Tag: Web

Speaking with authority

I’ve just spent the better part of three hours arguing on IRC about Let’s Encrypt clients. After speaking with two others, I realised that nobody who I spoke with before knew their facts were facts.

Different people all told me various incorrect information, such as:

  • No ACME client supports doing a manual DNS TXT record for verification bootstrapping until you have an httpd up. (acme.sh, dehydrated, and certbot all support this.)
  • LE needs IPv4 for the HTTP challenge. (It worked fine for me with an IPv6-only host. I’m not sure which it would prefer if it had the choice between v6 and v4, or if it’d use Happy Eyeballs and connect to whichever responded first.)
  • It isn’t possible to step through the process manually as a debugging aid; you have to rely on your ACME client’s debugging facilities. (https://gethttpsforfree.com/ helped a tonne.)
  • You have to be listening for the HTTP challenge on port 80. (The TLS-ALPN-01 challenge type exists which will only ever use port 443 for the challenge.)
  • Critique of how I isolated each service on a separate VM so that they would be more secure, saying it was “over-convoluted”.

All of these people spoke with an air of authority. They sounded like they genuinely knew what they were talking about, and were trying to inform me of the limitations of ACME clients / Let’s Encrypt. Nobody actually knew the answer, but they thought they were right because it fit their experience.

When I speak to people about technology, whether in real life, on IRC, or on a mailing list, I always try to make the limitations of my knowledge clear. Many is the time I have said “I’m not sure if you can do that”, or “I don’t know if X supports Y“. And sure, on occasion I will say “I have never done Y and last I knew X couldn’t do that”. Note, however, that all of these are presented as statements from my hive of knowledge, and not presented as plain facts. The art of communication seems to be lost on far too many in the technology field.

There is no shame in not knowing the answer to something. It is certainly more helpful to say “I’m not sure you can do that”, instead of “you can’t do that”. I almost gave up on Let’s Encrypt and wrote another article on how useless it is, because I was told by people who used Let’s Encrypt that it had all of these limitations that made it seem useless, arbitrary, and ridiculous to me. (Thanks to Rich Felker of musl, and Freeyorp, for setting the record straight.)

Maybe we need a new term for this. “Organic FUD”, since it comes from the community itself? At any rate, I hope that in the future, more people note the limitations of their knowledge up-front rather than sounding authoritative about a subject they know little about.

GitHub and IPv6, three years later

Three years ago, I wrote Going IPv6 native without IPv4, which noted all the services I couldn’t access over IPv6. After all this time, there is some good news, and bad news.

First, the good news: BitBucket, Savannah, and Launchpad all support IPv6 now!

Now, the bad news: GitHub still does not. This has actually prevented me from setting up a trial run of acme.sh on a server. The server I was going to test LE on is only connected to the public Internet via IPv6. Yes, I was actually trying to see if Let’s Encrypt has gotten any better, and I was prevented from doing it because GitHub does not support IPv6.

Authors of ACME clients, especially ones that are only available via GitHub: find a mirror that supports IPv6! At this point, now I’m going to have to set up acme.sh on my workstation, and then scp the certificates over to the server every 60 days. Thanks GitHub.

YouTube. 1080p. Big-endian PowerPC + Firefox.

H.264:

[Nightmare Moon grinning about the same way I was when I saw this]
The Moon Rises, playing in 1080p on big-endian Firefox with correct colours.

VP8/VP9:

[ Tractors ]
VP8 and VP9 WebM demos, playing in big-endian Firefox

I additionally shot a short 4 second video clip of the Talos in action.

I’ve filed a bug with Mozilla to upstream this work. If you do have a bmo account, consider Voting for this issue. (Don’t spam the bug tracker with +1 comments; it won’t help.)

Please also consider supporting my progress on Patreon, PayPal, or Ko-fi. I hope you’re as excited about this as I am!

Status update for Firefox on PowerPC / big endian

(This post is probably not interesting to non-technical observers.  Rest assured, I’m still working quite hard on porting Firefox to PowerPC when I have the chance.)

I’ve just pulled the latest Firefox code (from mozilla-central) and have fully rebuilt Firefox with the latest code.

First, the good news: JS-API tests are still 100% passing.  XPC Shell tests are up!  10 more tests pass now, and it took a full 17 minutes less time to run the test suite.  This is huge; it shows that if we (the POWER, SPARC, System/390, etc communities) work together with Mozilla to truly fix Firefox on big endian, there should be no issues keeping it working.

And now, some of the worse news.  Skia m71 has landed on the tree, which is meant to bring feature-parity with Chrome 71.  This was a major loss for us.  Skia does not compile at all on any architecture other than x86 and ARM.  Once that bug was patched around, it also does not compile correctly on big endian systems; thankfully, Marcus from the Raptor Talos community already had some patches written for this during their Chromium port sprint.  And now, unfortunately, comes the truly bad news: even after fixing all the build errors, it is not possible to start Firefox with Skia m71.  This seems to be related to the text layer code, which was not always working correctly anyway.  Before, this would just cause some graphical glitches; now it is a completely fatal error.

This will require more digging than I presently have the time to consider, unfortunately.  I probably won’t get back to Mozilla porting until early next week.  This will give me the time I need to focus on writing Parcel, Adélie’s next-generation package database tool and Web site.

If you like what you see and want to ensure that Firefox is ported to POWER, in addition to all of the other important work that we do improving the Linux ecosystem, please consider supporting the Adélie Linux project on Patreon, or chipping in with cryptocurrency.  Your support is what keeps efforts like this going.  Thank you!