google should acquire google

Been playing around with some googlebits lately, like Google Reader, and I also noticed the other day that the big G is publishing a newsletter for librarians. (A wise move, says I, but that’s another post entirely.)

Both those things are OK, nothing really special but nothing embarrassing either. Except!

I can’t use Google Reader to search the posts in my subscription list, and there is no way (google group, RSS, anything that I can see) to actually subscribe to the Google Librarian News!


(I’m also trying out this performancing extension, but talking too much about my findings there would be very very close to work, and this is a vacation week, dammit.)

(Regret the error: nemo points out in a comment that there is indeed a “subscribe” link at the bottom of the Librarian News. I got nuthin’.)


He resists falling in to the trap of predicting Portland means 2006 will be “the year of Linux desktop,” but is confident it can capitalize on the buzz that Mozilla’s Firefox has created around open source software on the desktop. Firefox has gained 11.51 per cent of the browser market in the year since its release.

I will be very interested, as Mozilla’s representative to the Portland summit, to follow this effort. I don’t think that most of the people in that 11.51% (I love the precision there!) use Firefox because it’s open source, or perhaps even know that it is. Well, I’m being pretty generous here. I’d be surprised if more than 0.51% used Firefox because it was open source, and I’d be very pleasantly surprised to discover that more than a few percent knew that it was, and what that meant.

I do hope that a growing understanding of the value — to more than just the Mozilla project — of the Firefox brand will help alleviate some long-standing issues here, but even more I hope that the “rest” of the open source desktop can learn from what we’ve done well and poorly, and use that to inform their own path. That’s not a guarantee of success for anyone, to be sure, but it seems like something that would be of interest to those projects. (I have a bit of trivia about that very interest from the Summit, but that’s a whole other story.)

As an aside perhaps of interest to nobody, I think that the “open source desktop” is much much more interesting these days than the “Linux desktop”, with the possible exception of OLPC, and that it’s a lot easier to switch the OS after you switch the parts that touch the users. (The flowers, in many cases, remain standing.)

shavermedia microupdate

Point the first: my KCBS nanointerview is online now, lemme know how obvious it is that I had just woken up.

Point the second: a Red Herring interview I did some time ago (a surreal blend of hard-hitting in-depth journalism about security and competitive threats, and fluff questions about my favourite childhood toys, I must say) is now webified as well. The highlight, for me, is the photo; Vlad obviously performed some ILM-grade special effects. And the Red Herring seems to have done their own, simultaneously scaling it down and making it blockier. Guess it looked better in print, though I’ve never seen it to be sure.

Can’t say I really like the way my answers came out, though the fact that they don’t use quote marks does, I suppose, give them license to chop and slice. If you’ve heard me speak extemporaneously, let alone in a press setting, you’ll probably recognize that voice and style as not quite mine.

well, at least that part was nice

I had a very frustrating and angry-making day today, and it took a lot out of me. I don’t want to talk about it, and nobody else wants me to talk about it either

But then Deb pointed me at this wonderful movie about Firefox and IE and people. My favourite part is that most people don’t seem to know quite why they like Firefox. They just do, because it’s comfortable, and it makes them feel good.

And that makes me feel good.

truth in advertising

As I mentioned before, I’m in Portland this week meeting with a bunch of Linux desktop people to talk about barriers to improvement and adoption of Linux desktop software.

One of the things that has come of out of this meeting already is a commitment from jdub and the other guys to supporting more than just X or Linux platforms for their unifying standards and technology. Apparently their mission statement‘s relentless focus on X is a historical accident, and not to be taken seriously. Good news indeed, I think, because it means that projects like Mozilla and OpenOffice could get involved more, and maybe benefit from the work beyond the cairo stuff.

sorry, did you blink?

I’m in Portland this week for a promising meeting about the Linux desktop, and I got to start my day today with a quick little interview on KCBS-AM about yesterday’s thoroughly be-Digged launch of Firefox 1.5. It was live-to-air, which is a great way to get the blood pumping at 0620, I must say.

If you just must have your audio-interview-of-Canadian-Mozilla-Mikes fix, I entreat you to savour the talking-over-each-other glories of the inaugural podcast of “Inside the Net”.

Other shavermedia exploits of questionable note:

  • “The California Report”on KQED ran a segment on Mozilla in general, featuring interviews with myself, Mitchell Baker, and Robert O’Callahan. MozillaZine has some tips on where in the report you can find all the Mozilla goodness. (Especially Mitchell’s and Robert’s ever more goodly goodness.)
  • The Chris Pirillo Show let me eat up some, uh, bitwaves talking about the Extend Firefox contest. I haven’t actually listened to this one yet, but I presume he edited out all the double-entendre from the raw interview.
  • CommandN, everyone’s favourite indie technology internet video series, filmed me slouching for a few minutes. If you have more bandwidth than taste, you can also see me slouching in high-definition video.
  • I also now have a (huge) video of my LinuxWorld keynote, but I’m not sure where or if I’ll put it up. So bad!

several thousand words

I finally got around to posting the pictures that Madhava took for us of our new house.

oh hell yes

Mom + Intrinsyc = yay!

the maturity of writing your own

Daniel Glazman has written about the pain he’s experienced trying to update his splinter NVu tree to track the significant Gecko development. It’s a very difficult task, and not one that I would have signed up for. There are a number of suggestions that others have made that might have made the task easier, but that’s for another post. To be perfectly frank, I have little personal interest in making the “maintain a fork of Gecko in another CVS repository” use case materially easier, let alone adding cost to already-difficult Gecko development to support it.

(I had a huge section here about the details of internals-vs-platform and some excellent responses that others have made to the post, but I just moved it to another draft because this post is about something else, dammit.)

What I really want to write about is this passage in Daniel’s latest post on the topic:

Let me first give you an example : suppose you are an experienced c++ coder but a true beginner in Mozilla, and you need to build a xul standalone front-end for an app of yours; you can’t rely on xulrunner yet, because it’s said to a bit immature for the time being. So you want to build a standalone toolkit-based app like Nvu, Firefox or Thunderbird… You start looking at mozilla/browser, mozilla/mail and then you cry. The makefiles are incredibly complex and almost not commented, most of the files in app directory are hard to understand so you don’t really know how to tweak them[...]

If you are a software developer faced with the choice between

  • a piece of software that is designed to solve your exact problem, which is not yet release-quality, but is already being used by other people for their projects in exactly this way; and
  • writing your own such piece of software on the basis of code you don’t understand, and which was never intended to be anything more general than “the startup code for Firefox”

then you might have some reasons to choose the latter, I suppose, but I can’t for the life of me understand how “maturity” is one of them. XULRunner is farther towards its stated goal — which happens to be completely identical to the goal that Daniel uses in his example — than anything you’ll find in the directories that Daniel lists, as evidenced by the fact that a number of people are already using it in service of that goal.

Even if XULRunner falls short of some subgoal today, investment in improving it to suit the needs of your own app is almost certainly the wiser course, as you reduce the need to maintain your own private fork of the firefox/thunderbird/whatever code — back in the early Mozilla days, we used to refer to this as “the stupid tax”, and talk about how it was often a strong disincentive to keep patches private instead of integrating well-designed hooks into the core app.

welcome to “collision is not pre-image” day

If you start your day with slashdot (the informational equivalent of a Snickers-and-Skittles breakfast, IMO, but that’s for another day) or know someone who does, you’re probably aware that “something bad happened to MD5 today“. If you’re not, odds are good you don’t need to really care about it very much, so you can move to the next post in your feed reader.

There are a number of places you can go for a good explanation of what the significance of the MD5 attacks are, which should be a prerequisite for commenting on the effects of making those attacks faster (that’s today’s news; source for a long-known attack made public). It is not, however, so the internets are all atwitter about attacks on MD5-hashed passwords (still fine), software verification (still largely fine, other than bait-and-switching for some edge cases), certificate authorities (could be some really nasty baits-and-switches here), and P2P network poisoning (right in the jimmy).

If you are the sort of person who actually reads to understand before writing to inform, you should probably block off 30 minutes or so for explaining to the breathless around you what actually happened today, and what the attacks really represent in practical terms. (In theoretical terms, they are indeed a mortal blow, but there has been no shortage of such blows for MD5 and SHA-1 for a while now. Anyone building new crypto-using systems, or maintaining existing ones, has been moving to other hash functions for a while, or should have been.)

next page »