testpilot.firefox.com just got a lot easier to work on

We originally built Test Pilot on top of Django and some JS libraries to fulfill our product requirements as well as keep us flexible enough to evolve quickly since we were a brand new site.

As the site has grown, we've dropped a few requirements, and realized that we were using APIs from our engagement team to collect newsletter sign ups, APIs from our measurement team for our metrics, and everything else on the site was essentially HTML and JS. We used the Django scaffolding for updating the experiments, but there was no reason we needed to.

I'm happy to highlight that as of today testpilot.firefox.com is served 100% statically. Moving to flat files means:

  • Easier to deploy. All we do is copy files to an S3 bucket. No more SQL migrations or strange half-pushed states.

  • More secure. With just flat files we have way less surface area to attack.

  • Easier to participate in. You'll no longer need to set up Docker or a database. Just check out the files, run npm install and you're done. (disclaimer: we just pushed this today, so we actually still need to update the documentation)

  • Excellent change control. Instead of using an admin panel on the site, we now use GitHub to manage our static content. This means all changes are tracked for free, we already have a process in place for reviewing pull requests, and it's easy to roll back or manipulate the data because it's all in the repository already.

If you want to get involved with Test Pilot, come join us in #testpilot (or webchat)!

Test Pilot Q3 OKR Review

For the third quarter of 2016 the Test Pilot team decided to try using the OKR method (an OKR overview) for our goal setting.

We all sat down in London and hashed out what direction we wanted to move in for Q3, what we thought we could do in that timeframe, prioritized the results and then I published the results on the wiki. If you're interested in what Test Pilot did in Q3 you should read that link because it has a bunch of comments in it.

I knew we deprioritized some of our goals mid-quarter, but I was surprised to see us come up with a pretty modest .61. My takeaways from my first time using the OKR method is:

  • Wording is really important. Even if you all agree on some words while sitting around a table, look them over again the next day because they might not make as much sense as you think.

  • Getting the goals for your quarter planned before the quarter starts is tops.

  • Having a public list of goals you can point people to is great for your team, other teams you work with, and anyone in the community interested in your project.

  • Estimates for how long things will take you is still a Really Hard Problem.

The feedback I've received about the OKR process we followed has been really positive and I expect to continue it in the future.

Test Pilot is launching three new experiments for Firefox

The Test Pilot team has been heads-down for months working on three new experiments for Firefox and you can get them all today!

Min Vid

Min Vid is an add-on that allows you to shrink a video into a small always-on-top frame in the corner of your browser. This lets you watch and interact with a video while browsing the web in other tabs. Opera and Safari are implementing similar features so this one might have some sticking power.

Thanks to Dave, Jen, and Jared for taking this from some prototype code to in front of Firefox users in six months.

Tracking Protection

Luke has been working hard on Tracking Protection - an experiment focused on collecting feedback from users about which sites break when Firefox blocks the trackers from loading. As we collect data from everyday users we can make decisions about how best to block what people don't want and still show them what they do. Eventually this could lead to us protecting all Firefox users with Tracking Protection by default.

Page Shot

Page Shot is a snappy experiment that enables users to quickly take screenshots in their browser and share them on the internet. There are a few companies in this space already, but their products always felt too heavy to me, or they ignored privacy, or some simply didn't even work (this was on Linux). Page Shot is light and quick and works great everywhere.

As a bonus, a feature I haven't seen anywhere else, Page Shot also offers searching the text within the images themselves. So if you take a screenshot of a pizza recipe and later search for "mozzarella" it will find the recipe.

I was late to the Page Shot party and my involvement is just standing on the shoulders of giants at this point: by the time I was involved the final touches were already being put on. A big thanks to Ian and Donovan for bringing this project to life.

I called out the engineers who have been working to bring their creations to life, but of course there are so many teams who were critical to today's launches. A big thank you to the people who have been working tirelessly and congratulations on launching your products! :)

Getting Firefox Nightly to stick to Ubuntu's Unity Dock

I installed Ubuntu 16.04.1 this week and decided to try out Unity, the default window manager. After I installed Nightly I assumed it would be simple to get the icon to stay in the dock, but Unity seemed confused about Nightly vs the built-in Firefox (I assume because the executables have the same name).

It took some doing to get Nightly to stick to the Dock with its own icon. I retraced my steps and wrote them down below.

My goal was to be able to run a couple versions of Firefox with several profiles. I thought the easiest way to accomplish that would be to add a new icon for each version+profile combination and a single left click on the icon would run the profile I want.

After some research, I think the Unity way is to have a single icon for each version of Firefox, and then add Actions to it so you can right click on the icon and launch a specific profile from there.

Installing Nightly

If you don't have Nighly yet, download Nightly (these steps should work fine with Aurora or Beta also). Open a terminal:

$ mkdir /opt/firefox
$ tar -xvjf ~/Downloads/firefox-51.0a1.en-US.linux-x86_64.tar.bz2 /opt

You may need to chown some directories to get that in /opt which is fine. At the end of the day, make sure your regular user can write to the directory or else you won't be able to install Nightly's updates.

Adding the icon to the dock

Then create a file in your home directory named nightly.desktop and paste this into it:

[Desktop Entry]
Version=1.0
Name=Nightly
Comment=Browse the World Wide Web
Icon=/opt/firefox/browser/chrome/icons/default/default128.png
Exec=/opt/firefox/firefox %u
Terminal=false
Type=Application
Categories=Network;WebBrowser;
Actions=Default;Mozilla;ProfileManager;

[Desktop Action Default]
Name=Default Profile
Exec=/opt/firefox/firefox --no-remote -P minefield-default

[Desktop Action Mozilla]
Name=Mozilla Profile
Exec=/opt/firefox/firefox --no-remote -P minefield-mozilla

[Desktop Action ProfileManager]
Name=Profile Manager
Exec=/opt/firefox/firefox --no-remote --profile-manager

Adjust anything that looks like it should change, the main callout being the Exec line should have the names of the profiles you want to use (in the above file mine are called minefield-default and minefield-mozilla). If you have more profiles just make more copies of that section and name them appropriately.

If you think you've got it, run this command:

  $ desktop-file-validate nightly.desktop

No output? Great -- it passed the validator. Now install it:

  $ desktop-file-install --dir=.local/share/applications nightly.desktop

Two notes on this command:

  1. If you leave off --dir it will write to /usr/share/applications/ and affect all users of the computer. You'll probably need to sudo the command if you want that.
  2. Something is weird with the parsing. Originally I passed in --dir=~/.local/... and it literally made a directory named ~ in my home directory, so, if the menu isn't updating, double check the file is getting copied to the right spot.

Some people report having to run unity again to get the change to appear, but it showed up for me. Now left-clicking runs Nightly and right-clicking opens a menu asking me which profile I want to use.

Modifying the Firefox Launcher

I also wanted to launch profiles off the regular Firefox icon in the same way.

The easiest way to do that is to copy the built-in one from /usr/share/applications/firefox.desktop and modify it to suit you. Conveniently, Unity will override a system-wide .desktop file if you have one with the same name in your local directory so installing it with the same commands as you did for Nightly will work fine.

Postscript

I should probably add a disclaimer that I've used Unity for all of two days and there may be a smoother way to do this. I saw a couple of 3rd-party programs that will generate .desktop files but I didn't want to install more things I'd rarely use. Please leave a comment if I'm way off on these instructions! :)

Updated 2017-11-27: I updated the icon path above. Thanks to kus for the comment.

Signing your commits on GitHub with a GPG key

Every time Chuck Harmston commits to GitHub he has that fancy [verified] tag next to his name and I'm super jealous.

I've been too lazy to add GPG signing to my Git commits because it seemed like too much work, but I had some free time this afternoon and Julien Vehent convinced me it wasn't that hard, so, here we are. Writing this post is partly to encourage everyone to sign their commits, and partly so I can find these steps again when I forget how to do it in the future.

I already have a gpg key I use for Mozilla things, so I'll start with that. Check out your current keys (if this list is empty, you'll need to make a key):

$ gpg --list-keys wclouser@mozilla.com
pub   4096R/4A403229 2013-08-19
uid                  Wil Clouser <wclouser@mozilla.com>
sub   4096R/B438E342 2013-08-19

I want to use a new subkey for GitHub signing, so I'll edit my existing master key and add a new one:

gpg --edit-key 4A403229
gpg> addkey
<I choose to add a 4096 bit RSA signing-only key which expires in two years>
gpg> save

Reviewing my new key:

$ gpg --list-keys wclouser@mozilla.com
pub   4096R/4A403229 2013-08-19
 uid                  Wil Clouser <wclouser@mozilla.com>
sub   4096R/B438E342 2013-08-19
sub   4096R/04D1111C 2016-08-30 [expires: 2018-08-30]

Adding the key to GitHub

Telling GitHub about the key is pretty straight forward. Firstly, get your public key:

$ gpg --armor --export 04D1111C
-----BEGIN PGP PUBLIC KEY BLOCK-----
  ...
  <many lines of text here>
  ...
-----END PGP PUBLIC KEY BLOCK-----

Next, load https://github.com/settings/keys and click New GPG Key. Then copy and paste the entire output from the command you ran above into the textarea on that page and click save.

Signing the commit

You're going to sign all your commits, right? So let's just add this thing globally (bonus note: you can add this, but it only works in git 2.0 and above. If you have an old version you'll need to add the -S flag to your git commit commands):

$ git config --global commit.gpgsign true

If you have more than one key you'll want to specify the key to use:

$ git config --global user.signingKey 04D1111C

You can change all this stuff in ~/.gitconfig if you'd rather adjust it directly. While you're in there, double check that the user.email value lines up with the email address assigned to your key and the email address that GitHub knows about or else you'll have a mismatch when you try to use it.

Ready to commit something? Edit your files like normal, and git commit. You'll be prompted for your GPG password (unless you use an agent, and you should) and everything else should just work like normal. Github will recognize the signed commit:

Transferring the key to your laptop

Transferring secret keys around always raises some eyebrows, but the reality is many of us make commits from multiple computers. As long as you protect the key in transit, this should be relatively secure. Firstly, export it into a couple of files:

gpg --export 04D1111C > key-pub.asc
gpg --export-secret-keys 04D1111C > key-sec.asc

Then securely transfer those files to your laptop (scp is a good choice) and run:

gpg --import key-pub.asc
gpg --import key-sec.asc

When you're done, securely delete the .asc files on both computers (I use shred but there are other options).

And that's it. Signed commits!