jr conlin's ink stained banana

So, i should probably talk about what the heck i've been doing at Mozilla, shouldn't i?

Well, with things finally starting to surface, i'm a bit more comfortable talking about them. The first part of what i'm working on is Notifications. What the heck is "Notifications" you ask? Well, it's kinda tricky.

The elevator pitch i like to give is "Somewhere between Instant Messaging and Email is 'Notifications'". It's a way for sites to semi-anonymously send messages to a user. Communication is one way right now, mostly for simplicity sake between the site and the user, but there's precious little to prevent the communication from going either way.

Ah, this is our floor, shall we get out of the elevator and actually talk about this? Cool.

The history lesson

A little over a year ago, a couple of damn bright interns spent their summer building a prototype notification system that used AMQP and a few other things to pass messages back and forth. The cool thing is that it allowed browsers to talk to browsers, or sites to talk to browsers or really anything to talk to anything. You could get twitter announcements in your chrome, or send a tab to your mobile device or all sorts of things. It was spiffy, but unfortunately, had issues. A fairly large one was relying on AMQP, meaning a persistent socket connection. That's expensive on a whole slew of levels, not including trying to convince your grandma to punch a hole into her firewall.

So, as is the case with a lot of good ideas, we headed back to the whiteboard to figure out what elements we can use. Some things, like sending a tab to a device, turned out to work better if we used something like sync. That still left a few other features that we wanted.

Enter the BrowserID

BrowserID is cool. The ability to log into a site by selecting what email you want to provide to them is amazingly simple! Granted, if you're logging into a site like GnomeBondage.com, you probably don't want to give them an email that will let them fill your work email box with things you may not want your employer to see.

That's why you want something that is a bit harder for them to associate back to you. And that's what i've been working on.

(Originally, Bipostal (BrowseriD Postal Services, no, really. Stop giggling like that.) was meant to be a later addition to the Push Notifications stuff. Because BrowserID pushed forward, though, the need was higher for that part.)

So, Bipostal generates a token that is specific for you and the third party site (say example.org). The token is ~64 base36 characters resulting in 64*(log₂(36) ~= 5.17) = 330 bits of entropy or 2187250724783011924372502227117621365353169430893212436425770606409952999199375923223513177023053824 possible combinations. That's pretty large. Plus, we're doing a number of things to prevent spammers and other ne'er do wells from sending in just random garbage.

When a site wants to send you a note, the send it to an address like "6e7snqnx6lomcr67r0clqyimrspopjt894kjhh0dafpfysa3sey944kc3aek1gfi@browserid.org". We make sure it's legit, strip out the fancy HTML cruft, and sent it to you. You can also quiet messages to that address (if some site turns out to be overly chatty) or delete that ID. In the future, sites can include bits of JSON in their email that can get pulled out and sent to you as notifications. All magical and pseudonymous. Well, unless you fill out all the profile info with your real values, in which case, they know everything about you, but that's an "out of band" problem.

What's to come

Honestly, quite a bit. While a lot has been nailed down (both Push and Bipostal are on Github), but that doesn't mean we don't want to hear folks comments and ideas. i've included two of the ways you can provide feedback on the Notifications main page. Likewise, you can comment here and i'll try to respond both here and via email.

Likewise, we'd really love for other companies to help us work out the details to provide a cost effective, light weight platform for this sort of thing. (Websockets and SIP are neat, but require persistent connections which can be costly. We have the option to do message encryption, which would allow the server to not know the content of the message being transmitted, but it would be neat to use non invasive encryption validation to see if we can prevent bogus messages from being delivered.) It's always good to have bigger brains helping out. There's a lot we can do and a lot we're trying to make sure we don't mess up.

Now more than ever, What do you think?

Let's be honest. Even though the MPAA and RIAA are out to destroy the internet at all costs, you're not going to stop listening to music or watching movies, or generally consuming the media they produce. The problem is, all that consumption still goes to them and they pump all that cash straight into the lobbying efforts to forcibly exert control over the web.

So what's a soul to do?

Turns out that a rather clever person came up with the idea of MPAA Offsets. They're like carbon offsets for the soul. What you do is match your media consumption with a donation to EFF. Spend a buck buying a track off iTunes? Send a buck to EFF. Got a Netflix subscription? Fork over $8 a month to keep the web open. This is particularly great if you've got cable or satellite, because those services aren't cheap.

Hopefully, this will have a two fold effect. One, you're going to be a bit more prudent about going with indie labels or direct to artist sales for media. You're probably also going to seek out what the web has to offer, like the various short form movies you can get off of Youtube. You'll also get a fairly sizable tax credit if you're a US citizen. (If you're not, i'm also fine with you supporting your local equivalent.)

This is about money, plain and simple. You're the one with money, so it really matters what you do with it. If this crap matters to you, vote with your wallet.

Social sites (like facebook, twitter, google plus, yahoo mail, etc) want human beings. To ensure that human beings are there, they use CAPTCHAs. Since all that effort to determine squiggly letters was kind of being wasted, Luis von Ahn, figured it would be great to have people try to figure out words from scanned books that computers couldn't figure out, and thus ReCAPTCHA was born.

Of course, there are bad guys. These folks want to use social sites (like facebook, twitter, google plus, yahoo mail, etc. to send you a free ipad for filling out endless surveys that end in your checking account being emptied as you unbox your very own 241mm x 186mm slab of plywood. Since CAPTCHAs are hard for computers to figure out, they pay folks to guess CAPTCHAs for them. Thousands of them per day.

So, in some respects, the greater force for aiding in the digitizing of lost texts is probably some guy in a coffee shop being paid $.05 for every ten ReCAPTCHAs. Those endless ads for discount Canadian Viagra may have also helped immortalize Robert Guillaume's groundbreaking show.. Or Anne of Green Gables. Maybe we'll go with Anne of Green Gables.

That's fine and dandy for doing distributed OCR work, but what about the other big problems out there?

How about solving a little protein folding? How about matching chromosome sequences? Maybe record weather patterns from historical logs? Sites know "problem nets" and could simple toggle a switch to use the new system. Heck, folks from other countries might actually appreciate not having to deal with figuring out English words.

As long as spammers are paying keyboard monkeys, let's use the spammer's money to help society more than they're trying to ruin it.

As is the custom, i'm starting over fresh. Well, sort of.

More importantly, i've decided that i need to work on a few things in this new year:

1. Learn a new framework a month.
Anyone can learn a new programming language in a day or two. Honestly, they're mostly the same, just some of the words are different and some tweaky crap like how hashes and lists are handled. (Obviously, there are huge exceptions to this, as there always are, but on the whole, most heavily used languages descend from the ALGOL branch).

What really sets some languages apart is the meta-programming aspects of them. What are those? Meta-programming are the libraries and frameworks that people have added to the core language to do all the spiffy things that folks actually talk about. Some languages seem to acquire frameworks far faster and easier than others. Perl and PHP, for instance, don't really have the same level of meta-programming that Python or Java do.

So, i'm going to try to become reasonably well versed in the various major frameworks that are out there. Possibly giving myself a project to work on each month.

2. Be less hostile toward enemy technology.
First, let me be clear by what i mean as "enemy technology". Basically, it's anything from a service or company that i'm not very happy with. This means companies like Facebook, Apple and the like. Unless it's some element of core infrastructure that there's no way for the company to express direct control over (like Redis or ProtocolBuffers), i tend to view it with an absurd level of distrust and suspicion.

i need to back down from that a bit. The suspicion will still be there, but i can't figure out if the idea is valid if i shun it entirely. Plus, if it's really closed, that gives me the added incentive to create an open version. Time to make friends again with wireshark.

3. Be mobile.
Ok, this is something i've been working on for a while. In essence, i need to be able to move at a moments notice. That means being able to be effective anywhere. It also means being more active in the mobile space and building things that are scoped for that sort of environment. Much like fighting greenhouse gasses, even if it's not really needed in the future, it's going to make things better anyway. Perhaps, after nearly 10 years, i ought to consider updating the look of this blog.

One nice thing about great new technology is that if it's truly game changing, someone else will do it.

Take Google Reader, f'rinstance. For reasons kin only to the hallowed halls of Google, they changed the look and behavior of their News Reader. Mind you, i was using them because previous to that i was using a Firefox Plugin, and Reader allowed me to coordinate news reads across multiple devices. Kind of like how using IMAP for mail allows you to only have to read mail once.

This was handy. i was a bit oogy about giving an advertiser like that so much info, but hey, i was getting enough value out of it that it equaled the cost. Or at least it did so long as i was able to follow some of the more interesting folks that also used Reader. That kinda ended recently.

Fortunately, the esteemed Les Orchard also felt the pain and pointed out that i could run tiny tiny rss which lets me use RSS like IMAP and centralize how i deal with the personal information tsunami. But what about the social aspect? Well, turns out that can be addressed as well.

When i share a link, i don't expect it to last very long. (All i have to do is run the freshness script against the RHOD links to see how fast link rot sets in.) So, a site like Twitter is fine to publish that kind of ephemeral cruft. That's why i created a JRsLinks account that's my personal dumping ground. To publish links, i use the new and improved Firefox Share plugin. There are other plugins for other browsers you can use, should you so see fit, or just use a bookmarklet.

There's even a client for ttrss for android that works pretty well. (that last is from mookie. It's nice having smart friends.)

So, in essence, with the change, i realized i don't need gReader anymore. (Well, other than for Podcasts, but even there i might be able to move to a better solution.)

Thanks Google!