Tagged: mozilla

HOWTO: Pair a new device for the old Firefox Sync service in Firefox 30

I got into a public fight with IceWeasel/Firefox 30 and the Mozilla sync service on pump.io last month, and was meaning to publish my “fix”… but it was so hacky, I don’t know which part of it actually worked. But, since it’s somewhat time-sensitive during this sync service transition, I figure it’s better to share this incomplete hack than to not.

The Problem: Can’t Pair New Devices in Firefox/IceWeasel 30 Using the old Firefox Sync Service

I recently switched my ThinkPad X60 from Ubuntu to Debian testing. When I tried to set up IceWeasel 30 with the Mozilla sync service, it started prompting me about creating a Firefox account — something I have absolutely no interest in doing (in fact, I was planning on moving my Firefox sync to off Mozilla’s servers to ownCloud).

I discovered that, while previously paired devies would still be able to sync using Mozilla’s old sync service for a limited time, as of Firefox/IceWeasel 30, it no longer supports pairing new devices to the old sync service.

This made me really angry. If I’d set up sync and paired the device before “upgrading” to IceWeasel/Firefox 30, I’d be syncing no problem, but Firefox/IceWeasel 30 refused to allow this. It was an infuriating combination of what felt like an anti-feature, and pressure from Mozilla to sign up for a new sync service that seems worse on the privacy front (e.g. no server-side encryption, and self-hosting is experimental now because you’d also have to self-host the Accounts service…).

The Solution: Tricking IceWeasel/Firefox by editing prefs.js

Technically, this wasn’t a new device. I’d already had my X60 Firefox set up to sync before I switched from Ubuntu to Debian. So, I managed to trick IceWeasel into letting me sync again.

This was pretty reckless (but stakes very low — brand new IceWeasel profile) and I’m not sure exactly what worked and use these instructions at your own risk, etc etc.:

  • I copied the weave folder from inside my old Ubuntu Firefox profile (not sure if that mattered), plus all of the lines in prefs.js for settings that started with “services.sync.*” (this definitely mattered)
  • I tried manually editing the preferences (resetting timestamps to zero, etc.), but what ended up happening is that when I opened IceWeasel with those lines just copy-pasted in from my Firefox profile in my old Ubuntu install that I’m no longer using, it gave me the “Pair a new Device” option the first time I accessed Sync settings!!
  • It would disappear and not come back if I cancelled pairing, but I just tried closing IceWeasel, copying/pasting those services.sync.* lines into prefs.js again, and then I successfully paired IceWeasel 30 by doing it the first time it appeared.
  • I could see “tabs from my other computers” now, but my bookmarks clearly weren’t there, so I shut IceWeasel down, and changed the value of all the services.sync.*.lastSync and services.sync.*.lastSyncLocal and a couple other similar timestamps, setting them to 0 from their prior values. Then, re-opened IceWeasel, ran the sync manually, and my bookmarks started appearing! Since then, it seems everything has been working fine

I think it was something in copying the services.sync* settings that allowed the Pair a New Device screen to work the first time I reopened IceWeasel. Then, after pairing, resetting the timestamps to 0 on the services.sync.*.lastSync* settings caused IceWeasel to download everything again anew.

YMMV. I’m not sure how much my of success depended on being able to hijack an existing client sync ID from a device that was previously configured but no longer being used (i.e. my former Ubuntu Firefox profile on my X60 that I was replacing with Debian IceWeasel). And these steps are vague and unspecific because I’m not really sure what precisely worked or what may be unwise for you to try if you don’t know what you’re doing… but feel free to contact me if you want more specifics on my set up and experience and I may be able to help.

At the very least, this will allow me to continue using the old sync service for now, until I figure out what my options are re: self-hosting, ownCloud, Mozilla’s new Firefox Accounts-based sync service, etc.

Creative Commons Attribution-ShareAlike 4.0 International Permalink | Comments (2)

Four Criteria for Free Network Services

I’m increasingly critical of network services — software that you use on someone else’s server to do your own computing. We rely on computers more and more for our work, social lives, civic engagement, health, education and leisure, and more and more that means relying on networking services rather than our own personal computers. There are serious trade-offs to living as a tenant online, rather than a property owner. I’ve been reconsidering the network services I use and rely on, especially in the shift to mobile computing.

The work of Autonomo.us has heavily influenced my thinking. Also of note is Stallman’s essay on software as a service (though he does more to identify the problems than recommend solutions). I essentially agree with the Franklin Street Statement from Autonomo.us. As a user of network services, I’ve narrowed it down to four major criteria to look for when deciding whether to trust a service on freedom and autonomy.

  1. Free (libre) software
  2. Control over data
  3. Privacy / Encryption
  4. Distributed Systems

Note: This is more of a working list than an attempt at a formal definition. For example, I’m not sure that #3 and #4 should be required, even though I believe they are important. Feedback is welcome.

1. Free (libre) software

Free (libre) or open source software licenses designed for network services, like the GNU AGPL, help guarantee the software will respect users’ freedoms. The arguments for software freedom have been addressed at length elsewhere, but the freedom to run the software yourself is particularly relevant here since, unlike desktop software, you often have the choice of letting someone else run the software for you. Even if you don’t run the software on your own server, having the freedom to do so ensures that you can still run the service in the event that the service provider shuts down — a frequent concern with proprietary web startups after acquisition or failure. And, even if you can’t run the software yourself, with all four freedoms, chances are someone else will. The broader case for software freedom is made at length elsewhere.

Network services should respect users’ freedoms. LibreProjects.net has a good list of free web services and alternatives.

2. Control over data

If users want to leave a service provider, can they take their data with them? Open standards are important. Open standards allow other software to read and understand your data. Open standards also allow you to mix the software you use on the client and server or across multiple devices more easily. Not only does this make migration more realistic, but it makes transitions smoother.

Google’s network services aren’t often free (libre) software, but Google does have a strong commitment to open standards and making your data easily available. I’ve used many Google services from non-Google clients: Gmail from Thunderbird, Evolution and Modest; Google Calendar from Lightning, Evolution, and my N900; Google Reader from Liferea and grr; Google Talk from Empathy, Pidgin, and my N900, etc. I’ve been able to switch my client-side software before changing the back-end. This makes it possible to transition to new services gradually, in smaller steps, with less disruption.

Facebook has a download feature, but it’s slow, and it just chucks all of your data into a giant zip file rather than putting it into formats that other software or services could understand. Facebook has also actively blocked services that export your data to other providers. Your data is available for download, but not in a very useful way.

Migrations are not always planned. On your own server, you have the master key. With a service provider, if you lose access to your account because it’s cracked or cancelled suddenly, will you also lose access to your data? Or will you have an up-to-date copy locally? Open standards often help make it possible to keep a local copy up-to-date, but this isn’t always the default way we use these services. A synchronization service will typically maintain a complete local copy of your data, but services intended to be accessed through the web often require additional client-side set up
on the user’s part to make this happen (e.g. using Thunderbird or OfflineIMAP to keep a local copy of your Gmail email, or using Google Sync to keep a local copy of your calendar and contacts). Or, the services may only offer data dumps as backup. Does a service let you keep a complete local copy of your data easily in your everyday usage? Even if you primarily use the web interface, setting up a desktop client for regular use can help maintain a local copy of your data without having to consciously download backups.

Lastly, public data that is intended to be shared should be available under a free and open licence. Identi.ca uses CC BY for public user data. Libre.fm focuses on freely licensed music. This gives control over public content to the community, rather than just the service provider.

Network services should let users control their data, using open standards to give users control of their personal data and free licences to give the community control over public data. Despite having a very mixed record on other criteria, Google is a good example of open standards done right. Free (libre) and open source tools are also usually good with open standards. Identi.ca is a good example of licensing public data freely.

3. Privacy / Encryption

My concern with privacy isn’t so much what a service provider’s policies are, but who has access to the data in the first place.

With the launch of Google+, I’ve been quite relieved that I’ve moved a lot of my important data out of Google over the past few years. It’s one thing for Google to have my email or my social graph or my documents, but the volume of data that would be in one place using all of Google’s services is astounding. Google is generally a well-meaning company, but I wouldn’t want any single organization to have everything that Google might have: my email (love letters, job applications…), address book (contacts and their private information), documents (budget, resume, business plans), calendar (activities, habits, regular whereabouts), RSS feeds (passions, interests, and political, intellectual, religious leanings), instant messaging (chat logs with friends, lovers, co-workers), my social graph (strong ties, relationships), my phone calls (the ability to recognize my voice from Google Talk or Google Voice), my photos (facial recognition and identification of my family, friends, colleagues) — nevermind all of the revealing personal information contained in web searches! There are lots of questions regarding each type of data and whether or not you’d want to trust it with someone else, but the aggregation of all of it into a single account is a more noticably bad idea. It’s a recipe for disaster in the event of a privacy leak or breach, oppressive government actions, a supeona, the loss or revocation of your account, etc.

Furthermore, some things I simply don’t want on someone else’s computer ever. I’ve felt comfortable trusting service providers like Google with my email in the past, but I’ve never been comfortable trusting them with my entire address book — that’s not just my data, but other people’s private information too. Similarly, I would never want my personal journal on someone else’s computer — that’s just too private.

However, Mozilla does a fantastic job of handling private data. With Mozilla Weave (i.e. Firefox Sync), not only is it free (libre) software that you can run on your own server, but your data is encrypted on the server. A user has two passwords — one to authenticate with the server, another to encrypt the data locally. Since encryption happens locally, the server only sees the encrypted data and never sees your second password. Mozilla doesn’t even ask for the information to decrypt your Firefox Sync data. You can use their server to sync your data across computers, but it’s only ever decrypted on your computers, not the server. If you use Mozilla’s server instead of your own, Mozilla still won’t have access to your data.

I wish more services providers would do this. I understand it doesn’t work for services that are meant to be accessed directly on the server through the web, but at least for synchronization services it seems like a privacy no-brainer. Funambol, for example, is a great libre software data synchronization server for mobile devices, but I don’t think their gratis service at my.funambol.com encrypts your data. I suppose they have a web interface on their server, but I’d rather run my own Funambol server in the absence of Weave-style encryption, whereas I don’t mind using Mozilla’s Firefox Sync service at all.

Encryption of data in transit is another concern. Does a network service or web application offer encrypted methods of communication? Or is your private data being transmitted out in the open? Gmail now offers HTTPS by default. Facebook and Twitter offer an “Always use HTTPS” setting. The EFF has developed a Firefox add-on that uses HTTPS wherever possible. I’ve started using basic StartSSL Class 1 certificates, which are available at no cost to individuals, in order to encrypt traffic on my home servers.

A good network service should take privacy seriously, and offer encryption wherever possible. I’m not sure that this should be a requirement for a free network service, but it’s an important consideration before using a service hosted by somebody else. However, a service that may fail to adequately protect your privacy as a hosted service could still provide an acceptable self-hosted solution.

4. Distributed Systems

Email is a common example of a distributed set of protocols. If Bob uses Hotmail and Sally uses Gmail, they can still communicate with each other. Telephony provides another example; Bell customers can phone Rogers customers, and vice versa. This is the ideal — choosing a service provider independently from the people with whom you want to communicate. Distributed systems strengthen the Internet, creating fewer points of failure or censorship, more opportunities for expression and innovation, more freedom and autonomy for users. This isn’t always relevant for network tools or synchronization services aimed at individuals or small groups compared to social network services and communications tools.

Most online social networking services are walled gardens. Facebook users can only talk to other Facebook users, MySpace users can only talk to other MySpace users, etc. In this environment, social pressure has negative effects on freedom and autonomy. You might not feel comfortable using Facebook, but if that’s where your social circles are active, you’re faced with the choice of being left out or using a service provider with which you’re uncomfortable.

Google Talk makes it clear that it doesn’t have to be this way. Rather than developing their own proprietary walled garden instant messaging service, Google used the open standard XMPP (aka Jabber) for its chat service. With XMPP, you can chat with people on other servers. I have a Jabber account on my own server (and there are dozens of public Jabber servers), and I can still talk with (or call) people on Gmail Chat. I’ve left Google Talk, but I’m not cut off from Google Talk users. Compare that to Skype, which has so far relied on a proprietary VoIP protocol that only lets Skype users call other Skype users (short of bridging to traditional telephony).

In the social networking space, there are efforts like GNU Social/StatusNet and Diaspora to develop distributed solutions. StatusNet has already had some success implementing an open standard for distributed status updates. I’m curious whether Google+ might advance the cause of distributed social networking services (even slightly), given Google’s commitment to distributed systems and open standards elsewhere, and their development of new standards like OpenSocial.

Social network services should be distributed, allowing users to communicate across service providers. Email, traditional telephony, XMPP/Google Talk and GNU Social/Diaspora are all good examples of this. I’m not sure that this should be a strict requirement for a free network service, but the freedom to run the software on your own server is pretty useless for some social applications if you can’t communicate with people on other servers.

Conclusion

Identi.ca, the flagship StatusNet site, is a perfect example of a free network service. It’s free software (AGPL), implements open standards and documented APIs for accessing your data, they’ve pioneered an open standard for distributed networking, and public updates are licensed freely. I’m happy to use Identi.ca.

Mozilla’s Firefox Sync is a good example of a free network synchronization service. Data is encrypted, it’s free software that can be run on another server, and bookmarks are stored locally in a format that other applications can read. I’m comfortable using Mozilla’s service for Firefox Sync.

AGPL network sync services like Funambol and Snowy are also libre services (free software, open standards or documented formats), but in the absence of Mozilla-style encryption, I’d prefer to run them on my own server. The FreedomBox Foundation has been working on an easy way to run libre services from a home server, and make them available to others. I currently use a combination of always-on GNU/Linux home computers available remotely and some dedicated servers that I manage. Even without your own server, you can use free (or more freedom-friendly) hosted services like riseup.net for email, jabber.org or others for instant messaging, my.funambol.com for mobile sync, Mozilla Firefox Sync for bookmarks and browser data, Identi.ca over Twitter, Voip.ms (SIP) over Skype, Libre.fm over Last.fm, etc. If you’re looking to try out some of the self-hosted services, I do have Snowy, Funambol, and Tiny Tiny RSS running on my home server — contact me if you’d like an account to try them out.

The process of disentangling from proprietary network services can take some time, but it’s well worth it for the sake of freedom and autonomy, even when it may be challenging in the short-run. If you can’t leave a proprietary service right away, recognizing where it fails to meet these criteria can help you take some important steps in the meantime.

Creative Commons Attribution-ShareAlike 4.0 International Permalink | Comments (8)

SOLUTION: Firefox Fails When Upgrading After Using Mozilla PPA

This is a quick fix for a problem I had when upgrading to Ubuntu 10.04, after having used the Mozilla PPA.

The Firefox upgrade failed during the distribution upgrade process (from 9.10 to 10.04). I was told to run `dpkg -a –configure`, and the same error occurred again (it’s in bold).

$ sudo dpkg -a --configure
Setting up firefox (3.6.3+nobinonly-0ubuntu4) ...
update-alternatives: error: alternative path /usr/bin/firefox doesn't exist.
dpkg: error processing firefox (--configure):
subprocess installed post-installation script returned error exit status 2
dpkg: dependency problems prevent configuration of firefox-3.5:
firefox-3.5 depends on firefox; however:
Package firefox is not configured yet.
dpkg: error processing firefox-3.5 (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of firefox-3.0:
firefox-3.0 depends on firefox; however:
Package firefox is not configured yet.
dpkg: error processing firefox-3.0 (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of firefox-gnome-support:
firefox-gnome-support depends on firefox (= 3.6.3+nobinonly-0ubuntu4); however:
Package firefox is not configured yet.
dpkg: error processing firefox-gnome-support (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of firefox-3.5-gnome-support:
firefox-3.5-gnome-support depends on firefox-gnome-support; however:
Package firefox-gnome-support is not configured yet.
dpkg: error processing firefox-3.5-gnome-support (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
firefox
firefox-3.5
firefox-3.0
firefox-gnome-support
firefox-3.5-gnome-support

A quick web search brought up a bug report, and I was able to figure out this fix with the help of one of the comments:

Update: Fixed.My original solution was only temporary, and had to be repeated for each Firefox update (all the way through every update with 10.04, 10.10, now 11.04…). I’ve found the root of the problem now, by comparing local dpkg diversions for Firefox on my affected machines against an unaffected clean Ubuntu install.

On my laptop:

$ sudo dpkg-divert --list | grep firefox
local diversion of /usr/bin/firefox to /usr/bin/firefox.ubuntu
local diversion of /usr/bin/mozilla-firefox to /usr/bin/mozilla-firefox.ubuntu

The clean Ubuntu install returned no results for the above command. (Also, note that in the full output for dpkg-divert –list, those were the only local diversion — another hint that they were from the PPA upgrade rather than Ubuntu itself.)

So, I ran the following commands to remove the diversions:
$ sudo dpkg-divert --remove /usr/bin/mozilla-firefox
$ sudo dpkg-divert --remove /usr/bin/firefox

Then, the most recent Firefox upgrades worked without a hitch on both of my affected machines. Finally fixed… *fingers crossed*

Updated: This isn’t a complete fix, as the problem reoccurs every time Firefox is updated. If someone knows how to fix this for good, let me know…

$ sudo rm /usr/bin/firefox
$ cd /usr/bin
$ sudo ln -s ../lib/firefox-<your-current-version>/firefox.sh firefox
$ sudo chmod 0777 firefox
$ sudo apt-get -f install

The symlink for /usr/bin/firefox had been pointing to /usr/bin/firefox-3.5, which no longer existed, so the commands above (1) remove the dead-end link; (2) add the proper link (YMMV depending on which version of Firefox you are upgrading to); (3) resume the upgrade process.

Hope that helps!

Creative Commons Attribution-ShareAlike 4.0 International Permalink | Comments (1)

Is Firefox missing the point in its response to Google Chrome?

[This post originally appeared on Techdirt.]

Seth Godin thinks Firefox is missing the point by launching new features in response to Google Chrome. He says the problem now is that “when your friends switch to Firefox, your life doesn’t get better.” Firefox needs to provide people with an incentive to spread it, so that the more people use it, the better it gets for users (think of a social networking site — you have a better experience if more of your friends join). He suggests new communication and collaboration features that only work if you have Firefox.

I think he’s missing the point.

He ignores the Firefox community. The life of a Firefox user does improve as the user base grows. A more vibrant community means better add-ons, bug fixes, security patches, phishing reports, translations/dictionaries, etc. — all members benefit. Mozilla is already providing the sort of incentive he describes. Sure, there may be ways to improve, but I don’t think they’re missing the point.

Plus, “only for Firefox users” isn’t the Mozilla approach. Mozilla wants to improve the web for everyone — not just Firefox users. Mozilla thinks your browser should be like your phone or your car; it shouldn’t matter if your friends or co-workers are using the same product. You don’t need to consider which phone carrier your friend uses before making a call, or which car your co-worker has before providing directions; you shouldn’t have to think about what browser someone uses before communicating with them online. People don’t need special browser-specific features in order to communicate browser-to-browser, that’s what web services (or add-ons) are for. Those kinds of features would make life on the web more difficult for everyone if they were Firefox specific, and if they weren’t, Google could just implement them in Chrome.

The community is one thing Firefox has that Chrome can’t copy overnight.

If you read some responses to Chrome from people at Mozilla, it doesn’t seem like they’re missing the point. Competition in the browser market is validation of Mozilla’s mission for Firefox, and Mozilla plans to compete by continuing to innovate and to involve the community. Seth Godin makes a great observation about giving people an incentive to spread your product — “people will recommend something if adoption improves their lives” — but he doesn’t mention the ways in which Mozilla has already taken that to heart. How do you think Firefox became popular in the first place?

[Read the comments on Techdirt.]

Creative Commons Attribution-ShareAlike 4.0 International Permalink | Post a Comment