Slashdot Mirror
Mozilla Launches Student Coding Program "Winter of Security"
First time accepted submitter NotInHere (3654617) writes "Mozilla has introduced a new program called MWoS, or 'Mozilla Winter of Security,' to involve university students in security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to actively cooperate and to give the students a credit for their work.
From the article: 'MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves.'"
, but the student's universities are expected to actively cooperate and to give the students a credit for their work
If you're from a good university you dont really need such programs, and crappy universities dont give credit unless the work meets a list of crappy criteria designed in the 1950's , so the program is not going to be really great
Superlative plan.
Get students doing the security work, because the real developers are way too busy screwing around with the user interface and can't be disturbed.
Now is the winter of our discontent
Made glorious summer by this sun of York;
And all the clouds that lour'd upon our house
In the deep bosom of the ocean buried.
Now are our brows bound with victorious wreaths;
Our bruised arms hung up for monuments;
Our stern alarums changed to merry meetings,
Our dreadful marches to delightful measures.
Grim-visaged war hath smooth'd his wrinkled front;
And now, instead of mounting barded steeds
To fright the souls of fearful adversaries,
He capers nimbly in a lady's chamber
To the lascivious pleasing of a lute.
But I, that am not shaped for sportive tricks,
Nor made to court an amorous looking-glass;
I, that am rudely stamp'd, and want love's majesty
To strut before a wanton ambling nymph;
I, that am curtail'd of this fair proportion,
Cheated of feature by dissembling nature,
Deformed, unfinish'd, sent before my time
Into this breathing world, scarce half made up,
And that so lamely and unfashionable
That dogs bark at me as I halt by them;
Why, I, in this weak piping time of peace,
Have no delight to pass away the time,
Unless to spy my shadow in the sun
And descant on mine own deformity:
And therefore, since I cannot prove a lover,
To entertain these fair well-spoken days,
I am determined to prove a villain
And hate the idle pleasures of these days.
Plots have I laid, inductions dangerous,
By drunken prophecies, libels and dreams,
To set my brother Clarence and the king
In deadly hate the one against the other:
And if King Edward be as true and just
As I am subtle, false and treacherous,
This day should Clarence closely be mew'd up,
About a prophecy, which says that 'G'
Of Edward's heirs the murderer shall be.
Dive, thoughts, down to my soul: here
Clarence comes.
I am Slashdot. Are you Slashdot as well?
If the code is only as good as the final vetting by security minded eyeballs what does this accomplish in reality? Pipelining for future mozilla engineering candidates?
Or would that be "Fail"?
Now awesome for your curriculum too!
Winter of Security?
I thought we were heading into summer (in the northern hemisphere, where Mozilla and most universities are located)
Do they know something we don't?
I hope that the first thing these guys do is to figure out how to crack or remove Firefox's DRM, I liked Firefox but I will NOT use it if they implement DRM. All DRM says is "We hate, despise, and crap on our users." Full stop.
But maybe DRM in Firefox is a good thing. It has been a long time since a new browser player came into the market and with Firefox soon to crack single digits(post DRM) it might make room for some fresh blood. So maybe one of these students will learn the Firefox code and business model well enough to fork a successful non DRM product that will get the traction of MariaDB with the fools still using the old product(think AOL) and the people in the know using the new product.
I'm surprised that Mozilla has time for this sort of thing. I would think that trying to make a Chome clone would keep them busy all the time. Hell, on top of that they seem to be actively going against the wishes of their community. That has to take a lot of time; they have to figure out what would keep them in the game and then do the opposite.
Seriously though, Mozilla has destroyed itself in the past three years. It is depressing. I don't want to use Chrome because Google..hell, IE is starting to look pretty good.
I'm not sure if I really understand where Mozilla is heading... I chose Firefox over Chrome because of a) secure password sync'ing across devices (real end to end encryption for cloud storage and master password for local storage) and b) addons on Firefox mobile version.
Recently they decided to implement another password sync'ing scheme as the old one (based on pairing devices) was apparently too hard to use for the modal FF user (stats showed that less than 1% of their userbase was using old sync). Unfortunately the new system is by design not nearly as secure as the old system. After a few weeks of enabling the new sync'ing tool I randomly noticed that passwords no longer got sync'ed correctly. Turned out that the new sync system does not work when a master password is enabled. No mention of this in the release notes, no warning message during installation.
With the new sync system we not only get less security by design, on top we're no longer able to locally protect stored passwords with a master password. That means that every malicious/buggy application on your computer is able to read _all_ your saved passwords in plaintext. Take a look at https://bugzilla.mozilla.org/show_bug.cgi?id=995268 for the details. Password sync'ing security is now at par with Chrome, so b) is now the only reason why I'm still staying with FF.
If you take the time to read the bug report it really feels that Mozilla is losing touch with the power users in their pursuit of the average user. They forget that power users influence the rest...
Anyway, I think it's rather ironical that they are doing this security thing while they are knowingly removing security features at the same time.
Golden chance to make all kinds of, "Winter is coming..." jokes. Yet not a single one so far.
Having looked into the security related curriculum at MIT, Princeton, etc, I'd certainly be more likely to hire a student who had hands-on experience under the guidance of a security professional. Their academic programs do not prepare a student for serious security work, in my opinion. In fact, I'd say that a student needs to take all (both) of the security-related electives just to be prepared to write internet-accessible applications.
Not only is there a huge difference between theory and actual practice, but even the theory side is quite limited for security at the top universities. The best I've found is offered by a part of the Texas A&M system, called TEEX.
When I went to work at TEEX, I expected that I'd need to find diplomatic ways of telling them that their cyber-security classes suck, because most classes in the field do suck. I was surprised to see that the TEEX material is pretty good. I can only try to help them make the visual presentation be as good as the actual material is.
Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to actively cooperate and to give the students a credit for their work.
That should be "students' universities".
Let's hope for a "Spring of Usability", because 29 is a waist-high heap of gusset scrapings.
"Refresh" and "Back" are now tied to the url bar (previously, you could move them if the wind was blowing in the right direction).
The zoom controls have a 100% thing in the middle (which apparently doesn't do anything) making it far wider than it needs to be.
The customize window has the controls at the bottom, including one at the lower right to close the entire app. Why would you want ever want to do that from there anyway?
Still, it's not all doom and gloom. We've gained rounded ends on the tabs which, well, they're rounded which is exponentially UX-ey. Then there's my particular favourite, monochrome icons. Because, redundant coding, is, like WTF?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
> Mozilla is losing touch with the power users in their pursuit of the average user.
Seamonkey was supposed to be the full-featured Mozilla browser for power users. Firefox was launched as a stripped-down, lightweight version of Seamonkey for Average Joe to check Facebook with. Of course, after a couple of years they forgot about the lightweight thing. They are specifically not targeting power users though.
This is a much better initiative than both Google's Summer of Code and Microsoft's Fall of Disappointment.
Mod me down, my New Earth Global Warmingist friends!
Mozilla ought to worry about the mass exodus of users they're going to get from 29 and beyond... security is irrelevant if your product is so broken people have to abandon it.
See the Firefox 1.0 release notes, where they say Firefox (then called Phoenix) will be like Seamonkey, but with "features deemed geeky" removed.
http://website-archive.mozilla...
In the 1.0 release notes, Seamonkey is called "the Mozilla browser". The new Firefox (aka Phoenix aka Firebird) is contrasted with the pre-existing browser from Mozilla, internally known as Seamonkey. The Seamonkey name goes all the way back to Netscape. Extetnally, Netscape Inc. branded Seamonkey as "Netscape", the Mozilla Foundation branded it as "Mozilla browser", but it was always Seamonkey in the code.
After the ad in the New York Times and other marketing helped Firefox to become more popular than it's older brother, the Mozilla foundation switched it's focus away from Seamonkey to the new product, Firefox. After a few years of that, the governance of the Seamonkey project changed. That change came after Firefox, so that may be the event you're thinking of. That wasn't the birth of Seamonkey, though, far from it. That was a milestone marking the DECLINE of Seamonkey because Mozilla had moved focus away from Seamonkey.
In 1993, this page compared Mosaic to "Netscape Seamonkey". That's eleven years before Firefox.
http://kuliah-pegawai-stt-band...
... "Mozilla Winter of We're Too Busy Making our Browser Look Like Chrome and Adding DRM to Bother with Trivial Stuff like Security so we'll get Unpaid Students to Do It Instead" didn't fit into a short acronym.
Probably announcing half a year in advance because it takes months to prepare for these events.
Suppose any part of this will be for finally converting TB to maildir format?
No, wait, that would suppose it's still actually in development. Why they let such a promising cross-platform app wither on the vine is beyond comprehension.
Winter is coming