Ravensbourne campus entrance
The campus venue where the magic happens.

MozFest

Let’s be clear from the outset: there’s no word that adequately defines MozFest.  The Mozilla Festival is, simply, crazy. Perhaps it’s more kindly described as chaotic? Possibly. A loosely-coupled set of talks, discussion groups, workshops and hackathons, roughly organised into allocated floors, feed the strangely-complimenting hemispheres of work and relaxation.

Internal cross-section of Ravensbourne's floors
Nothing can prepare you for the 9 floors of intensity.

How MozFest works

Starting from the seeming calm of Ravensbourne’s smart entrance, you stroll in, unaware of the soon-experienced confusion. A bewildering and befuddling set of expectations and realisations come and go in rapid succession. From the very first thought – “ok, I’m signed in – what now?”, to the second – “perhaps I need to go upstairs?”, third – “or do I? there’s no obvious signage, just a load of small notices”…. and so on, descending quickly but briefly into self-doubt before emerging victorious from the uneasy, childlike dependency you have on others’ goodwill.

Volunteers in #MozHelp t-shirts, I’m looking at you. Thanks.

The opening evening started this year with the Science Fair, which featured – in my experience – a set of exciting hardware and software projects which were all in some way web-enabled, or web-connected, or web-controlled. Think Internet of Things, but built by enthusiasts, tinkerers and hackers – the way it should be.

“Open Hardware” projects, interactive story-telling, video games and robots being controlled by the orientation of the smartphone (by virtue of its gyroscopic capability).. the demonstration of genius and creativity is not even limited by the hardware available. If it didn’t already exist, it got designed and built.

An Open Web, for Free Society

Seminar on fixing corruption in public services
A multitude of social and policy-driven themes permeated MozFest

As made clear from the opening keynotes on Saturday morning, MozFest is not a place for debate. Don’t think this as a bad thing. The intention is simply to help communicate ideas, as opposed to getting bogged down in the mire of detail. “Free” vs “Open”? Not here. The advice given was to use one’s ears much more than one’s mouth, and it’s sound advice – no pun intended. I have generally been considered a good listener, so I felt at home not having to “prove” anything by making a point. There was no point. 😉

Several themes were introduced in the keynote speeches which really resonated with the attendees – sorry, the participants of MozFest. That of online security and surveillance, more than two years after Edward Snowden’s revelations, was as prominent as ever. Participation was another key theme, and to me one of the most poignant ideas of the whole weekend. Participation was not encouraged or expected; it was simply threaded into the very fabric of one’s presence. You participated, to a lesser of greater degree. This was one of the most socially inclusive experiences I have ever known.

Stories by the Fireside

I cannot overstate how social inclusion at all levels permeated MozFest. From the smallest of teams – 2 individuals, to the largest groups I saw, people were constantly engaged in conversation, development – personal, social and technical, and – perhaps surprisingly – quiet reflection, too.

Image of cupcakes with unusual toppings
Creativity and individuality – there’s a lot of it

Quiet zones were available for those needing a little downtime. The cerebral intensity of the weekend is clearly felt.

The concept of the fire-side story appeared several times, reminding us that the web isn’t just a resource in and of itself, but rather a medium to convey information.  Storytelling, one of the oldest methods of such conveyance, was a prescient theme. Represented through journalism, community and leadership, the scale of recognition (and a reminder) that the web is, primarily, a means to convey stories, took me somewhat aback. It’s inescpable logic, almost lost amidst the omnipresent noise of today’s social media.

Looking to the Future

Not only was MozFest a means to appreciate, understand and build upon the means to share information, it was also firmly invested in its future. Science and education were extremely well represented by group talks, workshops and forums.

Code visualising MozFest pathways on GitHub
Pathways were a means for guiding participants through the plethora of activities.

In fact, the sheer number of topics on offer, and guaranteed clashing of events sure to interest you, simply went to prove one thing: the web is not just big, it’s bigger than you can imagine. How the event planners and coordinators of MozFest actually found a way to combine the multitude of themes and interests into “Spaces” and “Pathways” is a huge credit to the thought-leadership behind this event. By encouraging leadership, the Mozilla Foundaiton has shown itself to be a more-than-capable leader in as diverse a field as there can be.

What I learned at MozFest

On arrival, I didn’t know what to expect. First-timers don’t.  I had a vague incling that I would face a learning curve, adapting to the culture and activities of the event. Like a wandering spirit, I probably stared starry-eyed at the overwhelming number of quickly-scribbled “adverts”, pinned, taped and hung up everywhere, telling me about “this event” or “that workshop”.  Even now, in reflection, I feel that the above post barely scratches the surface of the experience.

It’s sensory-overload, pure and simple. 🙂

MozFest is a journey. Physically, many people made long journeys to attend and participate. To those people, I am grateful – you have made my life richer by your efforts. But psychologically, emotionally and intellectually MozFest is so much more than the sum of its multitudinous parts: It’s an idea, a belief that together we can build something better for much time to come; build something to last that has intrinsic “goodness”. And we are not actually talking about the web. The conversation has evolved. The web might be the medium, but the story is now about us.

The question is, how do we nurture our most sublime nature, and be all we can?

Regain security
Regain email privacy & security

Part #3 of the Data Liberation series

Is there ever time in the day to reconsider your online security? I mean, really consider it?

Take the most common access point for communication in the 21st century – email. Yes, you read that right. It’s still email. Email is the root of online authentication for people worldwide, not only allowing them a “safe place” to recover lost account credentials, but also facilitating properly secured communications with the use of PGP signed and encrypted email. But is your email storage secure?

The woes of web mail

The “problem” with email is that its ubiquity spawned, some years ago, the explosion of “free” web mail services. All the big players provide it. These services are advertising-supported. In other words, the cost of providing such services are met by revenue generated from scanning your email and providing “relevant” adverts within your browser to click on. Each click is tracked and the advertiser billed accordingly.

An issue here, then, is that your email is scanned. All your emails are read by an indexing process which scours every single nugget of information. What information could that include? How could it be used? How about this little list for starters:

  • the date & time
  • the sender’s name and email address
  • their computer’s name
  • their network (i.e. their email provider, their ISP, any intervening mail routers)
  • their probable native language
  • their approximate location when sending the message (obtained from their original IP address)
  • your approximate location when reading the email (based on your IP address)
  • yours and their exact locations if using any location service

That’s not all

If the sender is using the same “free” web-mail service as you:

  • if they use a calendar in that service, what they were doing when they emailed you (giving an insight into the sender’s thought processes…)
  • if they maintain a contact list / address book in that web-mail service, that service may “know” you are a friend or family member of the sender
  • in this case, it will also know their friends – and your friends – and any shared friends too.  It can start to build up a map of contacts – who knows who and possibly why.
  • Knowing “who knows who” means those related contacts’ web-mail services can be interrogated for commonalities, such as shared events (in a calendar), shared interests via a social network, and so on.

Web cam

There are yet more ways your data can be exposed. If they are not using the same “free” web-mail service, but are using another service which they log into using their web mail service’s credentials:

  • that web-mail service provider could poll the other services to see what data you are sending (e.g. what you are posting) to those services
  • it can map any correspondence to or from your contact via its services even when not in relation to your email – e.g. It can expose a contact’s movements, their communications and interests in a given time-frame.
  • they can even be exposed by their use of related services from that provider. For example, new photos into a flickr or instagram account which is public, can be mapped back from their date, time and location to the IP address that was used to query location services.

Finally, a crucial problem with all online services is that there is no guarantee your data is actually deleted when you choose to delete it.  After hitting “delete” through a web site, this could simply flag the email to be removed from your visible account and stored in MegaWebCorp’s vault of “deleted” email, remaining there forever.  Or until needed…

This is the risk of putting data into another provider’s hands – what gets uploaded or stored in your name, stays there in your name, forever. What goes up, sometimes stays up.

Resolving the privacy crisis

Coming back to email, then, the first priority for someone who wants to maintain some privacy with respect to their life activity needs first to remove the source of indexing from MegaWebCorp’s database – the link between all things you do, your email address.

When the email address is removed from the purview of MegaWebCorp’s systems, your online activity can start to become your business – not the advertiser’s.

Getting your own address is simple.  You can register a domain name with any of numerous providers around the world and sign up for a low-cost hosting plan.  For any person who values their privacy and the sanctity of anonymity, this is a small hurdle to overcome.

For the gain in privacy you can achieve by hosting your own web site, the price attached to a “free” web-mail account may seem rather high.

Bootnote

ArsTechnica has an interesting article published yesterday (30 March 2014) on “metadata as surveillance” .

 

This post has a new edition.


Part #1 of the Data Liberation series

Although Google Chrome is a very fast browser, it lacks one key feature which seems designed to lock users in – any account migration facilities to support moving to other browsers.  This post is intended to help you move your saved passwords from Chrome to Firefox.

Firstly, you’ll need to have a read of this page: http://blog.catoblepa.org/2012/08/linux-how-to-export-google-chrome_28.html – then come back here for more info!

While following the instructions in that post, take note of these steps below before you close your browser. If you have also set up a separate encryption password for your browser, don’t worry – this method still allows access.

  1. Image of Google Chrome settings
    Disconnect Google account in Settings

    In Chrome settings, as a precation, I disconnected my Google account before closing the browser. Therefore, any changes I could make to this temporary session wouldn’t ever be uploaded back to Google.

  2. Once you have the saved CSV file from Chrome, keep hold of it – we need to edit it. In Firefox, install the Password Exporter add-on: https://addons.mozilla.org/en-US/firefox/addon/password-exporter/?src=search
  3. Image of Password Exporter
    Exporting passwords

    Password Exporter allows you to import passwords too, so you can avoid the need to install any third-party workarounds like LastPass (which again require you to upload all your browser data).Firstly, though, using Password Exporter in Firefox (Tools > Add ons … Extensions > Password Exporter > Preferences), we can export a sample CSV file to see how Password Exporter expects its import data. Simply click “Export Passwords” and save the file to your home directory.

    NOTE: This requires that at least one password is saved in Firefox already.

  4. The headings in the exported file are as follows:

hostname username password formSubmitURL httpRealm usernameField passwordField

This is the format that Password Exporter will expect its import data.

The data’s headings that you have just exported from Chrome are a little different:

origin_url action_url username_element username_value password_element password_value submit_element signon_realm ssl_valid preferred date_created blacklisted_by_user scheme password_type possible_usernames times_used

We need to match up the firefox CSV headings with the corresponding Chrome CSV headings. To do this quickly, use a spreadsheet tool I used LibreOffice Calc.

This is what I arrived at:

(FF = Firefox; GC = Google Chrome)

FF: hostname username password formSubmitURL httpRealm usernameField passwordField
GC: origin_url username_value password_value action_url signon_realm username_element password_element

Once the fields are mapped, there’s a couple more important steps to undertake.

Export dialog
Export in the right format!

Firstly, when you come to exporting from your spreadsheet application, make sure you choose to edit the output filter. In the Export Text File dialog, make sure “Quote all text cells” does not have a check (tick) in the box.

For good measure, I also selected ASCII/US in encoding type,  as that is the format used by Password Exporter when exporting.   I think the importer should handle ISO-8859-1 and/or UTF-8, but your mileage may vary.

Now export it.

Remember seeing the additional header in the exported CSV file? It might have looked something like this:

# Generated by Password Exporter; Export format 1.1; Encrypted: false

In order to tell Password Exporter what format to expect its data in, this heading needs to be added back. However… the best way to do this is via a text editor, not in a spreadsheet program.

Open up GEdit, Emacs, Vi… whatever. Add that line to the top, but remove any trailing commas! It should now look like this:

# Generated by Password Exporter; Export format 1.0.4; Encrypted: false
"hostname","username","password","formSubmitURL","httpRealm","usernameField","passwordField"

One more step before you import!

A side-effect of exporting your CSV in LibreOffice is that empty cells are not quoted. In other words, the comma-separated values may appear like this:

"someusername","somepassword","someUrl",,"someusernameField"

Did you see those two commas with nothing between? The Password Exporter won’t like that when trying to import, so do a quick search-and-replace:

Search for ,, and replace with ,””,

Finally, save the file.  Again, ENSURE the file type is US/ASCII.

The importer dialog
Successfully importing passwords!

Now open up the Password Exporter dialog from Firefox and click Import Passwords – you should see progress in the dialog shortly.

CAVEAT #1: BUG WHEN IMPORTING v1.2-EXPORTED DATA

There is an import bug when the version header is declared as 1.1. However, you can get around this by “fudging” the import header to an older version (I used 1.0.4). If you have trouble importing, adjust your header in the file to look like this:

"hostname","username","password","formSubmitURL","httpRealm","usernameField","passwordField"

After importing, you may see that not all passwords were imported. This is because duplicates are not imported. You can view the details in the link.

CAVEAT #2: SOME LOGINS, PASSWORDS, ETC ARE QUOTED

So far I’ve not had time to find a way around this. It’s to do with the import format.

The adventurous can investigate the source code, here: https://github.com/fligtar/password-exporter/blob/master/passwordexporter/chrome/content/pwdex-loginmanager.js

Hopefully you have now successfully liberated your passwords!

Problems?  Comment below!

Mozilla Firefox word mark. Guestimated clear s...
Image via Wikipedia

Stupid Firefox 7!  It doesn’t recognise my plug-ins!  But they did work in FF3.5.  What gives?!!!

Ok, perhaps I’m overreacting.  In fact, I am.  Sorry.

I use #CentOS for my daily work which includes the rather antiquated Firefox v3.5.  Ouch.  As a web developer, it’s good to test on legacy browsers but it’s also important to use the latest – so I updated to the latest Firefox (v7, at time of writing).

Because my desktop machine (HP Opteron ML115) has 6GB of RAM, I typically use the x86_64 (64-bit) edition of #Firefox.  However, unlike Firefox v3.5, v7 doesn’t seem to pick up my plug-ins automatically from /usr/lib64/mozilla/plugins.

To fix this, I had to open a shell and navigate into my home directory‘s mozilla plugins directory (I didn’t even know this existed until now!).

cd ~/mozilla/plugins
Then, just fix up all the missing symlinks:

ln -s /usr/lib64/mozilla/plugins/* .

No problemo!  They’re now all back again at about:plugins  🙂

Enhanced by Zemanta