mozilla

Mozilla Nederland LogoDe Nederlandse
Mozilla-gemeenschap

Abonneren op feed Mozilla planet
Planet Mozilla - http://planet.mozilla.org/
Bijgewerkt: 21 uur 40 min geleden

Benjamin Kerensa: Support Collab House Indiegogo Campaign

wo, 14/01/2015 - 00:04

I wanted to quickly post a simple ask to Mozillians to please share this indiegogo campaign being ran by Mozillian Rockstar Vineel Pindy

A Mozilla event at Collab HouseA Mozilla event at Collab House

who has been a contributor for many years. Vineel is raising money for Collab House, a Collaborative Community Space in India which has been used for many Mozilla India events and other open source projects.

By sharing the link to this campaign or contributing some money to the campaign, you will not only support the Mozilla India community but will further Mozilla’s Mission by enabling communities around the globe that help support our mission.

Lets make this campaign a success and support our fellow Mozillians! If every Mozillian shared this or contributed $5 I bet we could have this funded before the deadline!

Categorieën: Mozilla-nl planet

Kat Braybrooke: Hello, World: Let's (re)Make Networked Art ◣

di, 13/01/2015 - 21:52

image by MAX CAPACITYImage by MAX CAPACITY

After much second-guessing, I’ve published a big piece on Medium today about my belief that Net(worked) Art still lives as a movement, making the continued existence of cooperative, creative practices of [and by] the web more essential than ever.

This post was based on the visionary work of the crazy web/trans/media folk I’ve been able to dream and build with lately around the world, especially the #ARTOFWEB community who helped bring together the Mozilla Festival's first-ever Art and Culture track to the shores of London this year, and taught me so much in the process.

It’s a 10 minute read in 6 chapters, the perfect amount of time for a coffee. It opened up some pretty interesting debates as it made the rounds this morning, so I’d love to hear your thoughts (and criticisms!). While this is an area I’m passionate about, I am cognizant that I, like everyone in my “post-post net-art”generation, have much more to learn. And in the end, that’s a part of the fun.

"As the hardwares and softwares of computers give us new capabilities… we have to learn to feel with them. If we can’t feel with them, they are only dumb metal claws. Therefore, the vistas of digital art are only as wide as our potential to grasp those possibilities with full human expressiveness.”
Jim Andrews, “Why I Am A Net Artist”, 2011

Categorieën: Mozilla-nl planet

Michael Kaply: I Used the CCK2 Wizard - What Now?

di, 13/01/2015 - 19:51

One of the most common questions I get asked is what to do with the result that the CCK2 Wizard produces. This post will address that question.

After you've completed your customizations using the CCK2 Wizard, you have two choices: create an extension or use AutoConfig.

Let's start with AutoConfig (which is what I recommend.) AutoConfig is the tried and true method of customizing Firefox that's been around forever. You can read an old post about it here. I'm also working on an AutoConfig eBook that I hope to have out soon.

With AutoConfig, things are quite simple (at least on Windows and Linux). The output of the CCK2 Wizard is a zip file that can be unzipped in the same directory where the Firefox executable is located. It puts all the necessary files in the right places and you can immediately start Firefox and see your customizations. Things are not so good on Mac starting with Firefox 34. AutoConfig is broke right now due to the new Apple signing requirements. We're investigating the best way to fix that.

Your other option with the CCK2 is to generate an extension. This produces an XPI file which can simply be installed in Firefox the same way any other extensions is installed - by dragging and dropping it onto the browser. If you want to deploy the extension you've created, I've documented a number of the different ways you can integrate an extension into Firefox. Each of these methods has positives and negatives - it's up to you to decide what to do for your situation.

Some people might wonder why I don't just have the CCK2 generate a new installer. In my experience, there are so many different ways that people deploy applications that it would not be worth it. In the past, I have documented how to bundle your changes with the Windows installer if you are so inclined.

Hopefully this gets most folks started with the CCK2. Please let me know if I've missed something.

Categorieën: Mozilla-nl planet

Yunier José Sosa Vázquez: Comparte, llama y juega en Firefox

di, 13/01/2015 - 18:30

Llegó el 2015, un año que pretende ser bueno para todos y en especial para Mozilla. En este nuevo ciclo, tendremos cosas nuevas relacionadas con el sistema operativo de Mozilla para celulares inteligentes y nuevas versiones de tu navegador favorito, que ya llega a sus 11 años. Entre las características principales que deben arribar este lustro, se encuentra la arquitectura multiproceso, la cual añadirá estabilidad y seguridad a Firefox.

Hello, la funcionalidad que permite realizar videollamadas desde Firefox, ha recibido mejoras y ahora muestra un nuevo modelo de conversaciones basado en habitaciones. Como puedes ver en la imagen, cuando inicias una conversación puedes darle un nombre y se mantiene en la memoria. Cada vez que quieras hablar con la misma persona, podrán seguir usando el mismo enlace.

Firefox Hello con habitaciones para continuar

Firefox Hello con habitaciones para continuar

Firefox Share te permitirá compartir lo que desees en la Web rápida y fácilmente en tus redes sociales favoritas sin dejar el sitio que estás visitando. Para añadir esta funcionalidad en Firefox, debes visitar la página de Activación y dar clic en la red social que desees. También tienes la posibilidad de mover el botón Compartir ubicado en la personalización de Firefox al menú o la barra de herramientas, aunque, al activar algún servicio este debe mostrarse solo.

Firefox-Share

En Mac OS X Snow Leopard (10.6) se incluyó soporte para el códec H.264 (MP4) en el navegador y ahora se utilizarán las APIs nativas del sistema.

Para mejorar la autenticación en conexiones encriptadas se implementaron las Claves Públicas HTTP Fijas (Public Key Pinning). Con este sistema, los sitios Web pueden indicar cuáles son las autoridades certificadoras que aseguran que el certificado es válido. esto significa que una pequeña lista de autoridades certificadoras aceptables están incluidas en Firefox de forma predeterminada. La lista completa de llaves públicas fijas la puedes encontrar en la Wiki de Mozilla. Además, los sitios deben alertar a los usuarios que soportan Public Key Pinning Extension.

El lector PDF incluido en Firefox se actualizó a la versión 1.0.907 y ahora podrás gozar de una mejor estabilidad y nuevas características al abrir un documento. También se ha mejorado el manejo de los cambios en estilos dinámicos para incrementar la capacidad de respuesta.

Firefox Marketplace, el lugar donde se encuentran alojadas las Aplicaciones Web Abiertas te la posibilidad de filtrar las aplicaciones para sistemas de escritorios (Linux, Windows, Mac) y sepas cuáles puedes instalar. Cuando accedas al Marketplace debes escoger Apps de escritorio, para instalarlas debes dar clic en Gratis o Instalar y aceptar la instalación.

filtrar-apps-marketplaceaceptar-instalacion-marketplace

Para ejecutar una Web App, debes buscarla en el menú de tu sistema (igual que las demás aplicaciones). Desde el Marketplace también podrás abrir la aplicación accediendo a tu sección Aplicaciones y dar un simple clic en Abrir.

ver-mis-apps-marketplaceabrir-apps-marketplace

Mientras tanto, los desarrolladores podrán filtrar los estilos CSS y utilizar WebSocket en Workers.
Para Android tenemos:

  • Mejoras en el servicio de geolocalización de Mozilla compartiendo tu WiFi y señal celular. Para activar esta característica, debes ir a los Ajustes y en la sección Mozilla, activa la opción de contribución bajo las opciones de Datos.
  • Bing ahora usa HTTPS para mejorar la seguridad al realizar búsquedas.
  • Se añadió un diálogo de búsqueda a las páginas de errores de red.
  • Uso del Administrador de descargas de Android para hacer un seguimiento de los archivos descargados.
  • Añadido los lenguajes Breton (br) y Esperanto (eo).

Otras novedades:

  • Reducción de la memoria al escalar imágenes.
  • Añadido el soporte para la API de CSS Font Loading.
  • Vista: Los nodos que coinciden con el selector bajo el ratón, ahora son resaltados.
  • Soporte para inspeccionar ::before y ::after de los pseudo elementos.
  • Implementada la API de sincronización (Timing API) de recursos.
  • Cambiada la semántica de “let” en Java Script para que coincida con la especificación ES6.
  • Otras mejoras de seguridad y rendimiento.

Si deseas conocer más, puedes leer las notas de lanzamiento (en inglés).

Puedes obtener esta versión desde nuestra zona de Descargas en español e inglés para Linux, Mac, Windows y Android. Recuerda que para navegar a través de servidores proxy debes modificar la preferencia network.negotiate-auth.allow-insecure-ntlm-v1 a true desde about:config.

Categorieën: Mozilla-nl planet

Soledad Penades: Moving to the evangelism team

di, 13/01/2015 - 18:27

As of yesterday I am in the evangelism team at Mozilla, also known as tech evan / dev rel / what have you. Essentially, spread the word about all the amazing stuff in Mozilla products and also help people build awesome stuff on the Web.

There’s lots of things we want to do, and I’m excited! I also have to go to the Web Components meetup, so I’ll leave you with Potch’s own announcement, as he’s moving to that team too:

Today I get to announce that I'm now a Developer <optgroup>Relations/Evangelist/Friend/Advocate/Hack</optgroup> for Mozilla! Yay!

— potch (@potch) January 12, 2015

flattr this!

Categorieën: Mozilla-nl planet

Gregory Szorc: Major bzexport Updates

di, 13/01/2015 - 16:55

The bzexport Mercurial extension - an extension that enables you to easily create new Bugzilla bugs and upload patches to Bugzilla for review - just received some major updates.

First, we now have automated test coverage of bzexport! This is built on top of the version control test harness I previously blogged about. As part of the tests, we start Docker containers that run the same code that's running on bugzilla.mozilla.org, so interactions with Bugzilla are properly tested. This is much, much better than mocking HTTP requests and responses because if Bugzilla changes, our tests will detect it. Yay continuous integration.

Second, bzexport now uses Bugzilla' REST API instead of the legacy bzAPI endpoint for all but 1 HTTP request. This should make BMO maintainers very happy.

Third and finally, bzexport now uses shared code for obtaining Bugzilla credentials. The behavior is documented, of course. Behavior is not backwards compatible. If you were using some old configuration values, you will now see warnings when running bzexport. These warnings are actionable, so I shouldn't need to describe them here.

Please obtain the new code by pulling the version-control-tools repository. Or, if you have a Firefox clone, run mach mercurial-setup.

If you find any regressions, file a bug in the Developers Services :: Mercurial: bzexport component and have it depend on bug 1033394.

Thanks go out to Steve Fink, Ed Morley, and Ted Mielczarek for looking at the code.

Categorieën: Mozilla-nl planet

Armen Zambrano: Name wanted for a retrigger-based bisection tool

di, 13/01/2015 - 16:39
Hello all,
I'm looking for a name for the tool that I will be working on this quarter.

This quarter I will be working on creating a prototype of a command-line tool that can be used by sheriffs and others to automate retrigger-based bisection. This could be used to help bisect new intermittent oranges, and to backfill jobs that have been skipped due to coalescing. Integration with Treeherder or other service will be done later.

I'm proposing "TriggerCI" since it shows what it does regardless of what you use it for.

If this works for you, please let me know.
If you have another suggestion please let me know. I'm interested on fun and creative names since that part of my brain is dysfunctional :P

Creative Commons License
This work by Zambrano Gasparnian, Armen is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
Categorieën: Mozilla-nl planet

Yunier José Sosa Vázquez: Firefox OS en 2015, más dispositivos y sorpresas

di, 13/01/2015 - 15:53

Un feliz año nuevo y próspero 2015 les deseo a todos los amantes de Firefox y a los que visitan Firefoxmanía en nombre de la Comunidad Mozilla de Cuba. El 2014 fue un año genial para Firefox OS, los lanzamientos realizados en diferentes países demuestra el interés de las operadoras y fabricantes por una alternativa diferente a las encontradas en el mercados. El 2015 no piensa quedarse atrás y traerá la materialización de propuestas hechas el año pasado.

:-( Lo sentimos, tu navegador no soporta la etiqueta video. Te aconsejamos que uses uno moderno o bien, descargar el video y verlo en tu reproductor favorito.

Firefox OS en la TV

En 2014, Mozilla y Panasonic se comprometieron a desarrollar un Smart TV con Firefox OS. No se volvió a hablar de este tema en el resto del año, hasta que se mostró un prototipo de la interfaz en un evento interno de Mozilla. En el último CES2015 de esta semana Panasonic confirmó la disponibilidad de televisores inteligentes 4K con Firefox OS en este año, así que pronto podremos adquirir nuestra TV con este sistema operativo.

Firefox OS comes to TVs

Pero en 2014 también supimos de una compañía independiente, Matchstick, propuso un equipo que se conectaba a la TV y que, ejecutando Firefox OS iba a compartir pantallas vía WiFi desde otros dispositivos hacia la TV. La propuesta se hizo pública en Kickstarter, donde consiguió financiación, y al principio de 2015 se deberán enviar los primeros equipos Matchstick a todo el mundo.

Internet de las cosas y electrónica libre

Firefox OS nace como un sistema operativo para smartphones de gama baja, con ese mercado específico. Sin embargo en los últimos meses del 2014 empezaron a surgir ciertos proyectos que usaban Firefox OS de manera distinta, aplicándolo en campos como la electrónica, el hardware abierto y el Internet de las cosas, lo cual resulta muy raro.

Firefox OS on Raspberry Pi mobile

En el Mozilla Festival se mostraron dispositivos de Raspberry Pi ejecutando una versión de Firefox OS. Raspberry Pi es un hardware abierto que se utiliza para leer sensores, controlar motores o leds y enseñar algo de programación básica. Queda mucho por hacer en 2015 para hacer totalmente viable esta adaptación.

Firefox OS on Raspberry Pi display

También hay avances es en aplicaciones de Firefox OS en el Internet de las cosas. En un pulso pasado hablamos del Open Web Board, un hardware desarrollado en Japón y presentado junto a un entorno de desarrollo para programar ciertas operaciones entre circuitos de una casa.

En el video publicado al principio del artículo, se pueden apreciar conceptos de Firefox OS en relojes inteligentes (smartwatch) y lavadoras.

Por allí sabemos de otros experimentos en Europa (Gonzo, de Telenor) y América Latina (FoxXapp) que van por la misma línea; así que veremos muchas novedades alrededor de este tema el próximo año.

Firefox OS 2

Y bueno, no nos hemos olvidado que Firefox OS es un sistema para smartphones. Es casi seguro que veremos nuevos celulares en el Mobile Web Congress de Barcelona que va a ser en Marzo de 2015. Allí de seguro que veremos la versión 2 de Firefox OS completamente terminado.

Nos gustó mucho la aplicación de cámara porque permite ver una vista preliminar de fotos y videos tomados, una cuadrícula para la tomas y la opción de enfoque.

No nos termina de convencer la nueva interfaz de la versión 2: los botones son muy grandes, hay 3 por fila, pero lo único que nos consuela es que se puede cambiar el tamaño de los iconos y la cantidad por línea desde la aplicación de ajustes.

También ahora va a existir la posibilidad de navegar sin importar lo que estamos haciendo en alguna aplicación, sólo necesitamos pulsar sobre la barra de notificaciones y podremos navegar en Internet.

David Firefox OS vs Goliat

Creemos que valoraríamos más si se pueden hacer videollamadas desde el móvil con Firefox Hello. Ah, claro, Firefox OS 2 ya se ejecuta sobre algunas tablets, las cuales esperemos ya se puedan adquirir en 2015.

Por último, y no menos importante, en este nuevo Firefox OS debutan las Firefox Accounts, con lo cual podremos sincronizar datos del historial de navegación y ubicar nuestro equipo vía Internet. Esto va a volver a Mozilla un proveedor de servicios en la nube.

Esperamos que el 2015 para Firefox OS y en general para Mozilla, sea un año bueno en todos los sentidos.

Fuente: Mozilla Hispano

Categorieën: Mozilla-nl planet

David Rajchenbach Teller: Je Suis Charlie, but I Am Vigilant

di, 13/01/2015 - 14:20

(This text has initially been written for the French-speaking Mozilla Community. Most members of the community haven’t had a chance to review or sign it yet.)

20150108_144913

I am Charlie. Some of us grew up with Cabu’s children cartoons or Wolinkski’s willies. Some of us laughed at Charb’s cover pages, others much less, and yet others had never even heard of Charlie Hebdo. Despite our differences, from the bottom of our heart, we are with those who defend Free Speech, the right to discuss, draw, make laugh or cringe.

I am a Cop. Some among us work directly with law enforcement, or ensure the online safety of individuals or organizations. Some of us make their voice heard when legal or executive powers around the world decide that security, convenience or economic interests matter more than the rights of users. All, we salute the police officers murdered or wounded these last few days as they attempted to save innocents.

I am Jew, or Muslim, or Anything else. Some among us are Jew, or Muslim, or Christian, or anything else, and, frankly, most of us don’t care who is what. All, we are horrified that, in the 21st century, extremists may still decide to murder innocents, solely because they might be Jew, and because they had decided to go the grocery store. All, we are appalled that, in the 21st century, extremists may still decide to attack innocents, just because they might be Muslems, through threats, physical violence or through their places of cult. All, we are shocked whenever opportunists praise murders or violence, or call for hatred or the ones or the others.

I am Collateral. Before we are the Mozilla Community, we are a community of individuals. Any one of us could have been at the front desk of this building, or on the path of that car, hostage or collateral kill of the assassins. Our minute of silence is for the anonymous ones, too.

I am Vigilant. Some of us believe that strong and immediate measures must be taken. Others prefer to wait until the emotion has passed before we can think of an appropriate response. All, we wait to see how the attacks of January 7th and January 9th 2015 will change our society. All, we remain vigilant, to make sure that, on top of the blood of the dead, our society does not choose to sacrifice Human Rights, Free Speech and Privacy, in the name of a securitarian ideology or opportunistic economical interests.

I am the French-speaking Mozilla Community.

Text edited by myself. List of signatures of the French version.


Categorieën: Mozilla-nl planet

Mozilla Release Management Team: Firefox 2015 release schedule

di, 13/01/2015 - 13:02

A final 2015 schedule for Firefox (Desktop, Mobile and ESR) has been defined.
Release owners can be found on the Mozilla wiki but might change during the 2015 year.

Firefox Version Release date Firefox 43 2015-12-15 Firefox 42 2015-11-03 Firefox 41 2015-09-22 Firefox 40 2015-08-11 Firefox 39 2015-06-30 Firefox 38 (ESR base) 2015-05-19 Firefox 37 2015-04-07 Firefox 36 2015-02-24 Firefox 35 2015-01-13

As usual, Desktop, Mobile and ESR are going to be released on the same day.<br /

A calendar containing only the date of the release and the merge is available under XML, iCal and HTML.

In parallel, the detailed calendar is published under various forms: XML, iCal and HTML.

Categorieën: Mozilla-nl planet

Daniel Stenberg: My first year at Mozilla

di, 13/01/2015 - 09:49

January 13th 2014 I started my fiMozilla dinosaur head logorst day at Mozilla. One year ago exactly today.

It still feels like it was just a very short while ago and I keep having this sense of being a beginner at the company, in the source tree and all over.

One year of networking code work that really at least during periods has not progressed as quickly as I would’ve wished for, and I’ve had some really hair-tearing problems and challenges that have taken me sweat and tears to get through. But I am getting through and I’m enjoying every (oh well, let’s say almost every) moment.

During the year I’ve had the chance to meetup with my team mates twice (in Paris and in Portland) and I’ve managed to attend one IETF (in London) and two special HTTP2 design meetings (in London and NYC).

openhub.net counts 47 commits by me in Firefox and that feels like counting high. bugzilla has tracked activity by me in 107 bug reports through the year.

I’ve barely started. I’ll spend the next year as well improving Firefox networking, hopefully with a higher turnout this year. (I don’t mean to make this sound as if Firefox networking is just me, I’m just speaking for my particular part of the networking team and effort and I let the others speak for themselves!)

Onwards and upwards!

Categorieën: Mozilla-nl planet

Daniel Stenberg: My table tennis racket sized phone

di, 13/01/2015 - 08:34

I upgraded my Nexus 5 to a Nexus 6 the other day. It is a biiiig phone, and just to show you how big I made a little picture showing all my Android phones so far using the correct relative sizes. It certainly isn’t very far away from a table tennis racket in size now. My Android track record so far goes like this: HTC Magic, HTC Desire HD, Nexus 4, Nexus 5 and now Nexus 6.

my-androids

As shown, this latest step is probably the biggest relative size change in a single go. If the next step would be as big, imagine the size that would require! (While you think about that, I’ve already done the math: the 6 is 159.3 mm tall, 15.5% taller than the 5’s’ 137.9mm, so adding 15.5% to the Nexus 6 ends up at 184 – only 16 mm shorter than a Nexus 7 in portrait mode… I don’t think I could handle that!)

After the initial size shock, I’m enjoying the large size. It is a bit of a clunker to cram down into my left front-side jeans pocket where I’m used to carry around my device. It is still doable, but not as easy as before and it easily get uncomfortable when sitting down. I guess I need to sit less or change my habit somehow.

This largest phone ever ironically switched to the smallest SIM card size so my micro-SIM had to be replaced with a nano-SIM.

Borked upgrade procedure

Not a single non-Google app got installed in my new device in the process. I strongly suspect it was that “touch the back of another device to copy from” thing that broke it because it didn’t work at all – and when it failed, it did not offer me to restore a copy from backup which I later learned it does if I skip the touch-back step. I ended up manually re-installing my additional 100 or so apps…

My daughter then switched from her Nexus 4 to my (by then) clean-wiped 5.  For her, we skipped that broken back-touch process and she got a nice backup from the 4 restored onto the 5. But she got another nasty surprise: basically over half of her contacts were just gone when she opened the contacts app on the 5, so we had to manually go through the contact list on the old device and re-add them into the new one. The way we did (not even do) it in the 90s…

The Android device installation (and data transfer) process is not perfect yet. Although my brother says he did his two upgrades perfectly smoothly…

Categorieën: Mozilla-nl planet

Ian Bicking: Being A Manager Is Lonely

di, 13/01/2015 - 07:00

Management is new for me. I have spent a lot of time focusing on the craft of programming, now I focus on the people who focus on the craft of programming.

During the fifteen years I’ve been participating in something I’ll call a developer community, I’ve seen a lot of progress. Sometimes we wax nostalgic with an assertion that no progress has been made… but progress has been made. We, as professionals, hobbyists, as passionate practitioners understand much more about how to test, design, package, distribute, collaborate around code. And just about how to talk about it all.

I am a firm believer that much of that progress is due to the internet. There were technological advancements, sure. And there have been books teaching practice. But that’s not enough. There were incredible ideas about programming in the 70s! But there wasn’t the infrastructure to help developers assimilate those ideas.

I put more weight on people learning than on people being taught. If the internet was just a good medium for information dispersal — a better kind of book — then that is nice, but not transformational. The internet is more than that: it’s a place to discuss, and disagree, and watch others discussing. You can be provocative, and then step back and take on a more conservative opinion – a transformation most people would be too shy to commit to print. (As if substantial portion of people have ever had the option to consider what they want to commit to print!)

I think a debate is an opportunity; seldom an opportunity to convince anyone else of what you think, but a chance to understand why you think what you do, to come to a more mature understanding, and maybe create a framework for future changes of opinion. This is why I bristle at the phrase “just choose the right tool for the job” – this phrase is an attempt to shut down the discussion about what the right tool for the job is!

This is a long digression, but I am nostalgic for how I grew into my profession. Nostalgic because now I cannot have this. I cannot discuss my job. I cannot debate the details. I cannot tell anecdotes to elucidate a point. I cannot discuss the policies I am asked to implement – the institutional instructions applied to me and through me. I can only attempt to process my experiences in isolation.

And there are good reasons for this! While this makes me sad, and though I still question if there is not another way, there are very good reasons why I cannot talk about my work. I am in a leadership position, even if only a modest and subordinate leader. There is a great deal of potential for collateral damage in what I say, especially if I talk about the things I am thinking most about. I think most about the tensions in my company, interpreting the motivations of the leadership in the company, I think about the fears I sense in my reports, the unspoken tensions about what is done, expected, aspired to. I can discuss this with the individuals involved, but they are the furthest thing from a disinterested party, and often not in a place to develop collaborative wisdom.

This is perhaps unfair. I work with very thoughtful people. Our work is grounded in a shared mission, which is a powerful thing. But it’s not enough.

Are we, as a community of managers (is there such a thing?) becoming better? Yes, some. There are management consultants and books and other material about management, and there is value in that. But it is not a discussion, it is not easy to assimilate. I don’t get to interact with a community of peers.

On the topic of learning to manage, I have listened to many episodes of Manager Tools now. I’ve learned a lot, and it’s helped me, even if they are more authoritarian than makes me comfortable. I’m writing this now after listening to a two part series: Welcome To They: Professional Subordination and Part 2.

The message in these podcasts is: it is your responsibility as a manager to support the company’s decisions. Not just to execute on them, but to support them, to communicate that support, and if you disagree then you must hide that disagreement in the service of the company. You can disagree up — though even that is fraught with danger — but you can’t disagree down. You must hold yourself apart from your team, putting a wall between you and your team. To your team you are the company, not a peer.

There is a logical consistency to the argument. There is wisdom in it. The impact of complaints filtering up is much different than the impact of complaints filtering down. In some sense as a manager you must manufacture your own consensus for decisions that you cannot affect. You are probably doing your reports a favor by positively communicating decisions, as they will be doing themselves a favor by positively engaging with those decisions. But their advice is clear: if you are asked your opinion, you must agree with the decision, maybe stoically, but you must agree, not just concede. You must speak for the company, not for yourself.

Fuck. Why would I want to sign up for this? The dictate they are giving me is literally making me sad. If it didn’t make any sense then I might feel annoyed. If I thought it represented values I did not share then I might feel angry. But I get it, and so it makes me sad.

Still, I believe in progress. I believe we can do better than we have in the past. I believe in unexplored paths, in options we aren’t ready to compare to present convention, in new ways of thinking about problems that break out of current categories. All this in management too – which is to say, new ways to form and coordinate organizations. I think those ideas are out there. But damn, I don’t know what they are, and I don’t know how to find out, because I don’t know how to talk about what we do and that’s the only place where I know how to start.

Categorieën: Mozilla-nl planet

Joshua Cranmer: Why email is hard, part 8: why email security failed

di, 13/01/2015 - 05:38
This post is part 8 of an intermittent series exploring the difficulties of writing an email client. Part 1 describes a brief history of the infrastructure. Part 2 discusses internationalization. Part 3 discusses MIME. Part 4 discusses email addresses. Part 5 discusses the more general problem of email headers. Part 6 discusses how email security works in practice. Part 7 discusses the problem of trust. This part discusses why email security has largely failed.

At the end of the last part in this series, I posed the question, "Which email security protocol is most popular?" The answer to the question is actually neither S/MIME nor PGP, but a third protocol, DKIM. I haven't brought up DKIM until now because DKIM doesn't try to secure email in the same vein as S/MIME or PGP, but I still consider it relevant to discussing email security.

Unquestionably, DKIM is the only security protocol for email that can be considered successful. There are perhaps 4 billion active email addresses [1]. Of these, about 1-2 billion use DKIM. In contrast, S/MIME can count a few million users, and PGP at best a few hundred thousand. No other security protocols have really caught on past these three. Why did DKIM succeed where the others fail?

DKIM's success stems from its relatively narrow focus. It is nothing more than a cryptographic signature of the message body and a smattering of headers, and is itself stuck in the DKIM-Signature header. It is meant to be applied to messages only on outgoing servers and read and processed at the recipient mail server—it completely bypasses clients. That it bypasses clients allows it to solve the problem of key discovery and key management very easily (public keys are stored in DNS, which is already a key part of mail delivery), and its role in spam filtering is strong motivation to get it implemented quickly (it is 7 years old as of this writing). It's also simple: this one paragraph description is basically all you need to know [2].

The failure of S/MIME and PGP to see large deployment is certainly a large topic of discussion on myriads of cryptography enthusiast mailing lists, which often like to partake in propositions of new end-to-end encryption of email paradigms, such as the recent DIME proposal. Quite frankly, all of these solutions suffer broadly from at least the same 5 fundamental weaknesses, and I see it unlikely that a protocol will come about that can fix these weaknesses well enough to become successful.

The first weakness, and one I've harped about many times already, is UI. Most email security UI is abysmal and generally at best usable only by enthusiasts. At least some of this is endemic to security: while it mean seem obvious how to convey what an email signature or an encrypted email signifies, how do you convey the distinctions between sign-and-encrypt, encrypt-and-sign, or an S/MIME triple wrap? The Web of Trust model used by PGP (and many other proposals) is even worse, in that inherently requires users to do other actions out-of-band of email to work properly.

Trust is the second weakness. Consider that, for all intents and purposes, the email address is the unique identifier on the Internet. By extension, that implies that a lot of services are ultimately predicated on the notion that the ability to receive and respond to an email is a sufficient means to identify an individual. However, the entire purpose of secure email, or at least of end-to-end encryption, is subtly based on the fact that other people in fact have access to your mailbox, thus destroying the most natural ways to build trust models on the Internet. The quest for anonymity or privacy also renders untenable many other plausible ways to establish trust (e.g., phone verification or government-issued ID cards).

Key discovery is another weakness, although it's arguably the easiest one to solve. If you try to keep discovery independent of trust, the problem of key discovery is merely picking a protocol to publish and another one to find keys. Some of these already exist: PGP key servers, for example, or using DANE to publish S/MIME or PGP keys.

Key management, on the other hand, is a more troubling weakness. S/MIME, for example, basically works without issue if you have a certificate, but managing to get an S/MIME certificate is a daunting task (necessitated, in part, by its trust model—see how these issues all intertwine?). This is also where it's easy to say that webmail is an unsolvable problem, but on further reflection, I'm not sure I agree with that statement anymore. One solution is just storing the private key with the webmail provider (you're trusting them as an email client, after all), but it's also not impossible to imagine using phones or flash drives as keystores. Other key management factors are more difficult to solve: people who lose their private keys or key rollover create thorny issues. There is also the difficulty of managing user expectations: if I forget my password to most sites (even my email provider), I can usually get it reset somehow, but when a private key is lost, the user is totally and completely out of luck.

Of course, there is one glaring and almost completely insurmountable problem. Encrypted email fundamentally precludes certain features that we have come to take for granted. The lesser known is server-side search and filtration. While there exist some mechanisms to do search on encrypted text, those mechanisms rely on the fact that you can manipulate the text to change the message, destroying the integrity feature of secure email. They also tend to be fairly expensive. It's easy to just say "who needs server-side stuff?", but the contingent of people who do email on smartphones would not be happy to have to pay the transfer rates to download all the messages in their folder just to find one little email, nor the energy costs of doing it on the phone. And those who have really large folders—Fastmail has a design point of 1,000,000 in a single folder—would still prefer to not have to transfer all their mail even on desktops.

The more well-known feature that would disappear is spam filtration. Consider that 90% of all email is spam, and if you think your spam folder is too slim for that to be true, it's because your spam folder only contains messages that your email provider wasn't sure were spam. The loss of server-side spam filtering would dramatically increase the cost of spam (a 10% reduction in efficiency would double the amount of server storage, per my calculations), and client-side spam filtering is quite literally too slow [3] and too costly (remember smartphones? Imagine having your email take 10 times as much energy and bandwidth) to be a tenable option. And privacy or anonymity tends to be an invitation to abuse (cf. Tor and Wikipedia). Proposed solutions to the spam problem are so common that there is a checklist containing most of the objections.

When you consider all of those weaknesses, it is easy to be pessimistic about the possibility of wide deployment of powerful email security solutions. The strongest future—all email is encrypted, including metadata—is probably impossible or at least woefully impractical. That said, if you weaken some of the assumptions (say, don't desire all or most traffic to be encrypted), then solutions seem possible if difficult.

This concludes my discussion of email security, at least until things change for the better. I don't have a topic for the next part in this series picked out (this part actually concludes the set I knew I wanted to discuss when I started), although OAuth and DMARC are two topics that have been bugging me enough recently to consider writing about. They also have the unfortunate side effect of being things likely to see changes in the near future, unlike most of the topics I've discussed so far. But rest assured that I will find more difficulties in the email infrastructure to write about before long!

[1] All of these numbers are crude estimates and are accurate to only an order of magnitude. To justify my choices: I assume 1 email address per Internet user (this overestimates the developing world and underestimates the developed world). The largest webmail providers have given numbers that claim to be 1 billion active accounts between them, and all of them use DKIM. S/MIME is guessed by assuming that any smartcard deployment supports S/MIME, and noting that the US Department of Defense and Estonia's digital ID project are both heavy users of such smartcards. PGP is estimated from the size of the strong set and old numbers on the reachable set from the core Web of Trust.
[2] Ever since last April, it's become impossible to mention DKIM without referring to DMARC, as a result of Yahoo's controversial DMARC policy. A proper discussion of DMARC (and why what Yahoo did was controversial) requires explaining the mail transmission architecture and spam, however, so I'll defer that to a later post. It's also possible that changes in this space could happen within the next year.
[3] According to a former GMail spam employee, if it takes you as long as three minutes to calculate reputation, the spammer wins.

Categorieën: Mozilla-nl planet

Hannah Kane: I need to reprint my business cards

di, 13/01/2015 - 02:37

Okay, so I don’t actually have business cards, but on this morning’s All Mofo call, it was announced that I’m leaving the wonderful Engagement team to serve as a product manager for the equally wonderful Learning Networks team. So, if I had business cards, I’d need new ones.

This is, for obvious reasons, bittersweet. I’ve LOVED working with the engaging folks on the Engagement team, and it provided a fantastic vantage point for learning the ins and outs of Mofo. I’m sending a big heartfelt thank you to Geoffrey and Co. for being so dang awsm to me ever since I joined.

Fortunately for me, I’m not going far. I’ve been admiring the work of both the Mentor Networks and the Product teams from a distance, so I’m thrilled with my new spot right smack in the middle of them.

Wait….Hannah, what do you know about product management? And Learning Networks?

It might seem strange at first blush, since I’ve been talking about scrum mastering and engagement-y stuff on this blog so far. But, lest you think I’m totally unqualified, let me share a few relevant experiences I haven’t shared here before:

  • I was a Product Owner at my last job. “Product Owner” is a title specific to Scrum shops, but it’s got a whole lot in common with Product Manager. Working with devs? Check! UI and UX designers? Yup, them too. End users and stakeholders? Love ‘em. Caring about product adoption rates, product marketing, and customer service? For sure, uh huh, no doubt.
  • I have experience shepherding a product to serve a local groups-based organizing model, much like the vision for Webmaker Clubs. I hope to bring useful knowledge from that project, drawing on both successes and failures (because, hey, “what not to do” lists are useful, too!)
  • While I won’t be contributing in this way, I do have a bit of experience as a trainer—I’ve developed and delivered service-learning and social justice careers curricula to kids, college students, and adults. I’m nowhere near as savvy as our #TeachTheWeb team, but I can promise to keep the needs of the mentors at the forefront of my brain.

OK, so what are you going to be working on?

The Big Picture answer is: developing products that serve the needs of our constituents in our ground game programs (Hive, Webmaker Clubs, Maker Parties). These products will be separate from, but complementary of, the Learning Products, which serve independent learners who aren’t (yet!) affiliated with our ground game programs.

In the short term, my top priorities are:

  • Building a new home for all of our teaching resources and a launching point for all of our ground game programs (teach.webmaker.org). v1 will be a re-org of our existing content, so we’ve launched a small user research study (you may have seen Lucy’s recent email to the Webmaker listserv asking for volunteers). The participants are doing a virtual version of what’s called a “card sorting” activity to help us understand their mental models around all of the content we currently have. The results will inform the information architecture for Teach.w.o v1.
  • Launching a platform for local groups (i.e. Clubs and potentially Hives). Q1 is about two flavors of research: 1) Developing a deep, nuanced understanding of our own business needs and the needs of our users—in this case, the Club Leaders in the Q1 Pilot. 2) Investigating off-the-shelf options for the platform.
  • Iterating on our credentials platform. Again, this starts with developing a deep, shared understanding of business needs. Stakeholder kick-off meeting coming soon!

I’m so very excited to be working on these things. Like, I’m seriously being a nerd about it all.

At the same time, I’m already missing my Engagement team buddies (though that’s tempered by the fact that I still get to work with nearly all of them :)).

Questions? Want to discuss the Learning Networks products? Hit me up.


Categorieën: Mozilla-nl planet

Pagina's