Presenting in different languages, places

tl;dr: Speaking in public can be daunting for most people. In this post, I will share some tips on how to give effective presentations/speeches in various languages around the world.

Anyone who has delivered a public presentation will know that it can be a nerve-wracking experience. It requires content knowledge, audience understanding, and above all, confidence to convey your message effectively. These can be gained via practice, and lots and lots of it.

I have been very lucky to have had many chances to give talks these past 10 years, so I would like to share some insights with you, as to how I do it.

Examples: (links to external sites where available)

  • Open source development (Mozilla/Firefox):
    • University (NUS) classrooms (2008-2011)
    • Open source meetups, Seoul (2012)
      • In South Korea (English with an interpreter to Korean)
    • HKOSCON (20162017), open source meetups (2013, 2014 [via here], 2017)
      • In Hong Kong (English or Cantonese)
    • JavaScript work week, Toronto (2014)
      • In Canada (English)
    • Open source meetups, Tokyo (2015)
      • In Japan (English with an interpreter to Japanese)
    • COSCUP (Unconference 2016, 2017) Taipei, open source meetups
      • In Taiwan (Mandarin)
  • Recently, Eastern/Western cultural differences at various conferences:
    • HKOSCON 2017 in Hong Kong (English)
    • COSCUP 2017 in Taipei (Mandarin)
    • SITCON 2017 in Hong Kong (Cantonese)

(You can view some of the videos below)

It is clear that I steer towards speaking in Asia, and that is precisely my motive. I use the knowledge that I have gained in the Western world (North America, with a little bit of Western Europe) and attempt to help bridge the Eastern/Western gap. Generally, I find that the Eastern world (northeast Asia, some southeast Asia) seems much more enthusiastic to know more about the Western side, rather than the other way around.

Here’s what I would like to share not just on how to deliver a talk, but also how to deliver an effective one:

  • Understand yourself first
    • Gain domain knowledge. Not knowing the content of your talk inside-out will usually contribute to a nervous experience and impact confidence
      • Before some of my Asian conference talks, I had also attended some in Europe and North America to have a feel on what it’s like on the “other” side
    • Don’t be afraid of making mistakes. If you are not a seasoned presentation speaker, you will inevitably stumble on some phrase that you should not have spoke about, or some topic that not all in the audience can comprehend
      • A student once commented, because most of them (students) did not have the chance to go overseas before, most of what I say would just be a “story”, they do not necessarily “feel” the impact
  • Language fluency
    • It helps a huge amount to be able to speak your audience’s native language fluently. No, I do not just mean speaking the standard form well, but to be able to spike your talk with interesting anecdotes, you must first understand their local cultural insights, which requires time to get used to.
      • i.e. tidbits between Canada & US will generally only work with North American audiences, Belgium/Netherlands generally European, Taiwanese cities (Taipei/Tainan/Kaohsiung) generally Taiwan-only
    • When one is multilingual, an average person must understand that it can be difficult (but not impossible) to attain perfect 100% fluency in each language, up to the level of local great speech talkers. Find some local examples that suit your style, i.e. I try to adopt a style that combines attributes of comedy, humour, personal experiences, etc, yet with a desire to push a message across.
    • You may find that certain (usually slang) phrases that are standard form in one part of the world can be highly offensive in another
      • I won’t list examples here, though
      • As a foreigner, you might or might not get a free pass. Make sure you ask someone trusted, why people seem to be laughing at a phrase you said that was not intended to be a joke
  • Local geography/customs
    • As an example, folks in US tend to mostly be monolingual, with the exception of folks who have friends or relatives from a foreign culture, or grew up among foreign immigrants, or people who study languages for fun, or for academic or other reasons.
      • No matter how hard you try, if someone has never tried speaking another language, they will rarely be able to understand how hard it can be. Folks for whom English is not their first language, will understand how difficult English can be
      • I’ve had some tell me they know everything about a particular language/culture just by virtue of having some parts of the family from those places, but they live across the world and have never flown across the oceans.
        • Honestly, I beg to differ. Even if I have been exposed to the culture overseas and speak the language fluently, whenever I head across the world to Hong Kong/Taiwan/Korea/Singapore, there are still many new phrases I have yet to learn, or some actions I am used to that can be awkward in those places. (e.g. giving hugs to friends of the opposite gender)
        • It is always good to learn from others
    • On the other hand, folks from US/North America/Western Europe are very much more direct than their Asian peers. If there is something going wrong, or a niggling question on their minds, they will usually never hesitate to point it out, or even just to ask a question in the middle of a lecture.
      • In Asia, people usually keep quiet when the presenter asks “Any questions?”. You often see a long queue of people asking questions after that though
        • Nobody wants to sound stupid if their question turns out to be a dumb one
        • Nobody wants to sound like a know-it-all if their question turns out to be a good one
        • Nobody wants to waste others’ time
      • The desire for conformity (groupthink) is intensely strong in Asian cultures which contrasts with individualism in Western ones
        • If things are going wrong in a company, people who are used to a Western culture are more likely to point them out sooner than those from a Eastern one. In the latter, folks do not want to be seen as “rocking the boat”, no matter whether it is sailing smoothly or about to sink
        • On the other hand, it can be difficult to make many differing opinions in a Western world agree to a compromise, whereas in the Eastern context, people agree on things usually in a hierarchical manner. Deciding on where to go to a meal together as a large group can occasionally get tricky in the former
      • People in parts of Asia are very polite (e.g. Japan), so if you inadvertently say something that is a local joke, they will just laugh behind your back, unlike Western folks generally, who might laugh right in front of you
      • Thus, Asian audiences may need more encouragement when waiting for questions. The period of time that I spend waiting after asking “Any questions?” can be arguably longer in some places than others
    • Local sensitivities
      • Don’t speak in Mandarin in Hong Kong if you know how to speak Cantonese (both with the same level of fluency and confidence)
      • Try not to unnecessarily stir up rivalries between territories unless you absolutely know what you are doing (China/Taiwan, China/Hong Kong, China/Japan, Belgium/Netherlands, US/Russia)
    • I’ve found that I cannot merely translate cultural references into another language or bring them across oceans. Examples:
      • Taipei (台北, in the north of Taiwan) folks might make fun of some of the perceptions of folks from Taichung (台中, central)/Tainan/Kaohsiung (台南/高雄 in the south), and vice versa
      • Likewise in US, in social conversations, the plural of “you” on the west coast is “you”, in Texas it’s probably “y’all”, and there are other variants in the east coast and maybe even Pittsburgh
      • Or in Canada, where the word “about” can have a different pronunciation than in the US in general
      • However, nobody in Sheung Shui (上水 in north Hong Kong/NT) will laugh at the Cantonese phrases used exclusively by people in Wong Chuk Hang (黄竹坑 in southern part of Hong Kong island) – there isn’t any difference in Cantonese because Hong Kong is smaller
        • Perhaps these folks might differ in English capabilities, but I digress
      • Likewise nobody in the east of Singapore (Tampines/Changi) will laugh at the Singaporean English (Singlish) used in the west (Jurong) or north (Woodlands) – there just isn’t any difference as Singapore is a small country
  • Appearance
    • If people don’t know you well, they are superficial and will judge you by your appearance or title
      • Of course, one’s hairstyle/dress style should not determine the content of the talk
      • And of course, one’s skin colour should not guarantee audience attention
      • If you’re listed as a “Doctor”, i.e. have a PhD, people are way more inclined to listen to what you have to say
        • Likewise if you are the head of a business or are a celebrity
      • Unfortunately, these might be what people in general, first look out for
    • Asian audiences may be more interested in a Western-looking/-sounding speaker
      • There is a tendency to worship anything/anybody foreign (崇洋)
        • Possible left-over remnants of colonialist influence
      • They are even more impressed when the foreigner speaks their native language fluently
        • So are Europeans (UK folks probably excluded)
        • In US and UK, very few people are often impressed when a foreigner speaks English on a level close to that of a native speaker
          • People always assume you speak English by default in those places
          • Thus, when someone does not understand English well, some folks try to speak slower and louder.
            • (A slower speed probably helps, but I’m not sure about increased loudness)
    • Westerners in Asia, on the other hand, almost always get charged “tourist prices”, automatic markups on costs of goods that the locals get
      • No matter how long they have been in that country, even decades
      • It can be difficult for them to fully assimilate
      • Likewise, it can be tough for them to learn local slang/creole language, e.g. Singlish – when Singaporeans have a foreigner in their group, they “automatically” switch to proper English. When he/she leaves, they context-switch back to Singlish.
  • Delivery method
    • Again, find a delivery style that suits you. Do you want to be stern or serious? Comical, able to solicit laughter yet still able to get your point across? Monotonous but concise?
      • Practice often, try different styles, and you will know which style you want to adopt
    • Presentation slides – to use or not to use?
      • Slides are very common. I’ve seen examples where they are concise (few words), lengthy (too wordy), full of pictures, comical. Adopt a style which suits you, but I’d say that having a wordy slide will result in audience attention being diverted to that of “reading the slide” instead of “listening to you”
      • Without slides, it is much more daunting and difficult. It is a little like giving a political speech, or stand-up comedy. The audience focuses on you. This is still something I’m trying to get used to, but it seems that:
        • Have some points written down or on a prompter/phone
          • You won’t have time reading entirely off it, your eyes should be focused on different parts of the audience alternately
            • A school teacher of mine used to advise staring at the clock “or an imaginary one” at the top of a lecture theatre if your nerves get in the way
        • Audience attention is entirely on you. They will be focused on your every word, every bit of silence. Thus, the pace of your speech should be suited to their level of listening speed
          • I find myself speaking English faster to Western (US/UK) folks than to people whose English is not their first language
  • And some other pointers…
    • Body/hand movements
      • Some of us, when we get nervous, we have little body motions that repeat, i.e. shifting weights constantly, or some of us don’t, i.e. stay completely motionless (except the mouth).
        • Know what you yourself are prone to doing under pressure (e.g. fidgeting), and try to avoid it on the spot. Again, knowing your content will immensely help your confidence which should minimise these movements.
      • There are times where suitable hand/body motions are necessary to convey your message, though these depend on whether you are stationary (i.e. at a podium) or whether you can walk around on a stage, with a microphone. Unfortunately, I don’t have much to advise on how to learn when to use what motions, yet.
    • Personal experiences
      • I’ve found personal anecdotes to be really useful. The audience treats anecdotes as something unique and authentic to you as a speaker. Ultimately, this something that AI cannot easily replicate yet, so if robots start teaching classes in the future, human teachers will likely still be around
    • Put yourself in the context of the audience
      • Praise their questions (no question is a bad question!), even if they sound too simple or dumb. Understand that it takes courage to ask questions in public for people who are not speaking up in their native language, or even just for people who are shy speaking up in general
    • The audience is a “mirror” for you, i.e. they can be an instant reflection of your engagement rating
      • If some are yawning/poking at a computer or phone, your topic might just be too boring, so move on! Or you might want to try another delivery style if you so desire
        • Or they just might be tired/running out of time/sitting in for the air-conditioning, so there’s nothing you can do about it
    • Wrap it up!
      • Think about your audience’s perspective as you wrap up your talk. Most of them will ask in their minds, “What’s in it for me as a _____?”
        • If it is a conference for students, then wrap up your talk explaining how this can help them in their school presentation, interviews, or even interaction with their foreign classmates
        • If it is a conference targeted at general software engineers, you could talk about how they can leverage your knowledge in their work or projects/hobbies, or open source
    • Feedback
      • I listen to recordings of myself speaking. Even as I cringe at the sound of my voice, when I realise I sound draggy on certain topics, I try to note when audiences laugh at certain successful topic deliveries, and use them again
      • Don’t be discouraged by people around you who tease. These people most likely have never given public talks, much less in multiple languages
        • They don’t know how daunting or uncomfortable it can be
        • They are likely to make up some reason for them not to do it. “Not for me/Not my cup of tea”

How about you? Do you have anything you would like to share?

Note: A big thank you to those who have supported the open source community and my interactions with them, especially Mozilla.

Note 2: Unfortunately, I don’t have much experience in South Asia (India)/Central Asia/Eastern Europe/Russia/Middle East/Africa/South America/Oceania/Antarctica, so I can’t speak for those places. It’ll be great to visit, though!

Note 3: This which started as an inside joke, I am actually thinking about whether I will eventually have enough content here to give a talk on a 3rd topic: “How to deliver an effective public speech, across languages and cultures”.

Note 4: While I’m always striving to improve, I also know that I may be not the best speaker of these topics. Please be understanding and let me know if there are parts that are just generally not good enough. English is not my first language, after all.

Note 5: You might have realised that I was trained in British English (hence the widespread use of “-ise” and “queue” vs “line”), but my speech/tone/choice of spoken words have started to shift to that of the American form. Ditto being trained in Simplified Chinese vs Traditional Chinese, which I can read.

Note 6: If you have read this far, you may have noticed that I have striven to be careful to avoid mentioning *all* people of a certain territory having a certain behaviour, but rather using words like “generally”, “might”, “probably”. Please feel free to mention if there are some pointers above that might be inaccurate.

Note 7: Don’t use it.

And on to the videos themselves:

HKOSCON 2017 – Eastern/Western cultural differences (English) Hong Kong

HKOSCON 2017 – JavaScript fuzzing in Mozilla, 2017 (English) Hong Kong

COSCUP 2017 – JavaScript Fuzzing in Mozilla, 2017 (Mandarin) Taipei, Taiwan

SITCON 2017 – Discussion on cultural differences between Easterners & Westerners (Cantonese) Hong Kong

HKOSCON 2016 – Fuzzing and Mozilla: 2015 (English) Hong Kong



Porting a legacy add-on to WebExtensions

tl;dr: Search Keys has been ported successfully and it is known as Add Search Number. Please try it! It works with Google, Yahoo (HK/TW/US), Bing, DuckDuckGo and even Wikipedia’s search page. Edit on 2017-11-02: These changes have been folded back into Search Keys.


Add Search Number Search Keys

I have been using the excellent Search Keys add-on (original page) for a long time. It allows one to “go to search results by pressing the number of the search”. However, it hasn’t been updated for the better half of a decade and most features (e.g. support for Yahoo! and Bing) had broken, except for the numbers for Google Search.

Edit: As per above, Jesse Ruderman has added me as an author for Search Keys. I updated it with these changes, and thus Add Search Number is now deprecated.

Recently, there has been a push to move to the WebExtensions API, especially since Firefox 57 will stop supporting legacy XUL add-ons. Hence, I set about a quest to see what it takes to port Search Keys away from XUL, and I kept the author updated throughout.


  • Using GitHub with Travis and ESLint integration was crucial for saving myself time avoiding silly syntax errors. I’m sure it could be done in your favourite online repository hosting alternative (Bitbucket/GitLab), etc.
  • Getting web-ext via npm also proved essential, along with WebExtension examples
  • You need to check if the old APIs have equivalents.
    • Search Keys was using nsIIOService which had no equivalent, but it was only used for ensure that a URL is indeed an URL, so I just did it another way (new URL = “<url>”). Thanks :MattN for the tip.
    • Another usage was for openUILinkIn, and there are similar-enough WebExtensions equivalents for this (tabs, windows).
    • (File a bug if an equivalent isn’t available, but first check for dupes)
  • Migrating an old project by another person is hard. I had to have several commits where I removed features, wither down the code to the bare minimum (my objective was just to add numbers for Google Search results), got it to work, tested, and then re-added support for Yahoo!, Bing, and even DuckDuckGo and Wikipedia.
  • Comments proved extremely helpful, in the absence of documentation.

I took about 2 days to port the add-on. Developing an add-on now has come a long way and is now much easier due to the presence of these tools (GitHub, devtools, etc.) as well as AMO being much improved ever since I started writing my first add-on (ViewAbout) almost a decade ago. Sadly, ViewAbout will unlikely be ported to WebExtensions, if ever. (Reasons are at that link)

This was tested on Firefox 55, exactly experiencing the difficulties that an add-on developer currently would face right now.

The only major caveat?

There were times when I set a breakpoint on a content script using Firefox’s Developer Tools (instantiated via web-ext). After I refresh the page, the extension would occasionally “disappear” from the devtools. I would then have to close Firefox, restart it via web-ext, re-set the breakpoint, then cross my fingers and hope that the devtools will stop at the required breakpoint.

In my experience, this has been straightforward, as the original add-on was fairly simple. I understand that for other complex add-ons, the porting process is much more complicated and take a much longer time.

What has your experience been like?

(Please note that this post does not discuss the pros and cons of whether Firefox 57 and later should use WebExtensions or not, hence cutting off legacy support, any comments on this will be removed.)

Protecting Mozilla Firefox users on the web

I have followed Pwn2Own ever since its inception in 2007. For those of you who do not know what Pwn2Own is, it is a competition in which hackers try to take advantage of software weaknesses in browsers (Internet Explorer, Firefox, Chrome, Safari etc.), put up specially crafted webpages and click on them to try and launch another application, usually calc.exe. They then gain a monetary reward in return. It usually happens on the sidelines of CanSecWest, a yearly security conference held in Vancouver.

During my university days in Singapore on the other side of the world, I always followed this competition with anticipation. I told myself, one day, just one day, I will be at the frontline helping to decipher the problem and help to get the fix out to Firefox users around the world as soon as possible.

Over the years, a security researcher by the name of Nils took down Firefox in 2009 (bug 484320) and in 2010 (bug 555109), whereas in 2011, nobody took down Firefox.

Last year in 2012, I was on-site in Vancouver and I witnessed Willem Pinckaers and Vincenzo Iozzo take down Firefox. However, the bug (720079) was already identified and fixed through internal processes.

This year, Pwn2Own became the venue for many exploits against major browsers, including Firefox (bug 848644), as well as other plugins which are more often used in browsers, such as Flash and Java. The team that took down Firefox this year was VUPEN Security, who also punched holes through Internet Explorer 10, Java and Flash.

Some of my colleagues / co-workers were present at the conference and were relaying us information live, while I stayed back at the office preparing my machines to diagnose the issue.


The following timeline (all times PST) describes my role behind the scenes with respect to the Firefox exploit by VUPEN, on March 6, 2013:

~3pm: Rumblings heard on IRC channels that Firefox has been moved from its scheduled slot to 5.30pm.

5.30pm: VUPEN gets ready.

~5.54pm: VUPEN takes down Firefox. On-site team gets to work getting details of the exploit.

~7pm: Bug 848644 gets filed.

Looking at the innings of the testcase, together with confirmation with team members over IRC that there is no malicious code present (Proof of Concept (PoC) code just crashes), I manage to reproduce the crash on a fully-patched Windows 7 system.

More analysis from early responders flow in; information such as the attack vector (Editor), Asan stack trace showing the implicated functions (possibly nsHTMLEditRules::GetPromotedPoint).

I did a quick stab at the regression range here. Using the bisection technique described here, I found that early January 2012 builds did not crash, whereas early January 2013 builds did crash.

The testcase seemed initially tricky; until it was eventually found (quite awhile later) that one could reliably trigger this with one tab that somehow caused the “pop-up blocked” info bar to show, I had to try the testcase repeatedly, sometimes reloading, sometimes closing then opening the browser again to trigger the crash.

Using mozregression here might have been a good idea – however due to an incorrect decision whether a particular build was crashing or not, one would bisect down to an incorrect regression window and waste precious time.

Time was of the essence here – the sooner one gets an accurate regression window, the faster a developer can potentially pinpoint the cause of the crash.

I found myself repeatedly downloading and checking builds to see if they did crash or not. Sometimes the crash happened immediately on load (with the initial PoC). Other times it happened only after a few minutes, or only after a restart.

I eventually settled on the following regression window: crash happens on the October 6, 2012 nightly, but not on the previous day’s (October 5), and I posted a comment, so this could get confirmation from other people. I then immediately looked through the hgweb regression window to see if anything stood out – bug 796839 seemed to be a likely cause, but everything else was still a possibility.

in that regression window, more clues emerge. The Asan stack trace pointed to nsHTMLEditRules::GetPromotedPoint being part of the bigger picture here, and some detective work showed that in this changeset from bug 796839, the file editor/libeditor/html/nsHTMLEditRules.cpp was changed, and this was the file that nsHTMLEditRules::GetPromotedPoint was located in.

Coincidence? Probably. However, this made everything more likely. At this point in time, it was 8pm, approximately one hour from the point in which the testcase was obtained.

I began to consider (and possibly discount) other possibilities, including bug 795610. Thanks to great work by Nicolas Pierron and his git wizardry, we found that nsHTMLInputElement::SetValueInternal (also implicated in the Asan stack trace), existed in nsHTMLInputElement.cpp which was modified in that bug. However, this possibility was quickly discounted.

At this point, I was able to get independent verification that the regression window (Oct 5 – Oct 6) was indeed correct. Further checking showed that our Extended Support Releases (ESR) builds on version 17 was also affected.

This made bug 796839 extremely likely to be the root cause, because it was landed on mozilla-central during the version 18 nightly window, but was backported to mozilla-aurora at that time, which was the version 17 branch. Bug 796839 would encompass the patch landing that inadvertently opened up a vulnerability in Firefox.

Independent confirmation of this regressor came at 9pm.

Within 2 hours, we had gotten from having a PoC testcase with no idea what was affected, to knowing which patch caused the issue. I thus nominated for the fix to be landed on all affected branches.

By about 10pm, the fix was put up for review. After that, lots of great work by various people/teams went towards quick approvals, landing of the fix, along with QA verification.

Overnight, builds were created and by late morning the next day, the advisory was prepared, with QA about to sign-off on the new builds.

At 4pm, a new version of Firefox (19.0.2) was shipped with the fix.


Credit must be given to the other Mozilla folks in this effort, who have, outside of normal day working hours, worked till late night to make this possible. I am proud to be part of this fabulous team effort.

It certainly has been my honour to have helped keep Mozilla users safe on the web.

Valgrind builds are now green on TBPL

Valgrind builds are now green on TBPL as of this morning!

I filed bug 800435 to get the build unhidden – previously it was hidden on (TBPL) because it was always fiercely burning.

Note that the some of the multiple builds you see in the screenshot were manually triggered, otherwise only one per day is automatically scheduled.

What are Valgrind builds?

Running Firefox binaries with Valgrind helps to detect run-time memory management bugs, so it finds problems like use-after-frees (invalid reads/writes), uninitialized variables as well as memory leaks.

Note that the run-time speed of the application will take a substantial hit – it can take a long time to start up a Valgrind build. Moreover, a fairly powerful computer running Linux / Mac (preferably Linux) with about 4 GB memory is recommended. Tests are thus run once a day due to the slowdown, and we currently run only PGO tests (a small subset of our tests, note that our Valgrind builds are not PGO though).

How was this accomplished?

It is important to note that a lot of work by other folks was put in a year or two ago to get Valgrind showing up before it was hidden by default on TBPL for being perma-red. I then stepped up to help turn it green since I had some experience in running JavaScript binaries with Valgrind, and we all love greenery. 🙂

When I first embarked on this about 3-4 weeks ago, I found and helped to fixed 3 harness bugs, assisted in upgrading Valgrind twice, detected 35 potential issues at the time of writing (some of which were intended leaks), with 3 non-sensitive ones being fixed, some being recent regressions and one other being potentially security-sensitive. With the issues now known and filed as bugs, they were added to suppression files which also live in the mozilla-central tree. I also accidentally stumbled on a supposed TBPL selfserve bug that turned out to be a Firefox regression.

How can we help?

This is just a small step forward. In the future, ideally we should:

and we should also incorporate AddressSanitizer (Asan) builds into TBPL. (Asan is a faster memory error detector than Valgrind, and sometimes finds a different class of bugs, but it does not detect uninitialized values the way Valgrind does)

Christian Holler [:decoder] has some regular Asan builds but they are only run through the Try servers.

Anything else?

Shout-outs go out to the following people: Julian Seward, Nicholas Nethercote, Jesse Ruderman, Ted Mielczarek, Releng folks Chris AtLee, Nick Thomas and Rail Aliiev, our sheriffs edmorley, philor, RyanVM, and all others whom I have inadvertently left out. Without any of your collaboration and hard work we would be unable to have this set of Valgrind greenery. You folks rock!

Edit: Bug 800435 has been fixed, Valgrind builds now appear by default, thanks Ehsan! See the following screenshot:

Edit 2: It’s been re-hidden again because it’s “not a tier-1 platform“.

Bonus: Here’s a video showing the Endeavour Space Shuttle flypast in Mountain View. Just in case you haven’t seen it. 🙂