Linux.conf.au 2017 – Wednesday Keynote – Dan Callahan

Designing for failure: On the decommissioning of Persona

  • Worked for Mozilla on Persona
  • Persona did authentication on the web
    • You would go to a website
    • Type in your email address
    • Redirects via login page by your email provider
    • You login and redirect back
  • Started centralised, designed to be uncentralised as it is taken up
  • Some sites were only offering login via social media
    • Some didn’t offer traditional logins for emails or local usernames
    • Imposes 3rd party between you and your user.
    • Those 3rd parties have their own rules, eg real name requirements
  • Persona Failed
    • Traditional logins now more common
  • Cave Diving
    • Equipment and procedures designed to let you still survive if something fails
    • Training review deaths and determines how can be prevented
    • “5 rules of accident analysis” for cave diving
  • Three weeks ago switched off Persona
    • Encourage others to share mistakes

 

  • Just having a free license is not enough to succeed
  • Had a built in centralisation point
    • Protocol designed so browser could eventually natively implement but initially login.persona.com was using it.
    • Relay between provider and website went via Mozilla until browser natively implemented
    • No ability to fork the project
  • Bits rot more quickly online
    • Stuff that is online must be continually maintain (especially security)
    • Need a way to have software maintained without experts
  • Complexity Limits agency
    • Limits who can run project at all
    • Lots of work for those people who can run it
  • A free license don’t further my feeedom if we can’t run the software

 

  • Prolong Your Project’s Life
  • Bad ideas
    • We used popups and people reflexively closed them
    • API wasn’t great
  • Didn’t measure the right thing
    • Is persona product or infrastructure?
    • Treated like a product, not a good fit
  • Explicitly define and communicate your scope
    • “Solves authentication” or “Authenticate email addresses”
    • Broke some sites
    • Got used by FireFoxOS which was not a good fit
  • Ruthlessly oppose complexity
    • Tried to do too much mean’t it was overly complex
    • Complex hard to maintain and review and grow
    • Hard for newbies to join
    • If it is complex then it is hard to even test that is is working as expected
    • Focus and simplify
    • Almost no outside contributors, especially bad when mozilla dropped it.

 

  • Plan for Your Projects Failure
  • “Sometimes that [bus failure] is just a commuter bus that picks up that person and takes them to another job”
  • If you know you are dead say it
    • 3 years after we pulled people off project till officially killed
    • Might work for local software but services cost money to run
    • Sooner you admit you are dead the sooner people can plan to your departure
  • Ensure your users can recover without your involvement
    • Hard to do when you think your project is going to save the world
    • Example firefox sync has a copy of the data locally so even if it dies user will survive
  • Use standard data formats
    • eg OPML for RSS providers
  • Minimise the harm caused when your project goes away