Loud ramblings of a Software Artisan

Sunday 20 July 2014

Going to Guadec

For the first time since 2008, when it was in Istanbul, I'm coming to Guadec. This time it is in Strasbourg, France. Thanks to a work week scheduled just before in Paris.

I won't present anything this year, but I hope to be able to catch up a bit more with the Gnome community. I was already at the summit last fall, as it was being held in Montréal, but Guadec participation is usually broader and wider.

Friday 11 July 2014

Github tracks you by email.

That's right. Github tracks you by email. Each Github notification email contains in the HTML part a beacon. Beacons are usually one pixel images with a unique URL to know who did view the email or not - triggered by the HTML rendered downloading the image to display.

Two safeguards against that tracking:

  1. don't automatically download images in emails - lot of clients allow or default to this.
  2. view email only in plain text: impossible with some email system or client. Like K9-Android or just GMail. (by far this is what I do in Thunderbird)

Now I complain over twitter and according to Github Zach Holman:

"It’s a pretty rad feature for a ton of our users; reading a notification in one should mark the web UI as read too. We dig it."*.

Sorry, but there is no optout to tracking. Holman also said:

"you can just disable images. It’s the same functionality in the email as on the web, though. We’re not spying on anything."*

and

"[...] It’s just in this case there’s zero additional information trading hands."*.

Note that recent events showed me I couldn't trust Github ethics anyway, so I'd rather have them not have the info that them claiming it never change hands.

This wouldn't be important if Mozilla didn't mostly require Github to contribute to certain projects including. I filed bug 1031899. While I can understand the feature, I believe user privacy should be paramount, therefor not being able to disable tracking is a serious ethics issue.

Wednesday 4 June 2014

Hack the web: No Flash

I am a hipster Flash hater. I hated Flash before Steve Jobs told it was bad. I hate Flash before Adobe said there would be no Flash 7 for Linux. I don't have Flash on my machine. I even coined "fc;dw".

I have been muling over an idea for far too long, and an enlightning conversation with fellow Mozillians made me do it Tuesday night.

I therefor introduce a proof of concept Firefox add-on: No Flash.

The problem: there are a lot of pages around the web that embed video from big name video website, like Youtube and Vimeo. These pages might use, more often than not, the Flash embedding, either because they predate HTML5, or they use a plugin for their CMS (Wordpress) that only does that. Getting these fixed will be a pointless effort. On a positive note, it appears that Google own blogspot modified the embedding of the Youtube content they serve already.

So let's fix this on the client side.

Currently the addon will look for embedded Flash Youtube and Vimeo players and replace them in the document by the more modern iframe embedding. This has the good taste of using the vendor detection for the actual player.

Note that this is, in some way, similar to what Safari on iOS does, at least with Youtube, where they replace the Flash player with the system built-in one.

Before:

No Flash Before

Notice the Flash placeholders - I don't have Flash.

After:

No Flash After

Note the poster images.

Feel free to checkout the source code

Or file issues

Tuesday 29 April 2014

Fixing deprecations

Also, I updated the PHP version on the hosting side (the hosting company did, I just clicked on the button in the panel). This cause some glitches with the antispam and the rest when commenting. Sorry about that.

I addressed the known issues, related to deprecated PHP functions. This is still easier than upgrading to the newer version of Dotclear that break the URLs.

Crazy idea: Decentralised bug tracker

Last week, over a nice diner in a nice Portuguese restaurant on "the main", I had a discussion with @pphaneuf about decentralised bug tracking. He had the idea first.

Since you have decentralised version control in the name of git (there are others), couldn't we have the same for a bug tracker? Using sha1 instead of bug name isn't much different as you could use the abbreviated form. After all, Mozilla has reached the 7 digits bug numbers now.

The idea I proposed was something like carrying that metadata in a secondary repository inside that would be linked - or even better, in a different branch. Also there would be an equivalent to cgit to serve this data in a web interface and probably a few new git commands. The bug repository could be skipped on check out for those who don't want it.

And here goes bug fixing and triaging in a European airport or luxurious hotel wifi with proper access to the whole history.

The idea sounds crazy, but I think it can work. Let's call it buggit.

And no I'm not coding it. This is just small talk. And I haven't done due diligence in searching if something already existed but I like crazy ideas.

Sunday 9 February 2014

The open content

Open content is content that is also available openly.

The short: people claiming they don't blog anymore but write lengthy on the closed Google+, a platform that is closed (does not allow to pull the content of RSS), discriminate on names, and in the end just represent the Google black hole as it seems only Google fanboys and employees use it.

This also applies to Facebook, Twitter (to a lesser extent, just because of the 140 char limits) and so on.

Sorry this is not the Internet I want. It is 2014, time to take it back.

Friday 11 October 2013

Reaching the summit

Even the coffee cups are personalised. #MozSummit

Last week-end, Mozilla held its summit in 3 locations: Santa Clara, Toronto and Brussels. The summit is where contributors paid (employees) or not (volunteers) meet and discuss the future of Mozilla and how we are gonna help shape the web. We call them (ourselves) Mozillians.

I attended in Brussels and it was for me the occasion to meet fellow Mozillians for the first in face to face, and to meet other I had never interacted with. I'm reaching my two years as a Mozillian (and paid contributor) and I see a huge value in this. I found that we have a very friendly and vibrant community, spread across the globe, people passionate about the web, passionate about the users and the future of the web, from developers, designers, artists, translators to evangelist, marketing and administrative support. The full spectrum was represented.

I can't wait to attend the next Mozilla summit, in the mean time I'll attend the Gnome Summit that is being held tomorrow in the city I call home: Montréal.

Also I need to go through the 1900 pictures I took during the event. In the mean time you can watch that set on Flickr that contain the stuff I posted on Instagram almost immediately, as well that the Flickr group Mozilla Summit 2013 I created to pool the pictures from other users (feel free to add yours if you haven't already).

Thursday 29 August 2013

Dead tree backup

QR Code
QR Code by lydia_shiningbrightly, on Flickr

This week I am at the Toronto Mozilla office. With Mike and Alan we were discussing information entropy and backups and devised the craziness of doing a hard drive backup onto paper, using QR Codes.

Alan and Mike did the math.

For one TB, it would take 44 trees, and at 20 pages per minute, it would take 123 days to print the 3.6 millions letter-size single sided pages, at 300dpi, in large-size, using the highest-redundancy QR codes.

Now you know how much information we create and how much it would take to make it last longer than the electronic device it is stored on.

Monday 1 July 2013

Exempi 2.2.1

Just a quick note to announce that I released Exempi 2.2.1. It was long overdue. It is mostly a couple of bugfixes.

Note: so that there is no misunderstanding, since people see this on Planet Mozilla, this is not a Mozilla project. But it is completely Free Software.

Here is the short Changelog

  • Bug #54011: Use POSIX API for files on MacOS. (Misty De Meo)
  • Bug #58175: Replace OS X FlatCarbon headers. (Misty De Meo)
  • Added a manpage for exempi(1).
  • Added the -n option to the command line for arbitrary namespaces.

Next release will be 2.3.0 and will integrate the latest Adobe SDK used in the Creative Cloud.

Your next mobile app should be web based

There is no question about that.

I just switched from an Android phablet made by Samsung, device I came to hate for many reasons, to a Firefox OS Geeksphone Keon. That was my second Android phone, I switched because I got it for free[1], needed a carrier that worked better than the failure that is WIND Mobile on which I was using my Nexus One[2] and said Nexus One was just abandoned in OS upgrade by HTC AND Google after 22 month. I have to admit I missed the Nexus One, still, as Samsung didn't make Android better, quite the opposite.

Back to the point. I got that Geeksphone Keon, provided by my employer: Mozilla.

This is not a review of the phone, BTW, and all of this also applies to the just released Firefox OS phone in Spain.

On my Android phablet[3] I used 4 applications: the web browser, a twitter client (not Twitter's own though), Instagram and Foursquare.

On my Firefox OS phone, I had to scrap the last two. Why? Because despite requiring an internet connection and having some sort of web interface, their are unusable on the web.

Web browser

On Android I used Firefox for Android as my web browser. It is currently the best solution for web browsing is designed to protect your privacy and to run on more devices than Google's own Chrome. Call me biased if you want but truth is I have been using Firefox on the desktop too.

Firefox OS web browser is basically the same thing.

Twitter

Twitter is a bit hurtfull. It is designed from the ground up to be used as a web application. Twitter has a mobile version that is meant to work well on small screen. They even have a packaged version for the Firefox OS Marketplace. Where it hurts is that Twitter web UI remains awful, either deliberately (given that the iOS client is awfull too) or because we got spoiled by third-party clients. On Android I was using Twicca (no source code) or Twidere (broke a bit at one point), but it should be noted that Twitter gave the finger to third parties when they added restriction on the development of client ; as well as bickering with Instagram to not show their content inline.

They get almost full marks for being a web app and treating it as first class.

Foursquare

On the desktop, if you go to Foursquare you get a decent web application, albeit you can do the major feature that Foursquare calls for: check-in.

On mobile, if I visit the website on Firefox for Android I get prompted to download an app.

On Firefox OS it is worse. Looks like their detection fail and they offer the desktop website that is mostly unusable on such a small screen. I filed bug 878132 for our tech evangelism to eventually have a look at.

Seems like they didn't go all the way to make it relevant on mobile web. Sadly. What was an experiment I started by the end of last year when I signed up for the service stopped here right at Firefox OS. It seems that I don't need it. They lost a user.

Instagram

This one is the worst of the worst. First and foremost their web interface for desktop is very limited. Secondly, it doesn't scale at all on mobile - some content scale better than other. Third, they bickered with Twitter so that their content is not viewable inline.

Why does that last one matter? Try viewing the instagram content in the Twitter mobile web client.

I give a F as a mark.

Conclusion

Simply make your mobile app web based. It will run on iOS, Android, Firefox OS, Blackberry, etc. and people will be able to follow when they change phone and you won't need to spend a lot of resources for each platforms.

Also if you really want to have a packaged app, remember there are technologies like PhoneGap whose purpose is exactly that.

Notes

[1] minus the money I had to spend for unlocking it, thanks to consumer protections that don't exist in Canada

[2] first and foremost I didn't have service at the office downtown. second I was in the process of moving to Montréal where they don't have service anyway

[3] in case you didn't realize I call it phablet because it is a small tablet that one can use as a phone. Too big for your pocket, too small to be a good tablet, the worst of both worlds. It would never have been my choice ; but one doesn't simply look into the gifted horse's mouth.

Wednesday 12 June 2013

C++ 11 in your project

C++ 11 is now available in both gcc and clang. That mean it is really available where it matters.

Using C++ 11 in your project (with autoconf).

First if you use autoconf, you have to detect it. The autoconf archive has a macro. Download the .m4 definition and put it in your m4 directory in your project.

In the configure.ac, add the following line:

AX_CXX_COMPILE_STDCXX_11(noext,mandatory)

Make sure it appears after

AC_GNU_SOURCE

This is will make configure detect C++11 support, without GNU extension (I tend to avoid these in general) and fail if it doesn't exist. If you prefer to make it optional, read the above documentation that has more details.

The interesting features

I'm interested in several features from C++11.

  1. auto to automatically deduct the type where it can. Ever gotten annoyed by the long type name for iterators of containers? Just use auto instead.
  2. Lambda: now you can write lambda functions like in Python or JavaScript. This is overly convenient when you iterate over containers or use std::for_each().
  3. The smart pointers: I was using the one from Boost, then the one from std::tr1::. Just replace with std::
  4. std::bind and std::function to replace Boost own versions.

There are more, I'll talk about it when I get to look at them.

Tuesday 2 April 2013

Mozilla is 15

Mozilla is 15 and that's 15 years of fighting for the open web. I remember the source code release, I built it on in Pentium 166 with 64MB of RAM - a Debian box. I maybe less RAM than that, I forgot. It was huge.

Since, the web has gone forward big times, and Firefox helped users to take back the web by bringing down the IE supremacy and focusing on a standardized web technology.

I have great hopes for the future of the free web.

Wednesday 20 March 2013

The importance of RSS and friends

Google did shutdown Reader, their feed aggregator. Speculation is that it is to promote the use of the proprietary publishing silo that is Google+, and I'm not saying as a Google+ grudge I might hold, I actually believe it might be one of the considerations.

Imagine a second if all the content was pushed exclusively to a popular silo like Twitter, Facebook and Google+: it would be confined to these environments and people wouldn't be able to aggregate elsewhere. Now what if one of these hugely popular silos disappeared. It has happened, it can happen again, I have numerous examples. And I am still look for the Google+ or Facebook feeds, while it is clear that Twitter already removed them.

With RSS[1] all we need is a different aggregator to pull the feed. It would still work. And that's what happening with Google Reader user base: they are moving to other platforms that offer the same feature, either web based, or using desktop software.

Let's have this a learning step and continue to focusing on open standards for publishing. Let's continue to provide feeds. Let's continue to request feeds. And more importantly, us software hackers, let's continue to provide awesome libre software to do the job and on which we can reliably build upon.

Notes

[1] this include ATOM and other variation of feed publishing based on open standards

Wednesday 2 January 2013

Happy MMXIII

It is the new year. We have a tendency to put artificial starting points in time to want to (start to) do things, something like the "new year resolutions". I don't really abide to that because I believe you should do things when you want to, have to or can. You don't need a January 1st or some sort. This year it happens that the new year almost coincide with my timeline. Two weeks into the new house in Montréal, this mean that for once I can use that as the starting point ; or not.

Anyway.

Happy new year, and remember, be excellent to each other !

Wednesday 26 September 2012

Bad security

Broken Lock
Broken Lock by lyudagreen, on Flickr

A big North American online travel booking system still store passwords in plain text. Worse: they claim they take your security seriously. Here is the excerpt of the confirmation email you get when you register:

USERNAME: USER@EMAIL.DOMAIN
PASSWORD:  We're serious about security. Since your
password is confidential, we won't repeat it here. However, if you ever
forget your password, you can always request a reminder

Yes, the email has been capitalized.

The other day I wanted to book some airline tickets, so I returned to the website. I had forgotten the password. No biggie, I follow the "lost password procedure" and chose the "email" instead of the still idiotic "security question".

Guess what? I didn't get a link to reset my password, or a temporary password. No. I got my password sent in plain text. Worse. It was in UPPERCASE and the passwords are case insensitive in the system. Wow. Just wow.

PS: this is not the corporate travel booking system we use at Mozilla.