tag:blogger.com,1999:blog-1015214236289077798.post1838192618562402191..comments2024-03-24T17:13:53.855-07:00Comments on TenFourFox Development: What the NSA revelations say about our online safetyClassicHasClasshttp://www.blogger.com/profile/17331846076856918359noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-1015214236289077798.post-65080514642015622732013-09-11T20:57:38.637-07:002013-09-11T20:57:38.637-07:00(Of course, if *you* get it working in TenFourFox,...(Of course, if *you* get it working in TenFourFox, I'll certainly seriously consider it, especially if it won't be too difficult to transition to Mozilla's official support "whenever that is.")ClassicHasClasshttps://www.blogger.com/profile/17331846076856918359noreply@blogger.comtag:blogger.com,1999:blog-1015214236289077798.post-86269635057760333032013-09-11T20:55:45.680-07:002013-09-11T20:55:45.680-07:00Maybe one day Opera's source code will be rele...Maybe one day Opera's source code will be released, though it may just be Presto. It's closed for now, though. Good to hear from a former Netscape person (I don't suppose you were an extra in Code Rush, were you? :).ClassicHasClasshttps://www.blogger.com/profile/17331846076856918359noreply@blogger.comtag:blogger.com,1999:blog-1015214236289077798.post-66118592283541864092013-09-11T20:54:16.415-07:002013-09-11T20:54:16.415-07:00At the rate I'm going with Baseline, it's ...At the rate I'm going with Baseline, it's gonna be a bit. We can't ship without a JIT, even a sucky one. About 3/4rs of the tests pass, but we still have some big failures. After that Australis and Ion, and maybe then take a whack at H.264.ClassicHasClasshttps://www.blogger.com/profile/17331846076856918359noreply@blogger.comtag:blogger.com,1999:blog-1015214236289077798.post-24923585175880524552013-09-11T14:31:08.704-07:002013-09-11T14:31:08.704-07:00I was a contractor at Netscape during the Glorious...I was a contractor at Netscape during the Glorious Browser War of 1997. Our internal Security Team were the most passionate computer security experts that I have ever known. Sixteen years ago, and they were pushing for digitally-signed JavaScript etc.<br /><br />Many of those people are still active at Mozilla. Of those who moved on to other projects, the architecture they laid down still informs the design of web-standard security today.<br /><br />Frankly, these are the sort of people who would quit rather than cave to government pressure for weakened security. So: did they do so? I can't be sure.<br /><br />But I note that MOZILLA IS THE ONLY COMPLETELY OPEN-SOURCE BROWSER remaining of the major players. (I can't recall if Opera is entirely open-source.) When Mozilla published the source code back in early 1999, I was shocked. Within *hours* of that first code drop, a team in Australia had added stronger encryption. This was back when it was not legal to export stronger security from within the USA. Another days or so passed, and I had found some obvious memory leaks -- but these bugs were getting fixed *faster* than I could submit bug reports.<br /><br />So: Mozilla inherits a tradition of strong security, and the code is open for the entire world to audit.<br /><br />Certainly, there remains the non-trivial threat that the best research in computer security is secretly held by the NSA. But the best we can possibly do is to use a strong, open-source, publically-audited code base.<br /><br />And adhere to best-practices such as two-factor authentication and strong passwords. Such end-user policies apply to any computer system. But of the factors that we can control, Mozilla is the best web browser option we have.BoydWatershttps://www.blogger.com/profile/09408759759835176081noreply@blogger.comtag:blogger.com,1999:blog-1015214236289077798.post-57377802255191924392013-09-11T03:00:03.582-07:002013-09-11T03:00:03.582-07:00An off-topic question. What are the chances to inc...An off-topic question. What are the chances to incorporate HTML5/H.264 support (like Tobias did in Aurorafox) *before* Mozilla does it officially (i.e. as soon as possible? I know there are legal concerns, but there might be a way for advanced users to compile the browser themselves with that option, if they get a little help. Or to offer "contributed" builds with H.264 enabled. I'd be willing to invest a considerable amount of time to get this done. The reason is that more and more audio and video platforms (Radio/TV media libraries, Vimeo etc.) offer HTML5 support if no Flash plugin is detected. Great! But it's all H.264 (sorry, WebM, you've clearly lost the war), and it works perfectly in Safari 5. It's hardware accelerated, so video is smooth and the browser is very responsive. TenFourFox, of all browsers, needs H.264 support.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1015214236289077798.post-491061914884269702013-09-07T18:36:02.614-07:002013-09-07T18:36:02.614-07:00Where-ever there is centralization there is easy o...Where-ever there is centralization there is easy opportunity for government infiltration and control, as for example with the public-certificate (PKI) structure used for most ssl traffic. As I understand it, that's what is driving the people in the MonkeySphere project (http://web.monkeysphere.info/why/) - who are working out a way to use the peer-to-peer GPG system as an alternative to PKI.Manoah F. Adamshttps://www.blogger.com/profile/12472457778450816258noreply@blogger.comtag:blogger.com,1999:blog-1015214236289077798.post-48184062029751353442013-09-06T13:39:27.443-07:002013-09-06T13:39:27.443-07:00I'm also concerned because many people don'...I'm also concerned because many people don't seem to understand yet that the NSA is likely their smallest problem in the long haul. Even though all the fuss is about the NSA/GCHQ right now. I wonder what SSL certificates are worth now. Or S-MIME. Or everything to do with cloud computing. Think of Google docs. VPNs. Cisco. Those are technologies that companies and private persons use to exchange sensible information nowadays. I wonder if there's a backdoor in Apple's disk image encryption that's e.g. used for File Vault if Apple (like Microsoft, who admitted it) was forced to bend to NSA demands. Anonymousnoreply@blogger.com