Moves In Computer Science Education

Apparently there is a push in the UK to replace teaching of business software in schools (what one might refer to as "IT education") with teaching of programming (which I might refer to as "CS education"). That would be a very good move.

No doubt I'll be preaching to the choir on this blog, but "IT education" teaches kids boring, low-grade skills and prepares them to work as office drones. It does nothing to prepare them to work on interesting high-value high-tech projects. In fact it very likely damages the high-tech economy, by teaching bright kids to avoid computer-oriented skills and jobs at all costs. It would be much better for schools to avoid computers altogether than "teach" Word, Excel and Powerpoint.

For what it's worth, in my house our kids spend almost no time on the computer(s). I am very happy about that. I assume that they'll dive into it as teenagers, and I hope being cognitively much better equipped they won't develop a habit of just consuming content, but instead will be more likely to learn to master the theory and practice of the machine.

Politics

A New Zealand election is coming up and I'm struggling to figure out who to vote for.

I live in the Epsom electorate, where National is trying to leverage our MMP system by encouraging people to vote for the righter-wing ACT candidate instead of their own. (Someone put up a billboard for the National candidate and his own team took it down!) If the ACT candidate is elected, ACT will get Parliamentary representation proportional to their party vote even if their party vote is under the normal 5% threshold. Those ACT MPs will have to ally with National, boosting National's chances of forming a government. Although I like the MMP system in general, I dislike this kind of gamesmanship so I'll try to make it fail by tactically voting for the National candidate. Current polls suggest this is going to work.

Having become politically aware during the Muldoon years under the first-past-the-post system, in elections where National got the majority of seats with a smaller popular vote than Labour, I have no desire to return to that system. I also think that the influence of third parties has mostly been beneficial under MMP. The alternative proportional systems on offer are not clearly better than MMP IMHO. So I'll vote to keep MMP.

My difficulty is in assigning my party vote, which is what really matters. Generally I think private enterprise works better than central planning, incentives work better than handouts, and it's better for people to take responsibility for themselves than look to governments to solve their problems. So I'd veer right, but right-wing politics tends to attract people who for selfish reasons promote --- or at least do not resist --- social injustice and unbridled corporate power. So ... hmm.

I tend to think that when policy differences are relatively small, as they tend to be in New Zealand, efficiency and sensible decision-making trump policy details. So give me capable, results-oriented government that's willing to choose the approach that works best regardless of whether it fits some preconceived ideology.

In this particular election I like some policies from both major parties, and dislike others. I particularly dislike Labour's promise to repeal the 90-day trial period for new employees --- that helps Mozilla to hire people we otherwise couldn't. On the other hand, I like Labour's plans to raise the retirement age and introduce a capital gains tax. What do do...

Unfortunately this post hasn't helped me make up my mind. It was worth a try!

ITEX And TVNZ

Tomorrow I'll be speaking at ITEX, giving a similar talk to my one at Web Directions South about the current challenges to the open Web. I'll need to update it a bit to cover the recent Flash announcement, but the message is unchanged: the world of open Web standards has overcome some challenges (the threat of plugins, browser stagnation) and is evolving rapidly in terms of functionality and reach, but faces even greater challenges: proprietary mobile platforms, and platforms that are based on Web technology but find other ways to lock users in (e.g. browser-specific apps and app stores as found in Chrome and Windows 8).

Also, I'm going to TVNZ early tomorrow morning for a short interview on their Business Breakfast show, talking about some of that. It should screen around 6:05am so even if I have a Rick Perry moment I expect only a dozen people or so will be watching.

Latency Of HTML5 <audio> Sounds

One of the common complaints about APIs for Web gaming is that there's no standard API to just play sounds in response to game events with low latency.

However, the <audio> element API is perfectly adequate for this. Use <audio src="shot.wav" id="shot" preload> and every time you want to play the sound, use document.getElementById("shot").cloneNode(true).play(). The HTML5 spec says that the browser can use the same resource data for the clone as for the original element (no HTML request should ever be needed). The cloned node is not in the document and has no event handlers so most of the overhead of media elements can be optimized away. If there are latency issues, then they are simply browser implementation issues that we should fix. New API is not needed here, and it hardly ever makes sense to respond to browsers poorly implementing one API by asking them to implement another one.

I believe people who say these <audio> implementation issues exist. Unfortunately, in our limited testing the latency of cloning and playing an <audio> element is pretty good in Firefox and Chrome on Window. So from people encountering problems in this area, we really need actionable bugs with testcases to be filed against the offending browsers. Please!!!

Freedom Never Gets Old

A venturebeat.com article about mobile and Web apps says

But he [Jay Sullivan] doesn’t resort to the familiar (and tired) ideologies about freedom from corporate technological tyranny that figure large in Mozilla’s current ad campaign. Rather, he gets downright practical.

I assume "tired" is the reporter's spin, not Jay's. The pejorative use of "ideologies" is gratuitous; a better word is "principles".

The struggle to keep the Web open has been going on a while now and isn't going to end. I'm not surprised if people are getting bored by it. But we can't afford to weary of it. Vendors never get tired of binding developers and customers into their proprietary stacks.

Computerworld Interview

A couple of weeks ago I spoke to a Computerworld journalist on the phone. The resulting articles have now been published.

These articles are pretty faithful to what I said. Great!

HTML Video DRM

Based on the recent Adobe and Microsoft announcements, I expect most Flash and Silverlight Web developers are now thinking about how they'll move to Web standards. This is a good thing, but there are still features in those plugins that are missing from Web standards. One big feature is DRM for video. The problem is that some big content providers insist on onerous DRM that necessarily violates some of our open Web principles (such as Web content being equally usable on any platform, based on royalty-free standards, and those standards being implementable in free software).

We will probably get into a situation where Web video distributors will be desperate for an in-browser strong DRM solution ASAP, and most browser vendors (who don't care all that much about those principles) will step up to give them whatever they want, leaving Mozilla in another difficult position. I wish I could see a reasonable solution, but right now I can't. It seems even harder than the codec problem.

I am curious about what IE10 will do in this area. If Windows 8 Metro IE10 doesn't support Flash or Silverlight (as Microsoft says), and they don't support a strong DRM solution (and I haven't heard they will, yet), how will distributors of expensive HD content satisfy their DRM requirements and play back in Windows 8 Metro IE10?

The End Of Plugins

If you haven't already heard, Adobe is going to stop Flash development for mobile browsers, which given the rising importance of mobile means they're effectively giving up on Flash on the Web altogether. Now there are strong noises that Microsoft is going to stop Silverlight development. This comes on top of Windows 8 Metro mode not supporting plugins (which of course follows Apple's early lead in iOS). This is huge! It means that browser plugins are going to go away. Oracle hasn't said anything yet, but there's no way browser vendors are going to carry NPAPI support forever, or add any new NPAPI features now, just to run Java and some other relatively little-used plugins. (This is not official Mozilla policy, mind you, just my prediction.)

What does this mean to Mozilla? It means we need to stop investing in new features for better integration with NPAPI plugins. Our investment in NPAPI support should focus solely on improving the user experience for consumers of existing plugin content, but limited by the knowledge that the consumption of such content --- and production of new content --- will decline dramatically over time. There's still probably quite a few things we should do there. Eventually we'll be able to disable plugins and rip out a lot of code.

What does this mean for the Web? This is a big victory for open Web standards. Two powerful proprietary competitors have been defeated. Sooner or later we'll be able to stop taking plugins into account when we design new features (e.g. our full-screen support has to consider how plugins work in a full-screen document).

Hooray!

Drawing DOM Content To Canvas

I see that one feature Web developers are asking for is the ability to draw DOM objects to an HTML canvas. I've got good news and bad news about that. The bad news is that such a feature has to be designed very carefully or it's a security risk. The good news is that this feature already exists in Web standards, and it works in Firefox and Chrome (at least)!

Here's a demo of rendering HTML elements into a canvas. The trick is to create an SVG image containing the content you want to render, in this case a <foreignObject> containing HTML, and draw that image to the canvas. Constructing the SVG image as a data: URI lets you compose the content dynamically without requiring an external resource load. There is nothing tricky going on here; this feature works exactly as it should according to the specs.

The resulting canvas should even be "origin-clean" so the toDataURL() method works on it. Currently that isn't true in Firefox or Chrome. In Firefox, that's because of bug 672013; we clear the origin-clean flag whenever we draw an SVG image to a canvas. We'll fix that shortly. The problem with Chrome is a general Webkit bug that documents loaded from data: URIs are considered to have a different origin from the containing document, contrary to the spec.

One obvious question is how this feature can be secure, in light of the concerns I raised above. We're relying on the fact that our implementation of SVG images is very restrictive. For example, we do not allow an SVG image to load any external resource, even one that appears to be from the same domain. Resources such as JPEGs or IFRAMEs in an SVG image have to be included as data: URIs so they're inline in the image. Scripting in an SVG image is not allowed, there is no way to access the DOM of an SVG image from other scripts, and DOM elements in SVG images cannot receive input events. Thus there is no way to load privileged information into a form control (such as a full path in a <input type="file">) and render it. We don't apply visited-link styles in SVG images, and we don't render native themes in SVG images. Some of those limitations probably make this technique unusable for some use-cases, especially the restriction that script can't directly touch DOM nodes that get rendered to the canvas --- but that restriction is important for security.

Another limitation that's a bit annoying is that you have to use XML/XHTML syntax for the SVG image. It would be nice if you could use HTML syntax for the HTML content at least. Maybe it would be worth defining an "HTML image format" (image/html?) that uses the HTML5 parser to parse the image contents. Another issue is having to wait for the onload event to fire, drawing asynchronously. It might make sense to add a convenience API like "drawHTML(string, x, y, w, h)" which behaves like drawing an SVG image containing <foreignObject> (so doesn't introduce any new security concerns) but uses the HTML5 parser and is much more convenient. On the other hand, it might be better for developers to experiment with the existing solution and use that experience when designing a better API.

Fun Things To Do In Auckland

Last weekend we went to Tree Adventures out in Woodhill Forest and had a great time. I have a considerable fear of heights and still had a great time. This would be a great outdoor activity for anyone over the age of six or seven. I'm already looking forward to going back.

Tonight is Guy Fawke's Day. It's the first fine November 5 for a few years so we did what I've always wanted to do: walk up Mt Eden and watch fireworks from there. I was a bit worried there might be crazy drunk people letting off fireworks, but that wasn't a problem. The only problem was that it was a bit cold (just dress warmly). Other than that it was fantastic. You can see people's fireworks in their back yards all over Auckland, it's quite magical. The nearest major fireworks show tonight was in Waitakere, and although distant it was very clearly visible from Mt Eden and lovely to watch. There were probably two or three hundred people up there --- not too crowded, and almost all very well behaved. There were a few people letting off their own fireworks, and one guy lost control of one in the carpark, but it wasn't a big deal. Probably any of Auckland's volcanic cones would give a good experience --- highly recommended.

Public Service Reminder For GMail Users

I was just reading the account of yet another victim of identity theft, whose GMail account was broken into. It's tragic, and preventable. If you have a smartphone, you really ought to set up GMail's two-factor authentication right now. It works very well for me.

Update And encourage your GMail-using friends to do the same!