Month: February 2010

A Letter For My Daughter

babyLily,

There’s a lot you don’t know about how you came into this world, little girl, and I plan to tell you all about it. I’m not holding on to details too well right now, though, so I thought I’d write some of it down, just in case.

First – the practical stuff. You were born at 5:44pm. You weighed 8lbs, 6oz, which is on the heavy side of normal, and measured 22″ long which is on the long side of normal. Your head was 37cm in circumference, which is on the big side of normal, and it took Mommy 24 hours of labour to deliver you (your love for consistency held fast: this, too, is normal, but longish). You were positioned face up (“sunny side up,” said your doctor) which is normal, though more difficult. You needed some vacuum help (normal, though more difficult) and then some forceps (normal, though more difficult). You had a bit of jaundice which kept us at the hospital for another day (normal, though more difficult). In every way that you could, you tried to tell us that you were bigger than life, and you were right.

There’s more you don’t know, though. You don’t know that daddy cried when you were born or that he’s thinking about crying now as he writes this. You don’t know that we’ve been working on you since 2007. You don’t know about your mommy and daddy beating a regular path to the fertility clinic before work most mornings; mommy getting bloodwork and ultrasounds on day 3, 10, 12, 14, 15 and 16 of every month – for nearly 2 years; or that the month you did show up was the one month we had no treatments at all, because mommy’s body needed a break. You don’t know that you weren’t our first positive pregnancy test.

But you’re here now, and we are happier than we’ve ever been. We can barely stay awake, we jump every time you make a noise, but we are awfully smitten with you. We haven’t had many visitors because it’s all still a bit overwhelming, but when visitors do show up, we are the proudest parents, showing you off. We barely recognize your daddy any more – he impulse buys onesies with dinosaurs on the front, and today he boiled nipples.

I can’t wait to tell you all about the world, and about your arrival, and about what an amazing woman your mommy is. I can’t wait to introduce you to the incredible village that has risen up around you and supported us three since the beginning. I can’t wait, but I’m going to try because I don’t want this to go any faster than it has to.

I love you, Lily.

Daddy

Interview with a 419 Scammer

For those who haven’t seen it, scam-detectives.co.uk has a really interesting 3-part interview with a former Nigerian scammer.

Scam-Detective: A reader has asked me to talk to you about face to face scams. Were you ever involved in meeting a victim, or was all of your contact by email?

John: I never met a victim, but I was involved in a couple of Wash-Wash scams.

Scam-Detective: Wash Wash scams? What does that involve?

John: We would tell the victim that we had a trunk full of money, millions of dollars. One victim met some of my associates in a hotel in Amsterdam, where he was shown a box full of black paper. He was told that the money had been dyed black to get through customs, and that it could be cleaned with a special chemical that was very expensive. My associates showed him how this worked with a couple of $100 bills from the top of the box, which they rinsed with some liquid to remove the black dye. Of course the rest of the bills were only black paper, but the victim saw real money. He handed over $27,000 (about £17,000) to buy the chemicals and was told to return to the hotel later that day to pick up the cash. Of course when he came back, there was nobody there. He couldn’t report it to anybody because if it had been real it would have been illegal, so he would have gotten himself into trouble.

Part 1, Part 2, Part 3.

We build tools in Firefox like stale-plugin warnings and malware blocking to help protect our users, to neuter the technological attacks they may encounter on the web. But we also try, and need to keep trying, to build tools that inform our users so that they can make better decisions. Our phishing warnings and certificate errors try to do this, but mostly by scaring users away from specific attack situations. I hope we’ll continue to build tools like Larry which try to give people some affirmative context as well, to lend some nuance to their sense of place online. I want us to help our users know when they’re on Main Street, and when they’re in an alley.

I know: People get conned in the real world, too, and certainly no browser UI is going to save you from an email-based scam. Stories like this, though, are just specific instances of what I believe to be a more universal principle:

the biggest security risk most people face is misplaced trust

John: Some of the blame has to go to the victims. They wanted the money too because they were greedy. Lots of times I would get emails telling me that they wanted more money than I was offering because of the money they were having to send. They could afford to lose the money.

Scam-Detective: John, I think you have been basically honest with me so far. Please don’t stop that now. You know as well as I do that not all of your victims were motivated by greed. I have seen plenty of scam emails that talk about dying widows who want to give their money to charity, or young people who are in refugee camps and need help to get out. You targetted vulnerable, charitable people as well as greedy businessmen, didn’t you? You didn’t care whether they could afford it or not, did you?

John: Ok, you are right. I am not proud of it but I had to feed my family.

If you have ideas for how we can help users place their trust online more deliberately and carefully: please comment here, or build an addon, or file a bug.

Bugzilla for Humans

Bugzilla is the devil we know. It’s more complicated than we’d like it to be (albeit mostly by our own hand), it’s pretty intimidating to new users (though I recognize the efforts to improve that), and adding the features we want can be a slog (I’m looking at you, multi-state flags).

It’s also essential to the way we manage our project at scale, though, and enough of our project’s history and daily activity lives there that understanding it is not really optional. Certain edge cases aside, you can’t really be effective in the Mozilla project without at least a passing ability to wade through Bugzilla.

I put together this video to help people who don’t really live in Bugzilla learn how to at least manage themselves. If you’re inclined to thank me for it, thank Deb and Dan instead – they’re the ones that actually made me sit down and finish the job.

Until wordpress stops eating my video tags, you can get the open-web, flash-free, unencumbered-codec goodness here.

If you’re using a browser that doesn’t understand ogg, I’ve put a copy on Vimeo as well:

http://vimeo.com/moogaloop.swf?clip_id=9205730&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=00ADEF&fullscreen=1