my biggest problem is philosophical: it breaks expectations. The location bar is for typing locations. If I start typing a location, if it employs any kind of "smart" searching technology, then I can't predict what will be in the dropdown... In the WONTFIXed bug, the developers encourage feedback about how to make the awesome bar customizable, how to change the weightings applied to the search function, etc. They completely miss the point that no amount of tweaking and preference-weighting will make an algorithm that can exactly predict what I want 100% of the time. The entire premise of "search" in the location bar is flawed.
That was a good chunk of my argument at the time - it may be a "smart search", but it's still never going to be perfect and because it's a search rather than an auto-complete then I can never guarantee what's going to be in the list (NameCheap still ranks high when I type "sl" for Slashdot because their title includes "SSL" - WTF? When am I ever going to want to find NameCheap by searching my history for SSL?)
Still, it has its uses. I've got several projects on a Trac install on dev.ibboard.co.uk that runs from a "projects" folder. To get to my project pages I can type "dev wa br" and even though I've never done it before the "source code" browser for the WarFoundry project is first. Much shorter than what I'd have to type to get to dev.ibboard.co.uk/projects/warfoundry/browser:)
It lets you go back to the old-school method of letting Firefox suggest URLs based on auto-completing rather than a search within the URL and title? Wow, you must have got one of those "extra special" builds that they only gave to a small number of people then.
Yes, setting the value to 0 stops Awesome bar (which is a terrible name, IMO) being visible. No, it doesn't give you Firefox 2 functionality. Yes, it does just hide something rather than making any difference at all to the actual behaviour. No, it isn't a mystical fix-all that more people should know about.
And it assumes that he is the only content creator. Even if he does still hold the copyright and hasn't signed it away then he isn't the only content creator in a Metallica album, so he's still 'stealing' the work of the other band members.
What's more, you shouldn't have to dig around in about:config to change a setting that doesn't actually do what you want.
The max rich results setting just means it won't display any search results. That's not even remotely the same as going back to an old-school auto-complete functionality.
To be fair, I hated it at first (and at times I still do) but while it sometimes has completely random matches, there are a number of sites that I can now get to much more easily, even without having bookmarked and tagged them. About the only thing that I do always do is use the oldbar extension as a basis for my CSS to get a slightly more sensible appearance (i.e. something that doesn't go half way down your screen with half a dozen results).
1) Being able to re-install from Steam is better to some degree, but it still relies on having a network connection and is dependant on point four (central records). It's also dependant on your username - I know I had a Direct2Drive login for one of the Oblivion expansion packs, but I sure as hell can't remember it now if I wiped the installer.
2) That's a bit better than most, but it does require you knowing in advance that you'll need offline mode, which is somewhat of a problem in some situations.
3) So rather than having one thing to install from and installing it on multiple machines, you've got to download it on each machine, where the download can be over 4GB? Surely that is hugely infeasible for scalability, current technology availability and time. It'd take nearly 5 hours for me to get a full game, and it'd hit twice my monthly transfer limit. I don't know about other people, but I'm not more than trebling my monthly broadband costs and taking them close to the full RRP of a game just to be able to download a few games each month.
4) Related to point 1, it's not just the central records but also your link to them. I know I've got a Direct2Drive account, but I don't have a clue what it was at the moment. There's no chance of that happening with the physical media (unless you need the serial number to install and you lose it, but then there are incredibly easy ways around the vast majority of them that don't involve you trying to convince some drone that you are who you say you are and you're not just trying to cheat the system).
How many of the games you acquire come on physical media these days?
Just about all of them. The only game I've downloaded recently was World of Goo, and that was just the demo and I've not actually got round to installing yet.
At what point will the ease of immediate downloads outweigh a manual and a box to stick on your shelf (if it doesn't already)?
At the point at which I can do the same with the digital version as I can with the physical version - i.e. when I won't accidentally lose it when a hard disk dies or when I do a disk clean up, when I don't have to be online just to play it, when I can install it on other computers depending on which one I'm using at the time, and when it can't be taken away from me just by someone at the distributor losing their records or going bust*.
* Yes, I know DRM can cause some of those situations on physical media, but that's why I avoid the dial-home DRM.
A small PC? You can get a small PC for $25 or $50 per year? Wow, I need to know where you get your hardware from! As for configuring a mail server, that's the host's job with most accounts. All you need to is log in to a control panel and say "add this address at this domain".
What happened to ISPs providing email? Well, in this case my ISP's email is provided by GMail, so they were probably hit as well.
Taking your "why not get a separate address" thing a stage further, why not avoid the massed spam of main domains like GMail entirely (I've seen ones CCed to multiple names similar to mine) and get your own domain?
Or "as expensive as a basic hosting account" (I could fit all of my email and more on a $5 account with my current host if I wanted) and "as difficult as using the cPanel interface for setting up accounts and the Horde/Squirrel Mail/Cube Mail interface for checking your email (or POP/IMAP through a client)".
It may not be for every Average Joe, but it's easy and cheap enough for Only-fractionally-above-Average Joe.
Do you trust that the site of your web-based e-mail provider will never go down? Do you make backups of all your e-mails?
Or do you just not place all of your trust in GMail and do it all yourself? It's more customisable, more unique and more individual, amongst other things.
Really, the solution to this is same same to every other "attack" on SSL - Type the URL into the address bar yourself, or click on a bookmark.
Except for the bit where this exploit, if deployed on your local network, can redirect typed addresses. Yes, the certificate wouldn't match, but a) people don't check that kind of thing, b) people would find it too technical, no matter how simply you explained it, c) people would find it a hassle and think that the computer should do that for them and d) people don't check that kind of thing.
Self-signed is all you need if all you're trying to do is encrypt the communications. It's no use for verifying the other end unless you have some guaranteed method of sharing the certificate's checksum and confirming a match manually.
As an example, if you've got a server you use for your personal website and you put your webmail on it on HTTPS then self-signed would be fine because a) you know what the certificate should look like (you made it) and b) once you accept it, anyone who tries a MITM would trigger your browser to say the certificate was changed, which you'd know you hadn't done. It's only once you get other people using it who don't know when you change the certificate that it becomes problematic (especially when those "other people" are the general public)
True, the white background to the address and blue background to the icon isn't necessarily as obvious as a yellow background to the address, but I suspect it's more obvious in greyscale/colour-blind situations (or would be if you could see more of it).
As for EV certificates, the main reasons they're useful are a) to make more profit for the CA and b) to let people know who owns the certificate in a more obvious way. That said, browsers could probably do something similar to Firefox's EV behavior with non-EV certificates to make the owner more obvious.
Because self-signed certificates are bad for a number of reasons...
Your previous comment seemed to imply a new, free CA that was treated differently to normal certificates, but leaving self-signed with the current behaviour (which is to warn and then treat them as normal once accepted). Self-signed certificates aren't as secure, but they do have certain uses (mainly within a knowledgeable audience)
We already have degrees of security. A three-level system is not too complex for almost everyone to understand
Except that we have three levels already (none, Secured and EV Secured) and you're recommending at least a fourth (orange for some free CA system) and potentially a fifth (an unmentioned but required different handling of self-signed, which provide everything you need for encrypting communication but don't provide the verification of the other person)
and the padlock icon check will be more than good enough in the vast majority of circumstances./blockquote> Except that it has already been pointed out that a padlock as a favicon will fool more people than it should, even when it appears in Firefox, which puts its padlock elsewhere.
If we tell a bunch of high school students, "don't enter your credit card information into any website unless you see a padlock icon on the status bar and a blue background on the icon next to the address bar", what they'll get out of it (if they're listening at all) is "mumble mumble look for the padlock mumble mumble." We need to make security blindingly obvious!
The "this is secured for this domain" bit in the status bar seems fairly obvious. Yes, people won't pay attention to the full "padlock in status bar and blue background around website icon", but if you say "it's secure if it has the padlock at the bottom and it says the site you're visiting" then that's still fairly simple to catch a reasonable number of people.
Create a new CA that's specifically marked as being free and make browsers display a different UI for a site encrypted by a certificate originating with this free CA --- say, an orange address bar. Making the free-encrypted UI different will encourage users to not treat self-signed sites as being as secure as CA-verified ones, and won't diminish the value of a CA-verified certificate.
Why make the free CA ones orange but not do anything about self-signed? Free CAs aren't self-signed, and paying for a certificate doesn't guarantee the checks are any more fool-proof. The free certificates I have need you to confirm you own the domain by sending a validation email to one of three fixed 'admin' email addresses, e.g. postmaster@example.com, which is all it needs in my situation.
Having degrees of security would be good in theory, but in practice you'd get the same as you mentioned for "blah blah blah padlock blah blah" where people would go "blah blah blah not white means it's secure blah blah blah".
I didn't say a favicon can't have a blue background, but it can't fill out the full favicon. In Firefox 3 there's always at least a border of blue (although it could be more to be more obvious, TBH) that the favicon can't hide or spoof.
As for the IDN issue, I covered that earlier. My comment was just in response to the GP's comment about Firefox's SSL UI being spoofable when it's only vaguely spoofable.
We need to train users to look for the browser padlock icon
But this can spoof that as well for many users (and even for Firefox users it might make the unwary feel safe).
We need to add browser extensions that heuristically detect credit card numbers being entered into unencrypted sites and to warn the user.
He also mentions methods for using IDN (Internation Domain Names) and wildcard SSL certificates to spoof HTTPS versions that look even more like the real thing than https://yourbank.com.some.evil.website.com/... (also mentioned here)
I'd like to see fewer people using self-signed certificates that train users to ignore SSL warnings.
I'd like to see that as well, but for that to happen you need to provide a way for low risk and not for profit sites to get certificates that are accepted by browsers but without the fees. I've set up my email (Webmail, IMAP and SMTP) with SSL certificates, but it took some searching to find someone who would give me a free SSL certificate and even then the issuer isn't in most browser's approved list. I'm protecting a small amount of traffic from lazy eavesdroppers, not protecting a financial institution - I don't need the expense and the insurance.
The fault lies partly with browsers too. Firefox, particularly, should never have toned-down the non-EV SSL user-interface --- sure, making EV special is fine, but allowing sites to spoof the SSL UI with a favicon is unacceptable. People have been saying this ever since Firefox 3 came out, but maybe now someone will pay attention to us.
HTTPS puts a blue background behind the favicon and the padlock and certificate domain in the status bar. What kind of favicon can ever spoof the entire blue background. More importantly, what favicon can ever spoof the status bar section?
If you read some of the articles (Forbes and a linked one) he can spoof the appearance of a valid certificate as well using International Domain Names. The certificate won't be valid for the site that you wanted, but that won't matter because it'll have redirected you to https://a/ load of characters that look like 'paypal.com/somepath' but are actually non-ASCII characters].evil.com with a wildcard certificate for *.evil.com and look like https://paypal.com/some-path-here-that-is-really-really-really-really-long.evil.com/
For the basic attack then actually checking for HTTPS and a proper validation (not just a padlock, but a padlock and the other markers), but for the fuller attack that takes advantage of the IDN then you'd probably need to read the certificate itself, which would require you to know which certificate you're expecting, which would require something like a page with the signature on saying "look for this", which could then also be spoofed (in cases where it was worth it, e.g. a bank).
How are they going to incorporate the whole run&gun thing?
Maybe running on the spot and sudden jerks of the hands to indicate "recoil"? Either that or hook in an audio system and get the user being even more stupid by yelling "bang" for each shot.
Good point - I can't see the French (amongst others) complaining about "ze occasional nipple"! British people seem to be getting worse these days, although I guess they're getting more paranoid about violence and how seeing violence == doing violence with no regard for the thought that not every one who monkey sees then monkey does. I was just looking at the UK (being a Brit) and seeing the general "think of the children" mantra/brainwashing spreading from the US.
A few problems with what? My idea of not sticking to the age ratings or the problems with a "big red button" idea? For the second one, you've repeated the GP nicely. For the first one:
1) And if I know about it and know that my child is suitably mature to handle it then what's the problem? Just because some bureaucracy slaps an 18 rating on it doesn't mean that a) all 18 year olds are mature and sensible enough to see/use it and b) all people under 18 years old aren't mature and sensible enough
2) Again, see the GP - what is seen cannot be unseen, making this idea stupid.
As for why it's useless, if your child is not ready to see "stuff", and they see "stuff", and then you press the panic button, they won't _unsee_ stuff. In fact, they would probably remember it for a very long time.
If your child is not ready, just don't let them play such games, and perhaps you should work harder at getting them ready.
Why let a little common-sense get in the way of a perfectly good law that lets parents blame everyone else but themselves for bad parenting decisions?
I'm now a father and although he's only nine months old I'll probably do the same as my parents did: determine the suitability of the game based on the maturity of my son and let him play the GTA/Carmageddon equivalents before he hits the age rating if he can take it as it's meant - a game in a virtual world that has different rules to the real-world.
Also, what's the betting that this is mainly a "for the sake of the children, hide the tiny, brief flashes of flesh" idea (which you're less likely to know about) rather than a "for the sake of the children, stop the massed bloodshed" idea (which generally tends to be obvious from the format of the game).
Depends on whether you want to view Silverlight stuff on Linux or not. Personally, I'm quite happy with no Silverlight and Gnash for Flash viewing (set to start in "pause" mode).
Slashdot Mirror
That was a good chunk of my argument at the time - it may be a "smart search", but it's still never going to be perfect and because it's a search rather than an auto-complete then I can never guarantee what's going to be in the list (NameCheap still ranks high when I type "sl" for Slashdot because their title includes "SSL" - WTF? When am I ever going to want to find NameCheap by searching my history for SSL?)
Still, it has its uses. I've got several projects on a Trac install on dev.ibboard.co.uk that runs from a "projects" folder. To get to my project pages I can type "dev wa br" and even though I've never done it before the "source code" browser for the WarFoundry project is first. Much shorter than what I'd have to type to get to dev.ibboard.co.uk/projects/warfoundry/browser :)
It lets you go back to the old-school method of letting Firefox suggest URLs based on auto-completing rather than a search within the URL and title? Wow, you must have got one of those "extra special" builds that they only gave to a small number of people then.
Yes, setting the value to 0 stops Awesome bar (which is a terrible name, IMO) being visible. No, it doesn't give you Firefox 2 functionality. Yes, it does just hide something rather than making any difference at all to the actual behaviour. No, it isn't a mystical fix-all that more people should know about.
And it assumes that he is the only content creator. Even if he does still hold the copyright and hasn't signed it away then he isn't the only content creator in a Metallica album, so he's still 'stealing' the work of the other band members.
What's more, you shouldn't have to dig around in about:config to change a setting that doesn't actually do what you want.
The max rich results setting just means it won't display any search results. That's not even remotely the same as going back to an old-school auto-complete functionality.
To be fair, I hated it at first (and at times I still do) but while it sometimes has completely random matches, there are a number of sites that I can now get to much more easily, even without having bookmarked and tagged them. About the only thing that I do always do is use the oldbar extension as a basis for my CSS to get a slightly more sensible appearance (i.e. something that doesn't go half way down your screen with half a dozen results).
1) Being able to re-install from Steam is better to some degree, but it still relies on having a network connection and is dependant on point four (central records). It's also dependant on your username - I know I had a Direct2Drive login for one of the Oblivion expansion packs, but I sure as hell can't remember it now if I wiped the installer.
2) That's a bit better than most, but it does require you knowing in advance that you'll need offline mode, which is somewhat of a problem in some situations.
3) So rather than having one thing to install from and installing it on multiple machines, you've got to download it on each machine, where the download can be over 4GB? Surely that is hugely infeasible for scalability, current technology availability and time. It'd take nearly 5 hours for me to get a full game, and it'd hit twice my monthly transfer limit. I don't know about other people, but I'm not more than trebling my monthly broadband costs and taking them close to the full RRP of a game just to be able to download a few games each month.
4) Related to point 1, it's not just the central records but also your link to them. I know I've got a Direct2Drive account, but I don't have a clue what it was at the moment. There's no chance of that happening with the physical media (unless you need the serial number to install and you lose it, but then there are incredibly easy ways around the vast majority of them that don't involve you trying to convince some drone that you are who you say you are and you're not just trying to cheat the system).
Just about all of them. The only game I've downloaded recently was World of Goo, and that was just the demo and I've not actually got round to installing yet.
At the point at which I can do the same with the digital version as I can with the physical version - i.e. when I won't accidentally lose it when a hard disk dies or when I do a disk clean up, when I don't have to be online just to play it, when I can install it on other computers depending on which one I'm using at the time, and when it can't be taken away from me just by someone at the distributor losing their records or going bust*.
* Yes, I know DRM can cause some of those situations on physical media, but that's why I avoid the dial-home DRM.
A small PC? You can get a small PC for $25 or $50 per year? Wow, I need to know where you get your hardware from! As for configuring a mail server, that's the host's job with most accounts. All you need to is log in to a control panel and say "add this address at this domain".
What happened to ISPs providing email? Well, in this case my ISP's email is provided by GMail, so they were probably hit as well.
Taking your "why not get a separate address" thing a stage further, why not avoid the massed spam of main domains like GMail entirely (I've seen ones CCed to multiple names similar to mine) and get your own domain?
Or "as expensive as a basic hosting account" (I could fit all of my email and more on a $5 account with my current host if I wanted) and "as difficult as using the cPanel interface for setting up accounts and the Horde/Squirrel Mail/Cube Mail interface for checking your email (or POP/IMAP through a client)".
It may not be for every Average Joe, but it's easy and cheap enough for Only-fractionally-above-Average Joe.
Or do you just not place all of your trust in GMail and do it all yourself? It's more customisable, more unique and more individual, amongst other things.
Except for the bit where this exploit, if deployed on your local network, can redirect typed addresses. Yes, the certificate wouldn't match, but a) people don't check that kind of thing, b) people would find it too technical, no matter how simply you explained it, c) people would find it a hassle and think that the computer should do that for them and d) people don't check that kind of thing.
Self-signed is all you need if all you're trying to do is encrypt the communications. It's no use for verifying the other end unless you have some guaranteed method of sharing the certificate's checksum and confirming a match manually.
As an example, if you've got a server you use for your personal website and you put your webmail on it on HTTPS then self-signed would be fine because a) you know what the certificate should look like (you made it) and b) once you accept it, anyone who tries a MITM would trigger your browser to say the certificate was changed, which you'd know you hadn't done. It's only once you get other people using it who don't know when you change the certificate that it becomes problematic (especially when those "other people" are the general public)
True, the white background to the address and blue background to the icon isn't necessarily as obvious as a yellow background to the address, but I suspect it's more obvious in greyscale/colour-blind situations (or would be if you could see more of it).
As for EV certificates, the main reasons they're useful are a) to make more profit for the CA and b) to let people know who owns the certificate in a more obvious way. That said, browsers could probably do something similar to Firefox's EV behavior with non-EV certificates to make the owner more obvious.
Your previous comment seemed to imply a new, free CA that was treated differently to normal certificates, but leaving self-signed with the current behaviour (which is to warn and then treat them as normal once accepted). Self-signed certificates aren't as secure, but they do have certain uses (mainly within a knowledgeable audience)
Except that we have three levels already (none, Secured and EV Secured) and you're recommending at least a fourth (orange for some free CA system) and potentially a fifth (an unmentioned but required different handling of self-signed, which provide everything you need for encrypting communication but don't provide the verification of the other person)
The "this is secured for this domain" bit in the status bar seems fairly obvious. Yes, people won't pay attention to the full "padlock in status bar and blue background around website icon", but if you say "it's secure if it has the padlock at the bottom and it says the site you're visiting" then that's still fairly simple to catch a reasonable number of people.
Why make the free CA ones orange but not do anything about self-signed? Free CAs aren't self-signed, and paying for a certificate doesn't guarantee the checks are any more fool-proof. The free certificates I have need you to confirm you own the domain by sending a validation email to one of three fixed 'admin' email addresses, e.g. postmaster@example.com, which is all it needs in my situation.
Having degrees of security would be good in theory, but in practice you'd get the same as you mentioned for "blah blah blah padlock blah blah" where people would go "blah blah blah not white means it's secure blah blah blah".
I didn't say a favicon can't have a blue background, but it can't fill out the full favicon. In Firefox 3 there's always at least a border of blue (although it could be more to be more obvious, TBH) that the favicon can't hide or spoof.
As for the IDN issue, I covered that earlier. My comment was just in response to the GP's comment about Firefox's SSL UI being spoofable when it's only vaguely spoofable.
But this can spoof that as well for many users (and even for Firefox users it might make the unwary feel safe).
He also mentions methods for using IDN (Internation Domain Names) and wildcard SSL certificates to spoof HTTPS versions that look even more like the real thing than https://yourbank.com.some.evil.website.com/... (also mentioned here)
I'd like to see that as well, but for that to happen you need to provide a way for low risk and not for profit sites to get certificates that are accepted by browsers but without the fees. I've set up my email (Webmail, IMAP and SMTP) with SSL certificates, but it took some searching to find someone who would give me a free SSL certificate and even then the issuer isn't in most browser's approved list. I'm protecting a small amount of traffic from lazy eavesdroppers, not protecting a financial institution - I don't need the expense and the insurance.
HTTPS puts a blue background behind the favicon and the padlock and certificate domain in the status bar. What kind of favicon can ever spoof the entire blue background. More importantly, what favicon can ever spoof the status bar section?
If you read some of the articles (Forbes and a linked one) he can spoof the appearance of a valid certificate as well using International Domain Names. The certificate won't be valid for the site that you wanted, but that won't matter because it'll have redirected you to https://a/ load of characters that look like 'paypal.com/somepath' but are actually non-ASCII characters].evil.com with a wildcard certificate for *.evil.com and look like https://paypal.com/some-path-here-that-is-really-really-really-really-long.evil.com/
For the basic attack then actually checking for HTTPS and a proper validation (not just a padlock, but a padlock and the other markers), but for the fuller attack that takes advantage of the IDN then you'd probably need to read the certificate itself, which would require you to know which certificate you're expecting, which would require something like a page with the signature on saying "look for this", which could then also be spoofed (in cases where it was worth it, e.g. a bank).
Maybe running on the spot and sudden jerks of the hands to indicate "recoil"? Either that or hook in an audio system and get the user being even more stupid by yelling "bang" for each shot.
You mean Microsoft stores will be sponsored by Mark Shuttleworth and Ubuntu?
Good point - I can't see the French (amongst others) complaining about "ze occasional nipple"! British people seem to be getting worse these days, although I guess they're getting more paranoid about violence and how seeing violence == doing violence with no regard for the thought that not every one who monkey sees then monkey does. I was just looking at the UK (being a Brit) and seeing the general "think of the children" mantra/brainwashing spreading from the US.
A few problems with what? My idea of not sticking to the age ratings or the problems with a "big red button" idea? For the second one, you've repeated the GP nicely. For the first one:
1) And if I know about it and know that my child is suitably mature to handle it then what's the problem? Just because some bureaucracy slaps an 18 rating on it doesn't mean that a) all 18 year olds are mature and sensible enough to see/use it and b) all people under 18 years old aren't mature and sensible enough
2) Again, see the GP - what is seen cannot be unseen, making this idea stupid.
Won't someone please think of the hedgehogs!
Why let a little common-sense get in the way of a perfectly good law that lets parents blame everyone else but themselves for bad parenting decisions?
I'm now a father and although he's only nine months old I'll probably do the same as my parents did: determine the suitability of the game based on the maturity of my son and let him play the GTA/Carmageddon equivalents before he hits the age rating if he can take it as it's meant - a game in a virtual world that has different rules to the real-world.
Also, what's the betting that this is mainly a "for the sake of the children, hide the tiny, brief flashes of flesh" idea (which you're less likely to know about) rather than a "for the sake of the children, stop the massed bloodshed" idea (which generally tends to be obvious from the format of the game).
Depends on whether you want to view Silverlight stuff on Linux or not. Personally, I'm quite happy with no Silverlight and Gnash for Flash viewing (set to start in "pause" mode).