Slashdot Mirror
Mozilla to Include Crypto
Willy Wonka passed us the news that Mozilla's
M14 release will include crypotography on the branch.
If you'd care to add your eyeballs to the debugging process, please do: Christine Begle posts in the n.p.m.seamonkey newsgroup, "We need help from the Mozilla community to test the crypto-enabled M14 candidate builds. Some tests and test plans will be posted to mozilla.org sometime on Tuesday."
That's today, folks.
I heard it was because they removed a bunch of timing code. It is MUCH faster but still crashes a bit. We're getting there...
If Netscape really cares they'll give us the ability to enable or disable java, javascript, cookies, auto image loading, or any plugin, etc. on a default basis **or** on a site by site basis. I need java and cookies for a few sites, but don't want it enabled by default.
Um, in 4.7 its context sensitive. If you use the middle mouse button in a text dialog, the text gets printed. If you click with middl emouse button on a link, a new browser with the page opens.
"Distribution" is just the politically correct word for "not totally compatible".
They go into effect tomorrow and they expire last Tuesday.
Piss off!
Did Mozilla bite it off?
Ok... well, it still doesn't open a new window in Mozilla.
What the hell is a "scalable GUI"?
MSIE isn't compatible with the current working draft of XSL. Pages developed for MSIE's XSL aren't compatible with the current version. Why? Because working drafts change over time.
Why implement a standard that doesn't exist yet and of which nobody can predict the details, when they *could* be implementing existing standards? If they implemented half of CSS2 and half of and obsolete draft of XSL, we'd just have a new version of tag soup.
id like to help, but your bloated code wont run in 16 million bytes of ram. it thrashes the disk so much that it takes 15 minutes to boot the program and each time you type it thrashes the disk some more. maybe the 'principle of locality' is breaking.. i dont know.
Until the Bernstein ruling came out, BXA was saying we had to notify them of *every* change to the crypto code. So we created a mailing list, subscribed the BXA, and set up cvs to automatically mail each and every diff checked in.
Bummer they changed their mind, really; I was looking forward to burying them in spam.
Getting more people to participate would help any project, whether it's Mozilla, Linux, Apache, or whatever.
Sorry, but that's like me buying a car that runs on diesel and then complaining that not all gas stations support me!
Hm. Well, what about the greatest OS panacea of all time, Windows 2000? Didn't Windows NT4.0 debut in 96? Now there's a joke..
Excuse me, but why is that supposed to make me trust it? This is the same outfit which has forced the AOL Instant Messenger upon millions of people. I'm curious why you think they're so altruistic all of a sudden. If I want to be forced to use closed source, then I might as well use Windows and Internet Explorer, because at least Internet Explorer works. Sorry, but if I can't see the source myself, it's not going on my computer. I remember the days before Linux hit the big time - the days when a good portion of Slashdotters would've agreed with the point I'm trying to make in these two posts. Oh well, I guess money really does change everything.
has anybody else noticed that the nightly builds are 300% faster now then they were for the last milestone. Mozilla is starting to kick some ass
shut up
Someone please tell me whether it's me or the rest of the world that has gone insane.
You're just crazy. All of you. I wouldn't give a set of sharp scissors to an American.
Does anybody know if Mozilla supports dynamic fonts?
FreeBSD has Mozilla in Ports.
FreeBSD, however, isn't a "distribution." It's an Operating System.
Now if they'd just get rid of the tag, then I could truly be happy. That is assuming it's finally stable at that point.
Don't forget the shortcut keys :).
There are two of 'em sailors. D'oh!
snicker
b) The US patent expires in September.
Other groups have implemented and distributed crypto from outside the US (like the non-us Debian mirror). The non-us module could be open-source and work with the hooks present.
It should be marked as (-1, Flamebait) since that little commentary, Piss Off!, is totally unnecessary and is flamebait. Just because you post some useful info doesn't mean you can then be an asshole about it.
Mmmm, oatmeal!
> Mozilla runs great on Mac, Linux, Win32 and all sorts of variant UNIX operating systems Have you ever tried to run it on "all sorts of operating systems?". I have tried it on Solaris 2.5.1/6/7 -- it just crashes or looks so ugly that I could not get trough very first web page, I have tried it on Sun/Linux -- the same story. Sorry, I have to suppose it is Linux/i386 only browser if it works at all. And after all Netscape 4.x is not that bad. I have Internet Explorer 5 for Solaris installed on my box, I have Netscape 4.7 and I have Windows Terminal server with latest-greatest IE for Windows, guess what I use -- Netscape 4.7. BTW that proves that open source is unable to cmplete big projects like Mozilla...
Open source takes time. Everything takes time. Doing good things take time to do right. Some of the people that wrote Netscape 4.7 are writing Mozilla BTW. You can help. Submit a backtrace when M14 crashes on Solaris 2.5.1 please.
Thanks for making Slashdot a better place, tough guy... People like you make me sick. Piss off yourself.
what do you expect, it's IRIX. I've seen lotsa things compile better on AIX than they do on IRIX, go figure. I presonally don't trust any OS that is admitted to have a built in root exploit by the makers. Try it on linux and I bet you'll have success.
I use Netscape 4.7 and have yet to crash on any Java sites. Maybe you should use the latest version before you knock it. At least Netscape comes from a company that doesn't perjure itself every time it testifies. Also, Windows does not have a scalable GUI.
The middle mouse button still does not work (in Netscape 4.7 it opens a new browser window). They have mouse wheel support, how about support for mouse buttons? I'd probably use it for my everyday browsing if they fixed this. What would this take, like 2 minutes of coding?
>"The fact you don't see Linux users for instance starting a write-in
>campain asking Microsoft to port IE and other Microsoft software to
>linux like the Amiga and Atari ST users did should tell you
>something......" No, but you do see Linux users begging Sun to port
>Java for them. Before Sun released the JDK for Linux, the Linux port
No you don't. Most Linux users for the most part could care less about Java. It's one of the big complaints you hear from the Java crowd.
>Well, IE is not an option on my SGI IRIX box. Actually, Netscape is
>the only browser I found for IRIX. At least Linux has *some* options:
>Opera, KBrowser, Mozilla binaries, and others. IRIX is just behind
>(until SGI switches over to Linux).
>But I my Windows box I use IE. It is worlds better than Netscape.
Will you IE Astroturfers give it up? Nobody outside of you Windows users care about IE. The fact you don't see Linux users for instance starting a write-in campain asking Microsoft to port IE and other Microsoft software to linux like the Amiga and Atari ST users did should tell you something......
>>No you don't. Most Linux users for the most part could care less about
>>Java. It's one of the big complaints you hear from the Java crowd.
>No, you are incorrect. Take a look at: Java Request For Enhancements.
>The Java port was *by far* the number one requested enhancement ever.
>I am not saying there is anything wrong, just don't say Linux users
>never ask for anything from big companies.
All this means is that Java users running/interested in Linux made those requests. It's not the same thing as the Linux userbase expressing an interest in Java. Most people I know who are using Linux have the same amount of regard for Java as they have for C++. Little or none.
ok... this may be a bit off topic,...
But does anyone out there know how to get Mozilla to compile/run under SuSE 6.3?
anyone?
anyone?
Bueller?
... hi bingo
oh god... who let let the nazi lemur out of the cage...
The message on the other side of this sig is false.
Personally, I would like to see a nice, quick, and STABLE browser. Who needs Java to surf the web? If you want Java, just use Netscape.
Heh, if you want Java use IE. Netscape will crash and burn on you. Besides, Mozilla still isn't stable yet. And besides, it should support java and still be stable don't you think?
I think it is great that Mozilla is putting the M14 crypto out, but this is just one of many things that needs to be done by Mozilla. I am quite concerned about the browser situation. 4.72 was a step, but Netscape is still behind IE. There needs to be much done with the cascading style sheets, more applications tied in with the browser for the newer media. This is without the recent security concerns to say the least.
Ciao
nahtanoj
Why would I want to use this crap browser? For that matter, why would I want to use a non-Motif product at all? I am still waiting for a ToolTalk based browser.
Everyone else (Windows, OS/2, Mac, ...) uses menu functions or keyboard shortcuts for the clipboard. Clinging to that middle mouse button seems to me like those OS/2 people still claiming their WPS is superior to everything else and OS/2 has any future.
Solaris 8 lacks many of the advanced features of Windows 2000. Enterprise Web services, directory service, transaction services, message queuing, resource management, clustering, network load balancing with integrated management, installation, and security are all built into the operating system at no additional charge. The best Windows 2000 and SQL Server solution scored 3,165,000 transactions per hour.
Inquiring minds want to know.
Right, I'm familar with OpenSSL, and yes it is one possible source for implementations of the underlying crypto algorithms, including RSA. There are others as well. The PSM/NSS source code already released by iPlanet (formerly the Sun-Netscape Alliance) or to be released later already includes code for the SSL protocol itself, it needs the crypto code to go underneath SSL.
Based on what people have posted to the netscape.public.mozilla.crypto newsgroup, I would not be surprised to see Mozilla plugins for both commercial PGP (from NAI) and for Gnu Privacy Guard. However it's premature to speculate on exactly when these might be available.
You don't need to be a major corporation to export crypto software. Under the new regulations released in January, anyone in the U.S. can export open source crypto software with minimal restrictions (basically a requirement to notify the US government of the URL of your download site).
Once the RSA patent expires then other people in the U.S. may write and release code implementing the RSA algorithm without requiring a patent license from RSA. However the code supplied by RSA Security will still be proprietary. What the expiration of the patent will allow is creation of an alternative RSA implementation which is open source and can be freely used with the Mozilla source base.
Such code already exists in a library called OpenSSL. It also implements TLS with DSA / ElGamal.
You are kidding, right? Any way to document that? I'd love to add that to the arsenal of crud against SurfWatch (as, I'm sure, would the guys in Holland...)
~luge
IAAL,BIANLY
I think if you search the mozillazine archives, you'll find a suggestion on how to do it. You'll need the newer nightly binaries, though- M13 won't cut it.
~luge
IAAL,BIANLY
Well, sure- it has been in 2.2 unstable since times unknown (M6, IIRC.) But I'm pretty sure it wasn't in slink.
~luge (proud woody user)
IAAL,BIANLY
Mark,
This effort is appreciated. I will switch to Mozilla very soon.
Andrew
Does anyone know how to get Mozilla to work with SOCKS? I'm stuck on the internal IBM network and I'd love to use Mozilla. On the bright side, M13 appeared to work very well on all our intranet stuff.
If tits were wings it'd be flying around.
"The fact you don't see Linux users for instance starting a write-in campain asking Microsoft to port IE and other Microsoft software to linux like the Amiga and Atari ST users did should tell you something......" No, but you do see Linux users begging Sun to port Java for them. Before Sun released the JDK for Linux, the Linux port was the #1 RFE on the Java developer site. Now, it is the BSD Port. Linux users do ask for things they want from companies instead of doing it themselves (with the exception of Blackdown).
--Ivan, weenie NT4 user: bite me!
--weenie NT4 user: bite me!
"Computers are nothing but a perfect illusion of order" -- Iggy Pop
No, you are incorrect. Take a look at: Java Request For Enhancements. The Java port was *by far* the number one requested enhancement ever. I am not saying there is anything wrong, just don't say Linux users never ask for anything from big companies.
--Ivan, weenie NT4 user: bite me!
--weenie NT4 user: bite me!
"Computers are nothing but a perfect illusion of order" -- Iggy Pop
But I my Windows box I use IE. It is worlds better than Netscape.
Besides, surfing the web got boring. :) I prefer to use my computers for some hacking. (Windows for music, SGI for graphics).
Cheers!
--Ivan, weenie NT4 user: bite me!
--weenie NT4 user: bite me!
"Computers are nothing but a perfect illusion of order" -- Iggy Pop
Then why are you having to beg people to do it? Seriously.
Cheers,
ZicoKnows@hotmail.com
<laughs>Well, despite your flaming me, your first paragraph cracked me up.
And c'mon, you know you'd get bored if there was nothing more to these threads than boosterism mixed in with off-topic trolls. It gets a bit much and I just can't help but post and inject a little reality into the discussions before my eyes completely roll out of their sockets. ;)
Now, you gonna tell me that Mozilla's FAQ answer wasn't completely weak? It was like, "No we don't support that feature, but don't think about that -- let me distract you with some famous Internet guy lashing out at that evil Microsoft"
Cheers,
ZicoKnows@hotmail.com
heh.
The defcon (www.defcon.org) mailing list is having a day where everyone encrypts their mail today. Some of the listmembers are including a perl implementation of RSA and cc:ing to BXA just like you describe.
Returned Peace Corps IT Volunteer
Yes, I noticed that to! I want it now! want, want, want!
:-)
(impatient
yup. gpg would be cool.
-B
Ot most certainly WILL run on 16 MB of RAM. I run it on a P100 with 16 MB RAM _AND_ Windows 98 and it's not the fastest browser but it does run. Hell I run it side by side with Netscape Communicator on this slow system with win98 and it does run. There are many non windows systems that I'm sure would support it even better. I also run it on a P90 with 32 MB RAM and am completely satisfied with its performance. It simply rocks on my PII 350 with 64 MB RAM. Don't count this one out for slower systems just yet.
I think you are confusing this with when the patent for the RSA crypto expires...the new export restriction rules are already effective but most companies needs to let their lawyers investigate them first....hence the delay
Just wondering, can and will the rest be released when the RSA patent expires?
yeh, I saw that...
But by the time that Mozilla is released, a "standard" for XSL(T) is going to be released, and Mozila is then going to be behind...
again...
seriously, I think that someone needs to look at making a hook into Mozilla that parses XML using XSL(T) and all the other happy horseshit that starts with an X (XPath XPoint...)
... hi bingo
wow... the time between milestones is getting nice and tight... and the daily build releases are quite good, too...
Has Mozila decided to support XSL(T) yet? Or are they still insisting that CSS is the way to go?
ANd I wish I could get the damn thign to run on my SuSE box... grrr...
... hi bingo
Hmm, how would you define a "distribution" then? Do you count, say, Debian as a "distribution"?
perl -e 'fork||print for split//,"hahahaha"'
Crashes and dies or just locks up on java for me
I do use IE under windows for java
Netscape roaming is the killer feature that makes me keep it around.
And well IE on linux just isn't there, if it was I'd use it.
Mozilla stability, not really that bad, at least compared to Netscape 4.7 with java
I will admit Java in 4.7 is a lot better then the earlier versions, but it is still bad enough for me to run 4 or more instances of it during regular usage
Thats all nice and stuff, but I would rather have Java support.
Java, Javascript and all that stuff is required for some sites.
I just want to know when the Moz will be runnable on MacOS
Constitutionally Correct
I'm pretty sure it's one drop-in file.
The Matrix is going down for reboot now! Stopping reality: OK. The system is halted.
Cool - but when do the export restrictions end? I thought that they ended in October or something funny like that.
"The romance of Silicon Valley was about money - excuse me, about changing the world, one million dollars at a time."
Visit
I'm posting this from Debian 2.2 frozen, Mozilla M13. I WANT CRYPTO! Okay, okay, not that badly. But this shows that Debian quite surely includes Mozilla. Actually, I had not installed it in my initial install (which, btw, was downloaded over a 38.4 modem), so:
apt-get mozilla
Then wait... and wait... and start X, bring up a terminal, and type 'mozilla'. Simple. Then it crashes. Not that often, fourtunately.
Java can go to hell. Javascript is cool but I don't think I have seen any Java applets except that silly punch the monkey thing. I turned off Java in Novemberish and am glad to be rid of it.
- ----------
It's just damned bloatware
--------------------------------------
"If I can shoot rabbits then I can shoot fascists" -
From the mozilla crypto FAQ, it says "We know of at least two efforts which may produce PGP support for Mozilla." I don't know what they are.
However, I do know of the PGP Plugin for Netscape which replaces the spell checker with a PGP encrypter. The source is available, so such a beast (having the add-on you sugguested available as a module) could be easily implemented.
--- "When you're strange"
note to self: dust off math books (it's something i've been meaning to do for a while now)
Thank you Zico... Your special blend of snotty indignance, bombast, and gripe-laden criticism fills in the hole left by JWZ nicely.. :D
Oh wait, didn't he work on Netscape classic? The OTHER free web browser that was developed, debugged, and distributed free of cost for your own private use?
Sheesh... The bigger the pool, the more people think it's okay to pee in.
-troll taker
Actually, just looked it up...
"http://www.mozillazine.org is NOT BLOCKED in our most recent filters."
You can look up sites to see if they're blocked or not at the SurfWatch website. Sites can also be submitted for blocking or unblocking review.
Maybe you submitted a form that SurfWatch didn't like... sometimes it won't let you submit forms because one of the field names is "Sex" or something dumb like that.
"Let me open these blinds so the snipers can see in." - Kevin Giffhorn
Ihre verwendung der deutsches Sprache ist ganz schlecht! Kommen Sie aus Amerika oder die Schweiz? Ich werde Ihre Eier abschneiden, aber ich will nicht nach Kentucky reisen, nur um Sie zu schaden. Gibt es gute Hanf dort? Ich möchte was Hanf kaufen, Amsterdam ist sehr weit. Sie Können fast kein richtige Deutsch... Sie Können "Dummkopf" nicht buchstabieren, fast alle 6-jährige Kinder können das machen! Was für ein Blöder Amerikaner! Stück Scheiße! Auf Englisch: Learn some fucking German!
Glad to see that they're putting Netscape Corp's crypto export license to good use!
But, (and this probably will be asked six times while I'm writing this) when will the new export regulations take effect, so you don't have to be blessed by a major corporation to ship?
Sun Microsystems claims to be more scalable than Windows. In a world of hype, wouldn't it be nice to get a refreshing dose of reality? The truth is out there. It's what real businesses are doing every day. You can get your dose of reality about the Internet and business computing right here. Windows 2000 has arrived and reality just keeps getting better. Sun Microsystems claims to be more scalable than Windows. The Reality: Windows-based, Compaq ProLiant 8500 systems have set world records for scalability and performance. In fact, Microsoft® Windows® 2000 is the fastest, most scalable solution on the planet, based on the industry- recognized TPC-C benchmark.
Release of complete crypto source for Mozilla based on the PSM/NSS software and architecture depends not only on expiration of the RSA patent but also on replacing all the proprietary source code licensed from RSA Security and other third parties. That's the goal, but there's enough integration and other work involved that it's not going to happen overnight. But I do expect to see it happen; exactly how and when it happens remains to be seen.
Mozilla does not yet have support for encrypted email, either S/MIME or PGP-based. I expect both to become available later sometime, but it's too soon to guess at dates.
If such a function exists, it would not violate the patent, as the patent (as I understand it) specifically covers the function and not the mapping of input to output.
However, the chances are that it would take considerably longer to derive such a function than it would be to just ride out the patent. That should not deter Open Source evangelists from trying, though, as a totally unencumbered function would be useful from the perspective of eroding the notion of Intellectual Property.
(If you could duplicate the O=f(I) mapping for one piece of code, without duplicating any patented algorithm, it would render algorithm-specific patents rather pointless.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I specifically restricted it to the useful range of inputs, at which point the relationship between f(x) and g(x) outside of the range defined is undefined.
How is this practical? Well, let's define f(x) as being defined over the range of integers, and h(x) as being defined over the range of reals. h(x) is approximately f(x), within 0.5 either side, over the range that x is normally used.
Then, define g(x) as round(h(x)). g(x) is now equal to f(x), within the normal range of x, but is defined over a completely different function, and would significantly diverge if taken outside of that range.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
round(x + 0.1 * x) = x, when -4 Let f(x) = x + f(x - 1), where f(0) = 0.
Let g(x) = round(3.2 * (x - 1)).
f(x) = g(x), over the interval 2 sin(x) = x, for very small values of x, if appropriately rounded. However, if left as-is, or taken over a larger range of x, then sin(x) != x.
These are meant to be trivial examples, but they do show how two totally different functions CAN coincide over limited intervals. We don't NEED a clone of the RSA function, over the entire range of integers, as it's only meaningful over the interval of one unit of data, which gives you a very limited range over which the two functions would need to coincide.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
BigBaldGuy-
That's great to hear. I knew that part of the problem was proprietary (read: unfreeable) stuff, and I'm sure your intentions are good. My one concern is whether or not I'll be able to use it with nightlies (since I use those and not the M builds.) Any idea if that'll be the case?
~luge
IAAL,BIANLY
Any idea what kind of restrictions would be placed on mozilla now that it has crypto? I'd like to see a fortify build for mozilla.. would be nice (can get rid of netscape for banking)
I'd like a nice replacement mailing tool with gpg support.
--
Hi. Mozilla still barfs after about 5 seconds on my SMP Celeron sysstem (Under Linux, glibc 2.1.13, kernel 2.2.14.) This is supposed to be due to the fact that it's not "thread safe." Anyone know when this will be addressed? Ben
It would be extremely cool to see some built-in PGP for the email/news client. Or at least hooks to use an external PGP/GPG.
I think that a lot more people would be more interested in defending privacy/crypto rights if it was more visible to the end-user community.
First of all, it sounds incredibly catty on Mozilla's part, throwing in a completely irrelevant quote from Tim Bray about Microsoft. Bray was nudging Microsoft to improve other parts of their browser instead of focusing on XSL, not trying to scare people off from trying implementations of XSL. Waiting until standards are completely finished before doing any kind of implementation just slows the whole process down, because people won't realize the cool stuff they're missing. Just because he wants full XML+CSS support first doesn't mean that people are supposed to wait around and do nothing on the XSL front. Mozilla twists his point around and uses it as an excuse for why they can't do both.
And oh yeah, XSLT, XPATH, XSL are all to the point -- the first two being W3C Recommendations, and the last a Working Draft -- where xml.com (the source quoted by Mozilla) considers them to be standards, making Mozilla's claims even more dubious. Perhaps they need a few more free volunteers to update their FAQ for them?
Cheers,
ZicoKnows@hotmail.com
So, if they don't have any kind of early support support for the XSLT standard now (available at http://www.w3.org/TR/xslt), then they're already digging another hole for themselves.
Cheers,
ZicoKnows@hotmail.com
Upon reading the posts on the binary part of the crypto component, I believe (IANAL!!) that Mozilla still does the same thing, send a link to the source to the BXA, and provided that whatever binary they're calling has been approved for export, all is well in the world.
Returned Peace Corps IT Volunteer
"Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
Question - if the binary is public domain, wouldn't the source be public domain? And would patent law require them to publish their code?
Ahh, the days when a post could be moderated -2. Anyways not to be rude, but it will be opersource eventually, like in september. But there is this little problem of RSA patents that have to be dealt with. And if you want to play in the RSA field you gotta follow their rules. Anyways all of this is built by Netscape and is under inspection by many people who will have access to the source. So please calm down and take your seat in the corner.
Probably because damn near all the secure sites out there talk RSA. They can implement SSL all they like and even include other encryption methods into Mozilla, but without RSA they might as well not bother.
At least according to Jan Leger's post on the Seamonkey news group.
Quemadmodum gladius neminem occidit, occidentis telum est
I think open development is *eventually* faster than closed development, because a bunch of hackers will want to make something which is easy to hack. A project controlled by a single company will sooner or later sacrifice future hackability to meet a release date *now*. Notice I say "open development", not just "open source"; if all development is being done by one company then the same commercial pressures apply. But Mozilla *is* largely "open development" in spite of the high proportion of Netscape coders - decisions are taken by non-netscape developers too, so there are voices in there which aren't subject to Netscape's commercial pressures.
perl -e 'fork||print for split//,"hahahaha"'
HOORAY MOZILLA! Just when they've missed another on-the-wire date and you start to lose hope, they pop back up again. You guys are big encouragers, especially by jumping into the forums here and educating us all.
:-)
---
In th is usenet article, Jim Roskind goes into some of the plans for M14 and beyond. One point he brings up (and this is the where-you-can-help part) is that the main things which prevent a commercial-branded alpha/beta are the "beta-stopper" bugs; bugs which are first marked beta1 on submission, then reviewed and marked by authorization as PDT. These beta-stoppers, by virtue of their priority, draw human resources from across Netscape as well as just the seamonkey group.
So if you can, test the program. If you find a beta-stopper - some real bug like a crash or a performance problem - report it and mark it beta1. These draw special attention from the mozilla people, and if promoted to PDT status, will attract extra developers from Netscape.
---
Someone else at MozillaZine had some insights about a (possibly semi-official) name for the full completed package: Netscape 2001 or some such. Yes it is the year thing, but as Henrik points out, it could be succesfully tied into the air of cooless surrounding 2001, A Space Odyssey. Maybe they'd even give it a classical soundtrack
-- If you lived here, you'd be home by now.
can you trick the library into becoming an api using #define?
--
The shareholder is always right.
Anyway, from recent binaries, mozilla looks like it's coming along pretty well. Some of the High-vote bugs (not including mine) have been sitting on the table for a while, but a lot of smaller issues have been corrected since M13.
--
The shareholder is always right.
I'm just worried that mozilla will be so large that there won't be ten hackers who understand any given line of the source code. Has this ever been a problem with other open source projects?
--
The shareholder is always right.
Turns out you set a ld_preload when you run the mozilla running scripts. It also turns out that runsocks ALSO uses a ld_preload. You can merge the two ld_preload commands and that actually works pretty well (Or has when I tried it, YMMV.)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Lets see if the Mozilla Team and the Apache team manage to hack that in to their software before I beat them to it...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
- I can copy/paste in and out of the program
- save preferences easier (i think this has been fixed but i don't do CVS)
- use CRYPTO!
- Have it save the size of my window (fixed too?)
- pages like www.cleveland.com will load (java shit)
how's the outlook for m14? Think i'll be able to trash netscape finally?
- Mike Roberto
-- roberto@apk.net
--- AOL IM: MicroBerto
Berto
> Do any distributions ship with Mozilla?
Yes. Suse 6.3 includes Milestone 12. I believe 6.2 had a milestone as well.
norom
>I can download the binary and use RSA FOC.
yes.
>I can go to the ibm hosted patent site and >download the RSA patent.
yes.
> I am not legally allowed to implement the patent, although I can
> legally download source that implements the patent in other
> countries.
But you can't have that source in the U.S. So you can only download it from other countries to other countries. In the U.S. it's RSA's way or no way.
> I just don't see that not allowing the source to be open is such
> a big deal. I mean, the cat is out of the bag. I cannot legally
> distribute software using RSA until September, but I can
> possess source code that would implement it if compiled, and
No you can't, I don't think.
> I can FREELY possess binaries that implement it (such as
> netscape, IE, ssh - for non-commercial use...)
There is a library - RSAREF - written by RSA implementing the RSA algorithm. It's license permits non-commercial use, but forbids any modifications whatsoever to it's code, which is structured in a way that doesn't expose APIs needed for https. As I understand it, for SSL, the commercial library from RSA, BSAFE, is needed, as well as some further modifications. BSAFE allows modifications, but forbids the distribution of modified source (or even source at all). So closed-source it is, until the patent expires. Even then, it will be necessary to re-write the code to use something else, as RSA's copyright on their library will still be valid. It will just be legal to use something else.
> Exactly how much of a head start is it going to be for mozilla
> to distribute the source ?
huh? the source can't be distributed, becasuse that would violate it's licensing terms.
> I also realize the REAL issue is that mozilla NEEDS permission to
> distribute the source, and that is the real hangup. It all seems
> so silly.
mozilla can't violate the terms of Netscape's RSA license, because that would void Netscape's license to have RSA code. So it's never going to open in its current form, but I would expect to see an OpenSSL-based replacement for the plugin sometime soon, probably distributed only to non-US users at first and replacing the RSA-licensed one after the patent expires.
The Matrix is going down for reboot now! Stopping reality: OK. The system is halted.
Umm.. how about implementing other encryption algorithms. Perhaps of non-US origin? Try GOST from Russia for example.
Here are links to GOST and others.
--
>(8< ~ we come in peace
unless i've forgotten more of my math than i think i did, this is impossible. there is no way to find an "equivalent (but mathematically distinct)" function to the RSA function. this is because if you have two functions f and g such that f(x)=g(x) for all x (as would be required) then f=g. Of course, they may be written differently (i.e. a trivial case of functions written differently would be f=tan(x), g=sin(x)/cos(x)). However, this does not mean that these are not the same exact function.
Browsers support SSL now, and that includes encryption. What's being added? Encrypted E-mail support?
RSA is not something like a sorting algorithm or a FFT; the Perl slogan There's More Than One Way to Do It is not applicable here. If we model the core RSA function m=c^e mod n as an bijective function f() from Z/Z_n -> Z/Z_n (the field defined by the integers modulo), simple uniqueness considerations on the operators over the field dictate that there is no other function g() that maps the same bijection between Z/Z_n -> Z/Z_n that is distinct from f(). Neccesarily, if f(x)=g(x) for all inputs {x|x E Z/Z_n}, the function f()==g() for a sufficiently broad generalization of the underlying field (irrespective of the specific structure of the field). Essentially, any shortcut that allows the computation of the RSA function without carrying out the same operation means that the RSA function has an some extremely unexpected properties. RSA is probably broken if it ever gets to that point.
Your statement is not strictly true. In order to define equality of two functions, we must establish the mathematical space under which the functional operations are carried out. In the case of the reals, the space has enough underlying structure (ie. Taylor series, Cauchy-Dedekind representations) that we can prove equality for a certain small minority of functions defined over the reals. This is not as trivial as it seems; a theorem by Richardson states that [handwaving here; read the proof for the details] even for a surprisingly simple class of expressions over R (the rational numbers), the predicative identity E=0, where E is a any finite, recursively definable expression under the certain strict constraints, is not decidable. Your posting is not generally correct, but nonetheless applicable for the question of the RSA function, unless there is something very surprising that we have yet to discover about it.
Ouch, that's embarassing. My thesis advisor would probably have had me drawn and quartered for that. I misstated Richardson's theorem: R is the class of expressions formed by: 1) The rationals, PI, and ln(2) 2)A single dependent variable x 3) The operations of addition and multiplication, and 4) The sine, cosine, exponential, and absolute value functions. Composition is allowed, of course. The predicate E=0 cannot be decided for arbitrary E in R.
I think the above paragraph is right, but I'm not sure I got all the details right and those little proof demons always lurk in the details...
I understand what you mean, I've seen bunches of these "binary=linux-x86" only programs... but I don't think it'll apply in this case.
Tomorrow will be cancelled due to lack of interest
Whenever Debian freezes it will ship with Mozilla (not sure which build, though.) Advancement of Mozilla is pretty crucial for Debian, since (unlike other distributions that would ship Mozilla as a supplement to Netscape) Debian doesn't distribute Netscape with the core of the distro. Until there is a usable Mozilla, Debian will continue to ship without a "serious" browser.
Grain of salt: I'm posting this from yesterday's build, so I (personally) consider Mozilla pretty damn fine stuff. But it's just not quite ready for mainstream acceptance (which is my Debian isn't in great shape, web-wise.)
~luge
IAAL,BIANLY
The latest Mozilla release does not even compile sucessfully on my IRIX box, let alone run correctly.
--Ivan, weenie NT4 user: bite me!
--weenie NT4 user: bite me!
"Computers are nothing but a perfect illusion of order" -- Iggy Pop
if the binary is public domain, wouldn't the source be public domain? And would patent law require them to publish their code?
The RSA binaries won't be public domain. I believe the patent on the RSA algorithm expires this autumn. With the algorithm in the public domain, anyone can legally write their own RSA code. BTW, how long do patents last? I think it's 17 years.
cpeterso
https://www.fortify.net/sslcheck.html
which tells you what level of encryption you're running.
www.openssl.org has an Open Source implementation of SSL. I think their latest version is 0.95.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I don't get this.
I can download the binary and use RSA FOC.
I can go to the ibm hosted patent site and download the RSA patent.
I am not legally allowed to implement the patent, although I can
legally download source that implements the patent in other
countries.
I just don't see that not allowing the source to be open is such
a big deal. I mean, the cat is out of the bag. I cannot legally
distribute software using RSA until September, but I can
possess source code that would implement it if compiled, and
I can FREELY possess binaries that implement it (such as
netscape, IE, ssh - for non-commercial use...)
Exactly how much of a head start is it going to be for mozilla
to distribute the source ?
I also realize the REAL issue is that mozilla NEEDS permission to
distribute the source, and that is the real hangup. It all seems
so silly.
To clarify this a little more: the security library for Netscape Communicator (which will also be in the iPlanet PSM binaries that will work with Mozilla) incorporates proprietary code from RSA Security, and some of that code implements the RSA public key algorithm, on which RSA Security has a patent in the U.S.
Once the RSA patent expires then other people in the U.S. may write and release code implementing the RSA algorithm without requiring a patent license from RSA. However the code supplied by RSA Security will still be proprietary. What the expiration of the patent will allow is creation of an alternative RSA implementation which is open source and can be freely used with the Mozilla source base.
I believe the patent on the RSA algorithm expires this autumn.
September 20, 2000 (which actually is in the summer, but just barely). And yes, patents normally are for 17 years.
I'm seeing a lot of posts that ask about this or that. Try downloading Mozilla. Mozilla currently supports Javascript up to 1.5 and CSS 1 & 2. Download the build - give it a shot.
The SSL code will be included in the tip - not the mozilla tree. This means - no one will see the code that is owned by RSA. So using cvs on the tree wont get you all the crypto code - it will probably download at least one small binary file that includes the patented RSA code. Which later this year will fall into public domain.
Don't forget to help out on the Mozilla project - Mozilla runs great on Mac, Linux, Win32 and all sorts of variant UNIX operating systems as well as OS's I've never even heard of.
Joseph Elwell.
I'd like to appeal to everyone. If you like Linux and especially Open Source Software, please download this release of Mozilla (and future releases as well) and use it, abuse it, and break it. Then, report those bugs! This is going to be one of the biggest coups for Open Source Software and show a lot of detractors that OSS is a viable method for developing quality software. It will also blow away a lot of FUD concerning security issues, etc. of OSS (because it's open.) Thanks.
kuro5hin.org
Co-founder and designer at Music Nearby: http://musicnearby.com
One important note: the crypto in M14 will not be Open Source. Rather, M14 will incorporate hooks which will be usable with a binary-only crypto module from iPlanet (the offspring of the Netscape-Mozilla alliance.) For more on the situation, read this mozillazine post.
IAAL,BIANLY
When you're done banding together to implement RSA without violating their patents, please drop us a line. (Have fun storming the castle!)
it's bug #22687
Vote early (and as the old joke goes, vote often)
W
-------------------
-------------------
This is my SIG. There are many like it, but this one is mine.
http://www.bxa.doc.gov/Encryption/licchart.htm
Product
Previous Licensing Mechanism
Update99 Licensing Mechanism
Technical Review
Reporting
Source Code (publicly available, unrestricted)
IL/ELA
TSU
No3,4
No
Source Code (publicly available with restrictions)
IL/ELA
ENC
No3,4
Yes
Notes:
3. No review of foreign products(s)
4. BXA Notification at time of export is required
Returned Peace Corps IT Volunteer
The net will not be what we demand, but what we make it. Build it well.
Curses! http://www.mozillazine.org is blocked by SurfWatch! Just when I was about to get a stable browser that works, the filtering companies decide open source software is against their morals :-(