64 articles and counting

Pick Your Battles

I was quite surprised by the calls for BE’s resignation.

I’ve found the vitriolic attacks and misinformation I see flowing through my
Twitter feed disgusting. Emotionally, I feel like the tweets come from people with no real skin in the game, nor do they understand how damaging Mozilla can be bad for everyone in the long run.

These attacks are the viral spread and distortion, of some valid concerns from MoFo staff. Unfortunately, these concerns carried the ultimatum asking for BE to resign; which is sadly the fuel for this ad-selling media hype.

For reasons Myk does a great job of capturing, I’m somewhat conflicted on some of the nuances of this topic. Prop hate was horrible and still echos through our lives.

But, to try to add something new to the conversation…

Ultimately this comes down to picking your battles.

There is a lot wrong with the world and not much time to fix it.

In my mind Mitchell and Brendan have been fighting to keep the web open and accessible for over a decade. They ARE Mozilla. Mitchell is the spirit and BE is the tech.

It is a privilege to have been paid staff for the last 5+ years, because together, we’ve created an amazing platform to try keep the web open and to improve our world.

I’m at Mozilla, because it’s the best place I can find to participate as a progressive technologist.

Attacking Brendan for something he did 6 years ago, which was disclosed through a leak for a private action without much context is simply not worth damaging the project over.

The Mozilla project is getting quite large. When I joined as a webdev, I was on the outskirts. I didn’t work shoulder to shoulder with BE, but I already had a mental model of him from my community participation.

Now, our project is even larger, working on important topics like rural broadband access, education and news. Perhaps many people fighting the good fight on those fronts have not gotten a chance to build up a mental model of BE.

Progress and inclusion requires forgiveness and benefit of the doubt. Making a change in the world requires picking your battles.

Time machine thought police is not the battle ground I would pick. Resignation is a high-stakes tactic.

I will fight for people’s rights. I know Christie Koehler will be there fighting. I know of dozens and dozens of folks I work with everyday that would stick their necks out to fight for your rights.

Yes, we should monitor BE, as we should monitor and help debug each other.

There are many ways we can start carving up our community to attack each other, but let’s make sure we’re fighting over something that needs changing and not fighting the wrong battle for the right reasons.

FirefoxOS Dogfooding Tips

I’ve been dogfooding FirefoxOS (1.2.0.0-prerelease) for a couple weeks.

I went down to AT&T and had them convert my iPhone SIM card into one that
was compatible with the Alcatel One Touch Fire (hamachi).

Here are some tips, gotchas and notes about dogfooding.

Equipment

Put a big fat SDCard in there. The phone is un-usable w/o this extra memory.

Get a dedicated micro USB cable and wall wart. If you charge your phone every night next to your bed, you’ll be in good shape.

Saftey Net

I haven’t needed to use it much, but keep your current smartphone handy.

I keep my iPhone in my backpack or my murse.

Your FxOS device can serve as (an incredibly slow) hotspot. If you find
a situation where you need an old app, you can tether your phone and
get that task done. Say, depositing a bank check through an iOS app.

Camera

For many smart phone users like myself, the camera is the killer app.

Using the camera and viewing the results on the 320×480 3.5 inch screen
is misleading. The quality looks horrible and out of focus.

I uploaded some of these photos to Flickr to get them off my device… and they are in focus and look much better than I expected!

So don’t judge your photos based on the phone’s screen, get them off the device before deleting "bad" photos.

Flickr tip — figure out your “upload via email” address. Make a contact and favorite it. The Gallery share via email workflow requires 7 or 8 clicks per photo, which is kind of a bummer. Hopefully someone will write a photo sync app.

The Camera app is not as good as top of the line smart phone’s (duh), but it is quite passable for casual documentation of dogs, cats and baby chicks.

SMS and Apple

I ran into a nasty issue with AT&T and Apple. I switch my SIM and then could not receive SMS from Apple people, but was able to receive SMS from other peeps.

Probably you should disable all your iMessage clients before swapping SIM cards…. not sure yet. iPhone switch bug

I’m using Line with my wife, since we have cousins in Vietnam and we had
used WhatsApp with them in the past. Line has push notifications which
work most of the time and avoid me missing SMS messages.

Email

I use the email app with two accounts. The email app is fairly painful, but gets the job done. I don’t do much on a mobile with email anyways, as I find most mobile email painful.

With the later versions of FxOS, our keyboard has gotten much better.

Maps

Turn by Turn directions – EverNav. Not as perfect as Google’s iPhone app, but it will get you there.

Google maps has been so early to embrace the web and it shows. Their maps
are the best for showing your location and getting bus or walking routes. I don’t think their turn by turn directions work for me while driving, so I used EverNav. (I don’t drive often, so I barely have dogfooded this aspect.)

I’m just loading Google maps in the browser, not via an app.

Games and Apps

The Marketplace has some good content! Poke around.

I use the Twitter app, but it does crash frequently depending on the
task you are trying to do.

The Run Recorder app is basic, but gets the job done for a novice runner like me who is not worried about syncing the data and just wants some throw-away stats.
Many apps get GPS wrong, but like Google maps, Run Recorder does a great job.

Worst painpoint?

A big painpoint is that I have a long random password, unique to each of my
accounts. There is no copy/paste support and I can’t build my own workaround.

I’m reduced to getting a second screen and typing them in carefully. This can take between one and five minutes for each account, because:
* I fat finger the keyboard
* No “show password” option
* Poor feedback with backspace key (after I’ve hit the wrong key)

Copy / Paste bug

Partiscipate

Review some apps!

Developers work hard to get apps into the Marketplace. Most of them are
free. Take a few minutes to give back and review your apps.

The "my Apps" section is an easy way to find all the apps you should be reviewing.

Don’t forget to file some bugs.

Second Attempt

I’ve tried to dogfood the inari (black ZTE phone) on 1.0, but it didn’t stick. I had used a Google Voice number, instead of my primary number.

I don’t know if I’m more patient this time, better hardware or better software. Probably all three are at play.

If you’re not dogfooding, give it another go and share your tips!

*coin all things to decentralize the web

It’s easy to see popular service, such as Google Maps as a neutral, free public utility.

A map service makes our phone a futuristic tricorders that changes our lives and make it trivial to get around and discover new things.

But these services are not neutral public utilities.

I care about Redecentralizing the web. But how do we do it?

Here is a crazy idea inspired by bitcoin… plus I wanted to get a post out on “fight mass surveillance day“.

A hard part of something like Diaspora which aimed at being a decentralized social network, is the problem of getting enough nodes up and running. A very small % of the population will step and run a server.

When email was born, a very large % of the internet using population could also run a server. Because if you used the internet back then, there were like a hundred of you. You knew that there were servers and clients, etc.

People setup SMTP servers, email flowed and all was good.

Over time as the internet and the web became popular, this % of the population because insignificant. Our current web architecture rewards centralized players.

If email was invented today, schools, businesses… everyone would be on one of a handful of email services!

So I started thinking about “who are the people running their own services” today?

Bitcoin miners operate the bitcoin transaction network. Think about the VISA network for credit card transactions. These are un-coordinated citizens running the bitcoin network, because they earn bitcoins over time. The network has a secure protocol that balances risks and rewards from many angles.

What if we de-centralized and rewarded service administrators with this same mechanic?

Think about:

  • mapcoin
  • wikipediacoin
  • searchcoin
  • babelfishcoin
  • instantmessagecoin
  • photosharingcoin
  • dictionarycoin
  • recipiecoin

Running a mapcoin node provides several facilities:

  • access to map tiles

  • access to compute for analyzing traffic data
  • access to compute for processing map updates and settlement

By running a mapcoin node, you pay for electricty, a network connection and a fast computer with big disks. Every now and then, you “win the lotto” and earn a mapcoin. Sysadmins rewarded.

Also, we web developers can build great UIs that consume mapcoin data.
We can compete on great user experiences. Users aren’t locked into
a single vendor. The map data is a collective commons.

Once someone did the hard work of balancing risk, reward and baking it into a mapcoin protocol, OpenStreet Maps could endorse it and find a new sustainability model which would radically reduce their hosting costs.

Currency markets would take care of translating mapcoin into bitcoin or
“real money”.

Existance Proofs:

  • Bitcoin is a currency, but also the payment network coin

  • Dogecoin is Whoofie or social coin, there is a currency market for it
  • SolarCoin is based on Bitcoin technology, but in addition to the usual way of generating coins through mining, crunching numbers to try and solve a cryptographic puzzle, people can earn them as a reward for generating solar energy.
  • DNSChain (thanks Eric Mill)

*Coin all things to solve the de-centralization problem… what do you think?

Book Review: The Circle

This book is a great update on the 1984esque vision set into our current Facebook / Google / Buffer world.

Although it isn’t a perfect novel, it is filled with irony and helps us see the frog boiling world we are building. Plus, Dave Eggers is awesome.

Note: my link is an Amazon Associate referral link as I’ve got to keep my Conversion Rate and Retail raw high.

Please Zing this review!

Book Review – Feedback Control for Computers

If you write code for fun or for a livelihood, I recommend you check out my friend Philipp Janert’s newest book Feedback Control for Computer Systems.

Feedback Control is a topic well known to mechanical engineers, but not so much in our industry. Feedback Control is about making smarter systems that can cope with dynamic environments. Many knobs that we build into configuration can actually be automated with feedback loops.

Examples given early in the book:

  • A Cache by tracking hit rate and changing the cache size
  • A Server Farm by tracking request latency and changing number of deployed server nodes
  • A Queueing System by tracking wait time and changing the number of workers
  • A Graphics Library by tracking memory consumption and changing the output resolution

The book is well written. It starts out with practical examples and working code. It later introduces the deep theory and drops some math bombs. Don’t worry, there is Python code for everything and you don’t have to understand the math.
It gives solid advice, like don’t blindly use Feedback Control for optimization; optimization needs a higher level strategy guiding the process.

Lastly, there are references for further reading, if you do want to work through more of the theory.

It also sets realistic expectations. You’ll control one metric by changing one variable. This is no silver bullet.

The term Enterprise is thrown about, don’t let this scare you away :) This is a valuable book for many types of software problems. A couple I’ve brainstormed of:

  • Controlling difficulty of a video game, to react to how skilled a player is
  • Controlling aspects of an animation
  • Controlling polling of APIs for fresh data
  • Driving load testing to find different scaling points (errors, high latency, etc)

    I haven’t had much test to put these ideas into practice… so you’re don’t throw too many tomatoes at these wacky ideas.

    Update:

    • There is also a Blog series on the topic
    • Let’s port the Python examples to JavaScript including a JS port of Gnuplot

Mentoring a High School Student for Making Games

I’ve been given the chance to mentor a high school student. I’ll capture details around how this goes, I’d love your input and ideas. I’ll keep student anonymous, but give many other actual details.

My friend Casey teaches Math at New Start, which is an Alternative High School for at risk youth. They have programs where a student can sign a contract with a teacher for a certain course of study and amount of credits.

He has a student, we’ll call him Billy, that is very passionate about video games and wants to learn how to make them.

First Meeting

I had four goals for our first meeting.

  1. Meet Billy and get to know his background
  2. Tell my story and answer any questions
  3. Find out what resources Billy has
  4. Talk about our plan and start him on code academy

The Plan (so far)

The general plan is to have him work through some of the Web Fundamentals via Code Academy.

Once he has a basic understanding of HTML, CSS and JavaScript, we’ll move on to Web Maker.

We’ll spend quite a few weeks or months jamming on Web Maker projects. We will use these to explore different aspects of making video games (Animating Sprites, Playing sounds, physics, etc).

Lastly we’ll try to find an open source HTML5 version of one of his favorite games (like Fallout). Using that, we’d work on creating a mod or new video game in that genre. It all depends on what aspect of video game creation Billy is most interested in.

Billy has a Windows laptop, an XBox, an Android phone and paper notebooks.

I’m keeping a notebook of amazing projects as I come across them and will share them with Billy. One of them could be the foundation of a larger project for him.

The Contract

Billy has to spend at least 3 hours a week on this class. Hopefully he will get obsessed with how to build games and 3 hours won’t be an issue.

It’s TBD how many weeks is a contract. I’ll let the teachers and administrators sort that out and be available as a resource.

Logistics

I met in person for the first time.

Subsequent meetings will be 1 hour Skype meetings. I will also keep “office hours” two days later where Billy can instant message me with questions or ideas. Lastly he can email me at anytime, but may have to wait hours or days for a response.

I’m very lucky that Casey is a passionate teacher and is also doing the code academy exercises.

I’m also very lucky there are so many resources on the web for young people who want to make video games.

A sketch of NobleWeb

One of the cool discussions at Mozilla Summit was to create a “FoxBox”.

Some flavors of this idea are 0xDECAFBAD’s Hub of Awesome, Freedom Box or the IndieBox project.

With amazing documentaries like Terms and Conditions May Apply, these ideas seem to be gaining mainstream relevance. Energy is now going into re-decentralizing the web and joining forces with existing efforts like IndieWebCamp.

I have a slightly different idea of what I think we need, which I’ll sketch out here.

Crappy NobleWeb logo - crown

The NobleWeb is a consumer oriented product (physical box and software) which allows “one click” ownership of your web identity.

Domain registration leads to a (pre-installed) Service Marketplace. You choose “Apps” to install; this locally installs the server-side components. These apps are each available on a subdomain of your personal domain.

The Operating System is automatically updated and configured as are most apps.

NobleWeb will email you if it gets into trouble.

Every year you’ll have to upgrade it’s hard drive, but otherwise it’s just that data vault next to your Wi-Fi router thing.

A typical person using NobleWeb would have MailPile, WordPress, MediaGoblin and a Dropbox-like app which they use daily from their various devices.

They send and receive emails on their personal domain. Wizards create and syndicate content directly from NobleWeb. Most people do a lot of social networking on closed platforms, but juicy bits like photos end up magically in their NobleWeb photo library.

Design Principals

  • We value People first (over corporations or profits)
  • Systems should just work with minimal care and feeding
  • The box has no physical user interface for daily use, you use your existing devices for UI
  • The UI of apps should work on any device (Open Web Apps, Mobile First Design)
  • Noble Systems must be useful with other products and services, so that NobleWeb people can connect with ShareCroppers (mainstream people)
  • NobleWeb users will also use closed platforms and if possible we should sync data back to their NobleWeb box
  • Archive data in standard, open formats is preferred
  • Device does one thing well, isn’t also a Wi-Fi router, nor toaster oven, … etc
  • Try to collaborate with existing open source projects as much as possible, but don’t compromise the experience

Technical Hunches

  • Linux Containers are the future of webapp deployment
  • Support popular web apps with legacy architectures (WordPress)
  • Prefer federated open web app architecture (HTML5, Open Web APIs)
  • unhosted or unhosted-like remote storage
  • CoreOS running on Raspberry Pi eventually
  • CoreOS on x86 with an established Linux distro to start
  • 2 hotswappable hard drive bays (online and empty bay used during disk upgrade)
  • The box has an LED panel useful during unboxing or hardware failures. Can display scrolling text.
  • Both Wi-Fi and Ethernet port
  • The device has a Mac mini like form factor
  • Use cloud services while disks are full
  • pre-cache public web views as HTML files on disk (burst scaling and more archival)
  • Thinnest possible centralized service for improved UX of hard to do client-based tasks (domain registration, DNS, etc)
  • Provide “wizard” escape hatch for replacing centralized components
  • Wizards can always install their own unique apps via Linux Containers
  • Persona for authentication
  • Sharing authorization via your NobleWeb contacts service

Existing Projects

The closest thing I have come across is ArkOS, which I recently found out about.

I think there is a lot of overlap with other existing projects, but not many projects that are focused on starting with the UX. As this is a side-project, I don’t promise anything, but I’ll tag experiments with NobleWeb as I go. The long term audacious goal would be gluing together the awesome work that you are all doing in Linux, Mozilla, and across the open web.

Let’s build a foundation, for taking back the web, that everyone can use.

How I Discovered I was already a Mozillian

5 and a half years ago, I was working at Amazon.com on cutting edge frontend “creative”.

I got a recruitment email from Mozilla and connected with morgamic.
I freaked out. I didn’t even know that it was possible to do stuff with Mozilla.

I knew if Mozilla offered me a position, I’d take it.

I had an in-person interview. One of my heroes was in the loop. Myk Melez. I was familiar with him through the many cool tools used to support the development of Firefox.

Myk asked me, are you a Mozilla community member. I said “No” apologetically.

Over the years, I’ve come to realize that this is a real problem with we Americans.

I thought to myself: Am I a Mozillian? I’ve never landed C++ code into Firefox, so no.

I am just a dumb web developer. Mozilla is the elite technologists.

I ignored the following facts:
* I was a passionate user of Linux, Thunderbird, and that Netscape Navigator/Phoenix/Mozilla Firebird/Firefox thing
* I had deployed MXR, Bugzilla at previous work places
* I spread the word about these projects
* I helped support other users
* I was proud of having my name in the 2004 New York Times Ad
* I was writing Ubiquity scripts and using many of the Mozilla Labs projects
* I’d spent the last decade hacking on web technologies and sharing experiments

That I didn’t consider myself a Mozilla community member… That’s just sad!

It took joining as a staff member and learning Mozillians culture first hand, to finally consider myself a Mozillian.

I think we’re doing a better story of explaining how easy it is to participate as a Mozillian, but here in the US… I think we have our work cut out for us.

We have a couple things in our culture that block people from self-identifying as Mozillians
* Imposter syndrome
* Lack of Community ethos

“I am just a dumb web developer.” Imposter syndrome said that. We all have so much to offer. You don’t even have to be a developer to be an awesome Mozillian.

It’s anecdotal, but I’ve seen some cultures have an easier time building Mozilla communities that here in the states.

Churches, boy scouts… we have a few community archetypes, but we are mostly a “go it alone” “pull yourself up by your boostraps” type of people.

Our community is now tackling the idea of what membership into the Mozilla community means.

Fascinating stuff!

You can read more contributor stories… How did you get involved with Mozilla? What is your story?

Life after the NASCAR

My colleague Ryan Feeley showed me Interscope’s sign in NASCAR:

interscope Login

It doesn’t even fit in the dialog! Okay, to be fair, I think Interscope’s
dialog had a bug when I took the screenshot. (I tried in several browsers).

You provide all of these options, to allow people to pick a brand that they trust.
But it doesn’t scale.

You can almost hear Brody, once he’s seen how big Jaws is…

“We’re going to need a bigger boat” or

“We’re going to need a bigger race car, to host all those logos”.

Gonna need a bigger race car

I’m here to talk about life after the NASCAR. Or consider it NASCAR++.

What if there was a way for people to sign into your website with a
brand they already use and trust?

There is. It is here today and it’s called Persona.

How does it work?

During sign in the user enters their email address.

The browser then does discovery on the email address and sends them to
the authentication flow of the email provider, or to a fallback Identity provider run by Mozilla.

As a website creator, you get to integrate exactly the brand your user knows and trusts,
without the problems that a NASCAR causes.

What kind of problems?

Look at the interscope NASCAR! The first time I saw it (not the current screen shot) it had 10 buttons.

As Alice confronts this mess, should she use Facebook, Google or Instagram?

She is an active user on all three! And which one did she use last time?

Having Alice type alice@gmail.com just seems easier.
Co-incidentally, she registered with FB, Google, and Instagram
as alice@gmail.com… so it fits her mental model of her accounts.

That is how you avoid accidental account creation or abandonment.

And when she returns to your website, her browser remembers which email addresses
she used on which sites. No more confusion.

So, how did we get here?

The proto-NASCAR was a good invention:

  • People didn’t want to create per-site passwords
  • Most websites aren’t a brand that the visitor knows and trusts
  • Using a trusted brand to sign into a new website, feels good
  • Branded sign in buttons are a fast and easy registration or sign in flow

All was good in the land, when there were only 1, 2 or 3 buttons…
But the web being the web, it favors decentralization and empowering all companies to potentially be a trusted brand.

And buttons begat buttons.
And the term NASCAR was born.
And then all was not good in the land.
And much wailing and gnashing of teeth ensued.

But, I can see the path forward. A road without NASCARS, but which gives the same user benefits.

Persona. How to build websites after the age of the NASCAR.

FC4: Persona Questions

Thanks to Tim Bray for his thoughtful exploration of Persona, documented in “FC4: Persona Questions”.

Here are a few clarifications I’d make on his post:

First of all, as it stands now, the sign-in dialogue is popup-only, which means you have to have a human click something to launch it; you can’t start it programmatically, which means even if you know the email they want to log in with, the IDP they want to use, and every other relevant fact, there’s no way to just launch the freaking sign-in process already. – from Moving Target

This is accurate for the first time sign in to a website, when it is the first time you are using Persona.

The story gets better when you are:

  1. Returning to a website you’ve used recently
  2. Trying a new website, but are an active Persona user

Persona sign in is automatically triggered when a person returns to a website where they already have an active session. Let’s see how that works:

Persona remembers the email address which you have last used at a website.

Trying out new websites is cheap and easy, for people who already have used Persona recently.

Here is a quick demo of these points:

In OIDC, an essential step is that the RP registers its app at the IDP, with a human-readable label and optional graphic. And when you try to authenticate, the protocol includes an RP identifier and requires that you get a prompt asking if you’re OK with your identity being sent to that site (identified by text and graphics) before sign-in happens. – from Human Experience

Here, OIDC stands for OpenID Connect.

Persona has the same affordances, websites can specify a site logo, background color and site name, so that they have consistent branding and people know what they are logging into.

I’d argue that Persona is nicer from a developer’s perspective than OAuth or other API key based flows, because you don’t have to register your “app” and manage app secrets.

At the moment, my biggest issue is, do I want to use Mozilla for my IDP?

Question: Should Google be a Persona IDP? Why? – from IdP Experience

The fact that Mozilla is the IdP for 20-30% of our users is a bootstrapping step. We absolutely want email providers like Google, UC Berkeley, Genentech, etc to implement the IdP protocol and manage their own security.

We implemented “Identity Bridging” for Google and Yahoo, to demonstrate the benefits of people’s identities secured by the webmail provider they already trust. They get 2 factor auth, abuse-detection, etc which these awesome providers are already experts at.

If Google implements Persona IdP, the protocol is already setup so that our Identity Bridge would be circumvented and you would go directly to Google Account servers for gmail.com addresses. We’d be pleased as punch and deliver artisan donuts to the Google Accounts team.

Being an IdP is great for webmail providers as they get another branding touchpoint, to stay connected with their users throughout the day.

Lastly a note about how Tim has integrated us into his testbed:

Ecosystem

Image copied from ongoing by Tim Bray

Persona works for any email address and removes per-site passwords.

This testbed is a NASCAR. We do not want a Mozilla button, like the dino head in this list. I’d drop the email/password section, and replace it with

If email + password is an important form based auth method to be tested in the testbed suite, then I’d put it behind a “legacy auth form” link. Persona cleanly replaces the email + password flow and is not vendor specific.

Again, thanks for the honest and fair evaluation of Persona and the BrowserID protocol.