Domain: johnath.com
Stories and comments across the archive that link to johnath.com.
Comments · 10
-
Important Points; But Not a "Community Lead"
Mozilla has no such position as "Community Lead". Tyler was/is (he is still engaged in constructive discussion) a valued volunteer member of the Mozilla QA and triage community, but he does not have the title "Community Lead".
There are several things which Mozilla's new more rapid release process has made a bit rocky, as Johnathan Nightingale, the Firefox development manager, noted in a recent blog post (syndicated at the Future of Firefox blog). This is one of them.
And, of course, when Tyler says we have told bug reporters we don't care about their bug reports, that's not actually true. He is suggesting that this is what it might seem like. And clearly, it's not great when a bug report is filed and just sits there for months. Mozilla's success has made this a perennial problem for the last decade. We've cracked it, to a degree, before and I'm sure we can do it again.
-
Re:Firefox IS getting infected in the wild
A few researchers have claimed that it is actually easier for them to hack in terms of effort:
http://www.theregister.co.uk/2009/03/03/safari_at_pwn2own/ 2009
http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours/
http://www.networkworld.com/news/2008/042208-mac-hack-contest-bug-had.html 2008I have seen Zango, 180 solutions toolbars and shopping compare toolbars appdar in my relatives computers.
http://blog.johnath.com/2008/12/08/firefox-malware/I did mean type or class of flaw, I apologise. I imagine that there IS a difference in what is more subsceptible to what.
The FUD seems accurate as some people have said the company has associationo with Microsoft.
-
Re:Problem isn't computation...
RFC 2817 is pretty badly broken - basically you can MITM and drop the Upgrade: header, and various other problems. The real solution for random sites that just want to protect passwords is RFC 5054 SRP-TLS, however it's not well supported at the moment, and Mozilla don't seem to be interested in pushing it, preferring to make excuses about why they're sticking with 10-year old technology.
-
Why only one side of the debate?
Why doesn't Slashdot ever top-post Firefox's replies:
http://blog.johnath.com/2008/08/05/ssl-question-corner/Anonymous SSL gives NO security--man in the middle attacks are trivial.
This whole debate is like people complaining that 2+2 does not equal 5.
Grow up and face the boundaries of what you need for security (the first 'S' in SSL, folks).
-
Re:Worth it.
It's supposed to be creepy, because it may be the only warning you're the victim of a DNS poisoning and you're not at the site you think you are, or you're the victim of a man-in-the-middle attack and your "encrypted" communications are being intercepted and read. At least in Firefox 3 you need to add an exception to see the site, so you see the warning only once. In Internet Explorer 7, you can see the site by clicking a link, but you will see the scary warning every time you visit the site. Users will disregard the warning if they see it very often, making the warning ineffective.
-
Entirely legitimate
So, major sites fail at keeping correct, valid, up-to-date certs. Firefox (legitimately) refuses to say the site is properly identified and that's Firefox's fault...?
Yes, this is a change in behaviour, but in the long run it will force certs to mean something.
-
Re:One Question
> Snooping a connection is a hell of a lot easier and more common than hijacking one
I suggest you give http://blog.johnath.com/2008/08/05/ssl-question-corner/ a read. And heck, that's not even including wireless access point operators, who can hijack whatever connections they want.
> by demonstrating their (hijacked) control of the domain
Hijacking a connection just means replying to the user's request. No control of the domain required. And CAs that don't verify domain control properly don't end up in UA trusted CA lists.
> and requiring website owners to always sign up and be approved before they can use the
> HTTPS protocal on a public websiteNo one is requiring anything of the sort. Do read Johnathan's blog post linked above.
-
Re:That fake computer sound!I'd kill to have a program that makes terminal output sound like it does in the movies!
From the beep man page (in Debian):
When using -c mode, I recommend using a short -D, and a shorter -l, so that the beeps don't blur together. Something like this will get you a cheesy 1970's style beep-as-you-type-each-letter effect
cat file | beep -c -f 400 -D 50 -l 10
-
Election by jury
What do you think of the idea of performing an election by jury? It is much easier to control for fraud, and has other benefits as well.
-
Development of Supermans Powers Over Time
For anyone interested in the development of Supermans powers as the series progressed, check out this website:
http://www.johnath.com/~david/etc/superman.html
As other posters have mentioned, yes, it is true that he started without flying ability -he could leap only one eighth of a mile. The development of his powers is actually quite staggering, going from what nowadays would be a lesser superhero, to being one of the most powerful superheroes in the combined comic book multiverse.