenue people think is trendy this week. And because companies want to cover their bases you end up with these strange brands-pretending-to-be-people everywhere. It’s a mess, and having to juggle a bunch of different apps and communities doesn’t make a ton of sense when we’ve already got a reliable way of shipping safe, powerful software on demand.

I think the right – and probably next – thing is to push that complexity away from their device, to this user-agent-as-a-service living out there on a serverin the cloud somewhere, just sitting there patiently paying attention. Notifications – a superset of messaging, and the other part of this picture – can come from anywhere and be anything, because internet, but your Agent can decide whether forward them on directly, filter or bounce them, as you like. And if you decide to go out there and get something – a video, a file, a page, whatever, then your Agent can do all sorts of interesting work for you in-flight. Maybe you want ad filtering, maybe you paid for an antivirus service to give that file a once-over, maybe your employer has security protocols in place to add X or strip out Y. There’s lots of room there for competing notification services, agent providers and in-agent services, a marketplace of ideas-that-are-also-machines.

There’s a couple of things that browsers, for all their warts and dated ideas, do better than any app or monolithic service; most of those have to do with user intent, the desire for safety and privacy, but also the desires for novelty, variety and unique humanity. I’ve talked about this before, the idea of engineering freedom in depth. I still think it’s possible to build human-facing systems that can – without compromise – mitigate the possibility of harm, and mount a positive defense of the scope of the possible. And I think maybe this is one way to do that.

(Updated: Typos, phrasing, added some links.)

December 2, 2016

William Gibson Overdrive

Filed under: digital,documentation,interfaces,mozilla,toys,work — mhoye @ 4:56 pm

From William Gibson’s “Spook Country”:

She stood beneath Archie’s tail, enjoying the flood of images rushing from the arrowhead fluke toward the tips of the two long hunting tentacles. Something about Victorian girls in their underwear had just passed, and she wondered if that was part of Picnic at Hanging Rock, a film which Inchmale had been fond of sampling on DVD for preshow inspiration. Someone had cooked a beautifully lumpy porridge of imagery for Bobby, and she hadn’t noticed it loop yet. It just kept coming.

And standing under it, head conveniently stuck in the wireless helmet, let her pretend she wasn’t hearing Bobby hissing irritably at Alberto for having brought her here.

It seemed almost to jump, now, with a flowering rush of silent explosions, bombs blasting against black night. She reached up to steady the helmet, tipping her head back at a particularly bright burst of flame, and accidentally encountered a control surface mounted to the left of the visor, over her cheekbone. The Shinjuku squid and its swarming skin vanished.

Beyond where it had been, as if its tail had been a directional arrow, hung a translucent rectangular solid of silvery wireframe, crisp yet insubstantial. It was large, long enough to park a car or two in, and easily tall enough to walk into, and something about these dimensions seemed familiar and banal. Within it, too, there seemed to be another form, or forms, but because everything was wireframed it all ran together visually, becoming difficult to read.

She was turning, to ask Bobby what this work in progress might become, when he tore the helmet from her head so roughly that she nearly fell over.

This left them frozen there, the helmet between them. Bobby’s blue eyes loomed owl-wide behind diagonal blondness, reminding her powerfully of one particular photograph of Kurt Cobain. Then Alberto took the helmet from them both. “Bobby,” he said, “you’ve really got to calm down. This is important. She’s writing an article about locative art. For Node.”



“The fuck is Node?”

I just finished building that. A poor man’s version of that, at least – there’s more to do, but you can stand it up in a couple of seconds and it works; a Node-based Flyweb discovery service that serves up a discoverable VR environment.

It was harder than I expected – NPM and WebVR are pretty uneven experiences from a novice web-developer’s perspective, and I have exciting opinions about the state of the web development ecosystem right now – but putting that aside: I just pushed the first working prototype up to Github a few minutes ago. It’s crude, the code’s ugly but it works; a 3D locative virtual art gallery. If you’ve got the right tools and you’re standing in the right place, you can look through the glass and see another world entirely.

Maybe the good parts of William Gibson’s visions of the future deserve a shot at existing too.

November 28, 2016

Planet: A Minor Administrative Note

Filed under: documentation,interfaces,work — mhoye @ 3:50 pm

I will very shortly be adding some boilerplate to the Planet homepage as well as the Planet.m.o entry on Wikimo, to the effect that:

All of this was true before, but we’re going to highlight it on the homepage and make it explicit in the wiki; we want Planet to stay what it is, open, participatory, an equal and accessible platform for everyone involved, but we also don’t want Planet to become an attack surface, against Mozilla or anyone else, and won’t allow that to happen out of willful blindness or neglect.

If you’ve got any questions or concerns about this, feel free to leave a comment or email me.

November 14, 2016

Switching Sides

Filed under: a/b,digital,documentation,interfaces,linux,mozilla,toys,work — mhoye @ 4:48 pm

Toronto Skyline

I’ve been holding off on a laptop refresh at work for a while, but it’s time. The recent Apple events have been less than compelling; I’ve been saying for a long time that Mozilla needs more people in-house living day to day on Windows machines and talk is cheaper than ever these days, so.

I’m taking notes here of my general impressions as I migrate from a Macbook Pro to a Surface Book and Windows 10.

I’ll add to them as things progress, but for now let’s get started.

  • I don’t think highly of unboxing fetishism, but it’s hard to argue against the basic idea that your very tactile first contact with a product should be a good one. The Surface Book unboxing is a bit rough, but not hugely so; there’s the rare odd mis-step like boxes that are harder than necessary to open or tape that tears the paper off the box.
  • I’ve got the Performance Base on the Surface Pro here; the very slight elevation of the keyboard makes a surprisingly  pleasant difference, and the first-run experience is pretty good too. You can tell Microsoft really, really wants you to accept the defaults, particularly around data being sent back to Microsoft, but you can reasonably navigate that to your comfort level it looks like. Hard to say, obvs.
  • I’m trying to figure out what is a fair assessment of this platform vs. what is me fighting muscle memory. Maybe there’s not a useful distinction to be made there but considering my notable idiosyncrasies I figure I should make the effort. If I’m going to pretend this is going to be useful for anyone but some alternate-universe me, I might as well. This came up in the context of multiple desktops – I use the hell out of OSX multiple desktops, and getting Windows set up to do something similar requires a bit of config twiddling and some relearning.The thing I can’t figure out here is the organizational metaphor. Apple has managed to make four-fingered swiping around multiple desktop feel like I’m pushing stuff around a physical space, but Windows feels like I’m using a set of memorized gestures to navigate a phone tree. This is a preliminary impression, but it feels like I’m going to need to just memorize this stuff.
  • In a multiple desktops setting, the taskbar will only show you the things running in your current desktop, not all of them? So crazymaking. [UPDATE: Josh Turnath in the comments turns out that you can set this right in the “multitasking” settings menu, where you can also turn off the “When I move one window, move other windows” settings which are also crazymaking. Thanks, Josh!]
  • If you’re coming off a Mac trackpad and used to tap-to-click, be sure to set the delay setting to “Short delay” or it feels weird and laggy. Long delay is tap, beat, beat, response; if you move the cursor the action vanishes. That, combined with the fact that it’s not super-great at rejecting unintentional input makes it mostly tolerable but occasionally infuriating, particularly if you’ve got significant muscle memory built up around “put cursor here then move it aside so you can see where you’re typing”, which makes it start selecting text seemingly at random. It’s way  better than any other trackpad I’ve ever used on a PC for sure, so I’ll take it, but still occasionally: aaaaaaargh. You’re probably better just turning tap-to-click off. UPDATE: I had to turn off tap to click, because omgwtf.
  • In this year of our lord two thousand and sixteen you still need to merge in quasi-magic registry keys to remap capslock . If you want mousewheel scrolling to work in the same directions as two-finger scrolling, you need to fire up RegEdit.exe and know the magic incantations. What the hell.
  • It’s surprising how seemingly shallow the Win10 redesign is. The moment you go into the “advanced options” you’re looking at the the same dialogs you’ve known and loved since WinXP. It’s weird how unfinished it feels in places. Taskbar icons fire off on a single click, but you need to flip a checkbox five layers deep in one of those antiquated menus to make desktop icons do the same.  The smorgasbords you get for right-clicking things look like a room full of mismanaged PMs screaming at each other.
  • You also have to do a bunch of antiquated checkbox clickery to install the Unix subsystem too, but complaining about a dated UI when you’re standing up an ersatz Linux box seems like the chocolate-and-peanut-butter of neckbearded hypocrisy, so let’s just agree to not go there. You can get a Linux subsystem on Windows now, which basically means you can have Linux and modern hardware with working power management and graphics drivers at the same time, which is pretty nice.
  • Pairing Apple’s multitouch trackpads with Windows only gets you one- and two-fingered gestures. C’mon. Really?
  • This is a common consensus here, after asking around a bit. Perplexity that Microsoft would put an enormous (and ultimately successful) effort into re-pinning and hardening the foundations underneath the house, recladding it and putting in an amazing kitchen, but on the 2nd floor the hinges are on the wrong side of the doors and there’s a stair missing on the way to the basement.
  • I’m not surprised the Windows Store isn’t the go-to installer mechanism yet – that’s true on Macs, too – but my goodness pickings there are pretty slim. Somehow I have to go visit all these dodgy-looking websites to get the basic-utilities stuff sorted out, and it feels like an outreach failure of some kind. This is vaguely related to my next point, that:
  • The selection of what does vs. doesn’t come preinstalled is… strange. I feel like Microsoft has space to do something really interesting here that they’re not capitalizing on for some reason. Antitrust fears? I dunno. I just feel like they could have shipped this with, say, Notepad++ and a few other common utilities preinstalled and made a lot of friends.
  • The breakaway power cables are fantastic. A power brick with fast-charge USB built in and freeing up slots on the machine proper is extremely civilized. You can be sitting with your legs crossed and have the power plugged in, which I sincerely miss being able to do with underpowered 1st-gen Macbook Air chargers back in the mists of prehistory.
  • The Surface Dock is basically perfect. Power, Ethernet, two DisplayPorts and four USB ports over that same breakaway cable is excellent. If you’ve ever used a vintage IBM Thinkpad docking station, this is something you’ve been wishing Apple would make for the better part of a decade.
  • I assumed “Skype Preview” was a preview version of Skype. I wanted (and pay for) the whole thing, so I immediately uninstalled that and installed normal Skype, which it turns out is really outdated-looking and ugly on Win10. I was bewildered about why a premiere Microsoft-owned thing like Skype would look ugly on their flagship OS, so I did some research and discovered that “Skype Preview” isn’t a preview version of Skype. It’s the prettified modern Win10 version. So I reinstalled it and uninstalled Skype. I’m sure this is somehow my fault for not understanding this but in my defense: words mean things.
  • This hardware is really nice. The hinge works great, eject to tablet is crisp and works well, reversing it to the easel setup is both surprisingly good and for-real useful.

Anyway, this is where I am so far. More notes as I think of them.


  • Definitely turn off the two-finger-tap-to-right-click option – if you don’t and you’ve got fat hands like mine, sometimes it will get into a state where everything is a right-click, which is inexplicable and upsetting.
  • I saw my first tripped-over USB-C cable send a Macbook crashing to the floor today. I suspect it will not be the last.

Further updates:

  • It turns out there’s a (baffling!) option to turn a click on the lower right corner of the trackpad into a right-click, which is just super-weird and infuriating if you don’t know it’s there and (apparently?) turned on by default.
  • The trick to reversing mousewheel scrolling only is here, and involves RegEdit, finding all the instances of FlipFlopWheel in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\ and changing them from 0 to 1. Very user friendly.
  • A lot of network-related stuff in the Unix subsystem doesn’t work right or at all yet, but my understanding is that this is fixed in the Insider builds.
  • A nice as having the Unix subsystem is, the terminal thing you use to get to it is infuriating retro-bizarro DOS-window garbage.  [UPDATE: bwinton has introduced me to Cmder, a console emulator for Windows that is vastly better than the Ubuntu default in every observable respect. Use that instead.]
  • Unexpected but pleasant: CPU in the lid instead of the base means your lap doesn’t overheat.

Further-er updates:

  • A nice touch: searching for common OSX utility names with the taskbar brings you directly to their Windows counterparts, like “grab” brings you to the snippets tool.
  • It’s surprising how often the “how do I do [something]?” links in the Settings dialog box take you to the same undifferentiated and completely un-navigable Windows 10 support page. Really rookie stuff, like they fired the intern responsible three weeks into their placement and just forgot about it.
  • It’s really frustrating how both of those experiences coexist basically everywhere in this OS. Nice, elegantly-deployed and useful touches in some places, arbitrarily broken or ill-considered jank in others.

Further Updates 4: The Furthening;

  • There’s now a Surface Book User Guide, and it’s got some good information in it. For example, fn-del and fn-backspace adjust screen brightness, something I’ve missed from my Macbook. Also, fn-space for screenshots is nice enough, though the provided snipping tool is better (better than OSX Grab, too.)
  • You can use AutoHotKey scripts to remap what pen-clicking does, turning it into a passable presenter’s tool. Which is kind of neat.

Finally, one of the most upsetting things about Windows 10 is how power management just doesn’t reliably work at all. There’s no safe-sleep; running out of battery means state loss, potentially data loss, and a cold reboot. I’ve had to set it to hibernate on a lid closed because sometimes suspend just… doesn’t. Before I did that, I’d put it into my bag with the lid closed and it would mysteriously wake in my backpack, once hot enough that it was uncomfortable to touch. Despite the fact that my unmodified default settings say “critical power level is 6% and the action to take here is hibernate”, I routinely see 4%-power-remaining warnings and then hard shutdowns, and if I’m not careful hard reboots afterwards. Honestly, what the hell.

Last update: Well, this is unfortunate:


Postmortem: Still like Windows 10, but after putting up with that screen yellowing and an increasing number of baffling hangs (and the discovery that the backup software had been silently failing for weeks), this machine got RMA’ed. I’ll have another one soon; hopefully it was an isolated hardware problem, but I guess we’ll see.

September 2, 2016

The Planet Is Safe For Now

Filed under: digital,documentation,future,interfaces,mozilla,work — mhoye @ 2:40 pm

This is a followup to this post – The Future Of The Planet – where I said we had four choices about what to do next:

  1. Do nothing; leave Planet as is.
  2. Improve Planet as a Planet.
  3. Replace Planet with something better suited to Mozilla’s needs.
  4. Replace Planet with nothing.

To give away the punchline, we’re going with option two.

I reviewed all the feedback from various places that post ended up – the Mozilla Community discourse forums, HackerNews, Reddit, my inbox, a handful of others – and was delighted to find that it was was generally positive and spoke to Planet’s ongoing relevance. The suggestions for improving the situation were also generally good and helpful, and even the person who accused me of planning to destroy Planet just so that I could put something on my CV that made me sound like a supervillain was worth a laugh.

In broad terms, that feedback was:

  • Planet is the best tool available for getting an overall sense of what all the different parts of Mozilla-the-global-community are up to, and there doesn’t seem to be anything more effective waiting in the wings. Virtually all Mozilla-related news sites or discussion forums are downstream of Planet aggregation in some way.
  • The signal to noise ratio is good enough. Constant vigilance, sure, but good enough.
  • Participatory but also low-effort and easy to skim is a nice combination, and makes it a good tool for an important job. However,
  • Accessing Planet – both as a participant and a consumer – is harder than it has to be in a number of ways. There’s room for improvement, and often new teams or projects feeds’ are overlooked.

With that in mind, I think we can do the following things in no particular order to improve Planet as both a tool and an experience.

  • The most common request was from people who’d rather have Planet show up in their inbox than open another app, so create an email-digest option for people who live in their inboxes.
  • Make a Bugzilla form for adding feeds.
  • Update the page style(s) to something modern and responsive that works well on mobile. Being able to pin more important posts to the top of these pages without disturbing the feeds would be a very nice feature to have.
  • Anoint a feed reader as Planet Mozilla’s reader of choice and point to it from the Planet homepage (along with information like “what is a feed” and “why do I need a reader”, because RSS usability is at an all time exactly where it’s always been.)
  • Possibly do the same for a comments forum? I’m open to suggestions, but it looks like Reddit is where most of that action happens these days. I’m definitely not building a new one.
  • Since new Mozilla projects and feeds pop up periodically, somebody needs to be more disciplined about getting the internal-comms part right. Mozilla team and project feeds should all be syndicated as a matter of course. Call me vain if you like, but I’m pretty confident the “somebody” they’re talking about here is me.

Some of these are more work than others, but I’ll open bugs for the ones that need them the next little while.

Thanks for your feedback, everyone.

August 29, 2016

Free As In Health Care

This is to some extent a thought experiment.

The video below shows what’s called a “frontal offset crash test” – your garden variety driver-side head-on collision – between a 2009 Chevrolet Malibu and a 1959 Chevrolet Bel Air. I’m about to use this video to make a protracted argument about software licenses, standards organizations, and the definition of freedom. It may not interest you all that much but if it’s ever crossed your mind that older cars are safer because they’re heavier or “solid” or had “real” bumpers or something you should watch this video. In particular, pay attention to what they consider a “fortunate outcome” for everyone involved. Lucky, for the driver in the Malibu, is avoiding a broken ankle. A Bel Air driver would be lucky if all the parts of him make it into the same casket.

 [ ]

Like most thought experiments this started with a question: what is freedom?

The author of the eighteenth-century tract “Cato’s Letters” expressed the point succinctly: “Liberty is to live upon one’s own Term; Slavery is to live at the mere Mercy of another.” The refrain was taken up with particular emphasis later in the eighteenth century, when it was echoed by the leaders and champions of the American Revolution.’ The antonym of liberty has ceased to be subjugation or domination – has ceased to be defenseless susceptibility to interference by another – and has come to be actual interference, instead. There is no loss of liberty without actual interference, according to most contemporary thought: no loss of liberty in just being susceptible to interference. And there is no actual interference – no interference, even, by a non-subjugating rule of law – without some loss of liberty; “All restraint, qua restraint, is evil,” as John Stuart Mill expressed the emerging orthodoxy.

– Philip Pettit, Freedom As Anti-Power, 1996

Most of our debates define freedom in terms of “freedom to” now, and the arguments are about the limitations placed on those freedoms. If you’re really lucky, like Malibu-driver lucky, the discussions you’re involved in are nuanced enough to involve “freedom from”, but even that’s pretty rare.

I’d like you to consider the possibility that that’s not enough.

What if we agreed to expand what freedom could mean, and what it could be. Not just “freedom to” but a positive defense of opportunities to; not just “freedom from”, but freedom from the possibility of.

Indulge me for a bit but keep that in mind while you exercise one of those freedoms, get in a car and go for a drive. Freedom of movement, right? Get in and go.

Before you can do that a few things have to happen first. For example: your car needs to have been manufactured.

Put aside everything that needs to have happened for the plant making your car to operate safely and correctly. That’s a lot, I know, but consider only the end product.

Here is a chart of the set of legislated standards that vehicle must meet in order to be considered roadworthy in Canada – the full text of CRC c.1038, the Motor Vehicle Safety Regulations section of the Consolidated Regulations of Canada runs a full megabyte, and contains passages such as:

H-point means the mechanically hinged hip point of a manikin that simulates the actual pivot centre of the human torso and thigh, described in SAE Standard J826, Devices for Use in Defining and Measuring Vehicle Seating Accommodation (July 1995); (point H)

H-V axis means the characteristic axis of the light pattern of a lamp, passing through the centre of the light source, used as the direction of reference (H = 0°, V = 0°) for photometric measurements and for the design of the installation of a lamp on a vehicle; (axe H-V)

… and

Windshield Wiping and Washing System

104 (1) In this section,

areas A, B and C means the areas referred to in Column I of Tables I, II, III and IV to this section when established as shown in Figures 1 and 2 of SAE Recommended Practice J903a Passenger Car Windshield Wiper Systems, (May 1966), using the angles specified in Columns III to VI of the above Tables; (zones A, B et C)

daylight opening means the maximum unobstructed opening through the glazing surface as defined in paragraph 2.3.12 of Section E, Ground Vehicle Practice, SAE Aerospace-Automotive Drawing Standards, (September 1963); (ouverture de jour)

glazing surface reference line means the intersection of the glazing surface and a horizontal plane 635 mm above the seating reference point, as shown in Figure 1 of SAE Recommended Practice J903a (May 1966); (ligne de référence de la surface vitrée)

… and that mind-numbing tedium you’re experiencing right now is just barely a taste; a different set of regulations exists for crash safety testing, another for emissions testing, the list goes very far on. This 23 page PDF of Canada’s Motor Vehicle Tire Safety Regulations – that’s just the tires, not the brakes or axles or rims, just the rubber that meets the road – should give you a sense of it.

That’s the car. Next you need roads.

The Ontario Provincial Standards for Roads & Public Works consists of eight volumes. The first of them, General And Construction Specifications, is 1358 pages long. Collectively they detail how roads you’ll be driving on must be built, illuminated, made safe and maintained.

You can read them over if you like, but you can see where I’m going with this. Cars and roads built to these standards don’t so much enable freedom of motion and freedom from harm as they delimit in excruciating detail the space – on what road, at what speeds, under what circumstances – where people must be free from the possibility of specific kinds of harm, where their motion must be free from the possibility of specific kinds of restriction or risk.

But suppose we move away from the opposition to bare interference in terms of which contemporary thinkers tend to understand freedom. Suppose we take up the older opposition to servitude, subjugation, or domination as the key to construing liberty. Suppose we understand liberty not as noninterference but as antipower. What happens then?

– Philip Pettit, ibid.

Let me give away the punchline here: if your definition of freedom includes not just freedom from harassment and subjugation but from the possibility of harassment and subjugation, then software licenses and cryptography have as much to do with real digital rights and freedoms as your driver’s license has to do with your freedom of mobility. Which is to say, almost nothing.

We should be well past talking about the minutia of licenses and the comparative strengths of cryptographic algorithms at this point. The fact that we’re not is a clear sign that privacy, safety and security on the internet are not “real rights” in any meaningful sense. Not only because the state does not meaningfully defend them but because it does not mandate in protracted detail how they should be secured, fund institutions to secure that mandate and give the force of law to the consequences of failure.

The conversation we should be having at this point is not about is not what a license permits, it’s about the set of standards and practices that constitutes a minimum bar to clear in not being professionally negligent.

The challenge here is that dollar sign. Right now the tech sector is roughly where the automotive sector was in the late fifties. You almost certainly know or know of somebody on Twitter having a very 1959 Bel-Air Frontal-Offset Collision experience right now, and the time for us to stop blaming the driver for that is long past. But if there’s a single grain of good news here’s it’s how far off your diminishing returns are. We don’t need detailed standards about the glazing surface reference line of automotive glass, we need standard seatbelts and gas tanks that reliably don’t explode.

But that dollars sign, and those standards, are why I think free software is facing an existential crisis right now.

[ ]

I think it’s fair to say that the only way that standards have teeth is if there’s liability associated with them. We know from the automotive industry that the invisible hand of the free market is no substitute for liability in driving improvement; when the costs of failure are externalized, diffuse or hidden, those costs can easily be ignored.

According to the FSF, the “Four Freedoms” that define what constitutes Free Software are:

  • The freedom to run the program as you wish, for any purpose (freedom 0).
  • The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
  • The freedom to redistribute copies so you can help your neighbor (freedom 2).
  • The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

The cannier among you will already have noted – and scarred Linux veterans can definitely attest to the fact – that there’s no mention at all of freedom-from in there. The FSF’s unstated position has always been that anyone who wants to be free from indignities like an opaque contraption of a user experience, buggy drivers and nonexistent vendor support in their software, not to mention the casual sexism and racism of the free software movement itself, well. Those people can go pound sand all the way to the Apple store. (Which is what everyone did, but let’s put that aside for the moment.)

Let’s go back to that car analogy for a moment:

Toyota Motor Corp has recalled 3.37 million cars worldwide over possible defects involving air bags and emissions control units.

The automaker on Wednesday said it was recalling 2.87 million cars over a possible fault in emissions control units. That followed an announcement late on Tuesday that 1.43 million cars needed repairs over a separate issue involving air bag inflators.

About 930,000 cars are affected by both potential defects, Toyota said. Because of that overlap, it said the total number of vehicles recalled was 3.37 million.

No injuries have been linked to either issue.

Potential defects.

I think the critical insight here is that Stallman’s vision of software freedom dates to a time when software was contained. You could walk away from that PDP-11 and the choices you made there didn’t follow you home in your pocket or give a world full of bored assholes an attack surface for your entire life. Software wasn’t everywhere, not just pushing text around a screen but everywhere and in everything from mediating our social lives and credit ratings to pumping our drinking water, insulin and anti-lock brakes.

Another way to say that is: software existed in a well-understood context. And it was that context that made it, for the most part, free from the possibility of causing real human damage, and consequently liability for that damage was a non-question. But that context matters: Toyota doesn’t issue that recall because the brakes failed on the chopped-up fifteen year old Corolla you’ve welded to a bathtub and used as rally car, it’s for the safety of day to day drivers doing day to day driving.

I should quit dancing around the point here and just lay it out:  If your definition of freedom includes freedom from the possibility of interference, it follows that “free as in beer” and “free as in freedom” can only coexist in the absence of liability.

This is only going to get more important as the Internet ends up in more and more Things, and your right – and totally reasonable expectation – to live a life free from arbitrary harassment enabled by the software around you becomes a life-or-death issue.

If we believe in an expansive definition of human freedom and agency in a world full of software making decisions then I think we have three problems, two practical and one fundamental.

The practical ones are straightforward. The first is that the underpinnings of the free-as-in-beer economic model that lets Google, Twitter and Facebook exist are fighting a two-ocean war against failing ad services and liability avoidance. The notion that a click-through non-contract can absolve any organization of their responsibility is not long for this world, and the nasty habit advertising and social networks have of periodically turning into semi-autonomous, weaponized misery-delivery platforms makes it harder to justify letting their outputs talk to your inputs every day.

The second one is the industry prisoner’s dilemma around, if not liability, then at a bare minimum responsibility. There’s a battery of high-caliber first-mover-disadvantages pointed at the first open source developer willing to say “if these tools are used under the following conditions, by users with the following user stories, then we can and should be held responsible for their failures”.

Neither of these problems are insoluble – alternative financial models exist, coalitions can be built, and so forth. It’ll be an upheaval, but not a catastrophic or even sudden one. But anyone whose business model relies on ads should be thinking about transitions five to ten years out, and your cannier nation-states are likely to start sneaking phrases like “auditable and replaceable firmware” in their trade agreements in the next three to five.

The fundamental problem is harder: we need a definition of freedom that encompasses the notion of software freedom and human agency, in which the software itself is just an implementation detail.

We don’t have a definition of freedom that’s both expansive in its understanding of what freedom and agency are, and that speaks to a world where the line between data security and bodily autonomy is very blurry, where people can delegate their agency to and gain agency from a construct that’s both an idea and a machine. A freedom for which a positive defense of the scope of the possible isn’t some weird semitangible idea, but a moral imperative and a hill worth dying on.

I don’t know what that looks like yet; I can see the rough outlines of the place it should be but isn’t. I can see the seeds of it in the quantified-self stuff, copyleft pushback and the idea that crypto is a munition. It’s crystal clear that a programmer clinging to the idea that algorithms are apolitical or that software is divorced from human bias or personal responsibility is a physicist holding to the aetheric model or phlogiston when other people are fuelling their rockets. The line between software freedom and personal freedom is meaningless now, and the way we’ve defined “software freedom” just about guarantees its irrelevancy. It’s just freedom now, and at the very least if our definition of what freedom is – and our debate about what freedom could be –  isn’t as vast and wide-ranging and weird and wonderful and diverse and inclusive and scary as it could possibly be, then the freedom we end up with won’t be either.

And I feel like a world full of the possible would be a hell of a thing to lose.

August 18, 2016

Culture Shock

Filed under: analog,documentation,interfaces,life,mozilla,vendetta,work — mhoye @ 3:18 pm

I’ve been meaning to get around to posting this for… maybe fifteen years now? Twenty? At least I can get it off my desk now.

As usual, it’s safe to assume that I’m not talking about only one thing here.

I got this document about navigating culture shock from an old family friend, an RCMP negotiator now long retired. I understand it was originally prepared for Canada’s Department of External Affairs, now Global Affairs Canada. As the story made it to me, the first duty posting of all new RCMP recruits used to (and may still?) be to a detachment stationed outside their home province, where the predominant language spoken wasn’t their first, and this was one of the training documents intended to prepare recruits and their families for that transition.

It was old when I got it 20 years ago, a photocopy of a mimeograph of something typeset on a Selectric years before; even then, the RCMP and External Affairs had been collecting information about the performance of new hires in high-stress positions in new environments for a long time. There are some obviously dated bits – “writing letters back home” isn’t really a thing anymore in the stamped-envelope sense they mean and “incurring high telephone bills”, well. Kids these days, they don’t even know, etcetera. But to a casual search the broad strokes of it are still valuable, and still supported by recent data.

Traditionally, the stages of cross—cultural adjustment have been viewed as a U curve. What this means is, that the first months in a new culture are generally exciting – this is sometimes referred to as the “honeymoon” or “tourist” phase. Inevitably, however, the excitement wears off and coping with the new environment becomes depressing, burdensome, anxiety provoking (everything seems to become a problem; housing, neighbors, schooling, health care, shopping, transportation, communication, etc.) – this is the down part of the U curve and is precisely the period of so-called “culture shock“. Gradually (usually anywhere from 6 months to a year) an individual learns to cope by becoming involved with, and accepted by, the local people. Culture shock is over and we are back, feeling good about ourselves and the local culture.

Spoiler alert: It doesn’t always work out that way. But if you know what to expect, and what you’re looking for, you can recognize when things are going wrong and do something about it. That’s the key point, really: this slow rollercoaster you’re on isn’t some sign of weakness or personal failure. It’s an absolutely typical human experience, and like a lot of experiences, being able to point to it and give it a name also gives you some agency over it you may not have thought you had.

I have more to say about this – a lot more – but for now here you go: “Adjusting To A New Environment”, date of publication unknown, author unknown (likely Canada’s Department of External Affairs.) It was a great help to me once upon a time, and maybe it will be for you.

« Newer PostsOlder Posts »

Powered by WordPress