Canvas and Cairo (and SVG)
Oh my!
So, I bumped into roc yesterday in between sessions at GUADEC. He recounted the talk at X-Tech and gave me a copy of his source tree to play with. I now have a copy of Firefox with Canvas, Cairo, and SVG support built into it. It's pretty damned sweet, albeit slow. I'm most impressed by the zooming feature. Finally, we can get an actual page zoom (not just for text!). I'm looking forward to seeing the progress here on all fronts. I introduced roc to Kristian Hogsberg, and they ended up speaking quite a bit about Cairo and GL from what I can tell. It's good to be able to meet people at conferences.
Euro-trip
I have been awake for 44 of the past 48 hours. In the past 24 hours alone, I have walked at least 7 hours total -- 5 in London and 2 in Stuttgart so far. I walk fairly switfly, probably 5-6mph. So that's close to 40 miles I've walked. I wish I had a stepometer. I have eaten one meal, at Planet Hollywood in Liechter Square in London. The rest of my time has been spent on some form of transport; airplane, the Tube in London, a shuttle to the hostel.
We were supposed to have a 12 hour layover at Heathrow, landing at 8pm and taking off the next morning at 8am. We got delayed though in takeoff, so by the time we got to Heathrow and through customs, it was after 11pm. We dropped off our carryons at a Left Luggage checkin, hopped on the Tube and arrived at the Picadilly Circus at midnight. We then started on one of the more remarkable nights. J5 initially wasn't sure which way to go and we ended up going the wrong way, but after he righted himself, we grabbed a bite of food, then went to a club. We left after a few quick drinks and headed off on a mission to find the Thames. I ended up taking some pretty neat photos of Big Ben, and the surrounding area.
John then wanted to visit his old neighborhood in Maida Vale, so we hailed a cab over to the Tube stop, and walked down a street he thought was his, and then he realized it was not. So we walked up another street and it looked familiar. He finally hit a cross-street and declared that it was his old street, so we went by and he took photos of the building he used to live in. We then went back and headed toward Paddington Station in hopes of catching the express to Heathrow.
The very next street we passed, evoked an announcement from John that the past street was in fact not his street, and this was really his street. He took photos of his old apartment (again) and we then headed back toward where John said Paddington was. Except after walking a bit, he realized we were going the wrong way.
We eventually righted ourselves, and found our way to Paddington Station. The only catch was it was pretty impossible to figure out how to get to it. There was a body of water and some highway between it and us. After another half hour of wandering about trying to get to it, we make it, hop on the Express, pick up our checked baggage at Terminal 3, run over to Terminal 1, and then after finding Seth (who had the same connecting flight to Stuttgart), hop on the plane.
Tim Ney managed to get us a ride (albeit squashed in the backseat) to the youth hostel set up by GNOME from the airport. We got here at 11ish and realize we can't check in since its not 1pm yet. There is a vending machine, but I have no cash that it will accept. I'm pretty thirsty so I take it upon myself to find an ATM (which I later learned is called a geldautomat here). I found one fairly soon, and purchased a bottle of water, but then decided that I wanted to do a little exploring. It was fairly interesting, and I wish I had my camera with me. Maybe I'll get to go back later on.
I returned to the hostel 5 before 1pm, and was exhausted again (Stuttgart is fairly hilly). The others went to check in, and returned with a note that the hostel only knows that GNOME has people coming, and have places for them, but don't know who is on the list to let people check in. Seth and a GNOME user who is staying at the hostel (named Chris) went to see if they can track down Jessica and/or Tim, since none of us happen to have cell phone numbers. We were unable to check in until 3:30. I took full advantage of the shower as soon as I got in the room.
I spent more time wandering around Stuttgart later on that evening, and got back at 8pm and then managed to get a few people together and moved over to a Biergarten for, what else, bier. I've also started to slowly pick up some German throughout the day and have been fairly impressed at how I'm doing. We went to the nearby city of Esslingen for a tour yesterday, and I have been taking a bunch of photos. I'll post some when I get the chance.
Never Say Never
Ben claims browsers that are redistributions of the official Mozilla releases are never
going to give you security updates as quickly as Mozilla will itself for its supported products
.
I'd like to note that if this is true, it is because of mozilla.org isn't playing by the same rules that other open source projects play by. Other projects make sure that the vendors know of a security vulnerability, supply the patch and new tarball (if applicable, which it is in mozilla.org's case), give a brief period of time for the vendors to catch up, and then do a synchronous release with them at a planned time. This is entirely possible to do; we have done it before. I would like to note that I am grateful toward Neel Mehta of ISS X-Force for enforcing this policy for MFSA2005-30. I was able to release patched versions for RHEL[234] within 20 minutes of the official release (builds were done previously, we were doing QA on them, etc.), Fedora[23] within two hours, and rawhide shortly thereafter (though it only gets updated in the mornings). For the record, 24 hour turnaround is considered excellent. This ensures everyone happy: the user because they have a secure product; the distributor because they have happy customers; and the vendor because they have both happy users (indirectly -- it still displays their branding) and happy distributors.
Maybe one of these days, we can do that again.
Update 20050522 19:25:24 -0500: the slashdot article is misleading.
From the why-are-anon-cowards-permitted-to-submit category
So I'm told I my previous post made slashdot for some odd reason. Some responses to some points raised:
- How is that news or "stuff that matters"?
- It's not. For that matter, neither is this response. I know where slashdot is, and can submit my own stories if I deem them noteworthy. Move along, nothing to see here.
- Why is Red Hat whining about mozilla.org practices?
- That's an ironic question coming from a slashdot post. Anyway, I was speaking as an individual; my views are my own, and not necessarily Red Hat's. Additionally, I am a member of Mozilla Drivers, and have a fair say about what goes on. All I'm doing is just writing random comments which were not directed toward the slashdot community.
- Why should Mozilla give Red Hat priority treatment?
- Simple, they shouldn't. All the redistributors would benefit, from Red Hat and Novell, to Camino and Netscape. I have been trying to get together a mailing list for vendors to attach themselves to, and I have received positive comments from several distributors on this accord.
- Why should Mozilla wait for distros representing a minority of their users before releasing an update for the majority?
- Fixes can be produced days or even weeks before they are released into an official binary. Mozilla does its own QA on builds created using source as they should, and then when they certify the binaries are good to go, and the localizations are good, they release the tarballs. The time between when the fixes are done and when the releases are officially done can be enough time for distros to get on the train as well when the issues are still confidential. Having official source tarballs with matching md5sums is important. For the times such as the past vulnerability, when the issues are already public, upstream has every right to release ASAP without regard for distros, though they should still try to keep them informed.
- Should I, the user, have to wait for important security updates because some distribution wants to repackage them?
- Should the users of distros have to endure vulnerabilities because upstream went public before their distro was able to update? Should distro users have to wait for important security updates because Mozilla hasn't finished certifying the tarball on their end? I am on the security group, as are people on various distributions, and am aware of the issues that come in. In theory, I could push fixes before Mozilla goes public, as could others. I don't, though, and don't ever plan to, and I highly doubt that others would do the same. Seriously, people, its all about teamwork. I'm trying my best to coordinate between mozilla.org and distributors since I am on both sides.
- What's up with the stupid picture?
- You'll have to come up with a better pickup line than that. However, if you wish, you may print out and bring a copy of my photo to one of the conferences I'm attending, and I'll sign autographs for a nominal fee.
Localize Me
I've got a localized Firefox RPM at http://people.redhat.com/caillon/RPMS/rawhide/mozilla.org/firefox-1.0.4-2.2.i386.rpm, and could use some testing. Report problems with it directly to me, or in bugzilla.
State Six
New Hampshire will be the sixth state I've lived in. Yes, New Hampshire. I signed a lease on Monday. I've got a large one-bedroom, with a pretty nice kitchen, large walk-in closet, loft, private covered parking, and a pool and jacuzzi on premise. It will save me some tax on my car when I get it, and the covered parking will be a nice touch. I don't take advantage of my proximity to things as often as I should, so it makes sense to give it up. I'll also live closer to work, so it will save a little on gas prices. Whenever I do anything in the Cambridge area, I end up driving anyway, so I can continue that easily enough. Besides, it's a one year lease. If I don't like it, I'll just move back. I don't move in until July, so I've got a few weeks left (though quite a bit of it will be spent in Germany and New Orleans).
Chasing Tiger, Hidden Penguin
Ben wants help integrating Firefox with Tiger. When was the last time you read the same for Linux/GNOME/KDE/etc? It would be nice to get the same attention.
Reparation
Mike Connor posed some interesting questions about Firefox and Linux, specifically with regard to distributors. I suppose I'm qualified to respond, although I don't believe the questions were directed at me specifically, as I've been pretty vocal in the past to Mike via IRC conversations about this very issue.
Some of the problem is lack of qualified reviewers for code that distributors care most about: GNOME integration, etc. This stems in part from us releasing so often and improving our APIs each release since they aren't quite there yet. It also hurts us in part because now we have a bunch of random dlsym() calls throughout the codebase. Gnome-VFS is the biggest example, but there are others. The bottom line though is that there needs to be tighter integration between the distributors and mozilla.org, which would benefit everyone. Communication is key. Perhaps some kind of meeting between the distributors and mozilla.org needs to be arranged, since there are some issues that distributors need fixed which I'm unsure are currently receiving the proper attention. Or maybe the distributors need to work together better to make sure the patches they produce get noticed. Or both; something definitely needs to happen, though.
I will be at GUADEC this year, and would like to hear feedback from people there. Tim Ney contacted me and I am tentatively leading one of the freeform discussions on the interoperability of Firefox with GNOME, KDE, and FreeDesktop.org. I'd also like to get feedback on any other potential issues between distributors and mozilla.org. <caillon redhat com> or find me at GUADEC. Additionally, I am speaking at the Red Hat Summit and FUDCon 2 and will be available for comments and questions.
In the meantime, here are a few of the issues I would like to see traction on as a distributor.
- Must be able to build applications using a system NSS
- Must be able to install search plugins in the profile directory as opposed to the system dir
- Distributors need a better way of turning off app updates while keeping extension updates enabled (UI work is involved)
- We need a good way to install XPIs via command line, so we can ship sub-RPMs, e.g. thunderbird-enigmail
- We need to get rid of the -register flag for registering installed chrome.
For those looking to help out, even helping with the last item will be a huge win. I've gotten bsmedberg to post some detailed notes as to what you can do to help. It's really easy, and we could use the extra manpower. Feel free to pop onto irc.mozilla.org,#developers for more info here.
Beefcake!
