Archiv für den Monat: Januar 2016

Firefox Sync 1.5: Added complexity without merit

Hello my reader(s),

For some time now I’m regularly checking the progress of the Firefox Docs about the new Sync 1.5, located at „Run your Sync-1.5 Server“ and „Run your own Firefox Account Server“.

The Sync Server setup is quite easy, it’s the Accounts server where it get’s difficult especially because the Docs are bad and haven’t progressed for a long time.

I’m starting to ask myself „why are you still using Firefox?“, because on the performance side Firefox did not progress, my impression is quite the opposite, my experience got worth.

So what has been my reason to use Firefox?

Quite right, it was the Sync 1.1 feature that allowed me to sync my settings over all my devices using a self hosted service. When Mozilla anounced to introduce a new system I thought that as long as I’m still able to self host and the new system brings in more flexibility no reason to not use it.

So I headed over to the Docs and started setting up a self hosted server. As long as I was dealing with only the Sync server, no problems. But I’m not willing to use the Mozilla Accounts server, I want to use a completly self hosted service. So I read the Accounts server Docs to find out that it is based on the brand new kid on the block nodejs.


Yes so now you have to run not only a python service but another couple of nodejs services which all interact somehow and of course depending on your base OS, you’ll have to introduce some extra repos to fullfill the npm dependencies. I know that one should always use the best tool for the job and many projects use more then just one language. But why on earth has Mozilla made such a mess out of it’s once perfect feature?

The latest maybe promising setup docs can be found at FXA-Self-Hosting using docker images to offer the needed services.

The result will be 9, yes say it again 9 docker images running services that all interact and of course the HTTP ports need to be free on the host so that the nginx docker image can take the ports. Does that sound like a security improvement to the old Sync protocol?

Not in my view. I believe security is strongly related to using the KISS principle. Just the fact that I’ve 9 services running and no good Docs how the whole stack interacts is a recipe to building something inherently unsecure.

I’ll start playing around with the docker setup, maybe I’ll get some more insights how the whole stack is working, but I’m totally unsatisfied with the Mozilla performance, not being able to work on the Docs for more then 2 years.

So why on earth do more and more organisations leave the RFC way of creating a Spec ( produce code that does the job and progress with it ) and use a more enterprise style approach that has brought us already some nice beasts like the OpenXML Spec or  Oauth 2.0?

My explanation is quite simple: „If Oracle, SAP and  Citrix can do it and earn big money, we should follow“ :-).

Just create a product with that much complexity that nobody will be able to handle it, and of course make sure that the official admin docs aren’t worth the papper printed on and you’ve created a „opportunity“ for big bucks.

Has anybody already tried setting up Citrix or Oracle with the official Docs?

It’s a journey that will lead to frustration, so you think okay let’s get some proffessional help. You’ll be realizing that professional help is about earning money, not setting up a solution most of the time. The big bucks are only for one reason, to save the managers job as he can point to someone for the failure: „I’ve decided to use the leader in that domain, that decision can’t be wrong“.

Okay I’ll stop here cause I wanted to document my progress with Firefox Sync 1.5 and have to realize that I’m more and more into a rant.