Hacking for Christ

Gerv Is Away

I'm on holiday in Croatia from Monday 30th August to Monday 6th September. Here's a list of people you can contact about various things in my absence.

Note that I've disabled comments on the entire blog while I'm gone, so I don't have to delete 500 blogspam on my return. Apologies to those of you who wanted to continue conversations or comment on the MNG post. Blame the spammers, and then comment on the apng discussion list.

MNG Misunderstandings

I've been reading the various bugs, blog postings and specs about APNG, Vlad and pavlov's proposed extension to PNG to allow animation.

Obviously, this has raised the question of "what about MNG?" I've been surprised to see several people, who normally talk a great deal of sense, stating things about MNG which are just not true, or not relevant to the discussion. Here's a quick Q & A:

The MNG standard contains loads of cruft! It's overdesigned!

So? Even if that is true, there's loads not to like about XHTML, SVG and XForms. We have still implemented, or are planning to implement all of them.

Besides, no-one's asking us to write an MNG implementation. We have libmng, which is mature, stable and used in several products.

But there are no MNG images on the web! No-one uses it.

So? There are no APNG images either. If MNG provides a capability we want, and it's there and mature, what's the problem?

Adding MNG will bloat our product with hundreds of K of code!

MNG_BUILD_WEB_NO_JNG is a build option containing all the imporant bits of MNG for the web. It is a superset of animated GIF, and has 8-bit alpha and disposal methods. It could be added to Firefox or Mozilla for a max. 48k increase in on-disk footprint, less for download. (48k is the FreeBSD figure; better Windows compilers could probably make it smaller.)

(If this were done, the resulting PNG + MNG would still be smaller than the PNG decoder included in Mozilla 1.4, due to excellent work done by the PNG/MNG team in reducing the size of both decoders.)

All we want is an animated GIF replacement!

So MNG provides that. It can provide a lot more, too - but why is that a reason to actively reject it, if the size increase is so small?

drivers@mozilla.org have made it clear that they don't want MNG.

That decision was made when adding the MNG decoder added 300k+ to the product. Surely a six-fold size reduction merits a reconsideration of the issue?

I hold no particular candle for MNG (although I do think the guys working on it are very nice, and that the Mozilla project hasn't treated them well). I've never created an MNG image, and must have viewed about three. But I must confess it surprises me that we are rejecting a mature standard library for our own implementation for the sake of 48k of on-disk footprint.

I look forward to the same principle being applied to XForms.

Posted by gerv at 8:32 PM

RIP FishCam

Maybe I'm the last to notice, but the Amazing Netscape FishCam appears to be no more. :-( The site is still there, but the last images are dated January 10th this year.

In April 2003, Eric Meyer redesigned the page to use web standards (presumably, it previously looked something like this) but obviously even Eric's super CSS powers weren't enough to save it...

Can anyone who works/worked at Netscape tell me what happened to it? Does Netscape/AOL still even own Building 21?

Random Walks In Webspace

Firefox has a "feature" whereby if you paste text which isn't a URL into the URL bar, it does a Google "I'm Feeling Lucky" search on it. This means that, for example, if you accidentally paste your clipboard into the bar and hit Enter, you get taken to a random web page.

This is most fun with totally innocuous sentences. I accidentally pasted in "Wrote up document on the volume problem." and ended up here, a page with no obvious semantic connection with the original sentence. Serendipitously, I had been shown the film about the basketball players and the gorilla (more cool demos like that) during the "Mind Hacks" talk at EuroFoo only last weekend. Weird.

Anyway, this opens up some exciting possibilities for "random walks through webspace". Here's the procedure:

Random Walks In Webspace

• Start Firefox at a particular page. Any page will do - even this one.
• Find the most boring sentence (three words or more) on the page and paste it into the URL bar.
• Press Enter.
• Read the new page with deep interest.
• Repeat.

Post interesting results in the comments. There's a prize for the sentence and web page pair which bear the least relation to each other.

Bare Bathroom

A while back, our landlord very kindly offered to have our bathroom redone, as it was showing its age a bit. We gladly agreed, and a couple of months ago he came round with a plumber/handyman to do various bits of assessing and measuring (those with long memories may remember the incident).

This week, he finally started work. Except that he did two days, and then apparently decided that the job was harder than he thought, and he needed a mate to help him. However, acquiring one will take about two weeks, in in the mean time we have an entire new bathroom suite taking up space in our living room, and our bathroom looks like the picture on the right.

The tiles on the windowsill, and the sill itself, are completely gone, as is the board which hides the underneath of the bath (I bet it has a special name, but I don't know what it is). I guess we have to be grateful that he didn't get any further and disable the toilet...

Edit Any Web Page

I just came across Editive - a way to use Mozilla's support for page editing (OK, and perhaps that of other browsers too) to WYSIWYG edit any random web page in a browser window, and then save it out to disk. This goes further than your average text editing widget - there's selection indicators, and you can remove or cut and paste images.

It also has the ability to "purify", or cut down, common web pages to remove ads and banners. Could be useful for accessibility purposes.

Neat trick: Edit this page.

Draft Trademark Policy for Localisations

After several months of hard work, the draft trademark policy for localisations is now available for comment. You may want to read Mitchell's blog post on the issue for background.

Note that the more general policy is still an early draft reflecting my opinion only, and should not be taken as indicative of anything at this time. We're tackling the more urgent problems first.

You can comment here or in this MozillaZine thread.

Not All Geeks Are Fat

My EuroFoo t-shirt ("one size fits all") is an XL, and comes down to not far above my knees. Could I issue a plea to organisers of conferences and other t-shirt give-aways - can we either:

1. get only small ones half the time, and tell everyone else to diet; or
2. have at least two possible sizes?

I know multiple sizes is a little more expensive, but otherwise short, (fairly) thin geeks like me get ill-fitting clothes every time, because organisers always err on the side of "tent-like".

Thanks :-)

Unredistributable Code (Part 2)

A "mini-editorial" about the cdrecord licensing issue over at OSNews begins:

Basically, the author of cdrecord modified its license to not allow modifications of his code by distros without doing so in cooperation with the author.

Many critisized[sic] the author as a free software-sellout, however, in my opinion, the author has the right to do these modifications and so I am with him...

The link there is to my original blog entry on the issue.

I think it's clear in my original post, but I feel I should reiterate that I was not criticising Mr Schilling, merely pointing out some of the legal ramifications of his actions. I agree with the OSNews author, that he has the right to license his code how he likes; my point was merely that his change made the code unredistributable, which is probably not what he intended.

I am told (although I haven't verified this) that the problematic comment has been removed in the latest release, so it looks like the matter has been happily resolved.

EuroFoo Day 2

Yesterday was more fun than I've had in a long time. I now know several scary things about locks, including how to pick simple ones (I've been practising). I heard a very interesting talk on the BBC's Creative Archive - they hope to release the first piece of content this year sometime. And I gave a lightning talk (5 mins) on my new idea, and another on Patch Maker, which were both well received.

I've also discovered an excellent new game called Zendo, which would be even cooler if it didn't have a Buddhism theme. I guess I have to think about how much I object to that; on the one hand, it's all in fun, and Buddhism is a false religion anyway, so how can it hurt? On the other hand, one needs to be seen to be doing the right thing, and to be careful of appearing to condone idolatry.

EuroFoo Day 1

Having just discovered that UTwente's campus-wide WiFi (why do UK universities not have this?) works in my hotel room, I thought I should make like Ben Hammersley, Guardian tech-writer and UK blogorati (who's also here) and blog the conference "live".

I had to get up at 7am to get a train to Heathrow for my flight to Schipol, eventually ending up in Enschede (which I now know is pronounced En-sked-ee) just after five. I took a taxi to the conference hotel to meet up with the other attendees.

EuroFoo is a very informal conference - the idea is that the participants determine the agenda. So after dinner, we spent the evening doing introductions (with 138 people, it's strictly name, country and five words to describe yourself) and designing the conference programme on some large boards. As a result, tomorrow I plan to go to sessions on (among other things) Lockpicking, Hacking the Human Brain, 3D printing, and the Digital Divide.

This is so cool.

EuroFoo

I'm off to EuroFoo today! I did manage to come up with a cute little project to show people; more about that next week.

I probably won't be answering email until Monday. (They are highly wired out there, but I suspect I'll be having too much fun.)

Google Browser Stats Removed

osViews has kicked the can over. Cheers, lads.

"As a result of user feedback we have decided to focus our efforts on the international expansion of the Google Zeitgeist and will no longer be publishing data about Web browsers, operating systems and languages used to access Google. You can view historic data in the Google Zeitgeist archives.

The OS stats may have been dodgy, but the browser ones were extremely useful. I hope that Google will reconsider this decision, at least with respect to the browser statistics.

In the mean time, are there any other high-traffic sites with a cross-web-user demographic which publish web stats? (Please don't tell me about w3schools.)

Mozilla in Japan

Newsflash: "Japan has been thrown into a panic after several ships have exploded and sunk. The authorities originally thought it was either underwater mines or underwater volcanic activity. However, an expedition to Odo Island, close to where several of the disasters occurred, lead by paleontologist Professor Kyohei Yemani, his daughter Emiko and a young navy frogman Hideto Ogata has discovered something more devastating in the form of a 150 foot tall monster whom the natives call..."

Oops, hang on, that's someone else. Ahem. Mozilla Japan launches today.

Axe Gravy Soup

I've been playing with a new Dell Axim Pocket PC (not mine) which attempts handwriting recognition. Having had a few fairly unsuccessful goes, I was reminded of the funniest joke I've heard in weeks, courtesy of Wikipedia (fount of all useless knowledge, and much useful knowledge too):

Q: How many Apple Newton users does it take to change a lightbulb?

A: Foux! There to eat lemons, axe gravy soup.

Although this had me laughing out loud, I can't actually decrypt what the answer is supposed to be. I know that's not the point, but I'm curious. It's fairly obvious it starts with "Four! Three to...", but the rest is unclear. Ideas in the comments, please :-)

Killer Squirrel

Everyone has their own scheme for machine naming, and there's been some good advice written on the subject. But this issue can cause more strife than one might expect. A quote from that second document:

One thing that is a given is that, unless you are the only person at your site, there will be people violently, in some cases homicidally, opposed to whatever naming scheme you come up with. Live with it.

All the machines I control are named using my "cute innocent furry mammal" scheme. I have had, at one point or another, badger, vole, dormouse, hedgehog (yeah, so it's not furry - sue me) and otter.

I even called one of them "squirrel", because it lived in the loft. But in that particular case, perhaps I should be rethinking that "cute and innocent" designation.

jwz.org Is Broken

www.jwz.org, home of everyone's favourite ex-mozilla.organ, looks a little different today. Now it's not April 1st, and his registration hasn't expired (captcha required), although the record is marked as having been updated today, so I can only assume this is down to some enormous screw-up by his hosting provider. It was fine yesterday at 1am GMT.

I'll feel highly disappointed if this incident doesn't result in another vitriolic yet highly-readable gruntle...

Update: now fixed. The nameservers are now meer.net's nameservers rather than those of domaindirect.com. For those who are curious, it used to look like this (but, obviously, with jwz.org instead of matzen.com.)

When Handing Out Lemons, Suggest Making Lemonade

As seen on Slashdot, Microsoft has recently started selling "Windows XP Starter Edition" in far-eastern countries such as Indonesia, Malaysia and Thailand. One of the larger limitations is that you can only run three applications at any one time. In a breathtaking example of positive spin, Microsoft say that this limit "helps [users] stay organised and reduces confusion."

I predict a resurgence in the popularity of the kitchen-sink Mozilla Suite and various associated extensions :-) That is, of course, assuming that the removal of half the networking capabilities doesn't stop it from working altogether. How's our Thai support? (Oops. Not good.)

Ironically, Gartner think that this move will frustrate users (well, duh!) and increase piracy.

Blog-comment Spam Flood

Am I the only blogger on weblogs.mozillazine.org who has come under sustained comment-spam flooding this week? There seem to be two main perpetrators: a vaguely literate group who are interested in selling discount cosmetics, sailing boats, shoes, magazine subscriptions and contact lenses, plus various adult products (sounds like a comment-spammer-for-hire) and one Viagra spammer with a much more limited command of English. Together they post between 20 and 80 comments a day.

I can't implement an IP-address-based block because, according to kerz:

We use a web filtering proxy which caches static pages, but also has the side-effect of causing all apache requests to have the same IP address, which is our proxy's.

So, in the MT interface, all comments are labelled with the same IP address. :-( I am reduced to monitoring my inbox and using MT's bulk delete tool on a daily basis. <sigh> I could close comments on all but the newest few posts but a) that seems a bit sad, and b) MT doesn't provide a bulk tool for it, so I'd have to do each one individually.

Just Say No

One of Asa's recent blog entries (get a link style different from your text, dude! :-) refers to a New York Times article (sacrifice of first-born child required) about switching from IE to Firefox.

Ms. Sandlin is so devoted to her browser that she has taped a note to her monitor warning guests not to click on the desktop shortcut to Internet Explorer. "Do not touch the blue 'E!' " the note says.

That makes me think - we could do a really good anti-drugs spoof website about making the switch. Some slogans: "(E) rots your brain". Or "Bugs - just say no."

Comment with your ideas :-)

Total Cost of 0wnership

Recently, Microsoft has been funding studies comparing the TCO of Linux and Windows. Unsurprisingly, these tend to have favoured Windows - as one might expect, given their funding source.

But now, independent security consultants Immunity, Inc. have produced a study (top of the list) saying that Windows has around half of the Total Cost of 0wnership of Linux. I was initially highly sceptical of this but, after reading the report, I'd have to say that I've been won round. The evidence seems clear that 0wning Windows is easier and cheaper than Linux. And that's not likely to change in the near future.

This finding obviously has serious ramifications for the Linux community, particularly as it becomes better known among businesses and the Fortune 500. I urge you all to read the report and comment as to what the next step should be.

Unredistributable Code

As you may know, I have an interest in free software licensing, and handle licensing enquiries for mozilla.org.

LWN's lead article (buy access; it's great :-) this week is about an ongoing dispute between Jorg Schilling, maintainer of "cdrecord", and various Linux vendors. Mr Schilling and those companies have rather different ideas about the way cdrecord should work, and so the vendors tend to ship a heavily patched version. Mr Schilling feels that this places him under an unreasonable support burden, as he gets a lot of email from people people using "broken" versions.

Four days ago, because of this, Mr Schilling released a new alpha of cdrecord, 2.01a36, with the following comment in cdrecord/cdrecord.c:

/*
* You are not allowed to modify or remove the following code.
* I am sorry that I am forced to do things like this, but defective
* versions of cdrecord cause a lot of work load to me and it seems
* to be impossible to otherwise convince SuSE to cooperate.
* As people contact me and bother me with the related problems,
* it is obvious that SuSE is violating subsection 6 in the preamble of
* the GPL.
*
* Note that although the SuSE test is effective only for SuSE, the
* intention to have non bastardized versions out is not limited
* to SuSE. It is bad to see that in special in the "Linux" business,
* companies prefer a model with many proprietary differing programs
* instead of cooperating with the program authors.
*/

(Thanks to garloff on LWN for bringing this to my notice.) The code referred to is a call to a function "linuxcheck()", which checks for Linux 2.6 and prints a warning message, and then checks for SuSE and prints another one complaining about the "bastardized and defective versions" he alleges SuSE ship.

That clause, if you read it as an extension to cdrecord's licence, makes the code it refers to non-free - it is an "further restriction" which violates section 6 of the GPL. This has several ramifications:

1) When Mr Schilling distributes the current version of cdrecord, he is violating the GPL with regard to those parts he does not own the copyright on - because the copyright holders of those parts have not given permission for their code to be in a binary with non-free code.

This would allow anyone with code in cdrecord to sue him for copyright infringement.

2) Anyone who receives the code receives it under two conflicting license provisions. That means, according to section 7 of the GPL, that they may not re-redistribute the code at all, because they cannot simultaneously satisfy the GPL and the other conditions (i.e. allow unlimited freedom to modify, and stop modification of that section).

So any Linux distributor or other party distributing 2.0a36 or above is violating the GPL, and could be sued by copyright infringement by any contributor, including Mr Schilling.

In other words, no-one is currently allowed to redistribute cdrecord at all! This is a rather unfortunate state of affairs for all parties. I hope that it will be possible to resolve it quickly; cdrecord is an excellent piece of software.

Ways To Spend $60 Billion

We are the subject of a joke in UserFriendly again. Perhaps they should be called MozillaFriendly ;-)

I expect Jesse and George would be rather happy if Microsoft did do what the cartoon suggests. They could work two months of the year and spend the rest lying on a beach...

Update: fixed permanent link. When I tried it this morning, ars.userfriendly.org was down...

Whistling In The Wind

According to Forbes, Microsoft is singing a new tune on Linux.

"I just want the decision to be based on facts, not religion," says Taylor [Microsoft's top Linux strategist]. "People are saying, 'It's not Microsoft, so it must be great.' Tell us what Linux does that we can't do. Don't tell us you're deploying Linux just because you can."

Microsoft need to figure out that people are deploying Linux 'just because they can', and that 'It's not Microsoft' is becoming a major factor when choosing software.

A lot of people don't like Microsoft the company, and never have - usually because of its illegal and anticompetitive business practices and monopolistic price inflation. They used to have no choice, but now they do, and are voting with their feet. Microsoft needs to figure this out quick, and fix it. Otherwise any technical advantage they may have isn't going to be enough to prevent their customers walking away. As you sow, so shall you reap.

Relicensing Update

Public Information Announcement: thanks to all who have sent me relicensing patches; I'm currently drowning under a load of email and tasks, but I will review them ASAP and let you all know. :-)

Did You Get My Mail?

(Yes, I'm back, and working through the backlog.)

It seems to me that email bounce messages have been rendered next to useless by viruses and other email-borne malware either forging From: addresses (thereby landing you with all the bounces for the bad email addresses it has collected) or even using fake bounce messages as a vector. The volume of bad bounces I get has reached such a level that (I suspect) the Bayesian filtering system in my copy of Mozilla Mail has started to recognise characteristics of a bounce message as spam-likely. So, any genuine bounces may well get sent to my spam folder. And, when I clean it out, I can't recognise which bounces might be genuine except by reading every one, because the bounce message does not have the same subject line as the original.

Thought: would it be possible to implement an extension to Thunderbird which recognised genuine bounce messages and flagged them up? The only way I can see this working is by correlating the recipient to which the bounce message relates against the To/CC/BCC headers of recently-sent email.

The problem is that, as far as I can see, there's no standard header in bounce messages which tells you the failed email address. Even the From: address of the bounce isn't guaranteed to be at the same domain.

For example, if you send mail to thiswillbounce@gerv.net, then you'll get a bounce message back from Mail Delivery System <Mailer-Daemon@tuschin.blackcatnetworks.co.uk> - nothing to do with gerv.net. The only new header seems to be X-Failed-Recipients: markham-gerv-thiswillbounce@tuschin.blackcatnetworks.co.uk - again, you can't get thiswillbounce@gerv.net from that.

Sometimes, you do get a full copy of the original message, so in that case you can grep for the To or CC lines. But I think that, even for those MTAs which send you back a copy, some send it back inline and others as an attachment. More places to look. Of course, if we signed all our email, we could look for our own signature on the bounced copy...

I suspect one would be reduced to parsing the body and looking for common text for each major brand of mail server software ("Your message to x@y.com has..."). But, given that such messages are customisable and localisable, that also seems to me like a hiding to nothing.

Do we need an X-Failed-Recipient: header which gives the exact original email address from the To:/CC:/envelope? That way, fake bounces could be binned.

Even if we had that, we also still have the problem of defining "recently sent email". I have two machines from which I access my IMAP accounts. They have different address books, and Collected Addresses. The only way to know who I've emailed in the past week is to search my sent-mail folder. This is all beginning to sound like a Fairly Hard Problem.