Subscribe: Don Marti
http://zgp.org/~dmarti/blosxom/index.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
advertising  bitcoin  good  make  metrics  open source  open  people  privacy  site  sites  source  tracking  web  work 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Don Marti

Don Marti



personal blog feed



Last Build Date: Tue, 16 Jan 2018 16:47:28 GMT

 



Remove all the tracking widgets? Maybe not.

Sun, 16 Dec 2018 08:00:00 GMT

Good one from Mark Pilipczuk: Publisher Advice From a Buyer.

Remove all the tracking widgets from your site. That Facebook “Like” button only serves to exfiltrate your valuable data to an entity that doesn’t have your best interests at heart. If you’ve got a valuable audience, why would you want to help the ad tech industry which promises “I can find the same and bigger audience over here for $2 CPM, so don’t buy from the publisher?” Sticking your own head in the noose is never a good idea.

That advice makes sense for the Facebook "like button." That button is just a data shoplifter. The others, though? All those extra trackers come in as side effects of ad deals, and they're likely to be contractually required to make ads on the site saleable.

Yes, those trackers feed bots and data leakage, and yes, they're even terrible at fighting adfraud. Augustine Fou points out that Fraud filters don't work. "In some cases it's worse when filter is on."

So in an ideal world you would be able to pull all the third-party trackers, but as far as day-to-day operations go, user tracking is a Chesterton's Fence problem. What happens if a legit site unilaterally takes down the third-party trackers? All the targeted ad impressions that would have given that site a (small) payment end up going to bots.

So what can a site do? Understand that the real fix has to happen on the browser end, and nudge the users to either make their browsers less data-leaky, or switch to browsers that are leakage-resistant out of the box.

Start A/B testing some notifications to remind users to turn on tracking protection.

  • Can you get users who are already choosing "Do Not Track" to turn on real protection if you inform them that sites ignore their DNT choice?

  • If a user is running an ad blocker with a paid whitelisting scheme, can you inform them about it to get them to switch to a better tool, or at least add a second layer of protection that limits the damage that paid whitelisting can do?

  • When users visit privacy pages or opt-out of a marketing program, are they also willing to check their browser privacy settings?

Every site's audience is different. It's hard to know in advance how users will respond to different calls to action to turn up their privacy and create a win-win for legit sites and legit brands. We do know that users are concerned and confused about web advertising, and the good news is that the JavaScript needed to collect data and administer nudges is as easy to add as yet another tracker.

More on what sites can do, that might be more effective than just removing trackers: What The Verge can do to help save web advertising




Easy question with too many wrong answers

Sat, 13 Jan 2018 08:00:00 GMT

Content warning: Godwin's Law. Here's a marketing question that should be easy. How much of my brand's ad budget goes to Nazis? Here's the right answer. Zero. And here's a guy who still seems to be having some trouble answering it: Dear Google (GOOG): Please stop using my advertising dollars to monetize hate speech. If you're responsible for a brand and somewhere in the mysterious tubes of adtech your money is finding its way to Nazis, what is the right course of action? One wrong answer is to write a "please help me" letter to a company that will just ignore it. That's just admitting to knowingly sending money to Nazis, which is clearly wrong. Here's another wrong idea, from the upcoming IAB Annual Leadership Meeting session on "brand safety" (which is the nice, sanitary professional-sounding term for "trying not to sponsor Nazis, but not too hard.") Threats to brand safety arise internally and externally, in your control and out of your control—and the stakes have never been higher. Learn how to minimize brand safety risks and maximize odds of survival when your brand takes a hit (spoiler alert: overreacting is as bad as underreacting). Best Buy and Starcom share best practices based on real-world encounters with brand safety issues. Really, people? Overreacting is as bad as underreacting? The IAB wants you to come to a deluxe conference about how it's fine to send a few bucks to Nazis here and there as long as it keeps their whole adtech/adfraud gravy train running on time. I disagree. If Best Buy is fine with (indirectly of course) paying the occasional Nazi so that the IAB companies can keep sending them valuable eyeballs from the cheapest possible sites, then I can shop elsewhere. Any nationalist extremist movement has its obvious supporters, who wear the outfits and get the tattoos and go march in the streets and all that stuff, and also the quiet supporters, who come up with the money and make nice with the powers that be. The supporters who can keep it deniable. Can I, as a potential customer from the outside, tell the difference between quiet Nazi supporters and people who are just bad at online advertising and end up supporting Nazis by mistake? Of course not. Do I care? Of course not. If you're not willing to put the basic "don't pay Nazis to do Nazi stuff" rule ahead of a few ad clicks, I don't want your brand anyway. And I'll make sure to install and use the tracking protection tools that help keep my good data away from bad sites. Bonus links Good "dog bites man" story. Investigation: DSPs Charge Hidden Fees – And Many Can’t Afford To Stop Your Amazon Order Could Get You in Trouble With Customs Important: attribution fraud is hard to find, and most of the people who are best-positioned to reveal it have powerful incentives not to: Ecommerce Sites Have A New Form Of Fraud To Fear: Journey Hijacking Does the "C" stand for "creepy"? Move over DMP, DSP and SSP: CDP is ad tech’s hot new acronym The Finish Line in the Race to the Bottom Why publishers don’t name and shame vendors over ad fraud (Hmm, I can think of some other parties who do have an incentive to name and shame...) Ad retargeters scramble to get consumer consent Mad Men Was Better Criteo Cuts Their Revenue Projections for 2018 by 22% (Less retargeting, more ad money for search, right?) Confessions of a media auditor: ‘Agencies often manipulate the numbers’ News UK finds high levels of domain spoofing to the tune of $1 million a month in lost revenue [...]



some more random links

Sun, 31 Dec 2017 08:00:00 GMT

This one is timely, considering that an investment in "innovation" comes with a built-in short position in Bay Area real estate, and the short squeeze is on: Collaboration in 2018: Trends We’re Watching by Rowan Trollope In 2018, we’ll see the rapid decline of “place-ism,” the discrimination against people who aren’t in a central office. Technology is making it easier not just to communicate with distant colleagues about work, but to have the personal interactions with them that are the foundation of trust, teamwork, and friendship. Really, "place-ism" only works if you can afford to overpay the workers who are themselves overpaying for housing. And management can only afford to overpay the workers by giving in to the temptations of rent-seeking and deception. So the landlord makes the nerd pay too much, the manager has to pay the nerd too much, and you end up with, like the man said, "debts that no honest man can pay"? File under "good examples to illustrate Betteridge's law of headlines": Now That The FCC Is Doing Away With Title II For Broadband, Will Verizon Give Back The Taxpayer Subsidies It Got Under Title II? Open source business news: Docker, Inc is Dead. Easy to see this as a run-of-the-mill open source business failure story. But at another level, it's the story of how the existing open source incumbents used open practices to avoid having to bid against each other for an overfunded startup. If "data is the new oil" where is the resource curse for data? Google Maps’s Moat, by Justin O’Beirne (related topic: once Google has the 3d models of buildings, they can build cool projects: Project Sunroof) Have police departments even heard of Caller ID Spoofing or Swatting? Kansas Man Killed In ‘SWATting’ Attack Next time I hear someone from a social site talking about how much they're doing about extremists and misinformation and such, I have to remember to ask: have you adjusted your revenue targets for political advertising down in order to reflect the bad shit you're not doing any more? How Facebook’s Political Unit Enables the Dark Art of Digital Propaganda Or are you just encouraging the "dark social" users to hide it better? So the extremists just have to move their dark targeting to obscure pages, same effect while the official page stays clean.How is this not just a move by $FB to keep facilitating dark ads by encouraging them to get darker enough to avoid media attention?— Don Marti (@dmarti) December 30, 2017 ICYMI, great performance optimization: Firefox 57 delays requests to tracking domains Boring: you're operating a 4500-pound death machine. Exciting: three Slack notifications and a new AR game! Yes, Smartphone Use Is Probably Behind the Spike in Driving Deaths. So Why Isn’t More Being Done to Curb It? I love "nopoly controls entire industry so there is no point in it any more" stories: The Digital Advertising Duopoly Good news on advertising. The Millennials are burned out on advertising—most of what they're exposed to now is just another variant of "creepy annoying shit on the Internet"—but the generation after the Millennials are going to have hella mega opportunities building the next Creative Revolution. Another must-read for the diversity and inclusion department. 2017 Was the Year I Learned About My White Privilege by Max Boot. [...]



Predictions for 2018

Thu, 28 Dec 2017 08:00:00 GMT

Bitcoin to the moooon: The futures market is starting up, so here comes a bunch more day trader action. More important, think about all the bucket shops (I even saw an "invest in Bitcoin without owning Bitcoin" ad on public transit in London), legit financial firms, Libertarian true believers, and coins lost forever because of human error. Central bankers had better keep an eye on Bitcoin, though. Last recession we saw that printing money doesn't work as well as it used to, because it ends up in the hands of rich people who, instead of priming economic pumps with it, just drive up the prices of assets. I would predict "Entire Round of Quantitative Easing Gets Invested in Bitcoin Without Creating a Single New Job" but I'm saving that one for 2019. Central banks will need to innovate. Federal Reserve car crushers? Relieve medical deby by letting the UK operate NHS clinics at their consulates in the USA, and we trade them US green cards for visas that allow US citizens to get treated there? And—this is a brilliant quality of Bitcoin that I recognized too late—there is no bad news that could credibly hurt the value of a purely speculative asset. The lesson for regular people here is not so much what to do with Bitcoin, but remember to keep putting some well-considered time into actions that you predict have unlikely but large and favorable outcomes. Must remember to do more of this. High-profile Bitcoin kidnapping in the USA ends in tragedy: Kidnappers underestimate the amount of Bitcoin actually available to change hands, ask for more than the victim's family (or fans? a crowdsourced kidnapping of a celebrity is now a possibility) can raise in time. Huge news but not big enough to slow down something that the finance scene has already committed to. Tech industry reputation problems hit open source. California Internet douchebags talk like a positive social movement but act like East Coast vampire squid—and people are finally not so much letting them define the terms of the conversation. The real Internet economy is moving to a three-class system: plutocrats, well-paid brogrammers with Aeron chairs, free snacks and good health insurance, and everyone else in the algorithmically-managed precariat. So far, people are more concerned about the big social and surveillance marketing companies, but open source has some of the same issues. Just as it was widely considered silly for people to call Facebook users "the Facebook community" in 2017, some of the "community" talk about open source will be questioned in 2018. Who's working for who, and who's vulnerable to the risks of doing work that someone else extracts the value of? College athletes are ahead of the open source scene on this one. Adfraud becomes a significant problem for end users: Powerful botnets in data centers drove the pivot to video. Now that video adfraud is well-known, more of the fraud hackers will move to attribution fraud. This ties in to adtech consolidation, too. Google is better at beating simple to midrange fraud than the rest of the Lumascape, so the steady progress towards a two-logo Lumascape means fewer opportunities for bots in data centers. Attribution fraud is nastier than servers-talking-to-servers fraud, since it usually depends on having fraudulent and legit client software on the same system—legit to be used for a human purchase, fraudulent to "serve the ad" that takes credit for it. Unlike botnets that can run in data centers, attribution fraud comes home with you. Yeech. Browsers and privacy tools will need to level up from blocking relatively simple Lumascape trackers to blocking cleverer, more aggressive attribution fraud scripts. Wannabe fascists keep control of the US Congress, because your Marketing budget: "Dark" social campaigns (both ads and fake "organic" activity) are still a thing. In the USA, voter suppression and gerrymanderin[...]



Salary puzzle

Sun, 24 Dec 2017 08:00:00 GMT

Short puzzle relevant to some diversity and inclusion threads that encourage people to share salary info. (I should tag this as "citation needed" because I don't remember where I heard it.)

Alice, Bob, Carlos, and Dave all want to know the average salary of the four, but none wants to reveal their individual salary. How can the four of them work together to determine the average? Answer below.

 

 

 

 

 

 

 

 

 

 

 

 

 

Answer

Alice generates a random number, adds it to her salary, and gives the sum to Bob.

Bob adds his salary and gives the sum to Carlos.

Carlos adds his salary and gives the sum to Dave.

Dave adds his salary and gives the sum to Alice.

Alice subtracts her original random number, divides by the number of participants, and announces the average. No participant had to share their real salary, but everyone now knows if they are paid above or below the average for the group.




What we have, what we need

Sat, 23 Dec 2017 08:00:00 GMT

Stuff the Internet needs: home fiber connections, symmetrical, flat rate, on neutral terms.

Stuff the Internet is going nuts over: cryptocurrencies.

Big problem with building fiber to the home: capital.

Big problem with cryptocurrencies: stability.

Two problems, one solution? Hard to make any kind of currency useful without something stable, with evidence-based value, to tie its value to. Fiat currencies are tied to something of value? Yes, people have to pay taxes in them. Hard to raise capital for "dumb pipe" Internet service because it's just worth about the same thing, month after month. So what if we could combine the hotness and capital-attractiveness of cryptocurrencies with the stability and actual usefulness of fiber?




quick question on tracking protection

Mon, 18 Dec 2017 08:00:00 GMT

One quick question for anyone who still isn't convinced that tracking protection needs to be a high priority for web browsers in 2018. Web tracking isn't just about items from your online shopping cart following you to other sites. Users who are vulnerable to abusive practices for health or other reasons have tracking protection needs too.

(image)

Who has access to the data from each of the 24 third-party trackers that appear on the American Cancer Society's Find Cancer Treatment and Support page, and for what purposes can they use the data?




Forbidden words

Sun, 17 Dec 2017 08:00:00 GMT

You know how the US government's Centers for Disease Control and Prevention is now forbidden from using certain words?

vulnerable
entitlement
diversity
transgender
fetus
evidence-based
science-based

(source: Washington Post)

Well, in order to help slow down the spread of political speech enforcement that is apparently stopping all of us cool innovator type people from saying the Things We Can't Say, here's a Git hook to make sure that every time you blog, you include at least one of the forbidden words.

If you blog without including one of the forbidden words, you're obviously internalizing censorship and need more freedom, which you can maybe get by getting out of California for a while. After all, a lot of people here seem to think that "innovation" is building more creepy surveillance as long as you call it "growth hacking" or writing apps to get members of the precariat to do the stuff that your Mom used to do for you.

You only have to include one forbidden word every time you commit a blog entry, not in every file. You only need forbidden words in blog entries, not in scripts or templates. You can always get around the forbidden word check with the --no-verify command-line option.

Suggestions and pull requests welcome. script on GitHub







Are bug futures just high-tech piecework?

Sat, 09 Dec 2017 08:00:00 GMT

Are bug futures just high-tech piecework, or worse, some kind of "gig economy" racket? Just to catch up, bug futures, an experimental kind of agreement being developed by the Bugmark project, are futures contracts based on the status of bugs in a bug tracker. For developers: vist Bugmark to find an open issue that matches your skills and interests. Buy a futures contract connected to that issue that will pay you when the issue is fixed. Work on the issue, in the open—then decide if you want to hold your contract until maturity, or sell it at a profit. Report an issue and pay to reward others to fix it For users: Create a new issue on the project bug tracker, or select an existing one. Buy a futures contract on that issue that will cost you a known amount when the issue is fixed, or pay you to compensate you if the issue goes unfixed. Reduce your exposure to software risks by directly signaling the project participants about what issues are important to you. Invest in futures on an open source market Bug futures also open up the possibility of incentivizing other kinds of work, such as clarifying and translating bug reports, triaging bugs, writing failing tests, or doing code reviews—and especially arbitrage of bugs from project to project. Bug futures are different from open source bounty systems, what have been repeatedly tried but have so far failed to take off. The big problem with conventional open source bounty systems is that, as far as I can tell, they fail to incentivize cooperative work, and in a lot of situations might incentivize un-cooperative behavior. If I find a bug in a web application, and offer a bounty to fix it, the fix might require JavaScript and CSS work. A developer who fixes the JavaScript and gets stuck on the CSS might choose not to share partial work in order to contend for the entire bounty. Likewise, the developer who fixes the CSS part of the bug might get stuck on the JavaScript. Because of how bounties are structured, if the two wanted to split the bounty they would need to find, trust, and coordinate with each other. Meanwhile, if the bug was the subject of a futures contract, the JavaScript developer could write up a good commit message explaining how their partial work made progress toward a fix, and offer to sell their side of the contract. A CSS developer could take on the rest of the work by buying out that position. Futures trading and risk shifts But will bug futures tend to shift the risks of software development away from the "owners" of software (the owners don't have to be copyright holders, they could be those who benefit from network effects) and toward the workers who develop, maintain, and support it? I don't know, but I think that the difference between bug trackers and piecework is where you put the brains of the operation. In piecework and the gig economy, the matching of workers to tasks is done by management, either manually or in software. Workers can set the rate at which they work in conventional piecework, or accept and reject tasks offered to them in the gig economy, but only management can have a view of all available tasks. Bug futures operate within a commons-based peer production environment, though. In an ideal peer production scene, all participants can see all available tasks, and select the most rewarding tasks. Somewhere in the economics literature there is probably a model of task selection in open source development, and if I knew where to find it I could put an impressive LaTeX equation right around here. Of course, open source still has all kinds of barriers that make matching of workers to tasks less than ideal, but it's a good goal to keep in mind. If you do bug futures right, they interfere as little as possible with the peer production advantage—that i[...]



three kinds of open source metrics

Thu, 07 Dec 2017 08:00:00 GMT

Some random notes about open source metrics, related to work on CHAOSS, where Mozilla is a member and I'm on the Governing Board.

As far as I can tell, there are three kinds of open source metrics.

Impact metrics cover how much value the software creates. Possible good ones include count of projects dependent on this one, mentions of this project in job postings, books, papers, and conference talks, and, of course sales of products that bundle this project.

Contributor reward metrics cover how the software is a positive experience for the people who contribute to it. Job postings are a contributor reward metric as well as an impact metric. Contributor retention metrics and positive results on contributor experience surveys are some other examples.

But impact metrics and contributor reward metrics tend to be harder to collect, or slower-moving, than other kinds of metrics, which I'll lump together as activity metrics. Activity metrics include most of the things you see on open source project dashboards, such as pull request counts, time to respond to bug reports, and many others. Other activity metrics can be the output of natural language processing on project discussions. An example of that is FOSS Heartbeat, which does sentiment analysis, but you could also do other kinds of metrics based on text.

IMHO, the most interesting questions in the open source metrics area are all about: how do you predict impact metrics and contributor reward metrics from activity metrics? Activity metrics are easy to automate, and make a nice-looking dashboard, but there are many activity metrics to choose from—so which ones should you look at?

Which activity metrics are correlated to any impact metrics?

Which activity metrics are correlated to any contributor reward metrics?

Those questions are key to deciding which of the activity metrics to pay attention to. I'm optimistic that we'll be seeing some interesting correlations soon.




Purple box claims another victim

Sat, 02 Dec 2017 08:00:00 GMT

Linux Journal Ceases Publication. If you can stand it, let's have a look at the final damage.

(image)

40 trackers. Not bad, but not especially good either. That purple box of data leakage—third-party trackers that forced Linux Journal into an advertising race to the bottom against low-value and fraud sites—is not so deep as a well, nor so wide as a church door...but it's there. A magazine that was a going concern in print tried to make the move to the web and didn't survive.

Linux Journal is where I was working when I first started wondering why print ads tend to hold their value while web ads keep losing value. Unfortunately it's not enough for sites to just stop running trackers and make the purple box go away. But there are a few practical steps that Internet freedom lovers can take to stop the purple box from taking out your other favorite sites.




Asking sites to do something about surveillance marketing

Sat, 18 Nov 2017 08:00:00 GMT

This might get the privacy activists mad at me, but as far as I can tell it's still counterproductive to ask a web site you visit to remove its third-party trackers.

Of course, third-party trackers are probably helping to support a political cause that most sites don't agree with, and, as Zeynep Tufekci says, "We're building a dystopia just to make people click on ads". This stuff needs to get fixed. So this is about productive next steps.

Right now, advertising on the site you're writing to probably isn't saleable without the creepy trackers. (User tracking as Chesterton's Fence) So what can privacy people productively ask sites for? Some good ones are:

  • Fix any "turn off your ad blocker" scripts to detect ad blockers only, and not falsely alert on privacy tools.

  • Remove links to the the confusing and broken "YourAdChoices" site. Adtech opt-outs don't cover all trackers, and are much less effective than real privacy tools. (I have never had all the opt-outs work on that site, even from a fresh, pristine browser. Somehow I get the sense that the adtech firms don't exactly put their best people on it.)

  • Link to the privacy pages for the third parties the site uses. If the advertising on the site is set up so that this is hard to do, and users might see a tracker from an unknown domain, say so.

  • Fix up the privacy page to add links to appropriate privacy tools based on the user's browser. Better to have users on privacy tools than get enrolled in a paid whitelisting scheme.

  • If you maintain a privacy tool, offer to do a campaign with the site. Privacy tool users are high-quality human traffic. Free or discounted privacy tools might work as a subscription promotion. Where's the win-win?

Asking a site to walk away from money with no credible alternative is probably not going to work. Asking a site to consider next steps to get out of the current web advertising mess? That might.

More: What The Verge can do to help save web advertising




I'm taking a Bitcoin risk even though I don't hold Bitcoin. Please regulate me.

Mon, 13 Nov 2017 08:00:00 GMT

In the country where I live, kidnapping for ransom is not a very common crime.

That's because picking up the ransom is too risky.

It's easy to kidnap someone, and easy to let the person go when the ransom is paid, but picking up the ransom exposes you. Wannabe kidnappers who are motivated by money tend to choose other crimes.

As the [family relationship redacted] of a [family member information redacted], I'm happy that kidnapping is difficult here. High transaction costs for some kinds of transaction are a good thing.

Now, here comes Bitcoin.

As we're already seeing with ransomware, harder-to-trace ransom drops are now a thing.

So, even though I don't actually hold Bitcoin, someone could grab my family member (low risk), demand that I exchange some of my conventional assets for Bitcoin (low risk) and send the Bitcoin as ransom (low risk). The balance between risk and reward for the crime of kidnapping for ransom has changed.

IMHO this is a bigger problem than any of the reasons that Charles Stross wants Bitcoin to die in a fire.

So what to do about it?

Move the risks where the profits are.

Make the Bitcoin business eat the costs of payments made under duress.

New rule: If I ever trade any assets for Bitcoin in order to comply with a threat, and then transfer the Bitcoin under duress (kidnapping, ransomware, whatever), then I can go back to whoever I gave the assets to with a copy of the police report on the incident and get my original assets (and any fees) back.

Yes, that makes it harder for regular people to trade assets for Bitcoin. Exchanges would have to hold the money for a while, check that I'm not under duress, and probably do all kinds of other pain-in-the-ass, possibly costly, work. But I'd rather have that than the alternative.




Time-saving tip for Firefox 57

Mon, 13 Nov 2017 08:00:00 GMT

(updated 21 Nov 2017: made the words "even faster" a link to an article with graphs.)

Last time I recommended the Tracking Protection feature in Firefox 57, coming tomorrow. The fast browser is even faster when you block creepy trackers, which are basically untested combinations of third-party JavaScript.

But what about sites that mistakenly detect Tracking Protection as "an ad blocker" and give you grief about it? Do you have to turn Tracking Protection off?

So far I have found that the answer is usually no. I can usually use NJS to turn off JavaScript for that site instead. (After all, if a web developer can't tell an ad blocker from a tracking protection tool, I don't trust their JavaScript anyway.)

NJS will also deal with a lot of "growth hacking" tricks such as newsletter signup forms that appear in front of the main article. And it defaults to on, so that sites with JavaScript will work normally until I decide that they're better off without it.

Entering the Quantum Era—How Firefox got fast again and where it’s going to get faster by Lin Clark

How to turn Tracking Protection on




my Firefox 57 add-ons

Sat, 11 Nov 2017 08:00:00 GMT

Firefox 57 is coming on Tuesday, and as you may have heard, add-ons must use the WebExtensions API. I have been running Firefox Nightly for a while, so add-on switching came for me early. Here is what I have come up with. The basic set Facebook Political Ad Collector reports sneaky Facebook ads to ProPublica. I'm still not quitting Facebook entirely, even with the whole "medium to heavy treason" problem and other issues, but I do mostly let dlvr.it handle Facebook for me. Help ProPublica with stories like this. (Bonus: open source project opportunity for people interested in browser add-ons or writing server code in Rust) HTTPS Everywhere. This is pretty basic. Use the encrypted version of a site where available. Link Cleaner. Get rid of crappy tracking parameters in URLs, and speed up some navigation by skipping data collection redirects. NJS. Minimal JavaScript disable/enable button that remembers the setting by site and defaults to "on". Ever notice how the sites that use JavaScript for real web applications are different from the sites that use JavaScript for "growth hacking" such as newsletter popups? This add-on keeps JavaScript working normally for most sites, and lets me revoke the JavaScript privileges of wannabe growth hackers. Privacy Badger is not on here just because I'm using Firefox Tracking Protection. I like both. Blogging, development and testing blind-reviews. This is an experiment to help break your own habits of bias when reviewing code contributions. It hides the contributor name and email when you first see the code, and you can reveal it later. Right now it just does Bugzilla, but watch this space for an upcoming GitHub version. (more info) Copy as Markdown. Not quite as full-featured as the old "Copy as HTML Link" but still a time-saver for blogging. Copy both the page title and URL, formatted as Markdown, for pasting into a blog. Firefox Pioneer. Participate in Firefox user research. Studies have extremely strict and detailed privacy policies. Test Pilot. Try new Firefox features. Tracking Protection was on Test Pilot for a while. Right now there is a new speech recognition one, an in-browser notepad, and more. Advanced (for now) nerdery Cookie AutoDelete. Similar to the old "Self-Destructing Cookies". Cleans up cookies after leaving a site. Useful but requires me to whitelist the sites where I want to stay logged in. More time-consuming than other privacy tools. PrivacyPass. This is new. Privacy Pass interacts with supporting websites to introduce an anonymous user-authentication mechanism. In particular, Privacy Pass is suitable for cases where a user is required to complete some proof-of-work (e.g. solving an internet challenge) to authenticate to a service. Right now I don't use any sites that have it, but it could be a great way to distribute "tickets" for reading articles or leaving comments. Note on ad blocking If you run an ad blocker, the pre-57 add-ons check is a good time to make sure that you're not compromising your privacy by participating in a paid whitelisting scheme. As long as you have to go through your add-ons anyway, it's a great time to ditch AdBlock Plus or Adblock. They're taking advantage of users to shake down web sites. What to use instead? For most people, either the built-in Firefox Tracking Protection or EFF's Privacy Badger will provide good protection. I would try one or both of those before a conventional ad blocker. If sites have a broken ad blocker detector that falsely identifies a tracking protection tool as an ad blocker, you can usually get a[...]



Welcome Planet Mozilla readers

Fri, 10 Nov 2017 08:00:00 GMT

Welcome Planet Mozilla readers. (I finally figured out how to do a tagged feed for this blog, to go along with the full feed. So now you can get the items from the tagged feed on Planet Mozilla.)

The main feed has some items that aren't in the Mozilla feed.

Anyway, if you're coming to Austin, please mark your calendar now.

Two more links: I'm on Keybase and Mozillians. And @dmarti on Twitter.




World's last web advertising optimist tells all!

Fri, 03 Nov 2017 07:00:00 GMT

It's getting hard to explain still taking web advertising seriously in 2017, so I had better write something down. To start with, what is web advertising exactly? Threat to democracy and mental integrity? (Zeynep Tufekci says, "We're building a dystopia just to make people click on ads.") Fraud shitshow where intermediaries make enough money from fraud to be understandably uninterested in fixing it, and react with hostility when one browser does something to make a difference? Fallback business model for sites that can't do anything else? Advertising is to web companies as scrap value is to machine tools. Even originally ad-supported sites are getting into other businesses. Doesn't sound good so far. Maybe I'm a fool to be the last advertising optimist on the web. (See, for example: me, running my mouth about how great advertising is, to an audience of web publishers looking to write it off and move on.) From the point of view of users, web advertising has failed to hold up its end of the signal for attention bargain, and substituted nasty attempts at manipulation. No wonder people block it. From the point of view of clients, web advertising has failed to meet the basic honesty standards that any third-rate print publication can. And every web advertising company is calling fraud an industry-wide problem, which is what business people say when they really don't care about fixing something. From the point of view of publishers, web advertising has failed to show the proverbial money. It's stuck at a fraction of the value per user minute that print can pull in, which means that as print goes away, so does the ad money. Web advertising has failed the audience, the advertisers, and the people who make ad-supported news and cultural works. Maybe I should go be a fan of something else, like securitizing bug trackers or something. Web advertising just is that annoying, creepy thing that browsers are competing to block in different, creative, ways. [T]he online ad sector transitioned from a creative-led industry to a data and algorithms-led industry, wrote venture capitalist Adam Fisher, who is understandably proud of not investing in it. Some new companies, such as Scroll, are all about making it easier for readers to buy out of seeing advertising. Advertising is to web sites as annoying "UNREGISTERED SHAREWARE" banners and dialogs are to computer software. On Twitter, what does the "verified" blue checkmark get you? A ticket out of Twitter's world-classedly crappy advertising. At least search advertising is working. Bob Hoffman calls it a "much better yellow pages." But any kind of brand-building, signal-carrying advertising, where most of the money is? Not there. Ever notice how much of the evidence for "data-driven" advertising is anecdotal? Is anyone speaking up for web advertising? Not really. Where advertising still has a policy voice, it's a bunch of cut-and-paste anti-privacy advocacy that sounds like what you might get from eighth grade Libertarians, or from people who are so bad at math they assume that it's humanly possible to read and understand Terms of Service from 70 third-party trackers on one web page. The Interactive Advertising Bureau has become the voice of schemes that are a few pages of fine print away from malware and spam. By expanding to include members whose interests oppose those of legit publishers and advertisers, and defending every creepy user privacy violation scheme that the worst members come up with, an organization that could have be[...]



Always run a shell script from the directory it lives in

Wed, 01 Nov 2017 07:00:00 GMT

Always run a shell script in the directory in which it appears, and change back to the directory you were in when you ran it even if it fails.

trap popd EXIT
pushd $PWD
cd $(dirname "$0")

Works for me in bash. The pushd command does a cd but saves the directory where you were on a stack, and popd pops the saved directory from the stack. The trap ... EXIT is a bash way to run something when the script exits, no matter how, and dirname "$0" is the directory name of the script.

(Taken from the deploy.sh script that rebuilds and deploys this blog, so if you can read this, it works.)




Fun with the spawn of Git and NoSQL

Thu, 26 Oct 2017 07:00:00 GMT

Hey, kids, check out the latest progress on the Attaca version control system.

What's this? It's basically the spawn of Git and a NoSQL database. So why would anybody want to make that? For Science, of course. A lot of research produces huge data files, and people would like to have a resilient way to collaborate on them, using commands they already know—but have it scale horizontally across large numbers of nodes, NoSQL style.

Git has the advantage that a lot of people know it, but it doesn't really handle huge files that well. There are add-on solutions to make it work by connecting to another system for handling large files, but then you have to set up and trust two systems. And one of my favorite properties of Git is that any authorized user of a project can check the integrity of the entire project back to the beginning.

So what Attaca does is to consistently split huge files across a cluster, using cluster nodes that can be cheap VPSs, low-end servers with spinning disks, whatever. (In the test environment, nodes are just Linux containers.)

More: The architecture of Attaca, milestones, and current progress.

Next steps are to test it out with some scientific data (genomes, medical imaging, and so on), implement some more Git commands so that people can check files out and not just in, and build a (Raspberry Pi?) demo cluster.