Oops! Something went sideways.

Looks like the styling got goofed up. Sorry about that, unless it's what you wanted. If this isn't what you were looking for, try force refreshing your page. You can do that by pressing Shift + F5, or holding Shift and clicking on the "reload" icon. (It's the weird circle arrow thing "⟳" just above this page, usually next to where it says https://blog.unitedheroes.net...)

isn't quite ashamed enough to present

jr conlin's ink stained banana

:: Chaos and Kindness

There are two completely different events that have happened in the last week that i need to think about. i tend to find that i think most when i am on a keyboard, so yay you ineffable void and ad bot now reading this, you get more words!

1) Mozilla’s Layoffs.
social media love
The company i work for announced layoffs for about 70 out of 1000 employees. The folks were chosen by project and role, that part is normal. What’s not normal was something i don’t think i’ve ever seen another company do. The employees were not treated like modern lepers and tossed out the door.

Instead, they were told that they were going to be laid off, but still had access to most of the things they needed. This included company mail, internal Slack channels, resources, etc. Folks inside the company rallied to support them. Spreadsheets were created that had employee info and prospective or recommended hires from folks networks. Social Media networks hosted “#MozillaLifeboat” to help get folks on their feet fast, and many very positive words were said in praise of those who were let go.

The folks who we let go were treated like humans. There was an all hands meeting held a couple of days after the layoffs occurred. The folks laid off were encouraged to attend, ask really hard questions, and were given good answers.

Ask yourself, “Would your company have done that? Could they have done that?”

Granted, mozilla works pretty hard on not hiring sociopaths and jerks, so it’s just not really the culture to be terrible to each other. Still, i’ve been through five rounds of layoffs, and had never seen that level of trust.

As remarkably smooth that incredibly disruptive and painful experience was, it did absolutely drive home a point i’ve been thinking for years: You need to be most loyal to the friends and colleagues you meet in your career than to anywhere you happen to work. Any employer that demands faithfulness solely to them is a huge risk to your professional and personal life. Your friends are who will help you, your employer is not. If you work for somewhere you can’t get that, it’s a HUGE red flag. The money might be good, but the risk is tremendous. i can say with first hand knowledge that getting paid well at a place that doesn’t respect you as a person eats at you in subtle ways.

A side product is that you remember that you’re dealing with people, and as such, folks are making it up as they go. Folks want you to believe that there’s a plan and direction, but quite often, there’s not. More often than not, there’s just a rough guess and a general feeling dressed up in powerpoint slides and bold rhetoric. Again, unless you’ve got sociopaths at the helm, layoffs hurt the folks making the decisions about who stays and who goes. Even if they are sociopaths, the company is giving up the money invested in the person and whatever income that person could have brought in.

(Oh, and if you’re ever working somewhere and see absolutely no sign of remorse or regret when an executive talks about layoffs, leave. i’m talking about actual regret, not “Sorry to see those folks go :sad face emoji: it’s terrible. Anyway, who else here is excited to see the Project Foo we’re launching!? [loud, upbeat techno music]”. Yeah, after that, spend the rest of the day polishing up the resume and sending notes to your network about potential leads.)

2) Actix drama

i’ll preface to say that i don’t know all the details about the drama around actix-web. As i understand, there were some concerns around coding practices, a single maintainer, and some folks who may have been jerks. Coding practice discussions are part of any open source projects, single maintainers are concerning for anything other than a small package that’s just starting, and half of the world are jerks.

What happened was that the project maintainer pulled the library code off of github and announced he was done with open source. Honestly, that’s good, because i believe he didn’t know what open source really was.

Let me diverge a bit here.

Open source is about trust.

When you decide to use a package, you are extending trust that:

  • The program/library/package works.
  • It will continue to do so.

Bug fixes, improvements, documentation, etc are also part of that, but kinda fit into the list above. Open source can sometimes be called “Free as in puppy” in that you might be getting into a lot more than you expected.

It’s very rare that the trust is broken. There are ways for a package maintainer to step away from a given package. They could ask a larger group to take over. They could pass it on to someone else. They could “archive” the package and let someone else fork it into a new version. Almost never does anyone just yank their code down in the same way that you almost never see an argument end with someone throwing a temper tantrum. It’s sad because while the author may have been a talented engineer, i can no longer trust anything that they produce.

Would things have been different if folks were not jerks? Probably. Likewise, i think folks were presuming a level of emotional maturity that may not have been present. i don’t fault the author for his actions, even though i’m deeply impacted by them. i’ll survive, reassess and move on. i’m saddened by them, but i look forward to the growth that i hope he gets to experience.

So, how do these things both relate?

In essence, it’s about people. It’s about remembering that at the end of the day, we’re all real, breathing, mentally weird beings and not just clever bags of thinking meat. Sure, there are some openly hostile folk out there, and there are trolls, dirtbags, grifters, and fools, but those tend to be the painful exceptions, rather than the rules.

As Michelle McNamara often said, “It’s chaos, be kind“.

:: Notifications and Bipostal

So, i should probably talk about what the heck i’ve been doing at Mozilla, shouldn’t i?

Well, with things finally starting to surface, i’m a bit more comfortable talking about them. The first part of what i’m working on is Notifications. What the heck is “Notifications” you ask? Well, it’s kinda tricky.

The elevator pitch i like to give is “Somewhere between Instant Messaging and Email is ‘Notifications'”. It’s a way for sites to semi-anonymously send messages to a user. Communication is one way right now, mostly for simplicity sake between the site and the user, but there’s precious little to prevent the communication from going either way.

Ah, this is our floor, shall we get out of the elevator and actually talk about this? Cool.

The history lesson

A little over a year ago, a couple of damn bright interns spent their summer building a prototype notification system that used AMQP and a few other things to pass messages back and forth. The cool thing is that it allowed browsers to talk to browsers, or sites to talk to browsers or really anything to talk to anything. You could get twitter announcements in your chrome, or send a tab to your mobile device or all sorts of things. It was spiffy, but unfortunately, had issues. A fairly large one was relying on AMQP, meaning a persistent socket connection. That’s expensive on a whole slew of levels, not including trying to convince your grandma to punch a hole into her firewall.

So, as is the case with a lot of good ideas, we headed back to the whiteboard to figure out what elements we can use. Some things, like sending a tab to a device, turned out to work better if we used something like sync. That still left a few other features that we wanted.

Enter the BrowserID

BrowserID is cool. The ability to log into a site by selecting what email you want to provide to them is amazingly simple! Granted, if you’re logging into a site like GnomeBondage.com, you probably don’t want to give them an email that will let them fill your work email box with things you may not want your employer to see.

That’s why you want something that is a bit harder for them to associate back to you. And that’s what i’ve been working on.

(Originally, Bipostal (BrowseriD Postal Services, no, really. Stop giggling like that.) was meant to be a later addition to the Push Notifications stuff. Because BrowserID pushed forward, though, the need was higher for that part.)

So, Bipostal generates a token that is specific for you and the third party site (say example.org). The token is ~64 base36 characters resulting in 64*(log2(36) ~= 5.17) = 330 bits of entropy or 2187250724783011924372502227117621365353169430893212436425770606409952999199375923223513177023053824 possible combinations. That’s pretty large. Plus, we’re doing a number of things to prevent spammers and other ne’er do wells from sending in just random garbage.

When a site wants to send you a note, the send it to an address like “6e7snqnx6lomcr67r0clqyimrspopjt894kjhh0dafpfysa3sey944kc3aek1gfi@browserid.org”. We make sure it’s legit, strip out the fancy HTML cruft, and sent it to you. You can also quiet messages to that address (if some site turns out to be overly chatty) or delete that ID. In the future, sites can include bits of JSON in their email that can get pulled out and sent to you as notifications. All magical and pseudonymous. Well, unless you fill out all the profile info with your real values, in which case, they know everything about you, but that’s an “out of band” problem.

What’s to come

Honestly, quite a bit. While a lot has been nailed down (both Push and Bipostal are on Github), but that doesn’t mean we don’t want to hear folks comments and ideas. i’ve included two of the ways you can provide feedback on the Notifications main page. Likewise, you can comment here and i’ll try to respond both here and via email.

Likewise, we’d really love for other companies to help us work out the details to provide a cost effective, light weight platform for this sort of thing. (Websockets and SIP are neat, but require persistent connections which can be costly. We have the option to do message encryption, which would allow the server to not know the content of the message being transmitted, but it would be neat to use non invasive encryption validation to see if we can prevent bogus messages from being delivered.) It’s always good to have bigger brains helping out. There’s a lot we can do and a lot we’re trying to make sure we don’t mess up.

Now more than ever, What do you think?

:: Who Do You Think You Are?

Working on the new identity stuff has been fairly interesting. Not just because i’m working in a language i am still just learning, but because identity is one of those loaded terms that everyone has a definition for. This is a problem that a lot of folks have been trying to juggle for quite some time. In fact, two very smart folks recently posted about “identity”

Still, the problem is that “identity” is sadly pretty vague.

As a person, “Identity” is pretty vital to you. It, quite literally, is who you are. It’s immensely personal and something that a lot of folks don’t really want to grant to everyone, because losing control over that is a personal sin of the highest caliber.

Now, consider the role of the a site owner or provider. While your identity is important, it’s more “useful” than “personal”. That may seem a bit cold, but it’s true. A site owner simply doesn’t have as much invested in your identity as you do. It may sound cold, but it’s more business than anything else. Frankly, all they really care about is:

  1. Are you unique?
  2. Can i contact you?

The other bits? Well, they’re not really that important to the site owner. Well, ok, some bits are, but not really for the reasons you expect. The “personal” info is there to convince you to stick around so that you can look at the ads or give them money. The “social” aspect is there so that you can run free ads for the service to your friends.

Right, so that’s probably a touch more cynical than it needs to be, but again, it’s because while it’s nice to have you, it’s nicer to have you, your friends, and their combined level of disposable income.

So, how does one balance out providing what’s sacred to you with what’s profitable for the site owner? Well, you have to compromise. Personally, websites tend not to be very good stewards of your identity. That’s understandable, because it’s not valuable in the same way to them. You are, quite literally, a commodity.

So, now that you’re probably donning your black jacket with white pinning and doing your best Patrick McGoohan, it’s important to think about what possible solutions do exist.

i spent way too long doing this. The first thing that needs to be done is to simplify. Yes, online identity can carry with it a lot of additional items (like the association, reputation, and other elements mentioned above), but each of those also carries context that you as the owner want to control. You’re reputation as a top notch cribbage player may not carry the same weight in the Call of Sponge Bob LARP Group.(Which, sounds kind of an awesome group, really), but you really don’t need to tell everyone online that. Ultimately, you need to control what aspects of your personality various sites get.

Yes, that means you need to be fairly active at worst, or have several personae at best. Kind of like how you manage your real life. It also means that instead of wrapping identity up in something that’s hard to control or understand, it should be fairly clear and possibly a bit worrisome.

Mozilla is taking the approach that the one thing that you own, that the site providers need to talk to you, that is unique to you and a little worrisome to hand out to strangers, is your email address. It’s something you already have (probably multiple of them, really), and that you control, even more so if it’s with a domain you control. Likewise, site owners get something they can use to contact you without going through a broker or gatekeeper. Yes, there are potential issues with spamming, but those issues exist regardless.

The thing about identity, really, is that you should own it. It should be yours to control. You should grant sites access to your identity the same way that you do in real live. (You don’t tell the Barrista your Social Security Number or who you went to the movies with last Friday.) Likewise while you can get someone to vouch for you, you shouldn’t be held captive to them.

We’re still working out the details, but we’re fairly far along. Feel free to join in the conversation if you like.

:: Apples To Foxes

Righto. So, let’s look at memory footprints, shall we?

With the pending Firefox 4 release (yay!) a few folks have posting things like the following:

i was kind of curious about that myself. So i decided to do a bit of a test. My personal walk-around box is a Dual Core 1.3GHz Acer Aspire with 3GB of memory running Win7-64bit. i’ll pick that OS since it’s the most popular platform (even though i tend to run Ubuntu as my real work space). i’ve got PsTools installed so i can do snapshots of running processes. Mind you, “Memory usage” (particularly on Windows) is not really an easy term to identify since applications can reserve more memory than what is available (effectively, overbooking memory) and most tools will report that number rather than the actual memory in use (the Working Set, which is closer to the real amount of memory in use).

So, with that in mind, lets look at a few things.
i brought up a clean version of Firefox 4 (no addons), sync’d it to my work desktop and pulled over 18 tabs. They are a mix of static pages, a pinned Twitter, an Etherpad editing a 40K doc and a few other things (no flash because i tend not to use that while working or coding, but feel free to add one if you want to do this at home)

from the command window, i ran:

C:\Program Files (x86)>plist -m firefox
pslist v1.29 – Sysinternals PsList
Copyright (C) 2000-2009 Mark Russinovich

Process memory detail for VIR:

Name Pid VM WS Priv Priv Pk Faults NonP Page
firefox 7576 445036 236912 219460 238040 468908 137 342

Since values are returned in KB, Firefox has reserved about 445MB of Virtual Memory with a Working Set of around 236MB. That’s our baseline.

Now to bring up those same tabs in Google’s Chrome.
and we get the following:

C:\Program Files (x86)>pslist -m chrome

pslist v1.29 – Sysinternals PsList
Copyright (C) 2000-2009 Mark Russinovich

Process memory detail for VIR:

Name Pid VM WS Priv Priv Pk Faults NonP Page
chrome 3876 230404 60364 42332 57428 505725 46 306
chrome 5980 156528 39764 29788 41332 251894 23 164
chrome 7272 100012 15116 8208 11464 6225 12 164
chrome 9640 134756 17008 9568 14272 11077 14 164
chrome 7284 142864 27396 17984 23796 34864 19 164
chrome 1840 136804 20168 12612 16856 15592 14 164
chrome 10456 138392 22784 14480 18484 10414 15 164
chrome 816 139300 22552 14024 18188 12245 18 164
chrome 8936 136488 20812 12300 18000 9796 15 164
chrome 10768 137432 17860 10524 14720 9176 15 164
chrome 11172 102060 16144 8980 13608 7015 12 164
chrome 10740 136576 20200 11752 17204 9553 15 164
chrome 10824 147120 32488 20236 27848 30158 21 170
chrome 10584 161836 29940 25132 25248 7876 22 232
chrome 11380 98988 13996 7152 10764 6647 12 164
chrome 7216 139412 23296 14648 20892 13321 18 164
chrome 4724 113004 26700 21408 25116 9617 12 164
chrome 6976 98988 14136 7256 10928 6651 12 164
chrome 2684 133988 17420 10008 13828 8320 14 164
chrome 10256 110572 23372 18060 21940 8861 12 164

Huh, why so many? Well, the good folks at Google sandbox each page into its own process so that when it crashes, it usually doesn’t take out the other browsers. Because of that, each process then requests and uses more overall memory. In this case, the total numbers are 2,696MB of Reserved Memory (VM) with a working set of about 482MB. That’s a lot more memory, but again, there is a lot going into these numbers that can set them higher.

So what about the others?

Well Safari 5.0.3 does a bit better with the process generation (only building two) and memory footprint:

C:\Program Files (x86)>pslist -m safari

pslist v1.29 – Sysinternals PsList
Copyright (C) 2000-2009 Mark Russinovich

Process memory detail for VIR:

Name Pid VM WS Priv Priv Pk Faults NonP Page
Safari 5228 491876 227472 235152 242528 992772 225 438
Safari 8204 251544 55068 38864 73768 52337 61 356

with a total of 743MBVirtual, and 283MB Working Set. Better than Chrome, but still bigger than Firefox (but just barely).

Opera 11 shows up at:

C:\Program Files (x86)>pslist -m opera

pslist v1.29 – Sysinternals PsList
Copyright (C) 2000-2009 Mark Russinovich

Process memory detail for VIR:

Name Pid VM WS Priv Priv Pk Faults NonP Page
opera 4728 345856 218068 215104 215908 258746 47 225

Which gives it the smallest footprint so far, shaving 18MB less than Firefox

IE9(rc) shows up at:

C:\Program Files (x86)>PsList.exe -m iexplore

pslist v1.29 – Sysinternals PsList
Copyright (C) 2000-2009 Mark Russinovich

Process memory detail for VIR:

Name Pid VM WS Priv Priv Pk Faults NonP Page
iexplore 4928 183092 35676 14888 16300 12907 45 329
iexplore 5060 269624 82320 44424 51464 31208 56 385
iexplore 3900 321020 90184 55620 60860 35165 70 416
iexplore 2664 213272 41056 22412 25152 12574 38 342
iexplore 5104 235628 54836 25616 70920 28599 51 372
iexplore 5040 240560 71040 48260 54136 63598 98 365
iexplore 3412 231716 52024 31668 51920 19874 60 338
iexplore 3280 243336 54364 32552 35372 16715 47 369
iexplore 1336 204544 39144 21392 21784 10383 38 341

Which sums up to VM of 2,143MB and a WS of 503MB (Well, after a reboot since the install required it.)

So, for the benefit of them what like charts, here’s the memory footprint breakdown:

Browser Virtual Memory Working Size
Opera 11.01 346MB 218MB
Firefox 4.0b12 445MB 236MB
Safari 5.0.3 743MB 283MB
Chrome 9.0.597.107 2,696MB 482MB
IE 9.0.8(64) 2,143MB 503MB

Mind you, these are all top-notch browsers, and frankly you should be paying attention to the second column (working size) more anyway. Even with all those browsers and associated tabs open, there was memory available and i didn’t notice any huge lags. That’s again due to the somewhat interesting approach Windows and other modern OS’s takes to memory management.

Plus, if you’re running a machine that has just 1GB (or less), there’s a fix for that.

That said, i think Firefox 4 does a right fine job of memory management compared to the competition. i’d also love for a few folks to do similar tests on their systems to see how it performs. Hopefully, this will help.

(Also, Firefox and Chrome made this REALLY EASY by letting me drag text into the URL field rather than copy/pasting it in. Really wish the other browsers would let me do that.)

:: Fear the Remote

Perhaps, while watching TV you may have seen one of those OnStar commercials. Basically, the service allows you to remotely monitor and access your car via their service. Kinda neat, huh? It gives you a little app you run that can give you god like powers over your vehicle in a simple way.

Said service is, of course, not free. It’s a subscription service that costs either $200 or $300 a year, depending on whether or not you want the GPS service too. i’m sure there are various other fees that might exist, but let’s say $200 a year on top of your $36,000 car.

Now, let’s go a bit further. Let’s say that OnStar is such a spiffy way to manage your vehicle, that you don’t need a key anymore, or that to get a key, you’ll have to pay $200 each (the going rate for key replacement from the dealer) Just bring up the app on your phone or call their 1-800 number and they’ll unlock and start your car for you. In this modern worlds, chances are you probably know where your phone is more often than your keys, so again, pretty spiffy, right?

Well, up until you forget to pay your subscription, or there was a problem with your credit card that month, or you lose your phone, or they drop your account because they no longer support your vehicle, or…

See, that’s why you want to have a key. A key you can carry with you and control.

That’s my big problem with Facebook Connect. You don’t have the key.

You have to coordinate though a remote service in order to use something. A service that will go away at any time or for various reasons, leaving you not only without a way to click on your cows, but if you are using them as your internet equivalent of OnStar, without every single site you log into.

That would be, a bit bothersome, no?

And lo, Om Malik describes exactly this problem.

Still not quite sure what the best fix for this is. i’m still a fan of identity being contained in your browser (synced to your devices with some sort of kill-switch capacity for lost/stolen things), but site hosts would want a third trusted party to validate against.

Some interesting discussions are being had at work on how to address that, though.

Blogs of note
personal Christopher Conlin USMC Henriette's Herbal Blog My Mastodon musings Where have all the good blogs gone?
geek ultramookie

Powered by WordPress
Hosted on Dreamhost.