posted by Thom Holwerda on Fri 29th Aug 2008 13:23 UTC, submitted by irbis
Firefox 3.0, released not too long ago, was generally well-received. It added a load of new features, while also providing much-needed speed improvements and better memory management. Some new features, however, have met more resistance - one of them is the rather complicated user interface thrown at users when they reach a website with an invalid or expired SSL certificate.When I encountered the page for the first time, I was at a loss as to what to do. The OSNews backend apparently has an invalid security certificate, as well as various websites of my university, so whenever I re-install Firefox somewhere, I need to add an exception for each of these websites. The new Firefox 3.0 exception interface, however, is a four-step process that is wholly unclear (the "Or you can add an exception" is easily overlooked), and will be especially difficult to grasp for ordinary, normal users - exactly the group of users the feature tries to protect. As the Pingdom weblog explains:
The point of this change was to make web browsing safer, and that is a good thing. There is a lot of malware on the Web. However, the people most in need of a clear and explicit warning regarding SSL certificates are inexperienced users, and those are not very likely to understand the error message that Firefox 3 is displaying. A large portion will simply be scared away, thinking that the website is broken.
The problem is that Firefox doesn't just give you this page following expired certificates, but also with self-signed certificates - something especially annoying for smaller websites. However, big websites are also affected, such as the official website for the United States Army. Heck, even Google forgets to update their certificates.
The Mozilla Foundation defends their decisions as being necessary to prevent malicious and fraudulent websites from carrying out their malintent. Jonathan Nightingale writes:
The question isn't whether you trust your buddy's webmail - of course you do, your buddy's a good guy - the question is whether that's even his server at all. With a CA-signed cert, we trust that it is - CAs are required to maintain third party audits of their issuing criteria, and Mozilla requires verification of domain ownership to be one of them.
With a self-signed certificate, we don't know whether to trust it or not. It's not that these certificates are implicitly evil, it's that they are implicitly untrusted - no one has vouched for them, so we ask the user.
Personally, I agree with the fact that Firefox properly warns me that I'm visiting a site with an invalid or self-signed certificate, but it would be nicer if the user interface that I'm presented with is less complicated, clearer, and easier to use.
Related Articles
Technology White Papers
News
Linked by Thom Holwerda on 02/07/12 23:41 UTC
"People who have the latest Symbian Nokia smartphones can now update them to Nokia Belle - bringing a fresh look to their screens thanks to the latest user interface. Once you have installed Nokia Belle you will still have the same phone, but it will feel like new, with improved performance." Love the version name.
0
Linked by fran on 02/07/12 23:27 UTC
"Research in Motion has said the native software development kit for Blackberry 10 will be committed to open source. The firm, which has a history of basing its business on being a closed system, is shifting more and more to open source. Its upcoming Blackberry 10 native SDK will include many open source code resources."
Linked by Thom Holwerda on 02/07/12 17:55 UTC
Let this be a lesson. After posts by John Gruber and Shawn King, this happened to Violet Blue. "The misinformation gave a significant number of people fuel to stalk me, attack me for hours at a time, malign, insult me in disgusting ways, threaten me with weapon-specific violent death (an axe), and lead social media attempts to force me to lose my job over the matter. Many referenced John Gruber, and/or his post as they did this. Plans were openly made to make media to attack me - another Angry Mac Bastards podcast." Disgusting story, and sadly enough, this isn't the first time this has happened, as Blue notes in her article. I don't like talking about these matters (you don't want to know the kind of crap that gets thrown my way at times), but I can assure you my inbox has seen its share of pure vitriol after Gruber links to an OSNews piece. It ain't pretty.
Linked by Thom Holwerda on 02/07/12 0:14 UTC
Big news from the Raspberry Pi front today - they have a manufacturing date. "The boards will be finished on February 20. Eben and I may be going to China to make sure that the boards can be brought up properly for that date if necessary. We'll be airfreighting them to the UK immediately, so you should be able to buy them before the end of the month."
Linked by Thom Holwerda on 02/06/12 21:52 UTC
"As an industry trend, advancement in heterogeneous hardware has progressed at a rapid pace. This in turn has fueled developer desire to target such hardware for accelerated computation, necessitating a significant step forward in programming models to enable such practices. C++ Accelerated Massive Parallelism (C++ AMP) is a new technology implemented in Visual Studio 11 that helps C++ developers use accelerators such as the GPU for parallel programming."
Linked by Thom Holwerda on 02/06/12 21:50 UTC
"Google's just pulled the curtains off of its 'Solve for X' website, and it appears that Google is nearing the creation of a TED-like think tank that will focus on talks about radical technological ideas. The site describes the effort as 'a place where the curious can go to hear and discuss radical technology ideas for solving global problems'."
Linked by Thom Holwerda on 02/06/12 21:44 UTC
It would seem that freedom of speech and the open web are in better hands in Eastern Europe than they are in Western Europe. After Poland, the Czech Republic is the second country to suspend the process of ratifying ACTA. "A wave of protests against the international agreement, including hackers' attacks, has swollen in the world as well as in the Czech Republic. 'By no means would the government admit a situation where civic freedoms and free access to information would be threatened,' [Czech PM] Necas said." Anyone from either Poland or the Czech Republic care to comment on how serious we have to take their politicians? If a Dutch or an American politician said something like this, I'd be weary and mistrusting.
Linked by Thom Holwerda on 02/05/12 12:26 UTC
"Among the treasure troves of recently released WikiLeaks cables, we find one whose significance has bypassed Swedish media. In short: every law proposal, every ordinance, and every governmental report hostile to the net, youth, and civil liberties here in Sweden in recent years have been commissioned by the US government and industry interests." How such prestigious nations with such long and proud histories, like Sweden, The Netherlands, and so on, can succumb to pressure from a former colony is beyond me. We should know better.
Linked by Thom Holwerda on 02/04/12 14:53 UTC, submitted by bowkota
"A group of European regulators has written to Google calling on it to halt the introduction of its new privacy policy, saying it needs to investigate whether the proposals sufficiently protect users' personal data." I'd rather regulators are on top of this now than when it's too late and we're all plugged into the Google Hivemind Overlord.
Linked by Thom Holwerda on 02/04/12 14:37 UTC
"Samsung, in its first acknowledgment of the European Commission's antitrust investigation of its patent licensing practices, Friday said it believed the commission would ultimately conclude the company complies with the rules. The investigation arose out of Samsung's dispute with Apple over trademarks and patents that cover smartphones and tablet computers."More News »
Sponsored Links
