Mar 07

Revisiting Security UI – Part 1 of 2

I tend to get excited about things. I’d say one of the key problems I have when writing – blogs, articles, books will probably be even worse here – is that, since I tend to be excited about things, my writing tends to wander to whichever dog has a puffy tail at the moment, and I sometimes look back and end up wishing each piece was tighter and more single-minded.

Take my post last week. Right now I’m excited about Firefox security UI, and about how to do a better job with the way we give users information. This is a good thing for me to be excited about, since it pays my bills. But I want to engender conversation about it, and to build context around my thoughts on the matter, and meandering isn’t necessarily the best way to do that.

So. This is the first of two posts I will write in the next week or so about this stuff. The goal is to outline:

  1. The way things are, and why we need to change them
  2. My thoughts on where we need to be looking to go

This is the first. What are we, as browser builders, doing for the user today when it comes to security UI?

Continue reading →

Feb 07

2.8 Billion Reasons to Do Better

Padlock by JohnathSo PC World is running an article by Robert McMillan about phishing. It’s not a bad article or anything, it cites the antiphishing workgroup and various Gartner research in non-inflammatory ways (phishing is up 700% year over year, losses for 2006 estimated at $2.8B USD), and basically concludes that the current state of the internet, vis a vis your[1] financial information, is somewhere towards the “festering cesspool of thievery from which no good thing can escape unscathed” end of the spectrum. Pretty standard stuff.

If Robert McMillan should be chastised for any part of it, it is his closing sentence, wherein he takes the too-obvious way out, no doubt because he was reaching his wordcount ceiling, and what the hell else is he going to say:

But to combat ever-adapting phishers, your best protection remains…you.

It’s not Bob’s fault, but this is a pretty awful way to leave things. How on earth are people supposed to do what he asks, particularly when all the evidence he’s just cited points to how profoundly they can’t?

Continue reading →

Feb 07

Day 2

I have officially begun. Friday was my first day of paid work with the Mozilla Corporation, and it was tiring. As expected, it mostly revolved around logistical stuff, though I did find some time with beltzner in the afternoon to watch an hour-long introduction to how Mozilla builds a DOM tree (thanks Johnny!)

Basically, what Friday allowed me to do was get my feet sufficiently under myself to come up with this:

bubbl.us Mindmap

I haven’t, historically, done much with mindmapping and other “thinking aids” but right now there is too much bubbling around to keep track of, so it seemed like a useful exercise. Attentive readers will note that the current list of thoughts is both incomplete and horribly short-sighted, stretching out a month at most. This is deliberate – I think it relatively stupid to hop on board on day 1 and to start making long term plans on day 2. I suppose someone will tell me that this makes me an “analytic” personality type, or some such, obsessed with having all the information before making a decision. I would suggest that this is grossly overgeneralized (as personality-classification schemes always, perforce, are) though I will confess to a preference for having some information before making any momentous statements of direction. I have always been nutty that way.

On a personal note, the first day (and, indeed, those leading up to it) has been grand. People at Mozilla are welcoming and congratulatory, people at IBM are well-wishing and congratulatory and, on balance, my LinkedIn profile has never been happier (though it is notably wanting for some more 1-degree-of-separation Mozilla love).

I really do think this was the right move to make, I’m pretty excited to be getting going. I’ll be heading to New York in early March with beltzner to talk to some of the people in the CA/Browser forum, and then later in March I’ll be in Mountain View to meet with some more of my newfound comrades-in-arms. In the meantime I’ll be trying to knock down that web of questions while simultaneously, no doubt, adding whole new subtrees. If anyone reading this wants to point out answers to some of the leaf nodes in that web, or alert me to obvious swaths of unmapped work, I can now officially be reached at johnath@mozilla.com. Huzzah! (Yes, my home email still works just fine, too).

[Update: Yes, the map was made with bubbl.us, mea culpa for not providing tasty linkage. ]

[Update2: Yes, the Johnny Stenback video is available online here. ]

Feb 07


Butterfly in CocoonAs intimated earlier, things have been afoot. Just one thing, really, but that thing sets into motion such a panoply of downstream consequence that I feel truly justified in my flagrant use of the plural form. To wit, then, and without terribly much further ado:

I am leaving IBM.
I am joining Mozilla.

This is momentous, so I will give you a minute to recover.

Continue reading →

Feb 07

What’s orange and blue and downloaded all over?

I have been delinquent in my posting habits but this time, this time, it is not attributable to one of my regular outbursts of silence. This time there is something happening. Something that is keeping me a) occupied, and b) quiet about it. Some of you know what it is. For the rest, I will only say:

Watch this space.

(OMG w00t.)

Jan 07

Once You Go Black…

Black CoffeeAmy has an uncle named Fred. Fred’s an interesting guy for lots of reasons, but of interest at the moment is that when he drinks wine, he cuts it 50/50 with ginger ale. I used to think he did this only with a particular batch of home-brew wine that was, to normal wine, what the bags of concentrated coca-cola syrup are to fountain drinks; dilution with that stuff is wholly appropriate.

But no. He does this with all wine. I think that’s fantastic. If that allows him to have a pleasant wine experience (champagne every day!) then more power to him, and what’s even better is that he can continue to enjoy even very cheap wine because the dilution softens some of the harsher effects of buying economy brands. Fine by me.

But I don’t do it myself, because I enjoy what’s involved in developing a palette for wine. I enjoy the vast spectrum of flavours you can come to appreciate, and I feel like cutting it with ginger ale would impair my ability to enjoy that: different strokes for different folks, that’s all.

I’m the same with chocolate: give me high-percentage, uncut, dark chocolate and I am a happy guy. I’m not stupid about it – I don’t turn up my nose at Hershey the way a good aficionado ought. But given my druthers, I trend towards quality and I trend towards unadulterated.

And so I confronted myself recently with the fact that I don’t drink my coffee black. Milk and Sugar, sometimes even a double-double. This, I realized, flies in the face of my whole aforementioned way of doing things. So as of about a week ago, it’s been straight black coffee.  Yes, purely in the name of aesthetic synchrony.

It wasn’t easy at first. Turns out those adulterants do a pretty good job of making bad coffee more drinkable, and bad coffee abounds. But I’m here to tell you that it takes less than a week for your tongue to form the appropriate calluses, and now I’m starting to really feel it. I expect that, like wine, my brain will start to assign more neurons to coffee tasting in the coming months, and that the experience will grow on me. As it happens, I got a half pound of Kona for Christmas (thanks Barb!) and while it’s not Jamaican Blue or (I can only imagine) Kopi Luwak, I’m looking forward to tasting it without blinders.

Yes, I realise how ridiculous this all sounds.

Jan 07

Johnath’s Book Guide 2007

BooksAlthough I can enter droughts that last for months at a time, I am, in general, a reader. At the end of 2006 I checked my PalmPilot’s list of books read in 2006 and it turned out there were 25. This is not a particularly impressive number, but it is clearly fodder for a blog post of some kind. I thought about writing a separate post for each, basically a book review a week or so — I could stretch the content until June that way.

Problem is, I don’t really care about stretching content, and that sounds like a lot of work. Besides, I suspect that some of those reviews would be pretty thin since the books either left no mark, or left a mark which has faded over the intervening months. So instead I’ve done the potentially more useful thing and just compiled them into a coarsely ranked list, because what would the internet be without lists?

Continue reading →

Dec 06

Tales of Comeuppance

Crying BabyOne of my cognitive science profs used to have a bit of a soft spot for evolutionary psychology and it is from him that I developed my love of “cheater detection.” If you’re an evolutionary psychologist, see, a lot of the righteous indignation you see from your fellow simians out there in the world is traceable quite directly to a part of our psyche which is tweaked powerfully by the feeling that someone is cheating – acquiring benefit without paying expected costs. It really gets us riled up, on a very primitive level.

It makes sense, of course. Cheaters in a social species will act in ways (eating other people’s food, making sweet sweet love to other people’s lady friends, etc) that allow them to acquire huge positional benefits within the group unless there are powerful repercussions like ostracism or worse.

So lo and behold, here we are with all this evolution behind us and wouldn’t you know it, our brains are wired such that someone jumping the queue at Walmart or trying to pass a traffic jam on the shoulder is taking their life in their hands. It is rarely the case that I am pro-homicide but in the case of those inveterate jack-offs that pull into the lane which they know is ending right up ahead, and which will only gain them 3 car lengths, but will slow everyone down when they force themselves back in, I am more than a little inclined to make case-by-case exceptions.

Thus, as a public service, in this time of charity and co-opted pagan solstice rituals, I have put together a list of three of my favourite recent stories of cheater-busting. These stories are cheater-detection catharsis. You can go ahead and pump your fist at the end and say “Yes!” under your breath. I won’t tell.

1. What’s Noka Worth? Noka Chocolate is a hyper-elite brand of chocolate which gets packaged into gift baskets at the Emmys and so forth. Rarest of the rare cacao, hyper pure, no additives, blah blah blah. I will not be the one to impeach a company that focuses on quality for being elitist – quality is a legitimate thing after which to strive, and a legitimate thing for which to charge a premium. But at $2000/lb, you should be able to demonstrate some actual value add.

2. The Tale of Lyger, Jericho, and Republican Congressional Aide Todd Shriber. Todd decided to hire a “hacker” to change his GPA at Texas Christian University. Too bad he ended up emailing a couple of the guys running attrition.org which, like most sites which chronicle network security news, are used to being solicited by idiots, and tend to have some fun along the way. After you read the blog post, you can read the actual emails here (or, since attrition is under almost constant attack by one party or another, the cached version).

3. Reverse 419 Artwork Scam. Okay, I confess this isn’t as recent as the other two, but I have a lot of love for 419eater.com. These guys respond to the 419 scam emails from Nigeria and elsewhere and, by acting as interested parties, get the scammers to perform in various silly ways. Usually it’s restricted to requests for religious conversion or even getting the scammer to send some money themselves but this is my absolute favourite. I won’t spoil it or anything, but if you only read one, read this one.