Windows : Ok, looks like recent setup wizard are intelligent enough to not reinstall the same dll twice (or override a newer dll) but if application A install DLL version 1.03 in its own directory and system has DLL 1.02, then there will be two dll loaded in memory, one for appli A, one for other applis using the lib...
Linux(and Unix) : version number are part of the file name, which mean you can have several versions in the same directory without overrriding by error a newer version. you can have libc.so.1.12.3, libc.so.1.13.4, libc.so.2.0.0 APP A can link with libc.so.1 and so will use libc.so.1.13.4 in reality APP B can link with libc.so.1.13 -> will use automatically libc.so.1.12.3 APP C can link with libc.so -> will use latest, libc.so.2.0.0 I think windows should copy and put the dll version in the file names and not just inside the file.
On windows, an app can install a DLL/lib not part of the application On Linux, an app can't install something not part of the app but will have a dependancy on it. the setup manager is part of the os, not provided by the app and will automatically try to install dependancies. it will also forbid to desinstall a lib used by an application. I think it's much more powerfull even if this require to not have everything packaged in the app installer.
Google (so youtube) recently bought the codec company, which codec they used. so they are in a position which allow them to open up this codec (or a new codec ?), which would make one more open codec available.
You can install locally a linux dvdrom (or repository copy) that would make your install working without having Internet.
BTW, on Windows, I remenber having Office and Windows asking for network installation disk. If you didn't copy the installation disk locally, you've got the same kind of problem. (this is why most people select install everything to avoid being popuped while typing something into word because the software suddenly tries to install a language pack which you don't use...)
You obtain a lesser memory print on Linux by sharing libraries, which is more difficult on Windows, especially for non microsoft software.
You're assuming wrong. You've got a restricted licence included with Windows. If you're out of the licence scope, you need to buy another licence ! For example, if you produce your videos, you can be very quickly out of the licence scope.
humm, both IE8 and Firefox 3.1 will include a private browsing feature but neither have "shipped". But you're right that IE included it before in a beta and that increased the priority on the firefox people... Time will say which of these version ship the first (in a non beta, non rc mode)
I find it funny that openoffice is in the situation mozilla was some years ago... - big code which takes time to clean up (There was some presentation made by an openoffice guy which explained all the work they have been doing to remove old code, factorize code, clean up...) - mostly contributors from one company, slow to gain external contributors - hard for external contributors as some stuff are naturally "inside" - patches sitting and not being integrated - need to release stuff and at the same time work on more architectural stuff - work needed on tools to ease distributed contribution and extension stuff
the only difference is that as a product openoffice.org 3.0 is much more a success than early mozilla version so that should help drive developpers overcome the other problems...
I think some of the above problems seems to have been partly adressed but as the number of sun developpers decrease, it complicate integration of needed new developpers...
The new mozilla based mobile, based on current mozilla techno + some additions for mobile, is already available in alpha. https://wiki.mozilla.org/Fennec
This is like Firefox with the ui completely redone. It will also support extensions. 2010 is just 1.5 year away so having a non beta build for 2010 doesn't seem unrealistic.
I guess some optimisations made for mobile environnement will benefit everybody (like the optimization done for Firefox) (and there's already a tracemonkey javascript for arm so this will be fast)
I'm in no doubt it will be a great software. The only thing uncertain is if it will be shipped by default on some devices...
Either : 1) the site is plain http and there's no warning (If I don't agree, I could ask the website owner to switch to https...) 2) the site is https :
a) signed with a certificate which is known by my browser -> Ok
b) signed with a self-signed certificate (or unknown issuer). There is a risk and my browser can't just treat this like a http connexion because at the beginning I wanted to go to a ssl site (so may be it's my bank website and somebody between us is pretending to be my bank site).
b1) -> I agree with the risk (like it's a intranet server) and I add the certificate to my own list (no warning the second time I go on this site)
b2) -> this may be a real attack, I wan't to know about this
b3) -> the website owner misconfigured it's site.
So I think this is good to make the user life a bit harder with the b) case. At this time, there are a lot of b3 case but I think it will decrease as the pressure from users will make the website owner reconfigure their servers...
Imagine site A uses SSL with a good certificate signed by a CA known by your browser.
attacker is beetween you and site A attacker can generate easily a self-signed certificate
you connect to site A with https attacker intercept your connection and present a self-signed certificate. attacker then connect to the real site and present the result to you. you are saying that my browser should treat this like a http connection !
it's a good thing that firefox warn's you !
This kink of man in the middle attack is becoming easier to do. A good browser has to do the best to protect you (and website should be well configured)
if you verify by yourself the certificate and trust it, you can add a exception and firefox will not yell anymore for this certificate.
No, if the site uses SSL and the certificate is invalid, it may be a "Man in the middle attack". You can't just treat this like a http connection and not warn the user. There are many sites which should use real encrypted connections (ie with a signed certificate + SSL). I'm not fond of sending sensitive info in the clear (that's about the same thing with a self-signed certificate...) StartCom/StartSSL certificate are free and works with Firefox (and other CA are mostly cheap) so price is no longer an excuse...
We sell quite a few RHEL support contracts to our customers (we sell solutions and RHEL is a platform to solve some needs). I don't think it's too expensive because hardware and software support is very good. This is not that we are calling support often as we have some competencies inhouse but the work made by RedHat is very good and the servers are very stable. Some pbs can be very weird so it's always a good thing to know you can call a good support in case everything goes wrong...
You can give your cert to as many people as you like. You should NOT give your private key. Public and private key works together and there's no way to find a private ley from a public key and the reverse (If you find a method, you'll break all the crypto !)
Some CA can generate the private ley for you but it's not a good idea.
Best way is :
- generate a private/public key on your server - generate a certificate demand (signed with your private key) - send the certificate to the ca (you can use a safe way as you already know the ca cert) - the ca check this is you - the ca sign your certificate demand with it's private key (and I think your public key) - the ca send you the certificate - you install the certificate (only you can decrypt with your private key)
No, they are different entities. I think the problem for CAcert is the Mozilla ask that the ca policy include a 10000$ insurance before allowing the ca with Firefox. BTW, Startcom has renamed their certificate things to Startssl (https://startssl.org) For IE, it seems the CA has to pay to be included and this is blocking StartCom as this time.(I believe this is mentionned somewhere on their website) I don't know for Opera.
I completely agree with you. What Mozilla do is have a policy to include CA by default (ie being sure that there is a policy and they ask for a certificate assurance, revocation infrastructure and so on). I don't think they make the CA pay something. This is why StartSSL can make certificates for free which work with Firefox. So there's less and less excuses at this time to not declare Internet ssl site with real certificate.(one of the remaining pb is shared ssl site with only one ip but I think there's a protocol extension for this but which will take time to be deployed on real sites) Self signed certificate are really a false security and it's a good thing to make it more difficult to access these sites as this will add pressure from users to make the admin configure their servers correctly...
I don't like this kind of solution (bandwith limits download or upload): I had one in the past and I switched of provider as soon as I could to get rid of it.(and other problems) - even if you don't go over the bandwith limit, you're connection is not unlimited so you always have to ask yourself how much I have used. - when you download, your upload goes up. (In my case downloading a few iso linux was enough to make your upload limit reached) - if somebody knows you've got this kind of limit, he may be able to initiate data transfer with you (in both way) and making you reach the limit (which can make you pay more, cut your line,...) - you're very dependant on all the software which can initiate data transfer in background - it doesn't allow you to be a data provider easily (ie sending documents, video, saving your data over Internet, having your web server,...)
I believe the provider should have the infrastructure able to sustain the trafic sold to customers (even if statistically a few customers make the most trafic)
I don't think you're right. During Fx3, tons of regression tests were added. So it's becoming less risky to change something and do a release. By doing a time based release this year (or most realistic sometimes in the beginning of 2009), it lower the pressure to get a feature in "this big major version". They have also changed from cvs to mercurial so hopefully having experimental branch in parallel will be easier. I hope to see the html 5 video support added for Fx3.1
There's no reason to continue to use self-certificates today as you can easily get your certificate signed for free by http://startssl.org/ Their certificate authority is included by default with Firefox (you can add it manually with IE) You can get a certificate recognized by default by the majority of browsers for a few bucks anyway.
Just make sure you have OSCP checking turned on on your browser (because it's so easy to sign a certificate that it has to be revocable easily)
Please also stop to use pre-computed certificates (ie localhost with a private key on a cdrom that everybody can get...) or reuse the same on different servers (in some cases, Firefox 3 now refuses to load them...)
There are some good ideas in the article but I think it's a bit incomplete. I think browser security is already a major feature of Firefox so the article title is misleading. The security features I see and which are part of Firefox are : - automatic update and making sure users update - good reactivity to correct bugs (means people working on security stuff, clean and understandable code,...) - proactive security audit (mozilla has been doing this for a while, including developing specific stuff like jstfuzz) - good security model (ie no ActiveX,...). This will be made better with post firefox 3 work (see http://wiki.mozilla.org/Mozilla_2/Work_List about centralized security check feature) - UI : good communication with the user (ie for example reworked ssl dialogs in firefox 3...). I think this is the most difficult part as we all wan't to have a easy and powerfull to use browser without loosing security... - not too much attack surface (ie not implementing too much things (or reimplementing similar things with differents api) , which multiply the risk) without sacrifying functionality
I agree that some stuff should be done in separate process and I think I read somewhere that it may be done in future Firefox version (something like the different privilege for different part of the browser done by MS with Vista and IE). Browser update should also be done by a separate process with different privilege, which is unfortunately not possible with Firefox at this time. Some feature could also be provided by the os (ie even if I run my browser with my user account, I would like it to be in a "less powerful" mode by default and have this enforcable via the os (and not only the browser)
In the end, I think it's a good thing that some people experiment stuff to improve browser security.
This problem can be worked around. When natting, you can reuse the same source port when you address different destinations ip. Some solutions uses this (for example Checkpoint Firewalls...) The biggest problem I see with nat is interconnecting enterprise networks and complexity on the nat device and on application side. there is a perpetual rfc1918 conflic address because everybody is using the same rfc1918 ip addresses and you have to find solutions to make communications work. This complexify the network and makes debugging hard.(ie sometimes, source and ip addresses have to change several times at different level on the network) When this breaks, it's a big pain... having global coherent addresses with ipv6 will be a big win, even if this cause some pain during the transition period.
If I trust developer A and he include bad thing, he will risk ruining his reputation so that's not a md5 problem. The problem is also not the same with a binary only exe and some open source programs where you have access to the source and all the change in the repository are signed with a pgp key. That way, it's easier to verify that a binary is made from a given source. It's a lot harder to try hiding something like md5 garbage in source form.
Slashdot Mirror
I don't understand your remark. There was a lighning version out just after TB5 just to make TB+lighning users working.
See http://weblogs.mozillazine.org/calendar/2011/07/lightning_10b4_has_been_releas.html
Windows :
Ok, looks like recent setup wizard are intelligent enough to not reinstall the same dll twice (or override a newer dll)
but if application A install DLL version 1.03 in its own directory and system has DLL 1.02, then there will be two dll loaded in memory, one for appli A, one for other applis using the lib...
Linux(and Unix) :
version number are part of the file name, which mean you can have several versions in the same directory without overrriding by error a newer version.
you can have libc.so.1.12.3, libc.so.1.13.4, libc.so.2.0.0
APP A can link with libc.so.1 and so will use libc.so.1.13.4 in reality
APP B can link with libc.so.1.13 -> will use automatically libc.so.1.12.3
APP C can link with libc.so -> will use latest, libc.so.2.0.0
I think windows should copy and put the dll version in the file names and not just inside the file.
On windows, an app can install a DLL/lib not part of the application
On Linux, an app can't install something not part of the app but will have a dependancy on it.
the setup manager is part of the os, not provided by the app and will automatically try to install dependancies.
it will also forbid to desinstall a lib used by an application.
I think it's much more powerfull even if this require to not have everything packaged in the app installer.
Google (so youtube) recently bought the codec company, which codec they used.
so they are in a position which allow them to open up this codec (or a new codec ?), which would make one more open codec available.
Yes, you can offer multiple format. You nevertheless need to have both file ready on the server side...
You can install locally a linux dvdrom (or repository copy)
that would make your install working without having Internet.
BTW, on Windows, I remenber having Office and Windows asking for network installation disk. If you didn't copy the installation disk locally, you've got the same kind of problem. (this is why most people select install everything to avoid being popuped while typing something into word because the software suddenly tries to install a language pack which you don't use...)
You obtain a lesser memory print on Linux by sharing libraries, which is more difficult on Windows, especially for non microsoft software.
You're assuming wrong. You've got a restricted licence included with Windows. If you're out of the licence scope, you need to buy another licence ! For example, if you produce your videos, you can be very quickly out of the licence scope.
humm, both IE8 and Firefox 3.1 will include a private browsing feature but neither have "shipped".
But you're right that IE included it before in a beta and that increased the priority on the firefox people...
Time will say which of these version ship the first (in a non beta, non rc mode)
I find it funny that openoffice is in the situation mozilla was some years ago...
- big code which takes time to clean up (There was some presentation made by an openoffice guy which explained all the work they have been doing to remove old code, factorize code, clean up...)
- mostly contributors from one company, slow to gain external contributors
- hard for external contributors as some stuff are naturally "inside"
- patches sitting and not being integrated
- need to release stuff and at the same time work on more architectural stuff
- work needed on tools to ease distributed contribution and extension stuff
the only difference is that as a product openoffice.org 3.0 is much more a success than early mozilla version so that should help drive developpers overcome the other problems...
I think some of the above problems seems to have been partly adressed but as the number of sun developpers decrease, it complicate integration of needed new developpers...
The new mozilla based mobile, based on current mozilla techno + some additions for mobile, is already available in alpha.
https://wiki.mozilla.org/Fennec
This is like Firefox with the ui completely redone.
It will also support extensions.
2010 is just 1.5 year away so having a non beta build for 2010 doesn't seem unrealistic.
I guess some optimisations made for mobile environnement will benefit everybody (like the optimization done for Firefox)
(and there's already a tracemonkey javascript for arm so this will be fast)
I'm in no doubt it will be a great software.
The only thing uncertain is if it will be shipped by default on some devices...
Read this http://weblogs.mozillazine.org/roadmap/archives/2008/09/tracemonkey_update.html
Chrome is better at some things and tracemonkey at other things.
For the moment, recursion is not yet traced so this is why Chrome is a lot faster that Tracemonkey for this kind of stuff.
The example you give is completely recursive...
Either :
1) the site is plain http and there's no warning (If I don't agree, I could ask the website owner to switch to https...)
2) the site is https :
a) signed with a certificate which is known by my browser -> Ok
b) signed with a self-signed certificate (or unknown issuer). There is a risk and my browser can't just treat this like a http connexion because at the beginning I wanted to go to a ssl site (so may be it's my bank website and somebody between us is pretending to be my bank site).
b1) -> I agree with the risk (like it's a intranet server) and I add the certificate to my own list (no warning the second time I go on this site)
b2) -> this may be a real attack, I wan't to know about this
b3) -> the website owner misconfigured it's site.
So I think this is good to make the user life a bit harder with the b) case.
At this time, there are a lot of b3 case but I think it will decrease as the pressure from users will make the website owner reconfigure their servers...
No, you need both or it is useless.
Imagine site A uses SSL with a good certificate signed by a CA known by your browser.
attacker is beetween you and site A
attacker can generate easily a self-signed certificate
you connect to site A with https
attacker intercept your connection and present a self-signed certificate.
attacker then connect to the real site and present the result to you.
you are saying that my browser should treat this like a http connection !
it's a good thing that firefox warn's you !
This kink of man in the middle attack is becoming easier to do. A good browser has to do the best to protect you (and website should be well configured)
if you verify by yourself the certificate and trust it, you can add a exception and firefox will not yell anymore for this certificate.
No, if the site uses SSL and the certificate is invalid, it may be a "Man in the middle attack".
You can't just treat this like a http connection and not warn the user.
There are many sites which should use real encrypted connections (ie with a signed certificate + SSL). I'm not fond of sending sensitive info in the clear (that's about the same thing with a self-signed certificate...)
StartCom/StartSSL certificate are free and works with Firefox (and other CA are mostly cheap) so price is no longer an excuse...
We sell quite a few RHEL support contracts to our customers (we sell solutions and RHEL is a platform to solve some needs). I don't think it's too expensive because hardware and software support is very good. This is not that we are calling support often as we have some competencies inhouse but the work made by RedHat is very good and the servers are very stable. Some pbs can be very weird so it's always a good thing to know you can call a good support in case everything goes wrong...
You can give your cert to as many people as you like.
You should NOT give your private key.
Public and private key works together and there's no way to find a private ley from a public key and the reverse (If you find a method, you'll break all the crypto !)
Some CA can generate the private ley for you but it's not a good idea.
Best way is :
- generate a private/public key on your server
- generate a certificate demand (signed with your private key)
- send the certificate to the ca (you can use a safe way as you already know the ca cert)
- the ca check this is you
- the ca sign your certificate demand with it's private key (and I think your public key)
- the ca send you the certificate
- you install the certificate (only you can decrypt with your private key)
No, they are different entities.
I think the problem for CAcert is the Mozilla ask that the ca policy include a 10000$ insurance before allowing the ca with Firefox.
BTW, Startcom has renamed their certificate things to Startssl (https://startssl.org)
For IE, it seems the CA has to pay to be included and this is blocking StartCom as this time.(I believe this is mentionned somewhere on their website)
I don't know for Opera.
I completely agree with you.
What Mozilla do is have a policy to include CA by default (ie being sure that there is a policy and they ask for a certificate assurance, revocation infrastructure and so on).
I don't think they make the CA pay something. This is why StartSSL can make certificates for free which work with Firefox.
So there's less and less excuses at this time to not declare Internet ssl site with real certificate.(one of the remaining pb is shared ssl site with only one ip but I think there's a protocol extension for this but which will take time to be deployed on real sites)
Self signed certificate are really a false security and it's a good thing to make it more difficult to access these sites as this will add pressure from users to make the admin configure their servers correctly...
I don't like this kind of solution (bandwith limits download or upload):
I had one in the past and I switched of provider as soon as I could to get rid of it.(and other problems)
- even if you don't go over the bandwith limit, you're connection is not unlimited so you always have to ask yourself how much I have used.
- when you download, your upload goes up. (In my case downloading a few iso linux was enough to make your upload limit reached)
- if somebody knows you've got this kind of limit, he may be able to initiate data transfer with you (in both way) and making you reach the limit (which can make you pay more, cut your line,...)
- you're very dependant on all the software which can initiate data transfer in background
- it doesn't allow you to be a data provider easily (ie sending documents, video, saving your data over Internet, having your web server,...)
I believe the provider should have the infrastructure able to sustain the trafic sold to customers (even if statistically a few customers make the most trafic)
I don't think you're right.
During Fx3, tons of regression tests were added.
So it's becoming less risky to change something and do a release.
By doing a time based release this year (or most realistic sometimes in the beginning of 2009), it lower the pressure to get a feature in "this big major version".
They have also changed from cvs to mercurial so hopefully having experimental branch in parallel will be easier.
I hope to see the html 5 video support added for Fx3.1
There's no reason to continue to use self-certificates today as you can easily get your certificate signed for free by http://startssl.org/
Their certificate authority is included by default with Firefox (you can add it manually with IE)
You can get a certificate recognized by default by the majority of browsers for a few bucks anyway.
Just make sure you have OSCP checking turned on on your browser (because it's so easy to sign a certificate that it has to be revocable easily)
Please also stop to use pre-computed certificates (ie localhost with a private key on a cdrom that everybody can get...) or reuse the same on different servers (in some cases, Firefox 3 now refuses to load them...)
Yes, the last release candidate become the release.
No need to download anything except if you wan't to increase the counter.
There are some good ideas in the article but I think it's a bit incomplete.
I think browser security is already a major feature of Firefox so the article title is misleading.
The security features I see and which are part of Firefox are :
- automatic update and making sure users update
- good reactivity to correct bugs (means people working on security stuff, clean and understandable code,...)
- proactive security audit (mozilla has been doing this for a while, including developing specific stuff like jstfuzz)
- good security model (ie no ActiveX,...). This will be made better with post firefox 3 work (see http://wiki.mozilla.org/Mozilla_2/Work_List about centralized security check feature)
- UI : good communication with the user (ie for example reworked ssl dialogs in firefox 3...). I think this is the most difficult part as we all wan't to have a easy and powerfull to use browser without loosing security...
- not too much attack surface (ie not implementing too much things (or reimplementing similar things with differents api) , which multiply the risk) without sacrifying functionality
I agree that some stuff should be done in separate process and I think I read somewhere that it may be done in future Firefox version (something like the different privilege for different part of the browser done by MS with Vista and IE). Browser update should also be done by a separate process with different privilege, which is unfortunately not possible with Firefox at this time.
Some feature could also be provided by the os (ie even if I run my browser with my user account, I would like it to be in a "less powerful" mode by default and have this enforcable via the os (and not only the browser)
In the end, I think it's a good thing that some people experiment stuff to improve browser security.
This problem can be worked around.
When natting, you can reuse the same source port when you address different destinations ip.
Some solutions uses this (for example Checkpoint Firewalls...)
The biggest problem I see with nat is interconnecting enterprise networks and complexity on the nat device and on application side.
there is a perpetual rfc1918 conflic address because everybody is using the same rfc1918 ip addresses and you have to find solutions to make communications work.
This complexify the network and makes debugging hard.(ie sometimes, source and ip addresses have to change several times at different level on the network)
When this breaks, it's a big pain...
having global coherent addresses with ipv6 will be a big win, even if this cause some pain during the transition period.
TabMixPlus dev version works with Firefox 3beta.
it's not available yet from the addon mozilla site.
you have to get it from the official site (see http://tmp.garyr.net/forum/viewforum.php?f=3&sid=622b8acc530f7edda1559748ec4b464c)
If I trust developer A and he include bad thing, he will risk ruining his reputation so that's not a md5 problem.
The problem is also not the same with a binary only exe and some open source programs where you have access to the source and all the change in the repository are signed with a pgp key.
That way, it's easier to verify that a binary is made from a given source.
It's a lot harder to try hiding something like md5 garbage in source form.