Seeking SOS Fund Projects

I’m spending some time over the next few days looking for the next round of projects which might benefit from an SOS Fund security audit. (Here‘s what’s been done and published so far; a few more are in the works.) The criteria for what makes a good project are recorded on the MOSS website. We have two hard-and-fast criteria:

  • The software must be open source/free software, with a license that is OSI-certified and/or FSF-approved
  • The software must be actively maintained

And then we have a series of factors we consider when evaluating an application:

  • How commonly used is the software?
  • Is the software network-facing or does it regularly process untrusted data?
  • How vital is the software to the continued functioning of the Internet or the Web?
  • Is the project known for something besides the code we are relying on?
  • Does the software depend on closed-source code, e.g. in a web service?
  • Are the software’s maintainers aware of and supportive of the application for support from the SOS fund?
  • Has the software been audited before? If so, when and how extensively? Was the audit made public? If so, where?
  • Does the software have existing corporate backing or involvement?

People do have a tendency to suggest the entirely impractical, such as “Linux Mint” or “Copperhead OS”. We aren’t able to do full audits on corpuses of software of that size. In general, if it’s more than about 200kloc, we are going to have to pick and choose.

If you know of a project which fits, please submit a suggestion, or drop me an email. Thanks!

A New Scam?

I got this email recently; I’m 99% sure it’s some new kind of scam, but it’s not one I’ve seen before. Anyone have any info? Seems like it’s not totally automated, and targets Christians. Or perhaps it’s some sort of cult recruitment? The email address looks very computer-generated (firstnamelastnamesixdigits@gmail.com).

Good morning,

I am writing in accordance to my favourite Christian website, I could do with sending you some documents regarding Christ. I am a Christian since the age of 28, when I got a knock at the door at my house by a group of males asking me to come to a Christian related event, I of course graciously accepted.

I have since opened up about my homosexuality which my local church somewhat accepted, as I am of course, one of the most devout members of the Church. I am very grateful to the church for helping me discover whom I really was at a time where I needed to discover who I was the most.

I would like to obtain your most recent address, as I have seen on your website that you have recently moved house (as of 2016) to a Loughborough address. I would like to send you some documents regarding my struggles with depression and then finding God and how much he helped me discover my real identity.

I thank you very much for your aid in helping me find God and Christ within myself, as you helped me a lot with your website and your various struggles, which gave me strength to succeed and to carry on in the name of Jesus Christ, our Lord and Saviour.

Hope to hear a reply soon,

Kind regards,

<name>

The Ukulele Orchestra of Great Britain

The Ukulele Orchestra of Great Britain come highly recommended. My wife and I saw them last night in Leicester’s De Montfort Hall, and had a wonderful time. They take themselves only semi-seriously, and play a wide range of music; if you’ve never heard Blur’s Song2 played on a bank of eight massed ukuleles, your cultural education is not complete.

They play all around the world, so hopefully there’s a date near you in the next six months.

The Future Path of Censorship

On Saturday, I attended the excellent ORGCon in London, put on by the Open Rights Group. This was a conference with a single track and a full roster of speakers – no breakouts, no seminars. And it was very enjoyable, with interesting contributions from names I hadn’t heard before.

One of those was Jamie Bartlett, who works at the think tank Demos. He gave some very interesting insights into the nature and future of extremism. he talked about the dissolving of the centre-left/centre-right consensus in the UK, and the rise of views further out on the wings of politics. He feels this is a good thing, as this is always the source of political change, but it seems like the ability and scope to express those views is being reduced and suppressed.

He (correctly, in my view) identified the recent raising by Amber Rudd, the Home Secretary, of the penalty for looking at extremist content on the web to 15 years as a sign of weakness, because they know they can’t actually stop people looking using censorship so have to scare them instead.

The insight which particularly stuck with me was the following. He suggested that in the next decade in the West, two things will happen to censorship. Firstly, it will get more draconian, as governments try harder to suppress things and pass more laws requiring ISPs to censor people’s feeds. Secondly, it will get less effective, as tools like Tor and VPNs become more mainstream and easier to use. This is a concerning combination for those concerned about freedom of speech.

Accidental Bitcoin Speculation

I had to pay a ransomware bill in February 2015. I bought the right amount of Bitcoin but, like many people, forgot about the transfer fee, so some kind person donated me 0.005 BTC. This means once I was done, my Bitcoin wallet wasn’t totally empty. I have just logged into it again for the first time since, and found that the value of Bitcoin has gone up 28x since then, and so that small amount is now worth… £21.94 (US$28.91). I guess I’m an accidental Bitcoin speculator…

Submitting comments to the UK Algorithms Inquiry

Algorithms, machine learning, artificial intelligence, and other code-driven decision-making are increasingly hot topics for policymakers across the globe. The latest request for information came from the House of Commons Science and Technology Select Committee of the UK Parliament – a cross party body holding an inquiry into the use of algorithms in public and business decision making. Last week, Mozilla submitted comments, written by me and edited/improved by Heather West, on how we think about the intersection of algorithms and policy.

Join OpenStreetMap UK

OpenStreetMap is the world’s premier provider of free-as-in-freedom mapping and routing data, with a data density in many places which far surpasses all proprietary providers. Here, for example, is the centre of Kampala, Uganda, Africa:

They have chapters around the world, and one was recently set up in the home of OSM, the UK. Joining is only £5 a year; please consider joining and supporting them in this way if you use OSM data at all or are interested in the project.

MOSS Conflict of Interest Rules

We decided to implement a lightweight Conflict of Interest policy for the MOSS Committees, not because we have had problems, but because we’d like never to have them :-) They are based loosely on the Wikipedia ones, and are here for anyone to use who wants them (CC-0).

MOSS Conflict of Interest Rules (v1.0)

As a committee member, you must:

1. Disclose actively if you are receiving, will receive, or have received in the past 5 years payment or anything of value from an applicant or their project;

2. Disclose actively if any family member, spouse, partner, business associate, significant other, close friend, or their organizations or employers would benefit from the approval of an application;

3. Answer fully and honestly any relevant and appropriate questions about potential conflicts of interest when discussing an application;

4. Disclose actively if your approval or disapproval of an application could be perceived by others or the public as improper, because even the perception of a conflict or unauthorized personal gain needs to be disclosed;

5. Not approve applications for personal gain.

Under the above rules, a person should “disclose actively” a potential or actual conflict of interest. To “disclose actively” means (1) to report the conflict to the MOSS Administrator; and (2) to do so explicitly and as soon as the conflict is known.

The MOSS Administrator will assess the conflict and, if it is judged to be material, will report it or request that the member report it to the committee.

How One Tweet Can Ruin Your Life

This video is pretty awesome throughout, but the pinnacle is at the end:

The great thing about social media was how it gave a voice to voiceless people, but we’re now creating a surveillance society, where the smartest way to survive is to go back to being voiceless. Let’s not do that. — Jon Ronson

Turns Out, Custom T-Shirts Are Cheap

The final party at the recent Mozilla All Hands, organized by the ever-awesome Brianna Mark, had a “Your Favourite Scientist” theme. I’ve always been incredibly impressed by Charles Babbage, the English father of the digital programmable computer. And he was a Christian, as well. However, I didn’t really want to drag formal evening wear all the way to San Francisco.

Instead, I made some PDFs in 30 minutes and had a Babbage-themed t-shirt made up by VistaPrint, for the surprising and very reasonable sum of around £11, with delivery inside a week. I had no idea one-off custom t-shirts were so cheap. I must think of other uses for this information. Anyway, here’s the front:

and the back:

The diagram is, of course, part of his original plans for his Difference Engline. Terrible joke, but there you go. The font is Tangerine. Sadly, the theme was not as popular as the Steampunk one we did a couple of All Hands ago, and there weren’t that many people in costume. And the Academy of Sciences was cold enough that I had my hoodie on most of the time…

My Addons (2)

My last post on this topic aroused some interest. Here’s the current status of my addons, according to my research.

Name

u

Legacy?

No-e10s?

Solution

Adblock Plus

Y

N

They seem to be working on it. Install from here but you need to disable addon signing.

Bookmarklets Context Menu

N

N

Works

Cleanest Addon
Manager

Y

N

Emailed author, but port very unlikely to be possible due to lack of API to alter chrome

HTTPS
Everywhere

Y

N

They seem to be working on it

JSONView

Y

N

Enable Firefox’s built-in JSON viewer

Mailman-admin-helper

N

N

Works


Qotter Copy & Show

N

N

Works

Send to
Kodi

Y

N

Bug filed, author says he’s planning to do it, but no progress; port should be possible


Vidyo Replay Download

N

N

Works

Wayback Machine

N

N

Works

1-Click YouTube Video
Downloader

Y

Y

Switch to YouTube Video and Audio Downloader

About
Startup

Y

Y

Emailed author: not possible to port to WebExtensions

Activity
Stream

N

N

Works

Advertising Cookie Opt-Out

Y

Y

Replaced by this addon, but that one is still legacy. Asked my Google contact to file a bug.

AutoAuth

Y

Y

Addon has ceased development due to the changes :-(; Chrome option “has a plan for Firefox”.

AutoHiDPI

Y

Y

Bug filed, author will look into it but no progress; port may not be possible due to lack of arbitrary pref API

Expiry
Canary

Y

Y

My addon; I believe it’s not possible to update due to lack of SSL APIs in WebExtensions

geckoprofiler

Y

N

New version available from here

Google
Translator for Firefox

Y

Y

Switch to Google Translator (webextension)

HTTP
Logout

Y

Y

Perhaps some interest; emailed author, who says he has little time

Jidesha

Y

Y

Enables screensharing; not needed since Firefox 52

LinkChecker

Y

Y

Original website gone away; can’t find non-legacy alternative

Live HTTP
Headers

Y

Y

Use Firefox’s dev tools

Mass Password Reset

Y

Y

Abandoned by authors; doesn’t seem like there are password APIs

Min
Vid

N

N

Works

MoCo
Authorizer

Y

Y

Emailed author; seems like some function may be portable but not all

MoCo SSO Tweaks

Y

N

Mozilla is moving away from Okta

No Flash

Y

Y

Bug filed; it may be that the extension is no longer needed

RESTClient

Y

Y

Switch to RESTED

Tab Center

N

N

Works

Test Pilot

N

N

Works

TiddlyWiki for Firefox

Y

Y

Bug filed on e10s work but no progress; porting would be a very big job

UAControl

Y

Y

Switch to User Agent Switcher (revived) and Custom UserAgent String

Ubuntu Modifications

Y

Y

Ignore; doesn’t do anything useful

User Agent Switcher

Y

Y

Switch to User Agent Switcher (revived) and Custom UserAgent String

User Agent JS Fixer

Y

Y

Switch to User Agent Switcher (revived) and Custom UserAgent String

YouTube Downloader – 4K Download

Y

Y

Switch to YouTube Video and Audio Downloader

So the situation is not terrible, but it’s not awesome either. Several useful extensions, particularly those that modify the chrome or the browser behaviour, or which tweak prefs, are simply not replaceable in the new world.