Party Like It’s 2008

Among my alarmingly-stable, astoundingly-long-term and unsurprisingly-incestuous social circle there will be, over the next 18 months or so, a large number of birthdays. This, in itself, is not surprising, or particularly noteworthy. What is noteworthy though, is how many of those birthdays will involve ye olde tens columne rolling over from the youthful and carefree “2” to the urbane, sophisticated and terribly mature “3”. I, for one, welcome fogeydom, or will, I suspect, when the time comes.

To that end, there has been some discussion of late, at the Sousa’s most recently, but in other environs as well, about the idea of having some kind of gargantuan bash to ring in our triumphant ascension in group form. We could, of course, get together and just drink more alcohol than usual, but the impression one gets from these discussions is that more moxy is desired.

Continue reading “Party Like It’s 2008” →

Recklessly Generous

I’m reading If You Want to Write, by Brenda Ueland. It has been recommended to me by several people as the absolute best book written on the act of writing. Not necessarily on the structure of writing, certainly not on issues of grammar, but on the base, creative act. She wrote it in the late 1930s, and so far it is absolutely living up to its reputation. I haven’t finished it, but I already recommend it to anyone who has ever thought about writing, and doubly so to those who still haven’t written yet.

There is a passage on page 25 that I have to relate because when I read it, it caused me to stop and to put the book down on my lap and to smile. It’s actually a footnote to page 25, where she’s talking about the distinction between working to express yourself and the world you see around you, and grinding to make money or notoriety in business. It reads:

They will be uncreative in business as well as in everything else. For of course the creative power is expressed in business as well as in other things. I know a business man whose every sentence has more life, creative vision and generosity in it than those of many artists.

But the trouble with business expressing the creative power freely and prodigally as Art does, you cannot be recklessly generous in business, giving higher and higher wages and all your products freely and lovingly to the public.

There are lots of times in history that I would love to visit. I often think (more often than I should, really) about going back and chatting with Newton, or Darwin, and talking with them about which things panned out and which ones didn’t and where we’ve gotten to since. But there is absolutely no time in which I would rather be living than this moment.

I work for a company that gives its products freely and lovingly to the public, and we’re not the only ones doing so. I wish Brenda were around to see it.

Revisiting Security UI – Part 2

So we need to get better. We need to start fixing our messages to users so that we are more accurately communicating security information, while being mindful to not bury them in technicalities they neither want nor need. We need cues that are persistent (not relying on people to notice their absence), that are difficult to spoof, and that don’t mix metaphors.

We also, difficult as it is, need to get out of the “safety” game. We can’t tell users “this site is safe” because we don’t know that. Even ignoring the liabilities that might come with such a claim, there isn’t a good technological way to tell, right now, whether a particular site is safe in the way users care about. Do they handle credit card information properly? Do they ignore angry customers? Are they a front for stolen goods? These kinds of naughty people could get SSL certificates (and accompanying padlocks) and even the extended validation practices being discussed wouldn’t really stop them.

What we can do is equip people to make the safety decision for themselves, just as they often have to in the physical world, because we do have some information. It’s like putting ingredients labels on food. What we can do is change the conversation to be about identity instead of safety. This is important, so pay attention:

We need to change the conversation to be one about identity, not safety.

Identity is something we can verify. The padlock conflated identity with other things like encryption status and security, and while that conflation is almost natural to PKI-veterans, it has proven misleading for users.

So what might identity look like?

Continue reading “Revisiting Security UI – Part 2” →

Revisiting Security UI – Part 1 of 2

I tend to get excited about things. I’d say one of the key problems I have when writing – blogs, articles, books will probably be even worse here – is that, since I tend to be excited about things, my writing tends to wander to whichever dog has a puffy tail at the moment, and I sometimes look back and end up wishing each piece was tighter and more single-minded.

Take my post last week. Right now I’m excited about Firefox security UI, and about how to do a better job with the way we give users information. This is a good thing for me to be excited about, since it pays my bills. But I want to engender conversation about it, and to build context around my thoughts on the matter, and meandering isn’t necessarily the best way to do that.

So. This is the first of two posts I will write in the next week or so about this stuff. The goal is to outline:

The way things are, and why we need to change them
My thoughts on where we need to be looking to go

This is the first. What are we, as browser builders, doing for the user today when it comes to security UI?

Continue reading “Revisiting Security UI – Part 1 of 2” →

2.8 Billion Reasons to Do Better

So PC World is running an article by Robert McMillan about phishing. It’s not a bad article or anything, it cites the antiphishing workgroup and various Gartner research in non-inflammatory ways (phishing is up 700% year over year, losses for 2006 estimated at $2.8B USD), and basically concludes that the current state of the internet, vis a vis your[1] financial information, is somewhere towards the “festering cesspool of thievery from which no good thing can escape unscathed” end of the spectrum. Pretty standard stuff.

If Robert McMillan should be chastised for any part of it, it is his closing sentence, wherein he takes the too-obvious way out, no doubt because he was reaching his wordcount ceiling, and what the hell else is he going to say:

But to combat ever-adapting phishers, your best protection remains…you.

It’s not Bob’s fault, but this is a pretty awful way to leave things. How on earth are people supposed to do what he asks, particularly when all the evidence he’s just cited points to how profoundly they can’t?

Continue reading “2.8 Billion Reasons to Do Better” →

Day 2

I have officially begun. Friday was my first day of paid work with the Mozilla Corporation, and it was tiring. As expected, it mostly revolved around logistical stuff, though I did find some time with beltzner in the afternoon to watch an hour-long introduction to how Mozilla builds a DOM tree (thanks Johnny!)

Basically, what Friday allowed me to do was get my feet sufficiently under myself to come up with this:

I haven’t, historically, done much with mindmapping and other “thinking aids” but right now there is too much bubbling around to keep track of, so it seemed like a useful exercise. Attentive readers will note that the current list of thoughts is both incomplete and horribly short-sighted, stretching out a month at most. This is deliberate – I think it relatively stupid to hop on board on day 1 and to start making long term plans on day 2. I suppose someone will tell me that this makes me an “analytic” personality type, or some such, obsessed with having all the information before making a decision. I would suggest that this is grossly overgeneralized (as personality-classification schemes always, perforce, are) though I will confess to a preference for having some information before making any momentous statements of direction. I have always been nutty that way.

On a personal note, the first day (and, indeed, those leading up to it) has been grand. People at Mozilla are welcoming and congratulatory, people at IBM are well-wishing and congratulatory and, on balance, my LinkedIn profile has never been happier (though it is notably wanting for some more 1-degree-of-separation Mozilla love).

I really do think this was the right move to make, I’m pretty excited to be getting going. I’ll be heading to New York in early March with beltzner to talk to some of the people in the CA/Browser forum, and then later in March I’ll be in Mountain View to meet with some more of my newfound comrades-in-arms. In the meantime I’ll be trying to knock down that web of questions while simultaneously, no doubt, adding whole new subtrees. If anyone reading this wants to point out answers to some of the leaf nodes in that web, or alert me to obvious swaths of unmapped work, I can now officially be reached at johnath@mozilla.com. Huzzah! (Yes, my home email still works just fine, too).

[Update: Yes, the map was made with bubbl.us, mea culpa for not providing tasty linkage. ]

[Update2: Yes, the Johnny Stenback video is available online here. ]

Getting the Band Back Together

So it turns out that Mozilla, having been an open source project before it was a foundation, let alone a corporation, has a pretty heavy IRC presence. IRC is (reasonably) universal, (reasonably) democratic, and (usually) free, so it’s a natural fit.

But several of the people who read this blog, and you know who you are, will recall that even before Mozilla existed, there was an IRC presence of a different sort in #42. I acknowledge that I wasn’t there from the very beginning, but I was there when people like Lemmyn and AuntieMae were still around, I was there before we left QNet, and without meaning to upset anyone, I will remind you all that this stuff was happening > 10 years ago. Heck, this page is 7 years old, and that was very late in the game.

But I digress. The point is this: I am, by virtue of my newfound employment, and indeed have been for some time, a perpetual resident of irc.mozilla.org. And wouldn’t you know it, my mIRC install still wants to auto-connect to #42 wherever I go. I’m the only one there at the moment, of course. But that could change.

I remember when Heather and Linds tried several years ago to get things up and running again, and I think it mostly fizzled out because people had forgotten how to have a conversation that way, and besides which, you couldn’t really count on anyone actually being there. Well I may be idle, or I may be otherwise occupied, and I may be uninteresting even when I am present, but I can offer some reasonable level of assurance that for a high percentage of the next several years, I will be lurking in #42.

You could come join me, if you wanted to.

And of course, if you happened to have some code, writing, bugs, or ideas to contribute to Mozilla’s various projects while you were there – well everything would just be that much more convenient, wouldn’t it?

Transition

As intimated earlier, things have been afoot. Just one thing, really, but that thing sets into motion such a panoply of downstream consequence that I feel truly justified in my flagrant use of the plural form. To wit, then, and without terribly much further ado:

I am leaving IBM.
I am joining Mozilla.

This is momentous, so I will give you a minute to recover.

Continue reading “Transition” →

What’s orange and blue and downloaded all over?

I have been delinquent in my posting habits but this time, this time, it is not attributable to one of my regular outbursts of silence. This time there is something happening. Something that is keeping me a) occupied, and b) quiet about it. Some of you know what it is. For the rest, I will only say:

Watch this space.

(OMG w00t.)

Once You Go Black…

Amy has an uncle named Fred. Fred’s an interesting guy for lots of reasons, but of interest at the moment is that when he drinks wine, he cuts it 50/50 with ginger ale. I used to think he did this only with a particular batch of home-brew wine that was, to normal wine, what the bags of concentrated coca-cola syrup are to fountain drinks; dilution with that stuff is wholly appropriate.

But no. He does this with all wine. I think that’s fantastic. If that allows him to have a pleasant wine experience (champagne every day!) then more power to him, and what’s even better is that he can continue to enjoy even very cheap wine because the dilution softens some of the harsher effects of buying economy brands. Fine by me.

But I don’t do it myself, because I enjoy what’s involved in developing a palette for wine. I enjoy the vast spectrum of flavours you can come to appreciate, and I feel like cutting it with ginger ale would impair my ability to enjoy that: different strokes for different folks, that’s all.

I’m the same with chocolate: give me high-percentage, uncut, dark chocolate and I am a happy guy. I’m not stupid about it – I don’t turn up my nose at Hershey the way a good aficionado ought. But given my druthers, I trend towards quality and I trend towards unadulterated.

And so I confronted myself recently with the fact that I don’t drink my coffee black. Milk and Sugar, sometimes even a double-double. This, I realized, flies in the face of my whole aforementioned way of doing things. So as of about a week ago, it’s been straight black coffee.Â Yes, purely in the name of aesthetic synchrony.

It wasn’t easy at first. Turns out those adulterants do a pretty good job of making bad coffee more drinkable, and bad coffee abounds. But I’m here to tell you that it takes less than a week for your tongue to form the appropriate calluses, and now I’m starting to really feel it. I expect that, like wine, my brain will start to assign more neurons to coffee tasting in the coming months, and that the experience will grow on me. As it happens, I got a half pound of Kona for Christmas (thanks Barb!) and while it’s not Jamaican Blue or (I can only imagine) Kopi Luwak, I’m looking forward to tasting it without blinders.

Yes, I realise how ridiculous this all sounds.