We Win

Mozilla has been making a big effort in the past few years to make privacy and data (ab)use a first-class concern in the public consciousness. I think we can safely say that when a staid company like Barclays Bank is using dancing vegetables on national broadcast TV in a privacy-focussed advert, we have won that battle…

Mozilla All Hands

Today, from across the world, Mozillians are gathering in San Francisco for our six-monthly All Hands. For obvious reasons, I won’t be able to be there, so I want to wish all the best to everyone, and I am confident that more awesome ideas for rocking the free web will emerge from their deliberations. Each year brings different grey clouds to the sky, and requires us to adjust our strategy and tactics to deal with new threats. Some we win and a few we lose, but it’s clear that the world and the web are much better places with Mozilla in them fighting for what is right.

A Case for the Total Abolition of Software Patents

A little while back, I wrote a piece outlining the case for the total abolition (or non-introduction) of software patents, as seen through the lens of “promoting innovation”. Few of the arguments are new, but the “Narrow Road to Patent Goodness” presentation of the information is quite novel as far as I know, and may form a good basis for anyone trying to explain all the possible problems with software (or other) patents.

You can find it on my website.

In the Navel of the Moon

Question: which country’s name translates literally as “In the Navel of the Moon”?

I recently came across this fascinating map which gives the literal translation of every country name. Some are very pedestrian, but some are fascinating. (I’m not sure why it’s on a site dedicated to comparing credit cards, but other places I’ve found it give them the credit. If this is an SEO thing, I’m happy to reward them for producing decent content…) Most appropriately, Canada apparently means “The Village”…

Happy Birthday, Mozilla

Mozilla is 20 today. Most of what can be said about that has been ably said by others, some of whom have been involved for even longer than the 18 years I managed. Asa and I started at roughly the same time, but at least Mitchell, Myk and dmose have been around longer and are still involved. (Apologies if I’ve forgotten someone.)

As most of you know, I probably won’t be around to see much more of it, but (this will seem trite if it’s not to seem big-headed!) Mozilla is much more than one or even a few people. There will always be a Mozilla as long as there is an Internet and people who care about people on it. In that vein, let me also say that I’m absolutely delighted with the final outcome of the worldview project. The four items in the addendum to the Manifesto are admirable goals to aim for, and ones I endorse wholeheartedly.

Poetic License

I found this when going through old documents. It looks like I wrote it and never posted it. Perhaps I didn’t consider it finished at the time. But looking at it now, I think it’s good enough to share. It’s a redrafting of the BSD licence, in poetic form. Maybe I had plans to do other licences one day; I can’t remember.

I’ve interleaved it with the original license text so you can see how true, or otherwise, I’ve been to it. Enjoy :-)

Copyright (c) <YEAR>, <OWNER>
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions 
are met:

You may redistribute and use –
as source or binary, as you choose,
and with some changes or without –
this software; let there be no doubt.
But you must meet conditions three,
if in compliance you wish to be.

1. Redistributions of source code must retain the above copyright 
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright 
  notice, this list of conditions and the following disclaimer in the 
  documentation and/or other materials provided with the distribution.
3. Neither the name of the <ORGANIZATION> nor the names of its 
   contributors may be used to endorse or promote products derived 
   from this software without specific prior written permission.

The first is obvious, of course –
To keep this text within the source.
The second is for binaries
Place in the docs a copy, please.
A moral lesson from this ode –
Don’t strip the copyright on code.

The third applies when you promote:
You must not take, from us who wrote,
our names and make it seem as true
we like or love your version too.
(Unless, of course, you contact us
And get our written assensus.)

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
POSSIBILITY OF SUCH DAMAGE.

One final point to be laid out
(You must forgive my need to shout):
THERE IS NO WARRANTY FOR THIS
WHATEVER THING MAY GO AMISS.
EXPRESS, IMPLIED, IT’S ALL THE SAME –
RESPONSIBILITY DISCLAIMED.

WE ARE NOT LIABLE FOR LOSS
NO MATTER HOW INCURRED THE COST
THE TYPE OR STYLE OF DAMAGE DONE
WHATE’ER THE LEGAL THEORY SPUN.
THIS STILL REMAINS AS TRUE IF YOU
INFORM US WHAT YOU PLAN TO DO.

When all is told, we sum up thus –
Do what you like, just don’t sue us.

To Planet Mozilla Readers

This is a quick note addressed to those reading this blog via a subscription to Planet Mozilla. Following my stepping back from the Mozilla project, posts to this blog are unlikely to feature Mozilla-related content in the future, and will instead be about, well, what it’s like to be dying :-) I therefore won’t be syndicating them. If you wish to keep reading what I write, you may want to take a direct subscription. Here’s my direct feed.

Going Home

I’m going home.

As some of my readers will know, my cancer (read that link if the fact I have cancer is new to you) has been causing difficulty in my liver this year, and recently we had a meeting with my consultant to plot a way forward. He said that recent scans had shown an increased growth rate of some tumours (including the liver one), and that has overwhelmed my body’s ability to cope with the changes cancer brings. The last two months have seen various new symptoms and a reasonably rapid decline in my general health. The next two months will be more of the same unless something is done.

After some unsuccessful procedures on my liver over the course of this year, the last option is radiotherapy to try and shrink the problem tumour; we are investigating that this week. But even if that succeeds, the improvement will be relatively short-lived – perhaps 3-6 months – as the regrowth rate will be faster. If radiotherapy is not feasible or doesn’t work, the timelines are rather shorter than that. My death is not imminent, but either way I am unlikely to see out 2018. In all this, my wife, my children and I are confident that God is in charge and his purposes are good, and we can trust him and not be afraid of what is coming. We don’t know what the future holds for each of us, but he does.

We’ve taken this news as a sign to make some significant changes. The most relevant to readers of this blog is that I am stepping away from Mozilla so I can spend more time focussed on the most important things – my relationships with Jesus, and with my family. I love my work, and God has blessed my time at Mozilla and enabled me to do much which I think have been good for the Internet and the world. However, there are things in life which are much more important, and it’s now time for others to take up those projects and causes and carry them into the future. I have every confidence in my colleagues and fellow Mozillians that this will be done with the greatest care and skill. The CA program, MOSS, and Mozilla’s policy work are all in very good hands.

If you pray, please pray that we would make wise decisions about what to do when, and that we would live through this process in a way that brings glory to Jesus.

In case it’s of interest, we have set up a read-only mailing list which people can join to keep informed about what is going on, and to hear a bit about how we are handling this and what we would like prayer for. You can subscribe to the list using that link, if you have a Google account. If you don’t you can still join by emailing lightandmomentary+subscribe@googlegroups.com.

“Though outwardly we are wasting away, yet inwardly we are being renewed day by day. For our light and momentary troubles are achieving for us an eternal glory that far outweighs them all. So we fix our eyes not on what is seen, but on what is unseen, since what is seen is temporary, but what is unseen is eternal.” — 2 Cor 4:16-18.

If I have done anything good in 18 years at Mozilla, may God get all the glory.

Talk Scheduling At Conferences

I’m at FOSDEM this weekend; it’s a large conference. They seem to find one or two new rooms to use every year, and it now sprawls across most of the ULB campus in Brussels.

It has rather surprised me that several otherwise experienced and excellent devroom organizers (naming no names) have organized their rooms on the mistaken belief that switching between speakers, and having people exit and enter the room, happens instantaneously. It doesn’t.

If you schedule your talks in 25 or 55 minute slots (including Q&A) instead of 30 or 60 minute slots, you benefit yourselves, your audiences, and the whole conference in the following ways:

  • Attendees don’t feel they have to leave the talk in your room before the end in order to be sure of catching the beginning of the next talk somewhere else, thereby disrupting the talk, missing the last bits of content (perhaps the all-important summary) and missing the chance to thank the speaker.
  • Attendees can enter and leave the room without feeling they are being rushed or have to be totally silent. (“Please be quiet while entering and leaving/during the Q&A” really doesn’t work.)
  • Room organizers have time to encourage people to move to the middle, or other compression strategies, and pack their rooms for maximum benefit.
  • Whoever is helping you with audio-visual can switch over laptops and get microphones moved over without disrupting the end of the previous talk or making the next speaker start late.
  • Attendees released from your room do not turn up at a different room 5 minutes after the start, thereby disrupting their talks. Love your neighbour.

If you don’t do this, and schedule in 30 minute slots, what happens is that people actually still get 25 minutes or less to speak, as changeovers still have to happen, but the speaker ends up starting late, rushed and grumpy and no-one really knows when they need to finish. 30 minute slots are an illusion. 10 minute/5 minute/2 minute/Time’s Up! cards are a very useful addition to this system, so the speaker knows exactly where they are. If they don’t finish in time and have to be cut off, then they need to be gently encouraged to prepare better next time.

It may be that 5 minutes is not long enough for people to get from one side of the conference campus to the other, and so the issues are not totally suppressed. But there’s only so much you can do, and giving people 5 minutes is much better than giving them 0 minutes.

Transparent Suitcases Hack

When our boys (now nearly 6, nearly 5 and nearly 3) first got old enough that it made sense to pack them each a bag when we went away, we found it hard to find something suitable. We ended up using some transparent plastic rectangular zippered bags with handles, which had originally held mattress covers when on sale in a shop. These were just the right size, and it turns out that having a transparent suitcase for kids is really rather handy for a number of reasons.

However, mattress cover bags were not really designed for reuse and, despite the liberal application of clear Duck tape and cardboard patches, soon they were definitely showing the wear and tear.

All their birthdays are in a 40-day period over Feb/March, so we decided we’d get them all transparent suitcases this year. After all, someone must sell those, right? Turns out, not. Most people apparently don’t want strangers peering at their dirty underwear in the airport security queue. Funny, that.

So I came up with a hack. Start with a “Really Useful” box of an appropriate size. (You’re better off with an original; these are much imitated but never bettered.) We used their 21 litre box; you may want larger or smaller. Such a box can be carried by the sides, but not with one hand, and the span is a bit tough for the younger ones. So we need something else.

Remove any ugly sticky labels the shop may have attached, and drill a couple of holes half way up one side at the edges of the central section.

I find drilling plastic is a slightly uncertain art; if you use too much speed you’ll melt it, and if you press too hard you can crack it, or get stuck swarf. I did get swarf stuck around the holes so they weren’t clean, but mostly cleaned that up with a little light Dremel-ing.

Next, you need some plastic pipe – wide enough that it’s comfortable to hold, but narrow enough that the handles don’t protrude too far or that little hands can’t get around it. I bought this, as being cheap and about the right size. Cut it to a length around 4cm short of the hole-to-hole distance.

Then, you need some plastic rope – I bought 6mm plastic rope (and drilled hole sizes to match) but anything strong enough to take the weight will do, as the kids aren’t holding it directly. (We could have done that, but it’s not very easy on the hands.)

Plastic rope is cheap and strong, but has the disadvantage of fraying ends, of not taking knots well, and I didn’t want to try melting it to itself. After a bit of thought, it turned out that electrician’s tape bound tightly round stops the ends fraying, and the same technique can be used to join a length of rope to itself. (My wife pointed out, as I proudly displayed the finished work, that I should have sourced some white electrician’s tape. Oops.)

So cut the rope to a generous length (3 times the hole-hole distance), bind round one end and trim, and place through the holes and the pipe. Then, inside, pull the rope tight so each loose end almost reaches the opposite hole, mark the spot, bind round again and cut at the top of the bind. You now have nicely-finished rope and a handle – the only remaining job is to stop it coming out of the holes.

Loosening it off some (you need enough play for kids to get their hands under the handle, and if it’s too tight you can’t get the roll of electrician’s tape round behind it) put a small piece of tape to join the two ends at the point half way between the holes. Having this makes it much easier to do the wind-round binding without the rope slipping.

Then, starting at once end with a few turns on top of itself, spiral-wind the electrician’s tape around both pieces, proceeding from one loose end to the other, making sure to pull it tight all the time. The result is a binding which I hope will support the weight of any sensible thing they are considering putting in there – and, if it turns out not, I can pull the tape off and try something else.

The finishing touch is to personalise them – it was harder than I thought to find name stickers of the right size, as most are too tiny (designed for books or small objects) or too large (designed for walls). But Amazon came to my rescue, and I ordered 3 of these (well actually, I ordered another item from the same company, but that’s what they sent me, and it worked perfectly!), which come in pairs, and I used their favourite colours. I placed one on the lid and one just above the handle.

Being sure to apply the decal from one side to the other rather than from sides to middle (to avoid unsightly creases), I lined them up, stuck them on, rubbed them down hard, removed the backing paper and Bob is your mother’s brother.

As well as doubling as under-bed storage when not travelling, and being neat and eye-catching when out and about, these also stack nicely in the car, easing the complex problem I face whenever the whole family has to fit everything they need for a week in our Ford Galaxy. I hope they enjoy using them for many years :-) Cost per suitcase: ~£15.

Meeting a Slow Doom

This directory provides a branchless, mov-only version of the classic DOOM video game. This is thought to be entirely secure against the Meltdown and Spectre CPU vulnerabilities, which require speculative execution on branch instructions.

You look at the example screenshot, and see it’s basically the game’s initial view. A bit lazy on the part of the author? Well, no…

The mov-only DOOM renders approximately one frame every 7 hours, so playing this version requires somewhat increased patience.

MOSS Q4 2017 Update

We’ve just published MOSS’s Q4 2017 update, bringing you up to speed on what’s going on in the world of MOSS (Mozilla Open Source Support, our program for giving back to the open source and free software community).

The application deadline for the next round is at the end of this month. If you know a project that Mozilla is using somehow that could do with some financial help, or a project that’s working on something in line with Mozilla’s mission and goals, please do encourage them to apply.

Seeking SOS Fund Projects

I’m spending some time over the next few days looking for the next round of projects which might benefit from an SOS Fund security audit. (Here‘s what’s been done and published so far; a few more are in the works.) The criteria for what makes a good project are recorded on the MOSS website. We have two hard-and-fast criteria:

  • The software must be open source/free software, with a license that is OSI-certified and/or FSF-approved
  • The software must be actively maintained

And then we have a series of factors we consider when evaluating an application:

  • How commonly used is the software?
  • Is the software network-facing or does it regularly process untrusted data?
  • How vital is the software to the continued functioning of the Internet or the Web?
  • Is the project known for something besides the code we are relying on?
  • Does the software depend on closed-source code, e.g. in a web service?
  • Are the software’s maintainers aware of and supportive of the application for support from the SOS fund?
  • Has the software been audited before? If so, when and how extensively? Was the audit made public? If so, where?
  • Does the software have existing corporate backing or involvement?

People do have a tendency to suggest the entirely impractical, such as “Linux Mint” or “Copperhead OS”. We aren’t able to do full audits on corpuses of software of that size. In general, if it’s more than about 200kloc, we are going to have to pick and choose.

If you know of a project which fits, please submit a suggestion, or drop me an email. Thanks!

A New Scam?

I got this email recently; I’m 99% sure it’s some new kind of scam, but it’s not one I’ve seen before. Anyone have any info? Seems like it’s not totally automated, and targets Christians. Or perhaps it’s some sort of cult recruitment? The email address looks very computer-generated (firstnamelastnamesixdigits@gmail.com).

Good morning,

I am writing in accordance to my favourite Christian website, I could do with sending you some documents regarding Christ. I am a Christian since the age of 28, when I got a knock at the door at my house by a group of males asking me to come to a Christian related event, I of course graciously accepted.

I have since opened up about my homosexuality which my local church somewhat accepted, as I am of course, one of the most devout members of the Church. I am very grateful to the church for helping me discover whom I really was at a time where I needed to discover who I was the most.

I would like to obtain your most recent address, as I have seen on your website that you have recently moved house (as of 2016) to a Loughborough address. I would like to send you some documents regarding my struggles with depression and then finding God and how much he helped me discover my real identity.

I thank you very much for your aid in helping me find God and Christ within myself, as you helped me a lot with your website and your various struggles, which gave me strength to succeed and to carry on in the name of Jesus Christ, our Lord and Saviour.

Hope to hear a reply soon,

Kind regards,

<name>

The Ukulele Orchestra of Great Britain

The Ukulele Orchestra of Great Britain come highly recommended. My wife and I saw them last night in Leicester’s De Montfort Hall, and had a wonderful time. They take themselves only semi-seriously, and play a wide range of music; if you’ve never heard Blur’s Song2 played on a bank of eight massed ukuleles, your cultural education is not complete.

They play all around the world, so hopefully there’s a date near you in the next six months.