Bugzilla for Humans

Bugzilla is the devil we know. It’s more complicated than we’d like it to be (albeit mostly by our own hand), it’s pretty intimidating to new users (though I recognize the efforts to improve that), and adding the features we want can be a slog (I’m looking at you, multi-state flags).

It’s also essential to the way we manage our project at scale, though, and enough of our project’s history and daily activity lives there that understanding it is not really optional. Certain edge cases aside, you can’t really be effective in the Mozilla project without at least a passing ability to wade through Bugzilla.

I put together this video to help people who don’t really live in Bugzilla learn how to at least manage themselves. If you’re inclined to thank me for it, thank Deb and Dan instead – they’re the ones that actually made me sit down and finish the job.

Until wordpress stops eating my video tags, you can get the open-web, flash-free, unencumbered-codec goodness here.

If you’re using a browser that doesn’t understand ogg, I’ve put a copy on Vimeo as well:

http://vimeo.com/moogaloop.swf?clip_id=9205730&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=00ADEF&fullscreen=1

Videos – Firefox Privacy & Security Features

Preamble (with Discussion Question)

I don’t know if there are people out there who like the way they sound in audio recordings, or look on video. I certainly don’t. I don’t think it’s a self-image issue, either; and I know I’m not alone. My recorded voice lacks the resonance I experience internally, and my recorded image just looks… mouthier (?!) than I imagine myself to be. I don’t even know what that means.

Proposed:

Nightingale’s Corollary to the Uncanny Valley Hypothesis: The depth of one’s psychological attachment to, and familiarity with, one’s own image, amplifies feelings of canny/uncanniness. This can result in greater than average affinity for moderately dissimilar representations (c.f. the popularity of “realistic cartoon avatar” generators, or caricature artists), but also particularly heightened sensitivity to minor dissimilarities.

[Discuss. Cite examples.]

The Point (i.e. Where You Should Have Started Reading)

I bring this up because the inimitable duo of Alix and Rainer recently took some of my scattered ramblings and knit them together into an educational piece on some of the security features in Firefox. I think they did a lovely job:



YouTube

In very much related news, Drew worked with Alix and Rainer to put together a video that talks about some of Firefox’s privacy features. I find it much easier to listen to Drew’s calm, matter of fact, “we did awesome stuff, and want you to know about it” delivery. I suspect you will, as well.


YouTube

Speaking to Lords – FAQ

People seem quite interested in how the trip went. Since I’m too sleepy to have anything qualifying as a coherent, synthesized opinion, FAQ format seems like the strongest play.

How Did It Go?

I think it went quite well. Of course, it’s hard to nail down short term success criteria for conversations with parliamentarians. A meeting like that is not going to end with a legislator standing up and saying “I agree. Let’s go pass a law.” Things like this are an exercise in advocacy: “Here is my opinion of the situation and the options under discussion for its remedy,” followed by others giving their versions of the same thing.

I do feel, though, that my opinion was listened to, understood, and amplified by others. The room included, in addition to invited experts and press, at least half a dozen Lords, and 3 or 4 MPs, so I am also confident that I was heard by people in a position to act on what they hear.

What Did You Say?

A couple of things. I said that this kind of data collection is not something users can be expected to understand and, if they did understand it, not something they have much ability to avoid.

I said that in many markets, even developed ones like Canada and Britain, there isn’t enough choice in ISPs to make “voting with your wallet” a realistic option for people who find this kind of surveillance invasive.

I said that the technological mechanisms for preventing this are prohibitively expensive (in the case of things like “universal SSL deployment”), largely ineffective (since traffic analysis would still be possible), and brittle (opt-out cookies assume you never switch computers or browsers, that you never reinstall or move houses, that you won’t be worn down to the point of surrender by the Nth attempt to opt out).

I said that, historically, anonymized data isn’t. The AOL data was blown wide open, for instance, and that was just search terms, not browsing history. I said that however ironclad Phorm’s current processes may be, this kind of data collection being done by multiple companies over any interesting period of time will almost certainly result in anonymity failures.

I said that the collection of this information is insidious, that however noble and scoped the initial goals, it tends towards exploitation because it is too valuable not to.

After saying a chunk of that in a single burst, I got some applause from some of the people in attendance which felt odd, but certainly seemed to suggest that I had struck a chord.

What are the Lords Like?

Parliamentarians, really, since there were MPs there, but in any event I was impressed, particularly by Baroness Miller, who organized the event.  She was exceptionally good at running a room – at ensuring that legislators’ questions were answered, at bringing digressions back around to the central themes, and ensuring that multiple voices were heard. As a group, they were forthright but unapologetic about their lack of technical knowledge (that’s not their job), and asked clear questions aimed at understanding the legislative implications of various details.

Were there Swords? Powdered Wigs? Snuff Boxes?

People from the UK know that their legislators are basically like other legislators, albeit with more exciting titles. To the rest of us though, the whole thing sounds very romantic, and we entertain positively ridiculous notions like this. No swords, no wigs, no “Yes, your exalted worshipfulness.”  The houses of parliament are guarded by perfectly normal police officers with perfectly normal frowns and perfectly normal assault rifles, but very little pomp.

What about the Building?

Imagine that your great great great grandparents and their friends had all the money in the country, and decided to build a place to hang out. Imagine that since then, it’s where everyone decided to put their cool stuff.  Imagine walking through rooms, separated by wooden doors older than calculus. Imagine those rooms are alternately filled with statues, murals, statues in front of murals, framed masterworks, and leather bound books about anything that could matter. Imagine that there are entirely different paths, staircases and elevators for peers of the realm than for everyone else.  Imagine that you could fit your current house inside the Queen’s entrance and have room to fly a kite from the roof.

It is a nice building.

Would you do it again?

Yes.  Yes I would.

I still think that legislating technology is fraught with peril. The way to mitigate that peril is not to run away from it, though, but to be a voice for the kind of change we want, and against the kind of change we don’t.

Is the Bowmore 17 you brought back tasty?

Yes.

Deep Packet Inspection Considered Harmful?

I was recently asked, in the context of the ongoing Phorm debacle, and with other interested parties, to meet with members of the UK government and discuss deep packet inspection technologies, and their impact on the web.  I’m still organizing my thoughts on the subject – I’ve put some here, but I’d love to know where else you think I should look to ensure I have considered the relevant angles.

Brief Background

Phorm‘s technology hooks in at the ISP level, watches and logs user traffic, and uses it to assemble a comprehensive profile for targeting advertising. While an opt-out mechanism was provided, many users have complained that there was no notice, or that it was insufficiently clear what was going on. NebuAd, another company with a similar product, has apparently used its position at the ISP level to not only observe, but also to inject content into the pages before they reached the user.  It’s hard to get unbiased information here, but this is what I understand of the situation.

Thoughts

1.  Deep packet inspection, in the general case, is a neutral technology. Some technologies are malicious by design (virus code, for instance), but I think DPI has as many positive uses as negative. DPI can let an ISP make better quality of service decisions, and can be done with the full knowledge and support of its users. I don’t think DPI, as a technology, should be treated as insidious.

2. Using deep packet inspection to assemble comprehensive browsing profiles of users without explicit opt-in is substantially more questionable. My browsing history and habits are things I consider private in aggregate, even though any single visit is obviously visible to the site I’m browsing.

It’s possible that I will choose to allow this surveillance in exchange for other things I value, but it must be a deliberate exchange. I would want to have that choice in an explicit way, and not to be opted in by default, even for aggregate data. Moreover, given the complexity of this technology, I would want a great deal of care to go into the quality of the explanation.  Explaining this well to non-technical users might be so difficult as to be impossible, which is why it’s so important that it be opt-in.

3. Using deep packet inspection in conjunction with software that modifies the resultant pages to include, for instance, extra advertising content, is profoundly offensive and undermines the web. The content provider and the user have a reasonable expectation that no one else is modifying the content, and a typical user should not be expected to understand the mechanics of the web sufficiently to be able to anticipate such modifications.

Solutions

As a browser, we do some things to help our users here, but we can’t solve the problem. https resists this kind of surveillance and tampering well, but requires sites to provide 100% of their content over SSL. Technologies like signed http content would prevent tampering, if not surveillance, but once again assume that sites (and browsers!) will support the technology. Ad blockers can turn off any injected ads, tools like NoScript can de-fang any injected javascript but, fundamentally, http content is not tamper-proof, and no plaintext protocol is eavesdropping proof.

People trust their ISPs with a huge amount of very personal data. It’s fine to say that customers should vote with their feet if their ISP is breaking that trust, but in many areas, the list of available ISPs is small, and so the need for prudence on the part of ISPs is large.

That’s what I’m thinking so far, what am I missing?

The Most Important Thing

Microphone by hiddedevries on flickr… or How Mozilla Does Security and What You Can Steal

As promised last week, I have now put my presentation slides for my talk at FIRST2008 online.  I’ve also put up a video I recorded of a dry-run through the slides, in case you want to experience the talk, and not just read it.

Slides (CC-BY-SA):

Video (CC-BY-SA):

Thanks again to Mike Shaver for helping me put these slides together, and to all the people who reviewed them ahead of time.  I really enjoyed this talk, and hope to give it again – as I’ve said many times before, we have learned a lot of lessons the hard way; we should be sharing that experience broadly, since we’re one of the few organizations that can.

I would love any edits or suggestions for the slides themselves, or my presentation of them.  I’ll also accept offers of exciting cash and prizes to give this talk at your campus/company/private island.

Security Screencast(s)

As Alix mentions, I recently put together a quick screencast of some of the new security features in Firefox 3. Of course, beltzner promptly scooped me with his own inimitable screencast, and what with the launch, it’s only now that I’m getting around to posting mine.

What’s interesting to me, though, is the difference between what I originally recorded, and what Alix published. I recorded the raw screencast using Jing, which is a simple, free screencasting tool for Mac and Windows. It caps you at 5 minutes, and records as flash, but it’s super easy to use, and screencast.com will host the resultant video for you. You can see what I recorded here:

http://content.screencast.com/bootstrap.swf

But then I handed it off to Alix and David and Rainer, and they turned my 5 minutes of low production values into 2 minutes of edited, titled video, with helpful visuals! See if you notice the difference…


Firefox 3: Security from Mozilla Firefox on Vimeo.

As promised in my last post, I’ll soon be posting yet another video, this time an hour long talk I gave at FIRST. And then, I think, no more blatant self-promotion for a couple weeks, eh?

Have you installed Firefox 3 yet?

Hello Vancouver! Briefly!

A quick note, to any Vancouverites that may be interested, that I will be in town on Wednesday to speak at the FIRST 2008 conference. The title of the talk is “The Most Important Thing – How Mozilla Does Security, and What You Can Steal.” If you’re attending the conference, I hope I’ll see you there. Once the conference is over, I’ll post my slides and a video of a presentation dry-run, in case anyone is interested.

I had a lot of help from several people, most notably Shaver, in putting this presentation together; my goal is to keep adapting it and ideally get other people giving it as well. Security is something that the Mozilla project has a lot of experience with, and a lot to be proud of. It is important to our mission that we share that expertise. Even when what we’re saying isn’t new (“have unit tests”), the fact that we have achieved the success we have lets us be a proof point for people trying to make change in their own projects (“Mozilla didn’t think code review was too time-intensive.”)

I may not be an official member of the evangelism team, but I will do whatever I can to encourage more people in our community to take their knowledge outbound. We are doing crazy awesome stuff here (how many IT people, on the planet, have dealt with what Justin‘s team has?) and we should consider it an obligation to spread that knowledge around. Heck, that’s actually sort of what my talk is about.

Firing Up Browser Security

Low Flying Dogs on FlickrWindow and I recently did a joint interview for Federico Biancuzzi at SecurityFocus about many of the security changes we’ve made in Firefox 3. It covers both front-end and back-end information, and mentions several changes that I haven’t had a chance to mention here in the past.

If you’re interested, check it out.

[PS – Full props to r80o on flickr – this is a pretty excellent photo for “caution”, and CC too!]

Mozilla24

FoxKeh!  On the world!I don’t normally blog about my work travel here, because what are you gonna do, come with me?  This one’s different though.

I’m flying out to SFO tomorrow morning (oh AC757, we’ve really gotten to know each other, haven’t we?) in anticipation of Mozilla24, a 24-hour all-mozilla, all-the-time conference at which I will be speaking amongst a group of shockinglymoreawesome people.  I will be talking about security UI, natch, and I would love to see all your smiling faces (though I’ll forgive the folks who saw the OSCON version for having their laptops open).

One of the many cool things about Mozilla24 is that it’s global – California, Tokyo, Thailand, and Paris, sure, but also online – so that if you are interested in the open web, and the directions we can take it, or if you’re just getting your feet wet, you can get involved.

Go sign up!  Why not get into the thick of it?  I’ll wait here.

PS – The blog photo here, Foxkeh, and indeed the whole Mozilla24 shebang, comes from Mozilla Japan.  They’re trying to make the rest of us look bad, bringing their A game.  Their A++++ OMG WOULD DO BUSINESS AGAIN WOW game.

Beyond the Padlock: OSCON Talk Slides

PadlockI’m about to go on at OSCON. My talk is titled “Beyond the Padlock: Security UI for the Distracted.”  Meanwhile, behind me in the speakers’ lounge, people are teaching one another to juggle.  So all in all, so far so good.

For those who couldn’t be here, or for those who could, and want another chance to critique my slides, or for those who just like babies with tinfoil on their heads, I’ve uploaded a copy in PDF format.

Wish me luck!  And if you were one of the extremely helpful people who provided reviews and suggestions, thankyouthankyou.  I attribute 95% of any success I may enjoy to your help.