Intent to Implement System Add-on: SHIELD/Normandy

Michael Kelly mkelly at mozilla.com
Wed Oct 12 17:26:47 UTC 2016 

Updates!

1. The patch for landing the SHIELD add-on is in and under review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1308656

   A thousand thanks to rhelmer and Gijs for their willingness to handle
the review. :D

2. Given that we only have a few weeks left in the current train cycle,
I've decided that we're not going to ask for uplift to Aurora and will
target 52 instead of 51. This is going to delay some studies and
initiatives that are relying on SHIELD, but it's not reasonable to stick
to that timeline given the risks.

3. RE: Handling errors around the clock, after discussing it we've come
up with an idea for a shutoff valve that the MOC can use to disable
SHIELD recipes when we get reports of major issues caused by SHIELD with
no-one around to fix it. I'll be filing a bug to start working with the
MOC on a runbook and criteria, as well as filing an issue for the
feature itself.

4. RE: L10n, I still need to get in touch with the l10n group to talk
about how to handle the l10n needs for SHIELD in the long term.

Let me know if you have any questions!
- Mike Kelly

On 9/26/16 1:44 PM, Michael Kelly wrote:
> Hi!
> 
> This is a notice of our intent to implement a system add-on to handle
> the client-side logic for SHIELD. And by intent, I mean our team[1] has
> been working on it since before the Intent to Implement email was part
> of the Go Faster release process. Surprise! :P
> 
> (FYI SHIELD is the initiative, Normandy is the codename used on Github
> for the service, add-on, etc. that support the initiative)
> 
> Reference links
> ---------------
> Tracking bug[2]: https://bugzilla.mozilla.org/show_bug.cgi?id=1275996
> Wiki: https://wiki.mozilla.org/Firefox/SHIELD
> Add-on Repo: https://github.com/mozilla/normandy-addon/
> 
> Add-on Overview
> ---------------
> SHIELD is a product delivery system that we use for things that require
> customizable behavior with a very short update cycle. We currently use
> it for gathering feedback and sentiment from users via Heartbeat
> surveys, as well as for enrolling users in feature experiments via
> SHIELD Studies.
> 
> Right now we do this using the hidden self-repair iframe that loads
> self-repair.mozilla.org on Firefox start-up. The self-repair page
> fetches "recipes" from the service, which have a set of filters for
> targeting types of users, JavaScript that implements their behavior, and
> configuration that is passed to the JavaScript when it is executed.
> These recipes are then filtered and executed within the iframe.
> 
> The Normandy system add-on will replace (and disable) this iframe, and
> instead directly fetch the recipes and execute them in a JS sandbox.
> With the system add-on, we will be able to add new functionality for
> recipes instead of being limited by the iframe, and will also be able to
> target recipes based on more information, such as the data in Telemetry.
> 
> We've worked with the Services Ops security team and the Platform
> security team to ensure that the downloading and execution of recipes is
> as safe as possible. Recipes are signed using autograph[3] to prevent
> tampering, and the sandbox implementation has been preliminarily reviewed.
> 
> Timeline
> --------
> We're very close to finishing implementation, and expect to have the
> code ready for review within a week or so. We are working with QA to
> come up with a test plan and timeline for testing.
> 
> Our current plan is to get merged into mozilla-central and get uplifted
> to 51.0/Aurora shortly after, as the Strategy and Insights team doesn't
> really have any specific surveys or studies they'd like to run on
> Nightly that we can use for testing.
> 
> ---
> 
> Let me know if you have any questions. Mythmon is the lead developer on
> the add-on and can also answer questions.
> 
> Thanks!
> - Mike Kelly
> 
> [1] Michael Cooper (Mythmon), Brittany Storoz, Rehan Dalal, and Benton
> Case, AKA Run the Tools, working on web-based tools that support Firefox.
> 
> [2] Those dates in the first comment? Way off. We shifted priorities for
> a bit to focus on the service.
> 
> [3] https://github.com/mozilla-services/autograph
>

More information about the firefox-dev mailing list