dveditz - Slashdot User

Comment Re:Serious Problem With Mozilla (Score 1) 179

by dveditz on Wednesday December 08, 2010 @08:49PM (#34495688) Attached to: Microsoft Adds 'Do Not Track' Option For IE9

The "pressure from advertisers" came after the feature was turned off because it didn't work right: https://bugzilla.mozilla.org/show_bug.cgi?id=570630#c15

We're also investigating a different approach of double-keying cookies with the primary and 3rd-party domains, which has the advantage of preventing advertisers from correlating your visits across sites within a session. This breaks even more legitimate things (as Opera also found when they experimented with this) so we're still brainstorming.

Comment Re:A money grab (Score 2, Informative) 164

by dveditz on Monday November 15, 2010 @04:46AM (#34228852) Attached to: The Ascendancy of<nobr> <wbr></nobr>.co

Actually, the reason Google knows that bit more about sites people visit, is that Firefox, Chrome and Safari all send each and every domain you visit to Google's Safebrowsing servers before they connect to it.

That is not how SafeBrowsing works. Firefox downloads a large database of hash prefixes. If the hashes of the domain and url are not in the list you go to the site and nothing is sent to Google. If the first bit of the hash matches an entry in the list Firefox asks Google for the list of complete hashes that start with that prefix. If the site's hash matches then you're blocked, if it doesn't you're not, but nothing more is sent.

To further obfuscate things, when Firefox finds a prefix match it doesn't just ask for the hashes matching that prefix, it also asks for the hashes matching a couple other random prefixes from the list.

Google may still know all the sites you visit through cookies on google-analytics or AdSense, but they're not getting that information from SafeBrowsing.

Comment ping (Re:HTML 5?) (Score 1) 321

by dveditz on Thursday September 23, 2010 @11:07PM (#33683588) Attached to: Is the Web Heading Toward Redirect Hell?

Firefox was an early adopter of the <a ping> HTML 5 feature to solve exactly this redirect-for-tracking issue, added in early 2006: https://bugzilla.mozilla.org/show_bug.cgi?id=319368 There was huge controversy that the feature helped sites track users (never mind that you're being tracked as it is, and that the feature let you turn it off) and it was disabled before it ever shipped. We thus continue trudging through redirect hell when the browser could have been doing that for us in parallel while giving us the content we wanted.

The feature would have sold better if it was framed as <a shortcut> or <a dest>. That is, keep the historical href behavior jumping through redirects in old browsers, while new browsers could just load the final content directly from the shortcut (or dest) attribute and treat href as the ping. I'm sure that suggestion gives HTML purist fits on semantic grounds. At least it's backward compatible unlike ping which requires a site to choose between serving different content to old and new browsers, forgoing link tracking on old browsers (the majority? fat chance), or not supporting the feature at all (we have a winner!).

URL-shorteners are a different use-case altogether and not served by <a ping>

Comment Re:Bad Idea (Score 1) 73

by dveditz on Friday July 16, 2010 @07:04PM (#32933458) Attached to: Mozilla Bumps Security Bug Bounty To $3,000

A public benefit corporation wholly owned by a non-profit foundation. If you don't think this approach furthers the mission please let us know.

Comment Re:It's OSS (Score 1) 276

by dveditz on Friday February 19, 2010 @12:45PM (#31200704) Attached to: Mozilla Debates Whether To Trust Chinese CA

SSLed checksums for the binaries... oh, wait, Mozilla doesn't bother publishing those, for some reason.

Really? So what are these, then? https://archive.mozilla.org/pub/mozilla.org/firefox/releases/3.6/SHA1SUMS

We don't advertise it because anyone competent to check SHA1 hashes should be able to check PGP signatures, and the mirror network scales unlike hosting everything ourselves. Obviously the SSL server is not mirrored because giving out the cert would make it pointless.

Comment Re:Pretty neat. (Score 1) 284

by dveditz on Friday January 22, 2010 @09:21PM (#30865964) Attached to: Mozilla Firefox 3.6 Released

Much better to use the Add-on Compatibility Reporter https://addons.mozilla.org/en-US/firefox/addon/15003

It will enable all your officially incompatible addons just like the pref, and you can help by reporting your add-ons as working fine or not compatible (reporting is completely optional).

Comment Re:Wise or not, what choice do they really have? (Score 2, Informative) 346

by dveditz on Wednesday January 20, 2010 @02:56AM (#30829010) Attached to: Why Firefox's Future Lies In Google's Hands

The issue at hand is the CEO of a for-profit organization backed by a non-profit organization, and hence pays no taxes whatsoever on the $66 million some of which goes into obscene CEO profits.

The Mozilla Corporation pays taxes on everything it earns just like every other taxable corporation. It is not allowed to share money back with the Foundation or risk costing the Foundation its non-profit status.

Proton Beams Sent Around the LHC 115

Posted by kdawson on Friday November 20, 2009 @05:40PM from the going-in-circles dept.

feldhaus writes "The BBC reports that the first beams for over one year have been successfully sent around the complete circumference of the Large Hadron Collider. Engineers do not yet have a stable circulating beam but they hope to by 0600 GMT on Saturday."

Comment Re:CLEAR PRIVATE DATA DOES NOT WORK. (Score 1) 673

by dveditz on Wednesday August 26, 2009 @02:58PM (#29206079) Attached to: Fear of Porn URL Exposure Discourages Firefox 3 Upgrade

It _does_ work unless you hit some bug (and there have been some that affect some people). If you were an early adopter in particular there were some database corruption issues. If that's the case deleting the places database is often the best fix (especially if there's nothing in there you care about -- you're clearing private data, right?). Instructions at http://support.mozilla.com/ for this and other common problems.

The other issue is that the url bar shows both history and bookmarks. Obviously people don't want to clear their bookmarks so some data still shows up even after clearing history. This issue has been addressed in Firefox 3.5 with an option to not show bookmarks in the URL bar (on the Privacy tab in Options).

Shaw Cable Again Blocks Firewire On Canadian Set-Top Boxes 257

Posted by timothy on Sunday August 09, 2009 @08:08PM from the now-that's-value-added dept.

WestCoastSuccess writes with this excerpt: "A year and a half ago, Canada's Shaw Cable began encrypting channels with the '0x02' flag. This flag has the effect of making the IEEE1394 (Firewire) output useless to customers who use third-party PVRs (such as the excellent MythTV, for example). After complaints to the CRTC and Industry Canada about this practice, the encryption flag was dropped on most channels and the Firewire connection again functioned. Until last night, that is."

AT&T Makes Its Terms of Service Even Worse, To Discourage Lawsuits 412

Posted by timothy on Sunday August 09, 2009 @07:06PM from the even-more-fine-print-to-read dept.

techmuse writes "AT&T has changed its terms of service (including for existing contracts) to prevent class action suits. Note that you are already required to submit your case to arbitration, a forum in which consumers are often at a substantial disadvantage. Now you must go up against AT&T alone." This post on David Farber's mailing list provides a bit of context as well.

OnLive and Gaikai — How To Stop a Gaming Revolution 125

Posted by Soulskill on Sunday August 09, 2009 @04:36AM from the and-in-this-corner dept.

happierr writes "The gaming industry has been struggling in the last few months, and it is about to struggle even more when OnLive and Gaikai launch later this year. The new services are both a step in the right direction to counter piracy and provide easily-accessible gaming to people with low-end PCs. They might even do for PC gaming what the Wii did for casual gaming; greatly expand the market and draw interest from people who would not ordinarily play games. The services are a real threat for the Big Three video game companies (Microsoft, Sony, and Nintendo). How will they combat these revolutionary services? There are a few steps that the Big Three are taking to combat the New Two, such as an increased reliance on peripherals and vision cameras, exclusivity deals, and more online multiplayer features, which OnLive and Gaikai will have a hard time matching."

Printable Batteries Should Arrive Next Year 92

Posted by timothy on Sunday August 09, 2009 @01:19AM from the return-to-the-goodness-of-aa dept.

FullBandwidth writes "Paper-thin batteries that can be printed onto greeting cards or other flexible substrates have been demonstrated at Fraunhofer Research Institution for Electronic Nano Systems in Germany. The batteries have a relatively short life span, as the anode and cathode materials dissipate over time. However, they contain no hazardous materials."

Comment Firefox 3.5 is _not_ vulnerable (Score 1) 280

by dveditz on Thursday July 30, 2009 @04:52PM (#28887989) Attached to: Null Character Hack Allows SSL Spoofing

Firefox 3.5 is _not_ vulnerable to this attack.

Comment Re:IE will still dominate (Score 1) 438

by dveditz on Saturday July 25, 2009 @10:36AM (#28818471) Attached to: Microsoft Agrees To EU Browser Ballot Screen

Mozilla Firefox has supported pre-fetching for years. It has not always been received well.

Slashdot Top Deals