I would have expected someone else to have blogged it by now... are we all getting blasé about our success?
So the French voted "Non" to the European Constitution. Two thoughts:
The "Oui" camp been saying that the result represents "the French answering the wrong question", or is caused by "a reaction to an unpopular government", implying that if people had really voted on the constitution and nothing else, they would obviously have approved it by a massive majority. Why can't they accept that people voted against it because they didn't like what it said?
Constitution supporters were and are warning of all sorts of dire consequences of a No vote. How can this be? We've just had following conversation:
Politicians: We've had a think, and here's our idea of where Europe should be going.Europeans: Actually, we don't like that idea.
The next line should be:
Politicians: OK, we'll go away and think again. If we can't come up with anything we all agree on, that's fine. We just won't have any further integration in Europe, as it's clear we don't all want to go in the same direction.
Thought 1: In the future, consumer-level browsers will increasingly be connected to trusted sources of sites that the browser should not attempt to visit. Many active anti-phishing schemes (such as the NetCraft toolbar) do something like this. But the lists are composed of URLs which have to be manually reported by users and verified by hand, because it's impossible for browsers to automatically detect phishing attacks with perfect accuracy.
Thought 2: Currently, if a security hole is discovered in a browser, you generally have to update or make a configuration change to be protected - there's no way for browser vendors to protect users who take no action. And many users don't upgrade immediately, if at all.
So... it would certainly be technically possible for browsers to automatically detect sites attempting to exploit fixed security holes. For example, Firefox 1.0.4 could have been written to detect sites attempting to use the Firefox installation API with a javascript iconURL. Rather than just blocking the exploit attempt, it could then, either automatically or with the user's permission, report the URL of that site back to a central server, so it could be assessed for placing in a block list feed. Such an assessment could be automatic - script a copy of the browser to go to the URL and see if it detects the exploit also.
Then, older browsers which had not been upgraded, but which were blocking sites from a list including that feed, would still have some amount of protection from attack. As soon as it had been reported by one user using a new browser, all users using older versions would be vaccinated against attack from that site.
I've just seen the most wonderful demonstration of the (lack of) usability of security popups.
I am sitting in an XTech talk on XHTML 2. A moment ago, during the presentation, the presenter's laptop popped up a "Zone Alarm" alert on top of his presentation. He immediately clicked "Yes", without reading it, and carried on talking!
I have some experience of Zone Alarm, and I know that it's very popup-happy, particularly in the default configuration where it tries hard to justify its existence by alerting the user to every incoming unknown packet. Its creators should consider how having a great deal of popups, in fact, decreases security.
Current P2P networks are designed around providing a number of discrete files - this ISO, that audio file, the other piece of video. However, what would happen if a P2P system could distribute both data and updates to that data, in a way which let you obtain the updates in a timely fashion, and be certain the updates were provided by the provider of the original file?
P2P systems have proved adept at distributing content that people don't want distributed. The obvious example is the illegal copyright infringement which takes place when popular music and movies are shared. So why not use the same system to distribute content that the bad guys don't want distributed?
Although I have only a limited understanding of current P2P technology, I suspect some fairly deep underlying principles would need to change. For example, you'd need to be able to identify content independently of its hash. You'd also need to be able to sign content, and link pieces of content together in a defined order, based on both being signed by the same key. There are a lot of technical issues here. But it would still be very cool...
I just attended sequential talks on XAML (from Rob Relyea of Microsoft) and XUL (from Ben Goodger, Firefox Lead Developer) at the XTech conference. One could argue about whether and how these technologies are in competition, but what struck me most were the differences in focus, approach and design philosophy, which I would summarise as exclusivity vs. inclusivity.
Of course, having only heard 45 minutes on XAML, I could be mistaken in some of my understanding. Alternative views or corrections welcome.
The Mozilla Store has temporarily closed for renovations; when we reopen, we hope to have new products and global delivery options. I'm really excited :-)
Those of you who have existing orders, they should be fulfilled. If you have any problems outstanding, there are contact details available for you to raise your issue, soon including a toll-free number (in North America).
The Mozilla Foundation is co-sponsoring XTech in Amsterdam this week, and so I'm going over there for Wednesday to Friday. Although the talks will no doubt be excellent, one of my primary reasons for going is to finally meet face to face people I've been working with for months or years.
Those of us who have been online for a long time often forget how weird this is. Sometimes, I tell people what I spend a lot of my time doing, and they ask "So, have you ever actually met any of these people?", as if you could all be axe murderers, and it's not possible to know or trust someone unless you've looked into their eyes. Thinking about it, I know many people in the Mozilla project better than the guy who sits three desks down in my office...
Spyware often messes with the HOSTS file on Windows machines to redirect URLs to machines they control. It has been suggested they could redirect bank sites and phish login details to steal money - which is clearly illegal. However, there is one possibly-legal way to mess with the HOSTS file and still rake in the cash.
Google's advertising success makes them a big target - what would happen if some spyware used HOSTS to redirect ads.google.com (or whatever domain they use) to the spyware owner's adserver? They'd sign up advertisers and get placement on a massive number of websites with no effort...
You know what would be cool? An extension for Thunderbird which adds a column to the message display showing junk mail score from the naive-Bayesian filter, and also some UI to change the threshold.
Currently, my junk mail filter gets almost no false positives, but normally misses a few messages which seem obviously junk to me. It would be useful to know what the scores are, and be able to adjust the threshold to try and catch some more.
Any experienced extension author feel like building one? (I would say "knocking one up", but someone pointed out last time I used that phrase that it can mean something else the other side of the Atlantic.) Or maybe it exists already?
...and here it is. So now Blake can review it ;-)
It seems they are claiming Firefox nightlies are outdated, which is amusing since Netscape 8 is vulnerable to an exploit fixed in Firefox 1.0.4.
Oh, and it's only available on Windows. So I won't be trying it out.
Update 2005-05-20: Credit where credit's due. 8.0.1 is out, fixing the 1.0.4 security issues. Good turnaround.
The UK Government plans to resurrect the ID Cards bill very soon. If you are a UK citizen, and concerned about the move towards a National Identification Register, please consider both writing to or faxing your MP, and also signing the No2ID Campaign's online petition.
Asa blogged about the new Reporter tool, and got comments like "Another feature nicked from Opera. Sigh."
Can we call it a day on such pointless posturing? Opera had some cool features first, we had other cool features first, and the same for Safari, Konqueror and IE. I don't care who invented it; if it's useful to the userbase of your browser, you should be able to include it. User interfaces haven't been copyrightable since Apple vs. Microsoft, and I would hope no-one in the browser market would stoop so low as to sue another browser manufacturer for software patent infringement. Copying someone else is a sign of respect, not weakness - it means they got it right, and you want to acknowledge that.
You heard it here first. Apparently it's quite different to the beta, because several features which weren't ready then are now.
My informant tells me: "tell anyone you like, as long as it doesn't end up on blakeross.com."
"GoDaddy" (who chose that name?) is a Certificate Authority. I was poking around their website, and I noticed that their SSL Server Certificates offer a "$1000 Warranty".
Obviously, CAs taking liability for issuing certificates would be a great step forward, so I looked to see if I could find out exactly what this warranty entailed. I clicked the link and got the following description:
Your Secure Certificate Provides Warranty Protection:Our warranty program provides $1000 of financial protection for your customers if they were to suffer financial loss as a direct result of relying on a certificate that was issued through our negligence.
This sounded really good. However, having checked their legal page, I couldn't find a document which explained in more detail exactly what this warranty was, and under what circumstances they might pay out. So I called to ask...
"Hello, Go Daddy sales."
"Hello. I was looking at your site and noticed that you offer a $1000 warranty on your certificates."
"Sure."
"But I was looking around the website for the legal agreement which shows exactly what that means, but I couldn't find it. Could you tell me where it is?"
"Certainly. Click on the green "Legal" link at the bottom of the page. There's a list of agreements there."
"Yeah, I looked through that list, but I couldn't find a relevant one."
<long pause>
"You're right; we don't seem to have an agreement for that. What exactly was your question about the warranty?"
"Well say, for example, I own www.happycompany.com and I have a Verisign certificate. Then, a fraudster registers www.happy-company.com, gets a certificate from you and rips off my customers. Is that situation covered? Would you pay out?"
"Well, no. You see, we're not securing you, we're securing the other guy. You have to be registered with us."
"So under what circumstances might you pay out?"
"Well... you are covered if it's through our negligence. So, for example, if the encryption failed for some reason."
"The encryption failed?"
"Yeah."
"But if that happened, then everyone's encryption would fail, the entire Internet would be insecure, and you've got a massive world crisis. Are there any less apocalyptic scenarios where you might pay out?"
"Well, not really, no."
"Have you ever paid out under the warranty program?"
"No. It's really there just to reassure you that it's a true 128-bit certificate, and to make you feel better about purchasing it."
"Say no more. Thanks for your time."
For a number of reasons, it would be useful to know if any secure sites on the web today support SSL v2 only, and not SSL v3. SSL v2 is an older version of the protocol with known security issues, such as a susceptibility to Man In the Middle attacks. However, currently all major browsers lead with an SSL 2 Hello because the connection hangs on SSL 2-only servers if you lead with an SSL 3 Hello.
We believe the number of SSL v2-only servers is now quite small, but more concrete information is needed before it can be turned off. So I'm issuing a call to Firefox developers and QA to please do the following:
If you don't hit any problems, feel free to leave it turned off permanently. If you hit a site you want to visit which needs it, you can of course enable it temporarily after reporting the site URL. For bonus points, do a Google search for secure sites and test them all.
Many thanks :-)
Much has been written on the subject of making memorable yet secure passwords. Here's another small contribution.
It has been said that passwords are generally more memorable when they are pronounceable. However, for obvious reasons dictionary words do not make good passwords, and so people have focussed on generating single fairly short nonsense words from lists of pronounceable syllables. However, it seems to me that length only loosely related to memorability, and that real words are probably easier to remember and type than nonsense ones.
It's also said that good passwords have characters from at least 2 of the sets "A-Z", "0-9" and "punctuation". So why not generate passwords containing two words separated by a symbol? If you give them the form [adjective][punctuation/number][noun], such as beheaded!octopus or distressed$asphalt, then they are memorable because of their weirdness, and because you can have a single mental picture to remember - your asphalt with an unhappy face, or your decapitated octopus.
The Parts of Speech Database available from Kevin's Word List Page has 50,000 adjectives and 100,000 nouns. If you then say there are about 40 numbers/punctuation marks, that makes a possible 200 billion passwords. Quite enough to be going on with, I think. Perhaps not all the adjectives and nouns are usable, because they might be too obscure to be memorable, but you could also use pairs of adverbs and verbs to expand the possibilities.
If anyone wanted to knock up a quick web page which generated passwords from that list, we could see how well it worked in practice...
On the 17th of this month, at the invitation of Comodo, the major CAs and browser vendors (including mozilla.org) are having a meeting in New York to discuss some of the issues surrounding the future of SSL and trust on the Internet.
As a way of working out my thinking on this, I've written a paper called "Improving Authentication On The Internet".
It starts with the basics, mostly as a way to confirm that my understanding of the current situation is correct. All comments, both correcting my facts and giving alternative views, are very welcome.
The Mozilla Trademark Policy is now at version 1.0. We've tried very hard to balance the need to maintain control of our trademarks as a sign of quality with the desire to allow the community to use the trademarks to refer to and discuss Foundation products and to describe their relationship to Mozilla/Firefox/Thunderbird.
The attitudes of members of the free software community to trademarks is far more varied than attitudes to both copyrights (generally good) and patents (generally bad). How free is a piece of software if you have to remove all trademarks before you can make certain modifications? Does it depend on how hard it is to remove the trademarks? Does it depend on whether the trademarks have a functional purpose? Is it still free if you have to change the name of the binary, or do symlinks make that question irrelevant anyway?
These are hard questions. But we are convinced that it's possible to make truly free software and still have strong brand protection, and we hope this policy is a good stab at doing that.
Duncan Wilcox (who used to be duncan@be.com) is the last person I need to contact about relicensing. Previously, I tried to pursue this via the fact that Palm acquired Be, and then split into PalmSource and PalmOne. However, in the blog comments, Wade Ezri pointed out that Duncan was probably contributing on his own time rather than as a Be employee. Wade gave me another email address - duncan@focuseek.com - but I got no reply from that either.
So if anyone who is reading knows Duncan, please ask him to drop me a line :-)
Here's the press release. Congratulations to both of them :-)
It's General Election Day in the UK today. I've spent the past week sitting in a hospital bed reading the papers. It's become increasingly clear to me that a large part of the country knows that Tony Blair set out to create a legal and political climate for invading Iraq because that's what his friend George wanted to do, that he lied and misrepresented the evidence in support of the assertion that Saddam had WMDs, and that pressure was put on the Attorney General (chief Government lawyer) to say unequivocally that the war was legal under international law when that wasn't his view[0].
Most people also know that he said specifically in his manifesto that he wouldn't introduce tuition fees for universities, or raise the National Insurance tax, yet he did both. If you say you'll do something and don't, that's one thing - you can claim circumstances or lack of time, promise to do it next time, and the public can judge whether they believe you. But if you say "Vote for me - I won't do X" then actually make the effort to write the law and take the time to have it passed, that's far, far worse.
A large part of the British public know all this... yet they think "hmm, well the economy's not too bad, and I might be a bit better off under Labour" and are going to vote for his party anyway! "They're all just as bad", they say.
If you can't hold your politicians to account for their honesty, what's the point of having elections and manifestos? They can just promise anything they like, and then do something different when they get in power. I'm not claiming there's some knight in shining armour on the political scene - some obvious person to vote for. But if you vote Labour, you are condoning this dishonest behaviour. No "reluctantly voting Labour"; no "vote Labour but hope they have a smaller majority" weaselling will let you avoid this truth. You can't put "reluctantly" on the ballot paper.
Anyway, if you haven't voted yet, go and do so. And please - vote for honesty.
[0] Note to war-supporting US readers: the reason this is a big issue is that "regime change" is not a legal means for invasion of another sovereign nation under international law. The reason this isn't an issue in the US is that the US leadership doesn't care a stuff what international law says.
Everything went pretty well - thank you to all who prayed in Jesus' name. They removed the remainder of my primary cancer, even shaving off two millimetres of the inside of the front of my jawbone to be sure, and the floor of the right side of my mouth now consists of part of the back of my tongue :-) (They didn't graft from the leg, in the end; this was easier and safer.) It's still a bit swollen, so I talk with a heavy lisp, but that'll clear up over the next ten days.
Please be patient as I slowly sift through the backlog of mail.