Yesterday, I read a nice blog post by Alex Clark outlining his experience setting up an instance of Zamboni (the Mozilla Add-ons codebase). The main source of confusion was that Zamboni, like most Django-based Mozilla web applications, uses something we call a vendor library to deploy their third-party library dependencies, as opposed to installing them from PyPI using pip.

Alex writes:

I would LOVE to see PyPI become a place that Mozilla felt confident it could use to deploy Python software.

I am happy about this conversation-starter and would like to contribute some of our reasoning for using a “vendor library” over pip requirements files. I, too, am not a huge fan of the vendor library, but understand how it solves some of the problems we’ve been having with plain PyPI at Mozilla.

Let’s discuss some of our main concerns and how the vendor library solves (or does not solve) them for us.
Read on »

This is me, reading a Firefox-themed QR Code with my cell phone.

After getting the idea from this excellent blog post, I made a QR code pointing to mozilla.org/firefox, sporting a nice little Firefox logo in the middle.

For the geeks among you who would like the 411, this works because QR codes have a certain degree of redundancy for error correction. The logo in the middle is considered an “error” and thus, the rest of the code is used to puzzle together the information in the code anyway.

Try it out with your smart phone (on Android, with an app like Barcode Scanner), it really works!

I am a fan of Words with Friends, a Scrabble clone made by Zynga (of FarmVille fame). The app’s competitive edge is the availability across platforms (iOS and Android). In the same, cross-platform, spirit, they recently started offering a Facebook app, so people can waste their time not only when they are out and about, but also wherever they have access to a full-blown computer. Unfortunately, clicking on the Words With Friends Facebook app leads to this screen:

My Facebook session is SSL-encrypted by default, but Words with Friends requires me to disable this encryption. This is wrong on many levels. Most notably, if I disable “secure browsing” on Facebook altogether, even only for this session, my session cookie will be sent in plain text over the wire (or worse, on Wifi, over the air). If I do this at a coffee shop or airport, this is a great invitation for every evildoer in the general vicinity to hijack my Facebook account.

While I appreciate Facebook’s transparency in the matter, I find it upsetting that companies like Zynga wouldn’t account for Facebook users on SSL. By encouraging people to access Facebook over an unencrypted connection, they are foolishly endangering user data and are demonstrating an utter disregard for user privacy.

I wish Facebook enabled SSL encryption by default, and furthermore required third party apps to be served over SSL. You can’t have it both ways: Either you don’t handle user data, then you don’t need to care about encryption. Or you do handle user data (and yes, a session cookie counts!), then you need to properly secure it. I am tired of software makers weaseling themselves out of their self-imposed responsibility.

Update: As pointed out in the comments, moving to HTTPS for apps is on Facebook’s developer roadmap. I appreciate it!

One basic question keeps coming up when I talk to people about my job at Mozilla (be it in a social setting or even in interviews with people applying for a job at Mozilla):

“What, Mozilla makes websites? I thought all you did was Firefox.”

It’s usually followed by a second question: “what, your websites are open source, too?”

The basic misconception here is that Firefox is Mozilla’s mission. This is not true. Mozilla’s mission is outlined, in broad strokes, in the Mozilla Manifesto, and the core of Mozilla’s mission is to make the Internet better for the users (which goes beyond the Web and includes technologies like email, for example). And we believe that the best Internet for the users is one that inherently supports openness and choice.

Now don’t get me wrong. Firefox is important. Because the Web is the most visible thing that people like you and I are using the Internet for nowadays, Firefox is our most important tool to make the Internet better for the users. But it is not enough. The Web is not television. On the Web, the users are also the producers.

And this is why Mozilla’s mission goes beyond Firefox, beyond Thunderbird, deeply into the development and privacy space. A participatory Web based on Open standards, powerful APIs, along with the inherent freedom of choice and users’ control over their own personal data are what Mozilla is all about. Apart from Firefox, don’t be surprised to see Mozilla write state-of-the art, open source web applications and developer tools, be involved in the development of various open standards and play an important role in many other spaces that are relevant to the Internet today.

Oh no! Yesterday was the first day in 85 days of “Project 365″ that I failed to take and post a picture that same day. I blame Minecraft: During the day I was busy, but usually catch up on the photo taking before the end of day. But then I gave Minecraft a shot: It’s a fantastic little game about converting a world made of blocks into something awesome (and all the while staying safe from the monsters that come out at night). I like the gameplay and how–in this xbox and PS3-saturated world of ours–it’s a game that totally pulls off the 8-bit graphics.

Apologies for the delayed post and I’ll try to be on top of it again (unless I get sucked into the game agai………

Twitter’s fail whale has a little friend, a fail robot. Not sure how the two relate to each other, but it seems the whale comes out when twitter struggles under the sheer load of tweets, while the fail robot denotes service errors not caused by load?

Now, evil tongues would claim that there’s so much fail at Twitter that a single fail pet just doesn’t do it justice… But, knowing how challenging it is to scale a service to millions of users, I wouldn’t quite dare to say so — and therefore, I welcome the poor injured robot to my fail pet collection. Quick! To the fail pet emergency room!

Thanks to jabba for taking a screenshot for me!

In a recent comic, The Oatmeal asked tumblr to blame their service outages on an imaginary animal like twitter’s Fail Whale and promptly came up with one, the Tumbeasts.

What’s awesome is that Tumblr actually did end up using his artwork on their error page. This is what it looks like:

Mad props to the Oatmeal and Tumblr for this stellar addition to my fail pet collection!

And thanks to michaelk for pointing it out to me!

There’s an excellent xkcd web comic about slacking off while compiling code, but of course, I don’t usually compile code, because I code in Python.

In the wake of a little server outage here at Mozilla, here’s my version of the comic:

(Based on the above xkcd web comic. Licensed under a CC by-nc license.)