Slashdot Mirror
Mozilla With Crypto Code Released
physicman writes "I just read on MozillaZine that there is finally a release containing the new crypto code. This means we will eventually get the chance to get access to secure Websites with our favorite nearly-in-beta-stage browser.
" Mozilla's really been making a lot of progress recently -- and it looks great.
In all honesty, how else will anyone find that the implementation is flawed, if that happened to be the case. There's plenty of secure sites which you can go to that don't need credit card information. Or users and/or testers can visit secure sites and analyze their traffic, and compare it to the traffic that Netscape 4.7 and IE 5 would generate. Sounds like a good idea. It's not like Mozilla is in general use. Everyone knows that it's not ready for the primetime and uses it knowing that it's a work in progress.
Of course this is not Netscape's or Mozilla's fault. The fault lies entirely with RSA Data Laboratories, who refuse to license their patented RSA algorithm to any open source projects. While liberalization of US export laws is very nice, I think we're going to have to wait until after the RSA patent expires on Sept. 20 before people outside of Netscape (well, US citizens anyway) can start to tinker with the cryptography software themselves.
It's fascinating how RSA Data Laboratories was able to force the whole world to use RSA as their public key cryptography standard instead of the technically superior Diffie-Hellman/El Gamal algorithm. They did this by simply refusing to license Diffie-Hellman to anybody (yes, they owned a patent on that, back before it expired in 1997). Today the Diffie-Hellman algorithm has been out of patent protection for 3 years, but almost nobody uses it, because of the need to remain compatible with the large installed base of software that was forced to use RSA.
Let's hope the current patent shenanigans that are holding back Mozilla crypto are the last adverse effects that the open source community will ever see from RSA Data Laboratories, Inc.
This is a little misleading. The MozillaZine article tells you how you can set up Mozilla to browse secure sites right now. Today. I have done it and it appears to work fine.
Someone outside the U.S. could implement a plugin that has the same API's as the binary iPlanet plugin using openssl library ... and then we wouldn't need to wait until the RSA patent expires...
Much as I hate to admit it, Internet Explorer is the browser to beat, largely because of M$'s [illegal?] bundling of it with the OS and OS integration, the average home user wants to be able to click on an icon that's there when they get their PC - that's IE.
Mozilla is the only option for a compliant 'next-generation' browser. The browsers of the near future are going to have to be a one-stop-shop for net usage encompassing browsing with mail, news, instant messaging, chat, streaming media etc etc. This is possible with Mozilla. In addition, they have to be SECURE. When the traditional media report on the internet, and it's one of the rare occasions when it's not about porn, it's about shopping online, banking online, share dealing online. Security is a big BIG issue here.
People who say they shouldn't be including this in beta software have clearly missed the point of beta software. If it doesn't get beta tested, how the hell is it ever going to be made ready for release to the general public?
Go, download this version, test it, try it, even buy stuff with it, be as careful when doing so as you should be with any browser, but most of all, when you break it report it or fix it.
--
Listening for the sound of the coming rain...
From: http://www.fsf.org/fun/jokes/softw are.terms.html:
Alpha Test Version: Too buggy to be released to the paying public.
Beta Test Version: Still too buggy to be released.
Release Version: Alternate pronunciation of "Beta Test Version".
I understand Mozilla is soon-to-be-beta, and this might scare away people from it's encryption, but could a possible crypto-related Open Source security hole be worse than a closed source 'to-be-enhanced-feature'?
And talking about 'to-be-enhanced-features', have you seen the <IMG SRC="file:///c:\CON\NUL"> bug with IE/Win98? It makes the whole machine crash and burn. You can possibly also send this in html-email to outlook-users. Apparently (you might want to confirm this information), this was posted on BugTraq a year ago, but has recently been reposted because it was never fixed.
Shit happens.
> Will this be folded into Debian Potato's US distro?
Considering that Potato is currently in a freeze, I would imagine not. Perhaps it will go into Woody...
-- Don't Tase me, bro!
I've created a template form that you can fill out and then copy the results into your e-mail client to mail off to websites that aren't allowing you to log in because it thinks you should "Upgrade your browser".
Joseph Elwell.
Mostaphalles dun said:
Well, I don't remember the article in question, but I can note on some stuff (mostly from having been on the net that long)...
As far as I know, only one nation has ever had the death penalty for using the net, and that is Taliban-controlled areas of Afghanistan. (The Taliban-controlled areas have severe restrictions and/or outright bans on very nearly all media, including most print media, TV, movies, and even music--they outright make the Bad Old Days of sharia law in Iran look downright liberal in comparison.)
Some countries in central Africa may well have had severe restrictions (including imprisonment, though I doubt the death penalty) for unapproved connections, and most of the Islamic countries have always had severe restrictions on Internet connections (usually requiring proxies, etc.)... don't remember seeing anything on death penalties, though.
Myanmar may have had such a restriction; reportedly, modems are illegal unless specifically licensed by the government there, and an unlicensed modem can land one in prison for a good long time.
Notably--most of thesee countries that would have problems with it don't make the net illegal as much as they'd make all "unathorised" or "unlicensed" publishers illegal--it's far more likely they'd get you for "publishing subversive publications" or the like.
I can state with some certainty that Singapore wasn't one of the places that had the death penalty for using the net, though (I remember *.sg addys from 1992-1993), and the government finally started restrictions around 1996 or so (basically national firewall).
As an aside: Most countries that are going to be so repressive as to literally mandate the death penalty for unlicensed connections to the net have very poor or no Internet connectability whatsoever. Many countries in central Africa pretty much only have UUCP connections to the rest of the world (mostly through stuff like Doctors Without Borders, and occasionally university connections), and an increasing number of those are actually getting full Internet at least for universities. Iran (Yes, Iran) even has full Internet, and even one or two ISPs operating there...
About the only countries I know of with no Internet connections are Iraq, Libya, North Korea, and Afghanistan...Iraq is basically being shunned by the rest of the world and had most of its infrastructure bombed back into the stone age, and most of the folks there have more serious worries (like food and meds and shelter); Libya was likewise shunned due to UN sanctions (its domain is being operated as a vanity domain out of the UK) but this may change now that most UN sactions are being dropped; North Korea both is shunned and pretty much has walled itself off from the rest of the world (about the only country MORE isolated is Afghanistan), its people have more important things to worry about (like food) and the leaders are xenophobic enough to pretty much avoid anything like the net like the black plague; Afghanistan, well, it has the Taliban (fun with psychofundy Sunni Moslems that make the hardline mullahs in Iran seem downright grandfatherly) and I mentioned some of the fun stuff they ban earlier...as for the rest of Afghanistan, just about everything above a molehill was blown to smithereens long ago, they have more important stuff to worry about (like food, shelter, not having the entire country taken over by the Taliban, etc.). Short of a miracle, none of these folks are going to be getting Internet access anytime soon. :P
-Windigo The Feral (NYAR!)
First off, performance and real usability issues should always take priority over eye candy. I don't have resources to waste on pretty bs.
Why does mozilla break all the user interface rules (like middle button scrolling)? This pisses me off because they must have spent a bundle of time reimplementing the entire keyboard/mouse logic (incorrectly). Don't fix [break] it if it isn't broken.
For an OS that started on text terminals, linux sure jacked up it's keyboard handling. Back in my windows days I didn't use the mouse (ever, 'cept browsing). With linux I have to use it all the time. I suppose it's really the windows manager / x server / apps fault but it makes the whole system suck.
If you disagree you can post you reasons. If you have no reasons moderate me down instead.
Ryan