Well, I'm Back

I've written before about how awesome reftests are. Now they're even more awesome! Until now reftests have always worked by taking a snapshot of the entire window at the end of the test and comparing that to a snapshot of the reference page. However, there's a fairly large class of bugs which we call "invalidation bugs" --- they only show up when you redraw part of a page, and when you draw the whole page everything's fine. These are usually either bugs in figuring out which part of the page needs to be redrawn after some dynamic change, or bugs in the optimizations that try to skip drawing elements that don't intersect the area being redrawn. We had no way to write automated tests for these bugs. Now we do!

Reftests have long supported a feature called "reftest-wait". Tests whose root element has class "reftest-wait" do not finish when their load event fires. Instead, the reftest system waits for the "reftest-wait" class to be removed from the root element, then it takes the snapshot and moves to the next test. This lets a test finish loading and then change something dynamically to see if the layout and rendering after the incremental change is correct. I've extended "reftest-wait" so that we take a snapshot after the load event has fired and then as further incremental changes happen, areas of the snapshot are updated corresponding to the areas actually repainted in the window. (This is implemented in the reftest harness using MozAfterPaint.) Implementing this actually exposed a few invalidation bugs just using the reftest-wait tests in our existing test suite.

There's some subtlety around the timing of incremental changes. Invalidation and repainting can happen asynchronously, so it's possible that the load event causes a pending repaint of the entire window and a test script running after the load event might make an incremental change that is not really tested because a full repaint of the window happens anyway. To make sure incremental updates are reliably tested, the reftest harness takes responsibility for making sure invalidation and repainting are completely flushed out after the load event has fired. Then reftest fires a "MozReftestInvalidate" event at the test document's root element; this is the cue for the test to perform its dynamic updates to be sure their repainting will be properly tested.

Last week I noticed that the new Tollroad Web site was not using SSL, so user account details such as PINs and credit card numbers are transmitted in the clear, vulnerable to being intercepted by third parties. I sent an email to the contact address and got a stock reply; then I followed up again and got a less-stock reply that they'd "look into it". In today's Herald there's a story about the same issue.

Let's be clear: Brett Dooley is completely wrong. The site is insecure. They do not need to "reassure" the public, they need to fix the site. If it's true that "all the banks set up for website transactions had "verified and certified all our banking arrangements"". then either the "banking arrangements" excluded the site's form submission system, or the banks are fools.

It's very annoying that the Herald article presents it as a "he said, she said" difference of opinion from which no conclusions can be drawn --- presumably in some desire for "balance". The reporter could have and should have called out Dooley on his false statements.

What's especially bad is that incidents like this undermine the security of the entire Internet. Whenever people are told that it's OK to transmit sensitive information like credit card numbers through an insecure channel without the "browser lock", they're being trained to respond positively to phishers and other attacks on SSL site verification.

This is an unfortunate blunder, because everything else about the Puhoi toll road project seems extremely well done. Instead of requiring some kind of transponder device in cars, they just take photos of your license plate and charge your account automatically. If you don't have an account you can use your cellphone to pay the charge up to three days after passing through, or you can visit a kiosk (away from the toll area itself) and pay cash. Overall it's a nice fully automated, low overhead solution.

Update Looks like the Tollroad people have seen reason.

Wikipedia's constant pleading for money is annoying, especially the latest round of "A Personal Appeal From Jimmy Wales". It would honestly be less annoying if they just stuck real text ads there that I already know how to ignore without feeling guilty about it. And given the amount of traffic that goes to Wikipedia --- especially the monetizable sort of traffic of people investigating things --- I can only assume they'd haul in a huge amount of cash. Are they afraid of that, or what?

We just got back from our Christmas boat trip with extended family. It was fantastic. I've created a custom Google Map showing the places we visited. The weather was mostly very good although on Tuesday it rained a fair bit (especially Tuesday night) and strong south-easterly winds kept us holed up in Bon Accord Harbour. Christmas Day and Boxing Day, on the other hand, were sheer magic. (Visibility was amazing; from Sullivan's Bay we could clearly see the tip of Castle Rock above the horizon --- 44 nautical miles away (that's 50 miles, 80 km). A Christmas Eve cruise up the Mahurangi River right up to Warkworth was another highlight. We did lots of walks, ate lots of food, swam, fished, rowed, mucked around on the beach, and played games. I hardly thought about Web browsers at all.

I'm going to be offline until December 27. If you need anything from me, rent a boat and search for me somewhere in Kawau Bay.

From then I plan to be sporadically online until January 5, when I should be back operating at full power.

Last Sunday, I gave a sermon. The regular pastors for our congregation were both away, so I pitched in. It was the first time for me, so I followed the wise maxim "talk about what you know". Naturally that meant my sermon was about the Internet.

One may ask how the Internet is sermon-worthy. It's simple: one of the things God cares most about is how we treat one another; for someone like me a lot of that happens over the Internet, because my work and friends are scattered; so it's worth exploring how God's instructions, ancient as they may be, apply in this new environment. I think it turns out that they're even more incisive than ever. Here's the gist...

Showing where we stand

"You are the light of the world. A city on a hill cannot be hidden. Neither do people light a lamp and put it under a bowl. Instead they put it on its stand, and it gives light to everyone in the house. In the same way, let your light shine before men, that they may see your good deeds and praise your Father in heaven." [Matthew 5:14]

It can be harder to socialize or chitchat with people you work with online. You may work with people for years before you know much about them beyond work. Fortunately the Internet gives us new tools to express ourselves; in particular, email signatures and blogs are great ways to communicate "out of band" information. Use them. You may be challenged, but that's generally a good thing. You may also get unexpected support.

Walking the walk

We are therefore Christ's ambassadors, as though God were making his appeal through us. [2 Corinthians 5:20]

You're obviously stupid. Go away and stop wasting my time, moron.
Rob
--
"A new command I give you: love one another" [John 13:34]

It's tempting to react to the possibility of falling by putting one's light back under the bowl. But that's obviously an incorrect response. A better response is to recognize the awesome responsibility we have, stop taking it lightly, and go immediately to God for help in desperation ... every day.

The red mist

"You have heard that it was said to the people long ago, 'Do not murder, and anyone who murders will be subject to judgment.' But I tell you that anyone who is angry with his brother will be subject to judgment." [Matthew 5:21-22]

"What the hell is wrong with Mozilla. First there's the madness of closing the app when the last tab is closed, then this! Since when was 'doing what's expected' justification for breaking something that is not broken? Firefox is going to the dogs."

"You proved your complete ignorance with that last statement, please don't waste any more time posting to this bug."

It's very easy to get angry with people online, partly because we can't see them. Always remember that at the other end is a real person made in God's image. When you write something in anger, stop, reread it, think about it, and pray about it. Imagine you're actually talking to this person. Imagine what would happen if you send it and the next Sunday they visited your church and recognized you.

XKCD by Randall Munroe

Maybe it's a guy thing or a nerd thing, but it's easy to slip into this mindset that treats overcoming "wrongness" as a puzzle to be solved or a game to be won. As we play to win it's almost inevitable we lose sight of the other person.

Turn the other cheek

"You have heard that it was said, 'Eye for eye, and tooth for tooth.' But I tell you, Do not resist an evil person. If someone strikes you on the right cheek, turn to him the other also. And if someone wants to sue you and take your tunic, let him have your cloak as well. If someone forces you to go one mile, go with him two miles." [Matthew 5:39]

This must be one of Jesus' most well-known and least-obeyed teachings. That's unsurprising since it's so unnatural. He wants us to accept damage for his sake.

Breaking off an unproductive or hostile exchange definitely falls into this category. Without the last word, you may look a fool, or feel like one. Accusations may lie unrefuted. We have to be confident in ourselves and especially in God:

Do not take revenge, my friends, but leave room for God's wrath, for it is written: "It is mine to avenge; I will repay," says the Lord. On the contrary:
   "If your enemy is hungry, feed him;
      if he is thirsty, give him something to drink.
   In doing this, you will heap burning coals on his head."
Do not be overcome by evil, but overcome evil with good. [Romans 12:19]

Another aspect of this is being willing to admit fault. Saying "I was wrong, I'm sorry" can be painful, but we should not be reluctant to accept this pain. It should be unconditional; all too often one hears (or says) weaselly apologies like "I'm sorry if you were offended" or "I'm sorry if I was wrong". We always think that we'll look bad if we're not defensive; we should be willing to set that pride aside, but in fact unconditionally admitting fault is rare enough that it often impresses people.

When we stop being defensive we lose the need for rationalization, which is another sin that seems to thrive on the Internet:

"I think we should do it my way because it will be faster."

"It won't be faster because of reasons XYZ."

"OK, I think we should do it my way because ... hmm ... it will be easier!"

Lust

"You have heard that it was said, 'Do not commit adultery.' But I tell you that anyone who looks at a woman lustfully has already committed adultery with her in his heart." [Matthew 5:27-28]

There's a lot of porn out there. Technical blocking measures are never going to be very effective. It's mostly up to our own self-discipline, but there are a few useful tricks, like keeping computers in public places. One thing I've learned is to watch out for familiar mind games, like "Hmm, I wonder what this site www.xxx.com is about, I'd better click on the link to find out." It's like I'm trying to fool God (or myself) with excuses that are ... less than convincing.

The Internet can expose us to other potential mental addictions, like gambling or compulsive game playing. In the future, self-discipline and accountability are going to be more important than ever before.

Perspective

We need to remember that the Internet is less than real life. God cares about real people, not virtual people; only real people have an eternal destiny. The Internet can be very useful, but it is just a tool, and should be used to enhance real life and our relationships with real people, not supplant them. When we're pouring a lot of time into repetitive online activities that don't pay off in the real world, we're probably in trouble.

It's important not to let face-to-face people skills atrophy, especially for nerd types like me.

Conclusions

The (pseudo-)anonymity of the Internet messes with our inhibitions against sin. In face-to-face interactions we cover feelings of anger or lust with learned politeness, but on the Internet we often drop that mask. I think then we reveal ourselves more as we really are, deep down --- nastier than we care to imagine. (A true saint wouldn't need to be polite.) This behaviour can hurt others and ourselves, but ironically I think it can also be a great help: it shows us our true fallen state, and hence our need for forgiveness and redemption --- and Jesus who brings them.