If you are a Python developer like me, you probably know the profile and cProfile modules that provides deterministic profiling of Python programs.

These modules are awesome – however, when it comes to analysing the data to improve your program, the provided pstats module is generally not powerful enough if you have quite a large codebase.

And here graphical tools comes in handy! I tried RunSnakeRun, and this is a really great program that allows you to analyse the profiling data under multiple angles (a nice view is by file), so you can find easily the bottlenecks and fix them.

RunSnakeRun helped me to improve the “mach help” command. It is a cross platform tool. Note that if you are on GNU/Linux and that you have the KDE desktop (or don’t mind to install the required KDE dependencies), KCacheGrind can be used with Python also.

https://parkouss.wordpress.com/2015/07/12/runsnakerun-graphical-visualisation-of-dumped-python-profiling-data/

This weekend, I had organized the first iteration of Tech Evangelism Workshop at the Mozilla Community Space in Bangalore. The core goal of this workshop was to enable community members to get more confident at presenting themselves and get better at their communication skills. Participants were asked to choose a topic at the beginning of […]

https://kaustavdm.in/2015/07/tech-evangelism-workshop-take-1.html

After a two week hiatus, we’re back with Episode 20!

In this episode, I start off by demonstrating my new green screen¹, and then dive right into reviewing some code to make the Lightweight Theme web installer work with e10s.

After that, I start investigating a mystery that my intern ran into a few days back, where for some reason, preloaded about:newtab pages were behaving really strangely when they were loaded in the content process. Strangely, as in, the pages wouldn’t do simple things, like reload when the user pressed the Reload button.

Something strange was afoot.

Do we solve the mystery? Do we figure out what’s going on? Do we find a solution? Tune in and find out!

Episode agenda.

References

Bug 653065 – Make the lightweight theme web installer ready for e10s
Bug 1181601 – Unable to receive messages from preloaded, remote newtab page – Notes
@mrrrgn hacks together a WebSocket server implementation in Go. To techno!

---

1. Although throughout the video, the lag between the audio and the video gets worse and worse – sorry about that. I’ll see what I can do to fix that for next time. 

http://mikeconley.ca/blog/2015/07/11/the-joy-of-coding-ep-20-reviewin-and-mystery-solvin/

In this episode, I picked up a patch that another developer had been working on to try to drive it over the line. This was an interesting exercise in trying to take ownership and responsibility of something rather complex, in order to close a bug.

I also do some merging and conflict resolution with Mercurial in this episode.

Something else really cool happens during the latter half of this episode – I ask the audience for advice on how to clean up some state-machine transition logic in some code I was looking at. I was humming and hawing about different approaches, and put the question out to the folks watching: What would you do? And I got responses! 

More than one person contacted me either in IRC or over email and gave me suggestions on how to clean things up. I thought this was awesome, and I integrated a number of their solutions into the patch that I eventually put up for review.

Thanks so much to those folks for watching and contributing!

Episode agenda.

References

Bug 1096550 – Dragging tab from one window to another on different displays zooms in – Notes
Bug 863514 – Electrolysis: Make gesture support work – Notes

http://mikeconley.ca/blog/2015/07/11/the-joy-of-coding-ep-19-cleaning-up-a-patch/

Whistler was an exciting and productive week for the Participation Team (which included volunteers).  We learned  a lot about ourselves, our team,  the expectations of the project and  perhaps most importantly – the Participation goals  of nearly 30 teams at Mozilla.

The experience reinforced the value of volunteers and volunteer communities at large, magnified by the  participation of contributors in nearly every session we ran.  In every way, we immersed ourselves in radical participation: listening to outside experts, polling passersby and engaging in intense discussions on every angle of community’s impact on the past, present and future of Mozilla’s mission.

We turned up to lead sessions with some anxiety about our preparedness, about our goals and the expectations with such a large number of teams awaiting us, yet left feeling successful and intrigued. We watched our colleagues on the main stage share some early victories, and vision for the future – the optimism and excitement was palpable.

So proud to see our Marketpulse participation project on the main stage http://t.co/q6e3azK5pM#mozresearch#mozwww

— Emma Irwin (@sunnydeveloper) June 25, 2015

Overall the week was intense as, in addition to running sessions, we also worked on team vision for the future and  the beginning of proposal for a Participation strategy at Mozilla.   We look forward to sharing this soon.

On a personal note, one of the most powerful experiences for me was ‘heart’ in Chris Beard’s keynote (and I paraphrase) : that we have one life, and within the gift of each day is the opportunity to do something important.  That we choose to spend cherished time helping Mozilla move it’s mission forward is very powerful.  As parent of an childhood cancer survivor this philosophy also happens to also be my own.  Truly understanding that every day is a gift, is a serious force in all choices I make for my career and in my life. I do choose to be here.  It just felt very good to hear that recognition from Chris , with new realization this should be an extension of how we think about gratitude, empowerment and recognition to volunteers who turn donate the gift of their time – perhaps this can strengthen our trust in each other.

There was a lot of talk about ‘Space’ in Whistler – which I got.  Being brave, being bold – being adventurous and making new things resonated.  I could not ask to be part of a better, more compassionate, smart and creative team and extended community.  I think with Participation as our co-pilot, Mozilla can most definitely get there.

http://tiptoes.ca/participation-is-my-co-pilot-in-space/

Using the -z option to rsync is a dumb idea on a gigabit network.

THBAPSA.

http://feedproxy.google.com/~r/HackingForChrist/~3/JSJWdSxBmJo/

http://www.ncalexander.net/blog/2015/08/05/nalexander-community-update-part-the-second/

Webmaker Demos July 10 2015

https://air.mozilla.org/webmaker-demos-july-10-2015/

It’s been half a year since we set out in earnest to launch Mozilla Clubs. The goal was to make a program that offered a unique, sustainable way to teach the web in local communities.

Now with 17 volunteer Regional Coordinators poised to serve 128 Mozilla Clubs with more underway, I’d like to share a 2015 half-time report.

Wait, why are you doing this?

The Web is where our personal, civic, and economic lives connect. Knowing how to wield the Web is essential to success today.

There are 2.3 billion internet users today, and another billion coming online soon. It is critical that everyone knows how to read, write and participate in the digital world.

So why Mozilla?

Mozilla is dedicated to protecting the Web as a global public resource that promotes openness, innovation and opportunity for all. This Web is as important to education as it is to economy, culture and society.

Mozilla, together with partners and collaborators, are striving for universal web literacy.

We serve that mission by cultivating and networking leaders who teach digital skills in their communities. Our volunteer leaders guide their learners’ personal interests through seriously fun activities to make web-enabled projects with friends and family.

By teaching others, volunteers learn how to be more effective leaders, unlocking more opportunity for all.

The Mozilla Learning Network offers programs for volunteer web literacy leaders to hone their craft through:

• participation in city-wide professional networks (Hive)
• organizing local groups to playfully explore web literacy (Mozilla Clubs)
• joining convenings to celebrate, share and be inspired with other leaders (Mozfest).

What’s a Mozilla Club then?

A Mozilla Club meets regularly in-person to learn how to read, write and participate with the web in an inclusive and engaging way.

A Mozilla Clubs has these key elements:

• Connected learning in action. Research shows you learn best when you learn by making projects you care about, with peers who support and encourage you. That’s why our program is hands-on, production-centered and social. Learners gain confidence with the Web by actively shaping it together.
• Curriculum that’s free & open and educator-tested. Our curriculum features hands-on ways to teach the Web, free of cost and free to reuse and remix. Each activity includes step-by-step instructions and tips for how to teach it, all underpinned by the Web Literacy Map.. What’s more, activities can be taught with limited or no connectivity, ensuring the Web can be learned anywhere and by anyone.
• Best practices and community mentorship. Clubs are key nodes in the Mozilla Learning Network, which enables connections to other people teaching digital literacy. By connecting with others, individual Mozilla club nodes have access to best practices and mentorship around the world. Local clubs are more resilient and effective when they are networked with each other.
• Regular engagement. Literacy doesn’t happen overnight. Learning takes time and application of both theory and practice. Through regular meetings, both learners and club captains grow and improve. This deepens peer learning within the local community and with each other.

It’s all about the people, baby

The biggest lesson in the last months was renewed appreciation for the people that will make this program successful. That means a deeper understanding about who wants to participate, what motivates them, and what they need.

Authentic relationships matter. And there is no shortcut for good, engaging relationships if you want to empower leaders and have a healthy, happy community.

Our program relies on volunteers supporting other volunteers. This is part of the magic. Nevertheless, it takes time to grow that capacity.

Learning from initiatives like Mozfest and Hive city networks, as well as folks like the Obama campaign organizers, we know that to deliver a high quality experience to all, and to sustain the scale of our efforts over time, we need real volunteer-to-volunteer relationships in place.

There is a lot of interest in Mozilla Clubs. That’s amazing, But at the moment, there is too much interest to serve everyone properly right now.

So we decided to move slowly, quickly.

The more you participate, the more you learn

From now until the end of the year, we are identifying and supporting Regional Coordinators.

This leadership role is dedicated to serving Mozilla Club Captains (the ones running the clubs) in realizing their full potential through on-going mentorship and leadership development.

If we are successful at this, there will be hundreds of Mozilla Clubs supported by volunteer-to-volunteer relationships.

If this sounds interesting to you, and you’d like to spread web literacy in your region while learning how to be a more effective, facilitative leader, then check out what it takes to be a Regional Coordinator and apply!

http://michellethorne.cc/2015/07/mozilla-clubs-2015-half-time-report/

A few weeks ago, the first coincidental Mozilla Work Week of 2015 took place in Whistler (VC, Canada) and as part of the Participation Team I was working to show the rest of the organization why participation is important and brings a key strategic advantage to Mozilla.

Not only we were working on the team priorities for next months but also we worked together with most Mozilla functional teams to help them solve problems around participation. Check out the team blog post about all the activities we accomplished.

But don’t get me wrong, it’s not that Mozilla wasn’t doing participation, but we didn’t have the resources to make it a first class citizen in all functional area activities. And there, is where the new Participation team chimes in to bring this support to the whole organization.

For me Whistler was the start of something important, we sit together with a lot of people and we connected different people with similar needs that never met before, we bridged paid staff and volunteers to work better.

What now?

In the following months we’ll continue working to improve participation at Mozilla: Regional, functional and leadership are the main pillars.

Do you want to know why participation will help your team or do you want to get to the next level? Reach out to us or check out our on-going projects 

http://www.nukeador.com/10/07/2015/bringing-participation-back-to-mozilla/

The other day I was doing some reading on Alan Turing and his classic paper, On computable numbers, with an application to the Entscheidungsproblem, describing what he called “the universal computing machine” and was eventually was known as a “Turing Machine.” This is all basic computer science stuff for most folks though I bet most people I know haven’t read his paper, just hearing about it over the years like I have.

It turns out that a fellow named “Mike Davey” actually built an anachronistic looking Turing Machine a few years ago to try to match the basic design in the paper.

He posted a video of his machine, which makes use of basic electronics, a Parallax Propeller chip, a roll of film, a dry erase marker, a buffer, and some stepper motors to write out and erase ones and zeroes, moving the tape of film lead back and forth. He uses a simple camera as the reading head to read the results back and you’re even able to write programs as text files on an SD card and load them onto the device.

While not a terribly useful device, in an of itself, it seems to be a fun hacking project and something that took quite a bit of thought and building in a practical way.

http://feedproxy.google.com/~r/InPursuitOfMysteries/Mozilla/~3/ugAywpBFPqM/

http://tantek.com/2015/190/b1/blinking-fever

Like most of my peers in the infosec community, I learned that good data protection requires strong infrastructure security controls. I practiced the art of network security, learned the arcanes of systems hardening and used those concepts in securing web infrastructures.

But it's 2015, and infrastructure security just doesn't cut it anymore. The cost of implementing controls continues to grow, while our capabilities keep being reduced by cloud environments that limit the perfect security world we want to live in. Cloud is good for business, but it makes infrastructure security really difficult. In the cloud, IDS/IPS aren't usable, or with very limited capabilities. DDoS protection must be done higher up in the stack because you can't access the routing layer. At rest data encryption isn't useful when the keys are stored next to the data. TLS encryption is not used inside the infrastructure because certificate management is hard, so we end up transferring cleartext userdata on massively shared network, hoping its somewhat isolated. The list of security problems we simply cannot solve with reasonable cost/complexity in cloud environments is quite long, and caused many infosec professional hours of ranting.

What about datacenters? It certainly is easier to control infrastructure security there, but ultimately the problem is the same: we're just not 100% sure of what hardware we run our systems on. SMM malwares are a reality, and we know (Thank you Snowden!) that the NSA and other security agencies have the tools to intercept hardware and install their own little spy packages.

If the ultimate goal is perfect data security, I don't think we can achieve it in the current infrastructure security landscape.

Meanwhile, users have been pushing more and more data into the web. Hackers have been hard at work to break into our services and leak that data out to the world. When it's not hackers, the sheer complexity of web infrastructures themselves has caused many a team to unintentionally press the wrong button, and post data where it shouldn't be (password leak on pastebin, anyone?). Ask around in the incident response community, and they will tell you how busy the last couple of years have been dealing with data leaks.

Heck, Amazon even automated looking into Github, a third party company, for AWS keys that infrastructure operators leak! That's like your banks watching CCTV of public transports to alert when you forget your wallet in the metro. Those incidents have become very common, and unfortunately cannot be solved by another layer of firewall.

Looking at what we host at Mozilla, it's easy to spot a small number of services that store data we absolutely never want to leak. We focus our infosec efforts on those, and with everyone's help build systems that we hope are safe enough. It's hard, and there is always that fear of missing something that could expose information from our users. In that landscape, there is one category of services that I'm just not too worried about: the ones that store data already encrypted on the client side.

Firefox Sync is a good example of such service. The data in Sync is strongly encrypted, in Firefox, before being sent to our storage servers. We (Mozilla) don't have the keys. We can't leak the keys. The worst we can do is leak encrypted blobs that probably no one has the ability to decrypt. This is a much better security control that anything else we can ever put on the infrastructure side. It just seems right.

Designing services that encrypt data on the client is the next challenge of information security. It requires that infosec folks work closely with developers, when most of their time is currently spent with sysadmins. It also changes the skillset we need to do our job, and focuses more on a strong understanding of cryptography. Not just SSL/TLS, but crypto algorithms themselves. Javascript is getting better and APIs like WebCrypto or libraries like OpenPGPJS are the way forward to implement client-side encryption. Key management is almost irrelevant if we accept that keys should be derivated from user passwords, like Firefox Accounts did.

Client-side encryption has the added benefit of empowering the user and making them responsible for the security of their data. It's not realistic to expect every business that operates a web service to run like a bank. But it is realistic to expect individuals to care about the security of their own photos, videos, emails, conversations and browsing history. Most users already do care and would welcome more control on their data. Business people, however, are the ones that are hard to convince, because they love looking inside all that data and building dashboard and graphs, and designing fancy statistical models to boost marketing and convertion rates. Note that those things can still be done, but client side (that's how our Directory Tiles advertising service operates).

We have seen with Lavabit that client-side encryption does not reduce the attack surface to zero. A government can still force a service operator to change the client code to retrieve decrypted data. But the cost of attacking a service that way is immensely larger than simply breaking into a database server.

So, should we get rid of our firewall and encrypt everything with javascript? No! Absolutely not. Infrastructure security remains an important component of any infosec strategy, but it has reached a plateau and we need to look for new techniques to continue improving our posture. Cloud providers help streamline the management of firewall rules and network security policies. DevOps practices with VMs and containers help isolate and rotate services quickly. All those things are important but have not solved the data risk in its entirety. Client-side encryption is the next step.

In the future, I'd like to see web services default to HTTPS and use Javascript (or anything else) to encrypt data before handing it over to services that have grown too large, too complex and too cheap to secure perfectly. How we do this, is very much left as an open question.

https://jve.linuxwall.info/blog/index.php?post/2015/07/09/You-can-t-trust-the-infra%3B-Encrypt-client-side

This is our weekly gathering of Mozilla'a Web QA team filled with discussion on our current and future projects, ideas, demos, and fun facts.

https://air.mozilla.org/web-qa-weekly-meeting-20150702/

Weekly Mozilla Reps call

https://air.mozilla.org/reps-weekly-20150709/

Last week I released No Flash 0.5, my addon for Firefox to fix the legacy of video embedding done with Flash. If you are like me and don't have Flash installed, sometime you encounter embedded video that don't work. No Flash will fix some by replacing the Flash object with a HTML5 video. This is done using the proper video embedding for HTML5.

This version brings the following:

• Work on more recent Firefox Nightlies with e10s - it was utterly broken
• Add support for embedded Dailymotion.

Also still, supports vimeo and YouTube - the later being extremely common.

Update: please file issues in the issue tracker.

http://www.figuiere.net/hub/blog/?2015/07/09/854-no-flash-05-still-fighting-the-legacy

http://tantek.com/2015/189/b1/css-basic-user-interface-level-3

Bay area Rust Meet-up for July 2015

https://air.mozilla.org/bay-area-rust-meet-up/

This is the meeting where all the Mozilla quality teams meet, swap ideas, exchange notes on what is upcoming, and strategize around community building and...

https://air.mozilla.org/quality-team-qa-public-meeting-4/

From June 23rd to 27th, the Participation Team spent an exhilarating and exhausting work week in Whistler sharing and learning about Participation with Mozillians from all over the world.

During this week we exceeded even our own expectations for  team success. We raised the profile of our team’s diverse expertise as an asset to the goals of every team across Mozilla.  We started a number of conversations about participation across the organization, and ultimately strengthened our own strategy as a team.

Here’s an overview of what we accomplished, as well as what and where we’ll be headed next.

What We Did

Since the Participation Team is new to Mozilla this was our first opportunity to present our goals, ideas, and objectives to the organization and to show other functional areas how we could help them tackle their problems or capture opportunities related to participation. We ended up scheduling sessions with 25 teams across just two days.

We included volunteers, who acted as co-facilitators for the sessions, and some external experts who helped us to shape what Participation means for Mozilla, and provide value to the functional teams we consulted with.Throughout the week the Reps Council played a key role, acting as an extension of the Participation Team in discussions around the definition of participation and how we better integrate contributors into projects in the future.

Other accomplishments from the week included:

1. We built our team team’s trust and relationships (staff and volunteers) and improved our capacity for working together in an integrated and flexible way.
2. We built and learned a new human centered design framework and applied it with groups across the organization. This is an asset that we can bring to communities and teams across the organization, and use ourselves moving forward.
3. We moved forward our participation strategy and structures by articulating and co-creating a forward thinking vision and strategy for 18-months from now, which we will share in the near future. We surfaced important issues and conversations.
4. We rocked a main-stage presentations, showcasing three initiatives that reinforced participation as a strategic advantage to Mozilla: Chota Fennec in India, Marketpulse and Advocacy which you’ll be able to watch on AirMozilla in a few weeks.

Overall, we grew excitement for a fresh approach to participation across Mozilla. There is a buzz about participation now!

Where We Want To Go

The outcome of the Workweek is that we still need to walk a long path. There’s still many challenges and things to do, and we expect to see a lot of progress and development in this year, and the following. Our proposals to move things forward are:

1. We will build and continue to develop the  shared vision of success for participation that we started working on during Whistler.
2. Based on this vision we will identify key priorities for the team and select projects to contribute to to help drive us towards our goals.
3. We will continue to work with ongoing projects and develop new projects around the organization goals.
4. We will work closely with volunteer leaders to create a highly effective set of regional/local communities
5. We will help all interested staff teams create a plan around engaging, sustaining and recruiting volunteers.
6. We will work to develop a culture of excitement and energy around the strategic impact only possible by empowering volunteer contributors.
7. We will embed volunteer leadership opportunities and training in all that we do.

You can follow along with the projects we’ll be working on in the coming months on GitHub here and we’ll also be posting regularly on this blog and from our new Twitter account @MozParticipate.

You can also see more pictures from Whistler on Flickr here.

The Participation Team would also like to say a big thank you to all the volunteers, Reps, staff, and experts who joined us this week. We couldn’t have accomplished any of this without you!

http://blog.mozilla.org/community/2015/07/08/participation-at-whistler/