Wouldn’t it be nice?

April 2, 2014 § 2 Comments

Wouldn’t it be nice if Mozilla were a political party, with a single stance, a single state of mind and a single opinion?

Wouldn’t it be nice if people could decide to vote for or against Mozilla based on a single opinion of its leader?

But that’s not the case. We are Mozilla. We have thousands of different voices. We agree that users must be defended on the web. We fight for privacy and for freedom of speech and for education. On everything else, we might disagree, but that’s ok. We are Mozilla. We won’t let that stop us.

So please don’t ask us to exclude one of our own, no matter how much you disagree with his positions. We are Mozilla. We always disagree on most things that are not our mission. And we move forward, together.

Of course, if you want to change Mozilla, how we work and what we think, there is one way to do it. You can join us. Don’t worry, you don’t have to agree with us on much.

Just a question regarding ACTA

February 10, 2012 § Leave a comment

I am currently reading the official text of ACTA. This international treaty against brand name abuse, forgery and illicit data sharing has been negotiated for two and a half years being a veil of absolute secrecy. Since early December, it is now finally public.

Reading it, I wonder. Here is article 11, for instance:

« Without prejudice to its law governing privilege, the protection of confidentiality of information sources, or the processing of personal data, each Party [= each country] shall provide that, in civil judicial proceedings concerning the enforcement of intellectual property rights, its judicial authorities have the authority, upon a justified request of the right holder, to order the infringer or, in the alternative, the alleged infringer, to provide to the right holder or to the judicial authorities, at least for the purpose of collecting evidence, relevant information as provided for in its applicable laws and regulations that the infringer or alleged infringer possesses or controls. Such information may include information regarding any person involved in any aspect of the infringement or alleged infringement and regarding the means of production or the channels of distribution of the infringing or allegedly infringing goods or services, including the identification of third persons alleged to be involved in the production and distribution of such goods or services and of their channels of distribution. »

Do I understand correctly that, to comply with such orders:

  • a library must keep watch over its uers, so as to be able to identify those who might be implied in alleged infringements?
  • a university must keep watch over its professors, so as to be able to identify those who might be implied in distributing documents and exceeding fair use?
  • … or a highschool? or a kindergarten?
  • … and no element of proof is required from the right holder?

Have I mentioned that I am a little worried by ACTA?

Une question à propos d’ACTA

February 10, 2012 § 2 Comments

J’ai sous les yeux le texte officiel d’ACTA. Ce traité international contre (en vrac) l’exploitation illicite de marques, le faux et usage de faux et le partage de données sans autorisation sur Internet, après avoir été négocié en toute confidentialité par la Commission Européenne, est enfin public, et doit passer devant le Parlement Européen en mai 2012.

Du coup, je lis l’article 11 et je m’interroge :

« Without prejudice to its law governing privilege, the protection of confidentiality of information sources, or the processing of personal data, each Party [= chaque pays] shall provide that, in civil judicial proceedings concerning the enforcement of intellectual property rights, its judicial authorities have the authority, upon a justified request of the right holder, to order the infringer or, in the alternative, the alleged infringer, to provide to the right holder or to the judicial authorities, at least for the purpose of collecting evidence, relevant information as provided for in its applicable laws and regulations that the infringer or alleged infringer possesses or controls. Such information may include information regarding any person involved in any aspect of the infringement or alleged infringement and regarding the means of production or the channels of distribution of the infringing or allegedly infringing goods or services, including the identification of third persons alleged to be involved in the production and distribution of such goods or services and of their channels of distribution. »

Ai-je bien compris que, pour pouvoir obéir à ce type d’injonction :

  • une bibliothèque doit surveiller ses empruntants, pour pouvoir identifier ceux qui pourraient être impliqués dans de la photocopie de livres ?
  • une université doit surveiller ses enseignants, pour pouvoir identifier ceux qui pourraient distribuer des polycopiés sans autorisation ?
  • … ou un lycée, un collège, une maternelle ?
  • … ainsi que les intervenants invités le temps d’un cours ou d’un séminaire ?
  • … le tout sur simple soupçon ?

Ai-je mentionné qu’ACTA m’inquiète quelque peu ?

Resist SOPA, HADOPI, Censorship…

January 18, 2012 § Leave a comment

Today, this blog is black.

Today is an international day of fighting against web censorship.

Against SOPA (in the US), Hadopi (in France), and all the bills that assume that freedom of expression and freedom of information can be cast aside whenever they come in the way of profit.

Learn more.

Image from Ars Technica: http://arstechnica.com/staff/palatine/2012/01/sopa-resistance-day-begins-at-ars.ars

JavaScript, this static language (part 1)

October 20, 2011 § 7 Comments

tl;dr

JavaScript is a dynamic language. However, by borrowing a few pages from static languages – and a few existing tools – we can considerable improve reliability and maintainability.

« Writing one million lines of code of JavaScript is simply impossible »

(source: speaker in a recent open-source conference)

JavaScript is a dynamic language – a very dynamic one, in which programs can rewrite themselves, objects may lose or gain methods through side-effects on themselves on on their prototypes, and, more generally, nothing is fixed.

And dynamic languages are fun. They make writing code simple and fast. They are vastly more suited to prototyping than static languages. Dynamism also makes it possible to write extremely powerful tools that can perform JIT translation from other syntaxes, add missing features to existing classes and functions and more generally fully customize the experience of the developer.

Unfortunately, such dynamism comes with severe drawbacks. Safety-minded developers will tell you that, because of this dynamism, they simply cannot trust any snippet, as this snippet may behave in a manner that does not match its source code. They will conclude that you cannot write safe, or even modular, applications in JavaScript.

Many engineering-minded developers will also tell you that they simply cannot work in JavaScript, and they will not have much difficulty finding examples of situations in which the use of a dynamic language in a complex project can, effectively, kill the project. If you do not believe them, consider a large codebase, and the (rather common) case of a large transversal refactoring, for instance to replace an obsolete API by a newer one. Do this in Java (or, even better, in a more modern mostly-static language such as OCaml, Haskell, F# or Scala), and you can use the compiler to automatically and immediately spot any place where the API has not been updated, and will spot a number of errors that you may have made with the refactoring. Even better, if the API was designed to be safe-by-design, the compiler will automatically spot even complex errors that you may have done during refactoring, including calling functions/methods in the wrong order, or ownership errors. Do the same in JavaScript and, while your code will be written faster, you should expect to be hunting bugs weeks or even months later.

I know that the Python community has considerably suffered from such problems during version transitions. I am less familiar with the world of PHP, but I believe this is no accident that Facebook is progressively arming itself with PHP static analysis tools. I also believe that this is no accident that Google is now introducing a typed language as a candidate replacement for JavaScript.

That is because today is the turn of JavaScript, or if not today, surely tomorrow. I have seen applications consisting in hundreds of thousands of lines of JavaScript. And if just maintaining these applications is not difficult enough, the rapid release cycles of both  Mozilla and Chrome, mean that external and internal APIs are now changing every six weeks. This means breakage. And, more precisely, this means that we need new tools to help us predict breakages and help developers (both add-on developers and browser contributors) react before these breakages hit their users.

So let’s do something about it. Let’s make our JavaScript a strongly, statically typed language!

Or let’s do something a little smarter.

JavaScript, with discipline

At this point, I would like to ask readers to please kindly stop preparing tar and feathers for me. I realize fully that JavaScript is a dynamic language and that turning it into a static language will certainly result in something quite disagreeable to use. Something that is verbose, has lost most of the power of JavaScript, and gained no safety guarantees.

Trust me on this, there is a way to obtain the best of both worlds, without sacrificing anything. Before discussing the manner in which we can attain this, let us first set objectives that we can hope to achieve with a type-disciplined JavaScript.

Finding errors

The main benefit of strong, static typing, is that it helps find errors.

  • Even the simplest analyses can find all syntax errors, all unbound variables, all variables bound several times and consequently almost all scoping errors, which can already save considerable time for developers. Such an analysis requires no human intervention from the developer besides, of course, fixing any error that has been thus detected. As a bonus, in most cases, the analysis can suggest fixes.
  • Similarly trivial forms of analysis can also detect suspicious calls to break or continue, weird uses of switch(), suspicious calls to private fields of objects, as well as suspicious occurrences of eval – in my book, eval is always suspicious.
  • Slightly more sophisticated analyses can find most occurrences of functions or methods invoked with the wrong number of arguments. Again, this is without human intervention. With type annotations/documentation, we can move from most occurrences to all occurrences.
  • This same analysis, when applied to public APIs, can provide developers with more informations regarding how their code can be (mis)used.
  • At the same level of complexity, analysis can find most erroneous access to fields/methods, suspicious array traversals, suspicious calls to iterators/generators, etc. Again, with type annotations/documentation, we can move from most to all.
  • Going a little further in complexity, analysis can find fragile uses of this, uncaught exceptions, etc.

Types as documentation

Public APIs must be documented. This is true in any language, no matter where it stands on the static/dynamic scale. In static languages, one may observe how documentation generation tools insert type information, either from annotations provided by the user (as in Java/JavaDoc) or from type information inferred by the compiler (as in OCaml/OCamlDoc). But look at the documentation of Python, Erlang or JavaScript libraries and you will find the exact same information, either clearly labelled or hidden somewhere in the prose: every single value/function/method comes with a form of type signature, whether formal or informal.

In other words, type information is a critical piece of documentation. If JavaScript developers provide explicit type annotations along with their public APIs, they have simply advanced the documentation, not wasted time. Even better, if such type can be automatically inferred from the source code, this piece of documentation can be automatically written by the type-checker.

Types as QA metric

While disciples of type-checking tend to consider typing as something boolean, the truth is more subtle: it quite possible that one piece of code does not pass type-checking while the rest of the code does. Indeed, with advanced type systems that do not support decidable type inference, this is only to be expected.

The direct consequence is that type-checking can be seen as a spectrum of quality. A code can be seen as failing if the static checking phrase can detect evident errors, typically unbound values or out-of-scope break, continue, etc. Otherwise, every attempt to type a value that results in a type error is a hint of poor QA practice that can be reported to the developer. This yields a percentage of values that can be typed – obtain 100% and get a QA stamp of approval for this specific metric.

Typed JavaScript, in practice

Most of the previous paragraphs are already possible in practice, with existing tools. Indeed, I have personally experienced using JavaScript static type checking as a bug-finding tool and a QA metric. On the first day, this technique has helped me find both plenty of dead code and 750+ errors, with only a dozen false positives.

For this purpose, I have used Google’s Closure Compiler. This tool detects errors, supports a simple vocabulary for documentation/annotations, fails only if very clear errors are detected (typically syntax errors) and provides as metric a percentage of well-typed code. It does not accept JavaScript 1.7 yet, unfortunately, but this can certainly be added.

I also know of existing academic work to provide static type-checking for JavaScript, although I am unsure as to the maturity of such works.

Finally, Mozilla is currently working on a different type inference mechanism for JavaScript. While this mechanism is not primarily aimed at finding errors, my personal intuition is that it may be possible to repurpose it.

What’s next?

I hope that I have convinced you of the interest of investigating manners of introducing static, strong type-checking to JavaScript. In a second part, I will detail how and where I believe that this can be done in Mozilla.

Vos enfants n’iront pas à l’université

February 2, 2010 § 1 Comment

Voici un an que la communauté universitaire a tiré la sonnette d’alarme, dans l’indifférence générale. Et bien, maintenant, ça commence, et ça confirme vous ne pourrez pas payer les études de vos enfants.

Vous voulez des détails ? À compter de l’année prochaine, certains Master de l’Université Paris Dauphine vont coûter la bagatelle de 1500 à 4000 euros.

À suivre.

Cent mille voix pour la formation des enseignants

January 23, 2010 § Leave a comment

Comme beaucoup d’entre vous le savent, l’année 2009-2010 a été rude dans les écoles, les collèges, les lycées les universités et les instituts de recherche de France. Du côté des enseignants, des chercheurs, des personnels administratifs et techniques et des parents d’élèves, il s’agissait de défendre le système contre sa casse systématique et organisée au profit du secteur privé. Du côté ministériel, il s’agissait de prononcer quelques bonnes paroles, de diviser pour régner, de salir tous ceux qui consacrent leur vie à former les enfants des autres ou à concevoir les savoirs de demain, de supprimer progressivement la formation des enseignants, de couper le plus possible de postes dans les établissements, de cesser de régler les factures, et plus généralement d’organiser la transition vers un système du tout-privé.

Comme beaucoup d’entre vous le savent, une année de lutte entière — dont la grève universitaire la plus importante depuis le XIIIeme siècle, pardonnez du peu — n’a servi à rien. Quelques belles paroles et le rouleau compresseur a repris, sans négociations, sans compromis et sans respecter la moindre promesse.

Il est encore temps, peut-être, de sauver quelques meubles. C’est en tout cas ce que pense la Coordination Nationale pour la Formation des Enseignants, qui vient de lancer une pétition. Cette pétition rassemblent les signatures de tous ceux qui estiment que la France doit continuer à former la formation des enseignants — rappelons que cette formation est presque abolie à partir de cette année. Si vous avez des enfants, si vous comptez en avoir ou si vous pensez que les enfants des autres doivent avoir des professeurs formés, je vous suggère de la signer. Je viens de le faire moi-même.

Where Am I?

You are currently browsing the Société category at Il y a du thé renversé au bord de la table.

Follow

Get every new post delivered to your Inbox.

Join 31 other followers