[Go Faster] Intent to Implement System Add-on: SHIELD/Normandy

Michael Kelly mkelly at mozilla.com
Mon Sep 26 20:44:34 UTC 2016


Hi!

This is a notice of our intent to implement a system add-on to handle
the client-side logic for SHIELD. And by intent, I mean our team[1] has
been working on it since before the Intent to Implement email was part
of the Go Faster release process. Surprise! :P

(FYI SHIELD is the initiative, Normandy is the codename used on Github
for the service, add-on, etc. that support the initiative)

Reference links
---------------
Tracking bug[2]: https://bugzilla.mozilla.org/show_bug.cgi?id=1275996
Wiki: https://wiki.mozilla.org/Firefox/SHIELD
Add-on Repo: https://github.com/mozilla/normandy-addon/

Add-on Overview
---------------
SHIELD is a product delivery system that we use for things that require
customizable behavior with a very short update cycle. We currently use
it for gathering feedback and sentiment from users via Heartbeat
surveys, as well as for enrolling users in feature experiments via
SHIELD Studies.

Right now we do this using the hidden self-repair iframe that loads
self-repair.mozilla.org on Firefox start-up. The self-repair page
fetches "recipes" from the service, which have a set of filters for
targeting types of users, JavaScript that implements their behavior, and
configuration that is passed to the JavaScript when it is executed.
These recipes are then filtered and executed within the iframe.

The Normandy system add-on will replace (and disable) this iframe, and
instead directly fetch the recipes and execute them in a JS sandbox.
With the system add-on, we will be able to add new functionality for
recipes instead of being limited by the iframe, and will also be able to
target recipes based on more information, such as the data in Telemetry.

We've worked with the Services Ops security team and the Platform
security team to ensure that the downloading and execution of recipes is
as safe as possible. Recipes are signed using autograph[3] to prevent
tampering, and the sandbox implementation has been preliminarily reviewed.

Timeline
--------
We're very close to finishing implementation, and expect to have the
code ready for review within a week or so. We are working with QA to
come up with a test plan and timeline for testing.

Our current plan is to get merged into mozilla-central and get uplifted
to 51.0/Aurora shortly after, as the Strategy and Insights team doesn't
really have any specific surveys or studies they'd like to run on
Nightly that we can use for testing.

---

Let me know if you have any questions. Mythmon is the lead developer on
the add-on and can also answer questions.

Thanks!
- Mike Kelly

[1] Michael Cooper (Mythmon), Brittany Storoz, Rehan Dalal, and Benton
Case, AKA Run the Tools, working on web-based tools that support Firefox.

[2] Those dates in the first comment? Way off. We shifted priorities for
a bit to focus on the service.

[3] https://github.com/mozilla-services/autograph


More information about the Gofaster mailing list