Slashdot Mirror
Mozilla With Crypto Code Released
physicman writes "I just read on MozillaZine that there is finally a release containing the new crypto code. This means we will eventually get the chance to get access to secure Websites with our favorite nearly-in-beta-stage browser.
" Mozilla's really been making a lot of progress recently -- and it looks great.
Run a beta version of a browser for "secure" transactions over the internet. I think that you will find some problems with that.
Slashdot social engineering at it's finest
I hear this is going to be big in China:p
Does the US gov approve of all that Netscape is doing? the 128-bit enc browser is available anywhere given you "say" you're american...
;-)
Now the crypto is opensource?
I'm still waiting for Netscape 6.0
Use my userscript to add story images to Slashdot. There's no going back.
Will this be folded into Debian Potato's US distro?
Are there issues redistributing?
I rather hope not; I am writing this with plain M14
and liking it lots.
"Think of it as evolution in action."
Kinda about time..I know I shouldn't push it, but
AOL/Netscape have taken long enough. Though when I
have time then I'll be able to play with what looks like a great browser. It'll match will the rest of the GTK arena that is my home..All those
pretty GTK themes on my browser.It'll also allieviate the poor browsing selection for Linux/Alpha!
Am I the only one who think the Mozilla UI is just plain ugly? I'm not talking about unimplemented features or slowness. I understand and accept that this is a far-from-final release product. I like the display engine. It's incredibly fast compared to NS 4.7 and IE4/5. But the interface... what were they thinking?
I mean let's face it, it's not really any good and from the looks of it, it never will be. Why should anyone care about a new release of Mozilla containing a new and complex piece of code which likely contains God knows how many new bugs which will allow the spread your personal information to hackers and other criminals on the net.
No browser we yet have for Linux matches the compliance and reliability of Internet Explorer. What the Mozilla team needs to do before Mozilla can become the browser of choice under Linux is make it more like IE and less like Netscape. Until it supports all of the w3c's standards like XHTML and CSS level 2 then Mozilla will remain as a backwater program only used by people who are truly desparate.
mozilla still has a looong way to go before i consider it a usable application
I've been using M14 for nearly two weeks now, and I also use IE5 daily. I have to say that M14 looks like a poor imitation of IE5, with the bar on the left, and the "password remembering" half baked mechanism. I'll continue to use it and submit bug reports, and test it with online banking, but lets face it, this ain't great software like we expect with freeware.
The lack of crypo was one of the last obstacles to my using Mozilla as my everyday browser. Thanks to all the folks who have contributed to Mozilla. Now, if only they'd post that AIX build .... mmmm.
i don't have any macintoshes or intel machines, so i can't run the binary releases. has anyone successfully built this thing on solaris and/or irix? (preferably irix, my solaris machine is gimpy)
Of course this is not Netscape's or Mozilla's fault. The fault lies entirely with RSA Data Laboratories, who refuse to license their patented RSA algorithm to any open source projects. While liberalization of US export laws is very nice, I think we're going to have to wait until after the RSA patent expires on Sept. 20 before people outside of Netscape (well, US citizens anyway) can start to tinker with the cryptography software themselves.
It's fascinating how RSA Data Laboratories was able to force the whole world to use RSA as their public key cryptography standard instead of the technically superior Diffie-Hellman/El Gamal algorithm. They did this by simply refusing to license Diffie-Hellman to anybody (yes, they owned a patent on that, back before it expired in 1997). Today the Diffie-Hellman algorithm has been out of patent protection for 3 years, but almost nobody uses it, because of the need to remain compatible with the large installed base of software that was forced to use RSA.
Let's hope the current patent shenanigans that are holding back Mozilla crypto are the last adverse effects that the open source community will ever see from RSA Data Laboratories, Inc.
How strong is the encryption? Does your citizenship have to be verified like it did when netscape first did 128-bit crypto?
You won't get the theme support. the mozilla project doesn't currently have any plans to make them work either. check out http://www.linuxpower.org/display.php? id=168 for an explanation from Christopher Blizzard. that link was posted on slashdot too. So, while you will have a solid browser, you won't have theme support
This is a little misleading. The MozillaZine article tells you how you can set up Mozilla to browse secure sites right now. Today. I have done it and it appears to work fine.
Someone outside the U.S. could implement a plugin that has the same API's as the binary iPlanet plugin using openssl library ... and then we wouldn't need to wait until the RSA patent expires...
Much as I hate to admit it, Internet Explorer is the browser to beat, largely because of M$'s [illegal?] bundling of it with the OS and OS integration, the average home user wants to be able to click on an icon that's there when they get their PC - that's IE.
Mozilla is the only option for a compliant 'next-generation' browser. The browsers of the near future are going to have to be a one-stop-shop for net usage encompassing browsing with mail, news, instant messaging, chat, streaming media etc etc. This is possible with Mozilla. In addition, they have to be SECURE. When the traditional media report on the internet, and it's one of the rare occasions when it's not about porn, it's about shopping online, banking online, share dealing online. Security is a big BIG issue here.
People who say they shouldn't be including this in beta software have clearly missed the point of beta software. If it doesn't get beta tested, how the hell is it ever going to be made ready for release to the general public?
Go, download this version, test it, try it, even buy stuff with it, be as careful when doing so as you should be with any browser, but most of all, when you break it report it or fix it.
--
Listening for the sound of the coming rain...
When I first tried out Mozilla, it was unusable, as expected of early software of its type. M14 is very nice and stable, as it seems. I believe that it renders pages better and looks better than Netscape 4.7, despite what some people may say. I don't care for the password remembering stuff and other IE-like features, but I don't have to use them. This is a browser that will be used in the mainstream eventually (as Netscape 6.0), so it isn't a bad thing to have those things. Hopefully we see the jump to "beta" quality code soon.
"You spoony bard!" -Tellah
Mozilla's UI is hugely configurable, and you're complaining about it's looks?
In the spirit of open source, if you can do better, then fix the damn thing. If not, then wait until someone comes up with something better. If it's that bad, they will.
It's pretty lame to complain about something that is fully configurable by any user.
What happened to dynamic reflow (or whatever you call it). I used to load slashdot in M13 (I think it was M13, maybe earlier) and it would progressively display as it loaded. Now it does the old Netscape thing of waiting for the last before displaying anything. Give me back my reflow!
Matt. Want XML + Apache + Stylesheets? Get AxKit.
Although the Mozilla coders have disabled all other theme support in favour of XUL, the scrollbars on my copy use the GTKStep theme ...
Chris Wareham
Ever since my fall, I've been watching a lot more TV. It's lucky, too, because I've discovered the most delightful new show. It's called The Golden Girls. It's on
every day at 5:30 p.m. on channel 14 and is about four women, Dorothy, Blanche, Rose, and Sophia, who are getting on in years, just like me. And, like me, they
have no husbands, and their children rarely visit or call.
In the past, I never looked at the "boob tube" much. Other than watching the Weather Channel to check for storm advisories for Cincinnati, where my daughter
Emily lives, I barely even turned the thing on. But with Harold gone two years this month and me not really trusting myself to take the bus to church anymore--not to
mention the broken hip--let's just say I've had a lot of time on my hands. I can't even crochet or sew anymore because of the arthritis, so rather than just sitting in my
blue chair staring at the wall for hours, I've started to look at the TV.
Lately, the highlight of each day is when I tune in to see what's going on in the lives of these Golden Girls. It's such a nice escape to be able to step into this
wonderful world where older women wear stylish clothing, say lots of clever things, and, judging from the way they are always on the go, have no problems with
bursitis, high blood pressure, or hemorrhoids.
The Golden Girls have a lovely Florida home with a full patio and breakfast nook, and they go on vacations and take dance classes together. Sometimes, I try to
imagine what it would be like if their house had one more bedroom, and I lived there. Though I don't think it would be appropriate to date at my age, I would very
much enjoy the companionship of some good friends. I would readily agree to do all the housework if it meant I had someone to talk to once in a while. And if I
fractured my hip, I would have the assurance that I wouldn't have to lay on the floor in pain for three days, waiting each day for the mailman's footsteps so I could cry
out in the hopes of getting his attention.
Of course, living in a house full of women is bound to cause some tension, especially when everyone has such different personalities. Sophia is grumpy and
always has some smart-alecky thing to say. (At first, I didn't like her much, but I soon saw that even she has a soft side. Besides, you have to be tough growing up in
Brooklyn.) Dorothy, Sophia's daughter, inherited her mother's mouth and is the unofficial leader of the gang. Blanche, a wild Southern belle, is quite the narcissist.
Rose, on the other hand, is sweet and dim-witted. She reminds me of my dear sister Lydia, who passed on last year. Sometimes, one of Rose's silly remarks about
small-town life brings me to tears, making me think about how much I miss my one and only sibling, who is gone forever.
The Golden Girls often get mad at each other. At times, they even resort to calling each other nasty names, using words I don't think one should be able to say on
television. But at the end of the day, they always find a way to patch things up and become the best of friends again.
I sure wish I had some friends living close by. Ruth, my best friend of 51 years, is in a home down in Emmetsville. I haven't seen her since Christmas of 1997,
and at that point, she didn't recognize me or her own children anymore.
My, it looks so sunny and beautiful down there in Florida. It's terribly cold up here. I'm so frightened of catching pneumonia like Harold did, I hardly leave the
house during the winter anymore. I signed up for Meals On Wheels last month, and most days, they drop by with something to eat, so I don't have to turn the stove
on anymore. (I accidentally left the gas on last December but, luckily, the neighbors smelled it and pounded on my door.)
I do get jealous of the Golden Girls, how they have each other. But I need to remember that it's not all cake and ice cream for them. They've had to face some
very difficult situations recently, like when Dorothy found a lump in her breast, and the time Blanche found out that her late husband had fathered an illegitimate child,
and when Rose was cut off from her husband's pension. But by sticking together, they're able to face even the worst. As for me, I am left to face the world alone.
--Powdermilk Biscuits... My they're tasty, and expeditious....
Mozilla is a real pieace of work all right.
Hee hee a piece of garbage. Really when is this ever going to even touch the capabilites and performance of IE. Not only that on top of everything else lamer oses like FreeBSD and Linux actually slow down Mozilla more than it already is. It is just a matter of time before the exec at AOL/Time get a clue and fire/liquidate the entire Netscape division and have netscape.com point directly over to aol.com
From: http://www.fsf.org/fun/jokes/softw are.terms.html:
Alpha Test Version: Too buggy to be released to the paying public.
Beta Test Version: Still too buggy to be released.
Release Version: Alternate pronunciation of "Beta Test Version".
I understand Mozilla is soon-to-be-beta, and this might scare away people from it's encryption, but could a possible crypto-related Open Source security hole be worse than a closed source 'to-be-enhanced-feature'?
And talking about 'to-be-enhanced-features', have you seen the <IMG SRC="file:///c:\CON\NUL"> bug with IE/Win98? It makes the whole machine crash and burn. You can possibly also send this in html-email to outlook-users. Apparently (you might want to confirm this information), this was posted on BugTraq a year ago, but has recently been reposted because it was never fixed.
Shit happens.
Just tested it at fortify.net
Since Mozilla most likely will be the browser of the future Joe Desktop Linux system, I would suggest to those folks who have 'white-hat hack' in their blood to start to look for ways around the encryption, such as forcing a known encrypt key using trojans or BO or something of the sort. With open-source, you can bet the crackers will be looking for ways into the system. Mozilla needs to be ripped apart to work on its vulnerabilities. White-hatters can help secure it probably better than the programmers. Open-source can adapt far more quickly. Mozilla is the future for Linux. Aesthetics aside (pretty looks come after functionality), I'm looking for more security and stability than what IE and NS offers.
"First things first, but not necessarily in that order."
- Doctor Who
We're getting there people!
--
A buddhist walks up to a hot dog stand and says ``Make me one with everything.''
Mozilla is no longer open source since now they are going ahead and including binary only stuff. Real nice!!?! Now we have a project that is essentially renamed hyped up Netscape 7.0 with AOL 8.0 the ultamate pointy click ease.
I don't recall exactly when I saw this, around 1995/1996, but accessing the internet in some countries is/was punishable by death.
I remember specificlly many African countries and in Singapore it was punishable by death to be on the net.
I know this is not longer the truth in singapore but it may still be in some countries, i'd love to hear about it if anyone else knows anything about this.
Oh yeah, the info was in a wired article...
please reply if you know anything else on the topic...
PacRan
---- "Pika Pi Pika pi pi pikachu pi pika pika chu pika pika chu chu pika pi pika chu pika PIKACHU"
This is great! I'm quite impressed. Even if mozilla does crash every so often, the feel of the mozilla client is 10x better than Netscape navigator. It also seems to work well enough to be usable. Previous releases of mozilla and the technology previews of Opera were downright sad. I could barely get them started before they would crash. Even if they did hang on for a while, the rendering engine couldn't deal with half of the web pages I went to. Mozilla M14 may be the release that takes mozilla over the top! :-) Jason
I've been following Mozilla's development since the beginning. Unfortunately, I have not been able to seriously use Mozilla for more than a few minutes due to it's lack of Crypto support. I know this wasn't the fault of Mozilla and company, but rather the US of A's stoopid encryption laws.
Finally, I can now start using Mozilla and do my part as a user to make this browser the best it can be! While I wish the entire thing were open source, what I (and most other people) care about is simply having viable alternatives. Now we all have one.
Open Source certainly enables choice (look at Linux and all the variations of BSD), but it's not the only way to develop software. Believe me, I'm looking forward to the day RSA's patent expires. Then we'll have some real choices.
-- PhoneBoy
The views expressed herein are not necessarily those of anyone, including the poster.
"Any other use of moderation is simply censorship, and as such, unAmerican." Yeah? So what if you're not an american, bright boy? Siddown an shaddup...
Almost all the source code has been, or soon will be, released. Only the parts specific to RSA await the expiry of the patent. Until then, you can substitute your own RSA implementation (taken from, say, OpenSSL) and build your own binary from these sources. OK, it would be illegal if you're in the US, but you can do it.
I've created a template form that you can fill out and then copy the results into your e-mail client to mail off to websites that aren't allowing you to log in because it thinks you should "Upgrade your browser".
Joseph Elwell.
Very interesting. Can anyone confirm this? I can only seem to find that Public Key Partners, not RSADSI held the patent on Diffe-Hellman. Is there any connection between these two companies?
The way to do this would be to make a PKCS#11 ("Cryptoki") module that does crypto in software. (PKCS#11 was designed for smartcard access.) PKCS#11 is a common standard supported by PSM, Communicator, all the Netscape/iPlanet servers, and other vendors' products as well.
In fact, most of the "boilerplate" code you'd need is in the open NSS code released on mozilla.org -- but Mozilla/AOL/iPlanet can't do this, it'd have to be done outside the US.
So get cracking!
I'd help fix the bugs, if only they'd rewrite it in Perl...
Carefree highway, let me slip away on you.
Oh geez, building code for the other monopoly online. Sounds like fun. Shooting off your face in spite of your nose. Get real.
The "weaker members of society" deserve no false compassion. They are a drain on our resources and as such must be humanely eliminated. This is the great goal of the Geek Movement: To put the mentally strong Geeks in control of society, so that evolution may take its course unhindered.
Have you ever heard the truism
"The simplest answer is the best"
DSA/El Gamal is much more convoluted than RSA. RSA is simplicity and elegance in an algorithm. I trust RSA more because it is better understood, and since it is simpler, there are fewer attack vectors for a cryptanalyst.
The Mozilla Crypto FAQ. Read it. It explains how the developers will return to release this source and include it with Mozilla later, when the patents expire. Or maybe you'd rather they broke the patent and made the whole damn browser illegal?
Think before you post...
Tomorrow will be cancelled due to lack of interest
General Ripper, I applaud your firm stand in this matter.
Has something changed? Richard Stallman has argued that the MPL is not GPL compliant. Has his position changed? I think not. Last week Miguel of Gnome fame mentioned (no url) that Mozilla couldn't be included in Gnome because it is non-GPL compliant. -Unless I'm mistaken, Debian still doesn't allow non-GPL compliant code into their distribution.
Life is like an egg better scrambled than fried. -- Ken Sawatari
There is no binary-only code hosted on mozilla.org as part of the Mozilla project. The Netscape Personal Security Manager binaries (which provide SSL support for Mozilla) have been provided by iPlanet, because they have the license from RSA to include the necessary code and algorithms to build a complete binary executable ready for use (in this case under the "Netscape" brand).
All of the other code in PSM is or will be available in source form on the mozilla.org site. People who want to use that source code to build their own PSM binaries will be able to do so, as long as they have separate source code to implement the RSA-licensed parts.
For reference, there are three sets of relevant source code needed to provide SSL support for Mozilla:
As always, for more information see the Mozilla Crypto FAQ.
Hooray hotmail actually works with mozilla. It seemed to crash when I used increased security but for the standard settings it worked just fine. This is a pretty big step. Oh by the way this is posted with M14-Crypto-fullcircle.
Until I can log into E*Trade, I can't move over to Mozilla. And M14-crypto doesn't do E*Trade (for me).
The only other thing keeping me from making the switch is the lack of support for mail filters. I get too much email to have it all swamp my Inbox
Life is like an egg better scrambled than fried. -- Ken Sawatari
The subject says it all.
Potato (web subsection) alread includes mozilla m-13.
Although M14 crashed just as often as Netscape did for me, last night's nightly build has been rock-solid for me so far. My question is, do I need to have M14 to get the PSM? If so, i'd rather just stick with my stable Mozilla and no crypto.
Mike Roberto
- roberto@apk.net
-- AOL IM: MicroBerto
Berto
Wells Fargo won't even let me in with Netscape 4.72 for Windows. Last week they told me March 9th for the testing to be complete, but I'm still being redirected to the "denied" page. They're saying 1700 pst (-0800), now.
At least in the case of Wells Fargo, they seem to actually do some testing of browsers. I can see that a browser could have secure crypto and defeat the crypto entirely by doing something else stupid. So for banking, useragent checking is appropriate. Imagine the liability if they approve a browser that leaves passwords in its cache...
I cannot use Wells Fargo with Netscape 4.72/X11/linux because they whitelist specific agents and deny all others (and haven't gotten around to adding non-windows/macos versions of netscape 4.72).
Does anybody know how to setup squid to rewrite the user-agent for SSL? Or do I have to change my certs somehow?
If I could make squid do this, then I could use any browser.
It's none of the bank's damn business what browser I run as long as it will negotiate a 128-bit ssl connection with their server, and if they use my user-agent header for security purposes, I have a problem with their flawed reasoning.
On the other hand, if I could just rewrite my header to advertize mozilla as (for instance) Mozilla(compatible);IE5.0;winNt (and get the online banking https to work), I could then go to the bank's security admin and show them the folly of their reasoning.
First off, performance and real usability issues should always take priority over eye candy. I don't have resources to waste on pretty bs.
Why does mozilla break all the user interface rules (like middle button scrolling)? This pisses me off because they must have spent a bundle of time reimplementing the entire keyboard/mouse logic (incorrectly). Don't fix [break] it if it isn't broken.
For an OS that started on text terminals, linux sure jacked up it's keyboard handling. Back in my windows days I didn't use the mouse (ever, 'cept browsing). With linux I have to use it all the time. I suppose it's really the windows manager / x server / apps fault but it makes the whole system suck.
If you disagree you can post you reasons. If you have no reasons moderate me down instead.
Ryan
However, since it just recently got updated (I think today or yesterday) to M14, it will likely be a short while before they have the crypto version.
:)
Posted using M14 on Debian
WMBC freeform/independent online radio.
Whenever I use netscape, I have the buttons not shown. Why? Because they're way too large! Even at 1024x768, they take up what I consider to be an unacceptable amount of my viewing area. IMO, Mozilla definitely did the right thing by making smaller buttons, and putting them on the same plane as the URL.
As for the interface in general, I also like that better than Netscape (I'll not mention IE, which is truly hideous).
WMBC freeform/independent online radio.
1. The top one has got to be that I can't do standard *NIX middle-button-paste with Mozilla. I actually have to highlight text, then select "Copy", and then I can middle-button-paste. This is quite annoying...I don't want to use "Copy", that's one of the reasons I don't like Windows or MacOS.
2. Almost as annoying is the fact that the middle button is no longer set to "Open link in new window". Again, that's one of the things I like about Netscape under Linux.
3. I want to be able to define my own shortcut keys, because I will almost certainly never agree with the ones anyone else chooses.
WMBC freeform/independent online radio.
- Save the passwords? Oh how convenient...
I refuse to call something intended for broad public use secure, until it's secure by default.
Whats the use in having a burglar alarm if you dont tell anyone how to turn it on?
Also, it still has to be reversably-encrypted, the passwords have to be sent plaintext. All someone really has to do is to get someone's password file, and run it through a password cracker with a huge list of words, and he'll break it if the user isn't exremely security-minded.
Tomorrow will be cancelled due to lack of interest
IIRC, RSADSI owned a stake in PKP while it was in operation.
The banks security responsibility for my browser ends at the transport encryption. They have done two things that really irritate me: The webpage says that browsers 4.something and later are acceptable, and also, specifically says that 4.72 netscape is allowed, when it isn't yet. I think they should allow any browser that can negotiate and ssl connection. If you're worried about what my browser does with it's cache as a liability issue, why aren't you worried about the liability of someone looking over my shoulder while I browse? For that matter, why doesn't anybody see the (10**4) pin for the atm as the weak point of banking security?
-fb Everything not expressly forbidden is now mandatory.
I downloaded a milestone for freebsd, ran it. According to top it ate up 60 seconds of cpu time before even displaying anything. Then I clicked on the left sidebar thing and it core dumped.
Sweet piece of k0d3.
Considering I posted this from a potato box running M14 it's not that frozen :>
I think you mean released distro instead.
"Think of it as evolution in action."
--
Care about electronic freedom? Consider donating to the EFF!
If it uses RSA, inside the US, it doesn't matter where it was developed, the user needs a license from RSA (or to use RSAREF, see below).
If it doesn't use RSA, it doesn't matter where it was developed, the user doesn't need a license from RSA.
The whole 'outside the US' thing was the traditional response to export controls, not to the use of RSA. US-residing RSA users legally need to use either a licensed version of the RSA algorithm, or use the old RSAREF library that was released to the public (and is horribly slow and buggy).
--
what am I missing? Everytime I get suckered by these announcements... someone always says 'Mozilla has made *so* much progress, its looking really great!' and I dutifully go any download it... I use linux at home, but win32 at work, so I download the windows version and install, and am presented with the buggiest, shitiest pile of dog-turd Ive ever seen... are people blind? The thing crashes every other minute, the widget set is attrocious and there are soooo many bugs you would probably finish quicker if you started again
What am I missing? Is Mozilla really the 'killer app' everyone's been waiting for, or is everyone just so hopeful that they are blind to the fact that its a steaming pile on the carpet???
Simon
The real linux_penguin has Slashdot ID 101961. Anyone else is an impostor. Including Bruce Perens.
On a somewhat unrelated note, does anyone else think the Mozilla logo reminds them of the russian hammer & sickle logo?
Mozilla is total crap. Time to use IE.
As for irix, there were builds back some time ago (a long time ago), but there are problems with the xptcall assembly code -- see http://bugzilla.mozilla.org/show_bug.cgi?id=10061
Any MIPS hackers want to sign up?
I can't wait until Mozilla makes a non-alpha or beta release! BTW, why does the logo look like China's flag?
rbf aka pulsar
I'm actually the person who's implimenting the back-end component to handle the drop-down url bar. Wanna help?
Oh rrrreally.
I have found it consistently mindblowing that the Mozilla gang have not yet implemented any sort of decent keyboard support. All this when AOL are being sued for not providing accessible software with their AOL products. This is not a "nice to have" it is law. I download the builds on a regular basis and if these guys think they can go beta within a couple of weeks, truly a miracle is upon us. Anyone ready to post the "stop whining and fix the code yourself at mozilla.org" message, please remember that of the x million users of netscape/aol/mozilla software only a tiny tiny percentage have the ability to "stop whining and fix the code themselves". later skaters,
I feel the parent story Re:Internet=Death? should be a comment for the Ask Slashdot story about social factors and the Internet, but I am reading it from "Mozilla whit crypto code released".
Human error or mangled database?
--
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
Diffie-Hellman is extremely simple and was discovered a good deal earlier than RSA. El Gamal is a totally obvious extension of Diffie-Hellman, in which the Diffie-Hellman key exchange protocol is made into a public key cryptosystem in the simplest way possible: replace the predetermined secret exponent with an on-demand random one!
The only reason it took seven years to develop El Gamal's algorithm is that the scientific culture at the time was predominantly convinced that algorithms (even cryptographic ones) had to be deterministic. If you had tipped off any researcher in the field about run-time randomization of Diffie-Hellman, they could have produced El Gamal's 1984 paper off the top of their head. RSA is deterministic, requiring no random numbers at run time. Ironically, nowadays all RSA implementations introduce randomization in some form because it is obvious that a purely deterministic algorithm is not secure: Would you trust an encryption algorithm where the messages "Yes" and "No" always encrypt to the same two output messages?
As for your implication that RSA is more trustworthy than El Gamal, you might want to read Question 2.14 of the PGP DH vs. RSA FAQ, where various well-known experts assert that (as far as we know) all known ideas for solving the discrete log problem have direct applicability to factoring, whereas the reverse is not true. We know that factoring does not allow you to take discrete logs, whereas on the flip side there is strong evidence that if you can take discrete logs you can factor. All this and more is explained in the FAQ; the upshot is that most mathematicians, if forced to pick one of the two, would say that the factorization problem is likely to succumb before the discrete log problem succumbs. Of course the underlying hard problem is not the whole story, since neither RSA nor El-Gamal have been proven equivalent to the underlying hard problems, but it's the best we can do so far considering that no one has demonstrated any way to break the algorithms except through the underlying hard problems.
Finally, the very simplicity of using the same key for both encryption and signing is also a liability, in that if both keys are the same then anyone who is able to get one key (for example by a court order) is then able to forge the other operation as well. In the current political climate, I'd certainly like my signature key to remain valid even if the government seizes my encryption key.
and offer him some hot grits for his pants. But strip him first. Then he will be naked and petrified.