Tag Archives: planet-ubuntu

Planet Ubuntu endorses Bernie Sanders; Larry Lessig for Supreme Court?

The results of the Planet Ubuntu poll we’re
Democratic: 72% for Bernie Sanders
Republican: 27% for Rand Paul (has since dropped out*)
Independents: 46% for Jon Stewart

Who do you like the (republican) least?: 65% Donald Trump
* And otherwise it was a wash.

In other political news a few people have pitched Larry Lessig to be the next justice on the supreme court. We need someone tech savvy on the supreme court. Not to mention someone who wants to get money out of politics.
See video here.
Sign We The People petition here.

Presidential Candidate Website Survey

I surveyed the website security and a few other website technology factors for the candidates for US president.  Here is what I found.

Epic fail candidates:
Jim Gilmore, Bobby Jindal, George Pataki – they all ask for donations on an insecure page or one vulnerable to POODLE.   I would say these would be a much better insecure server story but none of these are considered major candidates.

Actually support IPv6:
Only Donald Trump, Ted Cruz, Rand Paul, Marco Rubio.

CloudFlare
10/21 sites use cloudflare as their CDN!  It looks like their is a difference in the plan/traffic tiers some of the candidates are in:
2 endpoints – Ted Cruz, Rand Paul, Mike Huckabee, Bernie Sanders, Jim Webb, Larry Lessig5 endpoints – Marco Rubio, Carly Fiorina, Jeb Bush, Donald Trump

Now, CloudFlare  gives you IPv6 and HTTPS for free, but apparently a lot of candidates aren’t bothering to turn them on?

Complicated…
The seemingly most complicated setups go to Hilary Clinton and Chris Christie. I’m not sure they are good setups – they show up as inconsistent to ssllabs.  I’m guessing they spent the most money/time on them though.

Other interesting stats
Wordpress – 11/21
Hosting: Amazon AWS – 4/21 – Linode 2/21
Redirects to HTTPS by default for main site – 16/21 (yay! this is the assumed default now – the candidates who don’t are Rick Santorum, George Pataki, Lindsey Graham, Jim Gilmore, Lincoln Chafee)
HSTS – 3/21 have it on, but only Ted Cruz has it on in a consistent way

Conclusion?
I’m guessing those who aren’t getting good website advice aren’t getting good campaign advice in general.  Not having HTTPS by default seems like it’s a good indicator for you not being a serious candidate.   I’m curious if the republican candidates with IPv6 enabled indicates anything about their tech teams and what impact that might have as the field progresses.

Disclaimer: I’m supporting Bernie Sanders and have volunteered to help them tech wise. All the test I did were pretty simple using SSLLabs , IPv6 Test and W3Techs.

You can find the raw data in this spreadsheet – presedentialwebsites

Happy Birthday to you – MP3 Decoding Patent

According to Wikipedia  (and a related patent analysis site) MP3 decoding is now patent free in the US!  Also last night Happy Birthday was determined to be in the public domain!

Happy Birthday to you!
Happy birthday to you!
Happy birthday to that MP3 Decoding Patent!
Happy birthday to you!

Theoretically that  means we can include MP3 decoding by default in Ubuntu and other Linux distros.  I’ll leave that to legal teams to decide…

The Mozilla We’ve Got

This is a follow-up to The Mozilla I want from 2014 (same headings).  (I do post bugs and mailing lists links, but please don’t pile on them, that really doesn’t help)

DRM – Mozilla being played?

Nope, just non-Windows users being played so far [1]. I should have guessed with it being Adobe’s DRM that is being used that maybe Linux wouldn’t see the best support. It’s also depressing to me that Mozilla has given up on calling it what it is in some cases [2].

[1] https://support.mozilla.org/en-US/kb/enable-drm
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1155549

Abandon the DoNoTrack header, provide actual options

Mozilla has doubled down on DoNotTrack and our trying to get more companies to respect it with an add-on that blocks trackers if it’s not respected.  To be fair the EFF thinks this isn’t a lost cause either.. do they know something I don’t know here?  If anything it could be called DoNotMakeItAsObviousWeAreTrackingYou, that’s possible.

They’ve added DuckDuckGo as a preinstalled search engine!  Woot!

Push advertisers off of Flash (generally a good idea, but also will help with privacy – no flash cookies, etc) – Absolutely no progress on this[1] -The web is moving away from Flash and plugins but Mozilla is standing pretty still on pushing for it.  Guess Mobile and Chrome will get define this space.

[1] https://groups.google.com/forum/#!topic/mozilla.dev.tech.plugins/OmuCPoh5Fc0

SSL 3.0 – When will it go away?

That’s hilarious.  Really.   5 months or so after Mozilla removes the option to disable SSL 3.0 they have to make an add-on to disable it do to SSL 3.0 no longer being secure.

Could we just decide now to disable TLS 1.0 in 2018 or something? Maybe start warning about it in a year or so.  We know it has weaker security than TLS 1.2, so why wait until we have to do it in a panic?

Mobile – Firefox OS

I bought a ZTE Open C and it’s a cheap phone and had issues.  I’ve since given up on it and bought a ZTE Maven (Android 5.1) which I’m enjoying.  To be fair they both cost me about the same, but the Maven is a much better phone.

Mozilla hasn’t shipped a new version of Firefox OS since I bought the phone… Firefox 1.3 Released on 2014-03-17 is still the latest version (it’s 2015-08-01 today).  So much for the promised quarterly releases.  This isn’t even the harder “how long will you support this specific phone”, it’s just your schedule of releases.

[1] https://wiki.mozilla.org/Releases

Mozilla Adding unwanted things?

I really don’t mind Yahoo! Search (the new search widget rocks for using multiple search engines, imho), but adding Pocket just doesn’t make any sense to me.. oh well.

Signing add-ons I actually like and fully support.  What I didn’t like in that discussion was the idea that we can wait to figure out something for the enterprises, because they will be on the ESR release.   I’d prefer we try to bring everyone to be happy on the main release instead of making enterprises feel they really need to be on the ESR.

And Contributing!?

I’ve actual gotten my first (very very simple) patch into Firefox since my last blog post.  I’m hoping to do a bit more specifically around gstreamer.

Unfortunately, I’m feeling more like Chrome/Chromium provides a better and more secure out of the box experience for the average user today (Netflix, Flash updating, dropped NPAPI, much better video chat).   This is especially true on Linux.  It does help that Google has a specific platform (Chromebooks) that justifies investing heavily in it.

There is a lot of exciting stuff in the works (GTK3, wayland, electrolysis) and I’m going to at least stay around to see how that pans out.